forked from Ivasoft/drone-docker
Merge pull request #382 from tphoney/enable-ssh-agent
Add option to mount host ssh agent (--ssh)
This commit is contained in:
TP Honey
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1,3 +1,5 @@
|
||||
release
|
||||
coverage.out
|
||||
vendor
|
||||
.vscode/
|
||||
Dockerfile
|
||||
|
||||
@@ -274,6 +274,11 @@ func main() {
|
||||
Usage: "platform value to pass to docker",
|
||||
EnvVar: "PLUGIN_PLATFORM",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "ssh-agent-key",
|
||||
Usage: "ssh agent key to use",
|
||||
EnvVar: "PLUGIN_SSH_AGENT_KEY",
|
||||
},
|
||||
}
|
||||
|
||||
if err := app.Run(os.Args); err != nil {
|
||||
@@ -318,6 +323,7 @@ func run(c *cli.Context) error {
|
||||
AddHost: c.StringSlice("add-host"),
|
||||
Quiet: c.Bool("quiet"),
|
||||
Platform: c.String("platform"),
|
||||
SSHAgentKey: c.String("ssh-agent-key"),
|
||||
},
|
||||
Daemon: docker.Daemon{
|
||||
Registry: c.String("docker.registry"),
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package docker
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"os"
|
||||
)
|
||||
|
||||
@@ -17,8 +18,8 @@ func (p Plugin) startDaemon() {
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
} else {
|
||||
cmd.Stdout = ioutil.Discard
|
||||
cmd.Stderr = ioutil.Discard
|
||||
cmd.Stdout = io.Discard
|
||||
cmd.Stderr = io.Discard
|
||||
}
|
||||
go func() {
|
||||
trace(cmd)
|
||||
|
||||
39
docker.go
39
docker.go
@@ -2,7 +2,6 @@ package docker
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
@@ -64,6 +63,8 @@ type (
|
||||
AddHost []string // Docker build add-host
|
||||
Quiet bool // Docker build quiet
|
||||
Platform string // Docker build platform
|
||||
SSHAgentKey string // Docker build ssh agent key
|
||||
SSHKeyPath string // Docker build ssh key path
|
||||
}
|
||||
|
||||
// Plugin defines the Docker plugin parameters.
|
||||
@@ -106,6 +107,7 @@ type (
|
||||
|
||||
// Exec executes the plugin step
|
||||
func (p Plugin) Exec() error {
|
||||
|
||||
// start the Docker daemon server
|
||||
if !p.Daemon.Disabled {
|
||||
p.startDaemon()
|
||||
@@ -144,7 +146,7 @@ func (p Plugin) Exec() error {
|
||||
os.MkdirAll(dockerHome, 0600)
|
||||
|
||||
path := filepath.Join(dockerHome, "config.json")
|
||||
err := ioutil.WriteFile(path, []byte(p.Login.Config), 0600)
|
||||
err := os.WriteFile(path, []byte(p.Login.Config), 0600)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error writing config.json: %s", err)
|
||||
}
|
||||
@@ -179,6 +181,15 @@ func (p Plugin) Exec() error {
|
||||
cmds = append(cmds, commandPull(img))
|
||||
}
|
||||
|
||||
// setup for using ssh agent (https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds)
|
||||
if p.Build.SSHAgentKey != "" {
|
||||
var sshErr error
|
||||
p.Build.SSHKeyPath, sshErr = writeSSHPrivateKey(p.Build.SSHAgentKey)
|
||||
if sshErr != nil {
|
||||
return sshErr
|
||||
}
|
||||
}
|
||||
|
||||
cmds = append(cmds, commandBuild(p.Build)) // docker build
|
||||
|
||||
for _, tag := range p.Build.Tags {
|
||||
@@ -328,6 +339,9 @@ func commandBuild(build Build) *exec.Cmd {
|
||||
if build.Platform != "" {
|
||||
args = append(args, "--platform", build.Platform)
|
||||
}
|
||||
if build.SSHKeyPath != "" {
|
||||
args = append(args, "--ssh", build.SSHKeyPath)
|
||||
}
|
||||
|
||||
if build.AutoLabel {
|
||||
labelSchema := []string{
|
||||
@@ -353,8 +367,8 @@ func commandBuild(build Build) *exec.Cmd {
|
||||
}
|
||||
}
|
||||
|
||||
// we need to enable buildkit, for secret support
|
||||
if build.Secret != "" || len(build.SecretEnvs) > 0 || len(build.SecretFiles) > 0 {
|
||||
// we need to enable buildkit, for secret support and ssh agent support
|
||||
if build.Secret != "" || len(build.SecretEnvs) > 0 || len(build.SecretFiles) > 0 || build.SSHAgentKey != "" {
|
||||
os.Setenv("DOCKER_BUILDKIT", "1")
|
||||
}
|
||||
return exec.Command(dockerExe, args...)
|
||||
@@ -507,6 +521,23 @@ func commandRmi(tag string) *exec.Cmd {
|
||||
return exec.Command(dockerExe, "rmi", tag)
|
||||
}
|
||||
|
||||
func writeSSHPrivateKey(key string) (path string, err error) {
|
||||
home, err := os.UserHomeDir()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to determine home directory: %s", err)
|
||||
}
|
||||
if err := os.MkdirAll(filepath.Join(home, ".ssh"), 0700); err != nil {
|
||||
return "", fmt.Errorf("unable to create .ssh directory: %s", err)
|
||||
}
|
||||
pathToKey := filepath.Join(home, ".ssh", "id_rsa")
|
||||
if err := os.WriteFile(pathToKey, []byte(key), 0400); err != nil {
|
||||
return "", fmt.Errorf("unable to write ssh key %s: %s", pathToKey, err)
|
||||
}
|
||||
path = fmt.Sprintf("default=%s", pathToKey)
|
||||
|
||||
return path, nil
|
||||
}
|
||||
|
||||
// trace writes each command to stdout with the command wrapped in an xml
|
||||
// tag so that it can be extracted and displayed in the logs.
|
||||
func trace(cmd *exec.Cmd) {
|
||||
|
||||
@@ -135,6 +135,26 @@ func TestCommandBuild(t *testing.T) {
|
||||
"test/platform",
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "ssh agent",
|
||||
build: Build{
|
||||
Name: "plugins/drone-docker:latest",
|
||||
Dockerfile: "Dockerfile",
|
||||
Context: ".",
|
||||
SSHKeyPath: "id_rsa=/root/.ssh/id_rsa",
|
||||
},
|
||||
want: exec.Command(
|
||||
dockerExe,
|
||||
"build",
|
||||
"--rm=true",
|
||||
"-f",
|
||||
"Dockerfile",
|
||||
"-t",
|
||||
"plugins/drone-docker:latest",
|
||||
".",
|
||||
"--ssh id_rsa=/root/.ssh/id_rsa",
|
||||
),
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tcs {
|
||||
|
||||
Reference in New Issue
Block a user