Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mount the SSH_AUTH_SOCK socket for ssh-agent #11683

Merged
merged 2 commits into from
Mar 13, 2025
Merged

mount the SSH_AUTH_SOCK socket for ssh-agent #11683

merged 2 commits into from
Mar 13, 2025

Conversation

dmitris
Copy link
Contributor

@dmitris dmitris commented Feb 26, 2025
edited
Loading

What are you trying to accomplish?

PR is part of the "plan" in #11544 - addressing its second checkbox:

  • ssh-add -l shows the same ssh keys as in the "outside" user session

It allows to run bin/docker-dev-shell and propagate your host SSH credentials. The end goal is to be able to run the tests and dependabot actions that require SSH credentials for access to the code repositories.

Anything you want to highlight for special attention from reviewers?

I wonder if I should add a flag to activate propagation of the ssh credentials (so that you wouldn't have anything changed compared to the status quo without the flag)?

How will you know you've accomplished your goal?

  • Most importantly - nothing breaks for users that don't have SSH_AUTH_SOCK set (or if we use the flag, who don't pass the flag to propagate their ssh credentials)
  • ssh-add -l inside the container shows the same keys as in the "outer" host

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@github-actions github-actions bot added L: elixir:hex Elixir packages via hex L: terraform Terraform packages L: docker Docker containers L: dotnet:nuget NuGet packages via nuget or dotnet L: javascript L: python L: docker:compose Docker Compose labels Feb 26, 2025
@dmitris dmitris force-pushed the ssh-in-docker-images branch 3 times, most recently from fe0a742 to 328da8a Compare February 27, 2025 21:57
@dmitris dmitris mentioned this pull request Feb 27, 2025
Open
6 tasks
@dmitris dmitris force-pushed the ssh-in-docker-images branch 4 times, most recently from 35f3aef to e38d4c1 Compare March 3, 2025 18:04
@dmitris dmitris marked this pull request as ready for review March 3, 2025 19:27
@dmitris dmitris requested a review from a team as a code owner March 3, 2025 19:27
@dmitris dmitris force-pushed the ssh-in-docker-images branch 11 times, most recently from 0e2416b to 02e345d Compare March 11, 2025 08:55
@dmitris dmitris force-pushed the ssh-in-docker-images branch 2 times, most recently from e213546 to 9c18df0 Compare March 12, 2025 18:29
thavaahariharangit
thavaahariharangit reviewed Mar 12, 2025
View reviewed changes
Copy link
Contributor

@thavaahariharangit thavaahariharangit left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’d like to get the team’s input on this. It looks good to me. This could be a good topic for tomorrow's standup parking lot.

@thavaahariharangit thavaahariharangit self-assigned this Mar 12, 2025
@dmitris
mount the SSH_AUTH_SOCK socket for ssh-agent
a89ba31 
Mount the SSH_AUTH_SOCK into the docker-dev-shell container
to propagate the SSH agent credentials and allow git access
to servers/repositories which require the ssh credentials.

The added volume mapping in 'docker run' applies only if
${SSH_AUTH_SOCK} is not empty.
For Mac with Docker or Rancher Desktop, the following
value can be used:
SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock \
  ./bin/docker-dev-shell go_modules -r

Issue dependabot#11544 - addresses the second checkbox:
ssh-add -l shows the same ssh keys as in the "outside" user session.

Signed-off-by: Dmitry Savintsev <[email protected]>
@dmitris dmitris force-pushed the ssh-in-docker-images branch from a0998db to a89ba31 Compare March 13, 2025 07:56
sachin-sandhu
sachin-sandhu approved these changes Mar 13, 2025
View reviewed changes
Copy link
Contributor

@sachin-sandhu sachin-sandhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After reviewing and discussing with team, approving for deploy

@thavaahariharangit thavaahariharangit merged commit e14ac74 into dependabot:main Mar 13, 2025
41 checks passed
@dmitris dmitris deleted the ssh-in-docker-images branch March 14, 2025 06:29
thavaahariharangit added a commit that referenced this pull request Mar 14, 2025
@thavaahariharangit
Revert "mount the SSH_AUTH_SOCK socket for ssh-agent (#11683)"
b672a04 
This reverts commit e14ac74.
@thavaahariharangit thavaahariharangit mentioned this pull request Mar 14, 2025
Merged
thavaahariharangit added a commit that referenced this pull request Mar 15, 2025
@thavaahariharangit @kbukum1
Revert "mount the SSH_AUTH_SOCK socket for ssh-agent (#11683)" (#11818)
83187c8 
This reverts commit e14ac74.

Co-authored-by: kbukum1 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thavaahariharangit thavaahariharangit thavaahariharangit approved these changes

@sachin-sandhu sachin-sandhu sachin-sandhu approved these changes

Assignees

@thavaahariharangit thavaahariharangit

Labels
L: docker:compose Docker Compose L: docker Docker containers L: dotnet:nuget NuGet packages via nuget or dotnet L: elixir:hex Elixir packages via hex L: javascript L: python L: terraform Terraform packages
Projects
Dependabot
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmitris @thavaahariharangit @sachin-sandhu