Using SSH_AUTH_SOCK (ssh agent forwarding) to pull upm private repos (#256)

* using SSH_AUTH_SOCK (ssh agent forwarding) to pull upm private repos * sshAgent as input parameter * yarn run prettier --write "src/**/*.{js,ts}" * yarn run lint --fix && yarn build * fixed compilation after rebase * removed RUN apt-get update && apt-get install -y openssh-client. This change needs to be done upstream. See game-ci/docker#117
2025-07-04 12:25:19 -04:00 · 2021-05-28 23:51:10 +02:00 · 2021-05-28 23:51:10 +02:00 · 497f2f7b5f
commit 497f2f7b5f
parent 71ca7bdbfc
7 changed files with 15 additions and 0 deletions
--- a/action.yml
+++ b/action.yml
@ -106,6 +106,10 @@ inputs:

      Parameters must start with a hyphen (-) and may be followed by a value (without hyphen).
      Parameters without a value will be considered booleans (with a value of true).
+  sshAgent:
+    required: false
+    default: ''
+    description: 'SSH Agent path to forward to the container'
  chownFilesTo:
    required: false
    default: ''
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/src/model/mocks/input.ts
+++ b/src/model/mocks/input.ts
@ -10,6 +10,7 @@ export const mockGetFromUser = jest.fn().mockResolvedValue({
  buildMethod: undefined,
  buildVersion: '1.3.37',
  customParameters: '',
+  sshAgent: '',
  chownFilesTo: '',
 });

--- a/src/model/build-parameters.ts
+++ b/src/model/build-parameters.ts
@ -22,6 +22,7 @@ class BuildParameters {
  public androidKeyaliasName!: string;
  public androidKeyaliasPass!: string;
  public customParameters!: string;
+  public sshAgent!: string;
  public remoteBuildCluster!: string;
  public awsStackName!: string;
  public kubeConfig!: string;
@ -60,6 +61,7 @@ class BuildParameters {
      androidKeyaliasName: Input.androidKeyaliasName,
      androidKeyaliasPass: Input.androidKeyaliasPass,
      customParameters: Input.customParameters,
+      sshAgent: Input.sshAgent,
      chownFilesTo: Input.chownFilesTo,
      remoteBuildCluster: Input.remoteBuildCluster,
      awsStackName: Input.awsStackName,
--- a/src/model/docker.ts
+++ b/src/model/docker.ts
@ -36,6 +36,7 @@ class Docker {
      androidKeyaliasName,
      androidKeyaliasPass,
      customParameters,
+      sshAgent,
      chownFilesTo,
    } = parameters;

@ -79,10 +80,13 @@ class Docker {
        --env RUNNER_TOOL_CACHE \
        --env RUNNER_TEMP \
        --env RUNNER_WORKSPACE \
+        ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
        --volume "/var/run/docker.sock":"/var/run/docker.sock" \
        --volume "${runnerTempPath}/_github_home":"/root" \
        --volume "${runnerTempPath}/_github_workflow":"/github/workflow" \
        --volume "${workspace}":"/github/workspace" \
+        ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
+        ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''} \
        ${image}`;

    await exec(command, undefined, { silent });
--- a/src/model/input.ts
+++ b/src/model/input.ts
@ -85,6 +85,10 @@ class Input {
    return core.getInput('customParameters') || '';
  }

+  static get sshAgent() {
+    return core.getInput('sshAgent') || '';
+  }
+
  static get chownFilesTo() {
    return core.getInput('chownFilesTo') || '';
  }