venconn: builder.dockerfile: go mod download needs access to venafi-connection-lib

Author: maelvls

.github/workflows/release-master.yml

@@ -13,25 +13,19 @@ jobs:
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
-    - name: Configure jetstack/venafi-connection-lib repo pull access
+    - run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
+    - name: "Add GitHub to the SSH known hosts file"
       run: |
-        mkdir ~/.ssh
-        chmod 700 ~/.ssh
-
-        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
-        chmod 600 ~/.ssh/venafi_connection_lib_id
-
-        cat <<EOT >> ~/.ssh/config
-        Host venafi-connection-lib.github.com
-        HostName github.com
-        IdentityFile ~/.ssh/venafi_connection_lib_id
-        IdentitiesOnly yes
-        EOT
-
-        cat <<EOT >> ~/.gitconfig
-        [url "[email protected]:jetstack/venafi-connection-lib"]
-          insteadOf = https://github.com/jetstack/venafi-connection-lib
-        EOT
+        mkdir -p -m 0700 ~/.ssh
+        cat <<EOF >~/.ssh/known_hosts
+        github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+        github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+        github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+        EOF
+        chmod 600 ~/.ssh/known_hosts
+    - uses: webfactory/[email protected]
+      with:
+        ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
     - uses: actions/checkout@v4
     - run: make vet
       shell: bash
@@ -40,25 +34,19 @@ jobs:
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
-    - name: Configure jetstack/venafi-connection-lib repo pull access
+    - run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
+    - name: "Add GitHub to the SSH known hosts file"
       run: |
-        mkdir ~/.ssh
-        chmod 700 ~/.ssh
-
-        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
-        chmod 600 ~/.ssh/venafi_connection_lib_id
-
-        cat <<EOT >> ~/.ssh/config
-        Host venafi-connection-lib.github.com
-        HostName github.com
-        IdentityFile ~/.ssh/venafi_connection_lib_id
-        IdentitiesOnly yes
-        EOT
-
-        cat <<EOT >> ~/.gitconfig
-        [url "[email protected]:jetstack/venafi-connection-lib"]
-          insteadOf = https://github.com/jetstack/venafi-connection-lib
-        EOT
+        mkdir -p -m 0700 ~/.ssh
+        cat <<EOF >~/.ssh/known_hosts
+        github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+        github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+        github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+        EOF
+        chmod 600 ~/.ssh/known_hosts
+    - uses: webfactory/[email protected]
+      with:
+        ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
     - uses: actions/checkout@v4
     - run: make test
   docker_build:
@@ -79,25 +67,19 @@ jobs:
       packages: write
       id-token: write
     steps:
-    - name: Configure jetstack/venafi-connection-lib repo pull access
+    - run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
+    - name: "Add GitHub to the SSH known hosts file"
       run: |
-        mkdir ~/.ssh
-        chmod 700 ~/.ssh
-
-        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
-        chmod 600 ~/.ssh/venafi_connection_lib_id
-
-        cat <<EOT >> ~/.ssh/config
-        Host venafi-connection-lib.github.com
-        HostName github.com
-        IdentityFile ~/.ssh/venafi_connection_lib_id
-        IdentitiesOnly yes
-        EOT
-
-        cat <<EOT >> ~/.gitconfig
-        [url "[email protected]:jetstack/venafi-connection-lib"]
-          insteadOf = https://github.com/jetstack/venafi-connection-lib
-        EOT
+        mkdir -p -m 0700 ~/.ssh
+        cat <<EOF >~/.ssh/known_hosts
+        github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+        github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+        github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+        EOF
+        chmod 600 ~/.ssh/known_hosts
+    - uses: webfactory/[email protected]
+      with:
+        ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
     - name: Install Tools
       # Installing 'bash' because it's required by the 'cosign-installer' action
       # and 'coreutils' because the 'slsa-provenance-action' requires a version

.github/workflows/test.yml

@@ -18,25 +18,24 @@ jobs:
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
-    - name: Configure jetstack/venafi-connection-lib repo pull access
+    - run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
+    # The only reason we need to configure ~/.ssh/known_hosts is because we are
+    # using a container-based runner. Non-container runners already have the
+    # github.com fingerprints in their known_hosts file. We could use `curl
+    # --silent https://api.github.com/meta` to fetch it but golang:1.22 does not
+    # have jq installed.
+    - name: "Add GitHub to the SSH known hosts file"
       run: |
-        mkdir ~/.ssh
-        chmod 700 ~/.ssh
-
-        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
-        chmod 600 ~/.ssh/venafi_connection_lib_id
-
-        cat <<EOT >> ~/.ssh/config
-        Host venafi-connection-lib.github.com
-        HostName github.com
-        IdentityFile ~/.ssh/venafi_connection_lib_id
-        IdentitiesOnly yes
-        EOT
-
-        cat <<EOT >> ~/.gitconfig
-        [url "[email protected]:jetstack/venafi-connection-lib"]
-          insteadOf = https://github.com/jetstack/venafi-connection-lib
-        EOT
+        mkdir -p -m 0700 ~/.ssh
+        cat <<EOF >~/.ssh/known_hosts
+        github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+        github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+        github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+        EOF
+        chmod 600 ~/.ssh/known_hosts
+    - uses: webfactory/[email protected]
+      with:
+        ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
     - uses: actions/checkout@v4
     - run: make vet
       shell: bash
@@ -45,25 +44,20 @@ jobs:
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
-    - name: Configure jetstack/venafi-connection-lib repo pull access
+    - run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
+    - name: "Add GitHub to the SSH known hosts file"
       run: |
-        mkdir ~/.ssh
-        chmod 700 ~/.ssh
-
-        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
-        chmod 600 ~/.ssh/venafi_connection_lib_id
-
-        cat <<EOT >> ~/.ssh/config
-        Host venafi-connection-lib.github.com
-        HostName github.com
-        IdentityFile ~/.ssh/venafi_connection_lib_id
-        IdentitiesOnly yes
-        EOT
-
-        cat <<EOT >> ~/.gitconfig
-        [url "[email protected]:jetstack/venafi-connection-lib"]
-          insteadOf = https://github.com/jetstack/venafi-connection-lib
-        EOT
+        mkdir -p -m 0700 ~/.ssh
+        cat <<EOF >~/.ssh/known_hosts
+        github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+        github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+        github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+        EOF
+        chmod 600 ~/.ssh/known_hosts
+    - run: curl --silent https://api.github.com/meta | jq --raw-output '"github.com "+.ssh_keys[]' >> ~/.ssh/known_hosts
+    - uses: webfactory/[email protected]
+      with:
+        ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
     - uses: actions/checkout@v4
     - run: make test
   docker_build:
@@ -80,25 +74,19 @@ jobs:
           DOCKER_DRIVER: overlay
           DOCKER_HOST: tcp://localhost:2375
     steps:
-    - name: Configure jetstack/venafi-connection-lib repo pull access
+    - run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
+    - name: "Add GitHub to the SSH known hosts file"
       run: |
-        mkdir ~/.ssh
-        chmod 700 ~/.ssh
-
-        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
-        chmod 600 ~/.ssh/venafi_connection_lib_id
-
-        cat <<EOT >> ~/.ssh/config
-        Host venafi-connection-lib.github.com
-        HostName github.com
-        IdentityFile ~/.ssh/venafi_connection_lib_id
-        IdentitiesOnly yes
-        EOT
-
-        cat <<EOT >> ~/.gitconfig
-        [url "[email protected]:jetstack/venafi-connection-lib"]
-          insteadOf = https://github.com/jetstack/venafi-connection-lib
-        EOT
+        mkdir -p -m 0700 ~/.ssh
+        cat <<EOF >~/.ssh/known_hosts
+        github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+        github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+        github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+        EOF
+        chmod 600 ~/.ssh/known_hosts
+    - uses: webfactory/[email protected]
+      with:
+        ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
     - name: Install Tools
       run: apk add --update make git jq rsync curl
     - name: Adding github workspace as safe directory

Makefile

@@ -7,6 +7,8 @@ GOVERSION:=$(shell go version | awk '{print $$3 " " $$4}')
 GOOS:=$(shell go env GOOS)
 GOARCH:=$(shell go env GOARCH)
 
+export GOPRIVATE=github.com/jetstack/venafi-connection-lib
+
 BIN_NAME:=preflight
 
 DOCKER_IMAGE?=quay.io/jetstack/preflight
@@ -75,11 +77,13 @@ build-all-platforms-in-host:
 
 build-all-platforms-in-docker:
 	rm -rf ./builds
-	docker build --rm -t preflight-bin -f ./builder.dockerfile \
+	docker buildx build --load --rm -t preflight-bin -f ./builder.dockerfile \
 		--build-arg oauth_client_id=$(OAUTH_CLIENT_ID) \
 		--build-arg oauth_client_secret=$(OAUTH_CLIENT_SECRET) \
 		--build-arg oauth_auth_server_domain=$(OAUTH_AUTH_SERVER_DOMAIN) \
+		--ssh default \
 		.
+	docker rm -f preflight-bin-container 2>/dev/null || true
 	docker create --rm --name=preflight-bin-container preflight-bin
 	docker cp preflight-bin-container:/go/github.com/jetstack/preflight/builds ./builds
 	docker rm preflight-bin-container

builder.dockerfile

@@ -1,16 +1,23 @@
-FROM golang:1.21.6 as builder
+FROM golang:1.22.5 as builder
 
 WORKDIR /go/github.com/jetstack/preflight
 
 # Run a dependency resolve with just the go mod files present for
 # better caching
-COPY ./go.mod .
-COPY ./go.sum .
-
-# Due to https://github.com/jetstack/venafi-connection-lib being private.
-COPY ~/.ssh/ ~/.gitconfig /root/
-
-RUN go mod download
+COPY go.mod go.sum .
+
+COPY <<EOF /root/.gitconfig
+[url "[email protected]:jetstack/venafi-connection-lib"] \
+insteadOf = https://github.com/jetstack/venafi-connection-lib
+EOF
+COPY <<EOF /root/.ssh/known_hosts
+github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+EOF
+ENV GOPRIVATE=github.com/jetstack/venafi-connection-lib
+
+RUN --mount=type=ssh go mod download
 
 ## Bring in everything else
 COPY . .