github actions: configure DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB

Author: maelvls

.github/workflows/release-master.yml

@@ -13,6 +13,25 @@ jobs:
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
+    - name: Configure jetstack/venafi-connection-lib repo pull access
+      run: |
+        mkdir ~/.ssh
+        chmod 700 ~/.ssh
+
+        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
+        chmod 600 ~/.ssh/venafi_connection_lib_id
+
+        cat <<EOT >> ~/.ssh/config
+        Host venafi-connection-lib.github.com
+        HostName github.com
+        IdentityFile ~/.ssh/venafi_connection_lib_id
+        IdentitiesOnly yes
+        EOT
+
+        cat <<EOT >> ~/.gitconfig
+        [url "[email protected]:jetstack/venafi-connection-lib"]
+          insteadOf = https://github.com/jetstack/venafi-connection-lib
+        EOT
     - uses: actions/checkout@v4
     - run: make vet
       shell: bash
@@ -21,6 +40,25 @@ jobs:
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
+    - name: Configure jetstack/venafi-connection-lib repo pull access
+      run: |
+        mkdir ~/.ssh
+        chmod 700 ~/.ssh
+
+        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
+        chmod 600 ~/.ssh/venafi_connection_lib_id
+
+        cat <<EOT >> ~/.ssh/config
+        Host venafi-connection-lib.github.com
+        HostName github.com
+        IdentityFile ~/.ssh/venafi_connection_lib_id
+        IdentitiesOnly yes
+        EOT
+
+        cat <<EOT >> ~/.gitconfig
+        [url "[email protected]:jetstack/venafi-connection-lib"]
+          insteadOf = https://github.com/jetstack/venafi-connection-lib
+        EOT
     - uses: actions/checkout@v4
     - run: make test
   docker_build:
@@ -41,6 +79,25 @@ jobs:
       packages: write
       id-token: write
     steps:
+    - name: Configure jetstack/venafi-connection-lib repo pull access
+      run: |
+        mkdir ~/.ssh
+        chmod 700 ~/.ssh
+
+        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
+        chmod 600 ~/.ssh/venafi_connection_lib_id
+
+        cat <<EOT >> ~/.ssh/config
+        Host venafi-connection-lib.github.com
+        HostName github.com
+        IdentityFile ~/.ssh/venafi_connection_lib_id
+        IdentitiesOnly yes
+        EOT
+
+        cat <<EOT >> ~/.gitconfig
+        [url "[email protected]:jetstack/venafi-connection-lib"]
+          insteadOf = https://github.com/jetstack/venafi-connection-lib
+        EOT
     - name: Install Tools
       # Installing 'bash' because it's required by the 'cosign-installer' action
       # and 'coreutils' because the 'slsa-provenance-action' requires a version

.github/workflows/test.yml

@@ -9,12 +9,34 @@ on:
     branches:
       - "*"
 
+env:
+  GOPRIVATE: github.com/jetstack/venafi-connection-lib
+
 jobs:
   vet:
     name: vet
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
+    - name: Configure jetstack/venafi-connection-lib repo pull access
+      run: |
+        mkdir ~/.ssh
+        chmod 700 ~/.ssh
+
+        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
+        chmod 600 ~/.ssh/venafi_connection_lib_id
+
+        cat <<EOT >> ~/.ssh/config
+        Host venafi-connection-lib.github.com
+        HostName github.com
+        IdentityFile ~/.ssh/venafi_connection_lib_id
+        IdentitiesOnly yes
+        EOT
+
+        cat <<EOT >> ~/.gitconfig
+        [url "[email protected]:jetstack/venafi-connection-lib"]
+          insteadOf = https://github.com/jetstack/venafi-connection-lib
+        EOT
     - uses: actions/checkout@v4
     - run: make vet
       shell: bash
@@ -23,6 +45,25 @@ jobs:
     runs-on: ubuntu-22.04
     container: golang:1.22
     steps:
+    - name: Configure jetstack/venafi-connection-lib repo pull access
+      run: |
+        mkdir ~/.ssh
+        chmod 700 ~/.ssh
+
+        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
+        chmod 600 ~/.ssh/venafi_connection_lib_id
+
+        cat <<EOT >> ~/.ssh/config
+        Host venafi-connection-lib.github.com
+        HostName github.com
+        IdentityFile ~/.ssh/venafi_connection_lib_id
+        IdentitiesOnly yes
+        EOT
+
+        cat <<EOT >> ~/.gitconfig
+        [url "[email protected]:jetstack/venafi-connection-lib"]
+          insteadOf = https://github.com/jetstack/venafi-connection-lib
+        EOT
     - uses: actions/checkout@v4
     - run: make test
   docker_build:
@@ -39,6 +80,25 @@ jobs:
           DOCKER_DRIVER: overlay
           DOCKER_HOST: tcp://localhost:2375
     steps:
+    - name: Configure jetstack/venafi-connection-lib repo pull access
+      run: |
+        mkdir ~/.ssh
+        chmod 700 ~/.ssh
+
+        echo "${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
+        chmod 600 ~/.ssh/venafi_connection_lib_id
+
+        cat <<EOT >> ~/.ssh/config
+        Host venafi-connection-lib.github.com
+        HostName github.com
+        IdentityFile ~/.ssh/venafi_connection_lib_id
+        IdentitiesOnly yes
+        EOT
+
+        cat <<EOT >> ~/.gitconfig
+        [url "[email protected]:jetstack/venafi-connection-lib"]
+          insteadOf = https://github.com/jetstack/venafi-connection-lib
+        EOT
     - name: Install Tools
       run: apk add --update make git jq rsync curl
     - name: Adding github workspace as safe directory

builder.dockerfile

@@ -7,6 +7,9 @@ WORKDIR /go/github.com/jetstack/preflight
 COPY ./go.mod .
 COPY ./go.sum .
 
+# Due to https://github.com/jetstack/venafi-connection-lib being private.
+COPY ~/.ssh/ ~/.gitconfig /root/
+
 RUN go mod download
 
 ## Bring in everything else
@@ -22,7 +25,6 @@ RUN make build-all-platforms \
     OAUTH_CLIENT_SECRET=${oauth_client_secret} \
     OAUTH_AUTH_SERVER_DOMAIN=${oauth_auth_server_domain}
 
-
 RUN go install github.com/google/[email protected]
 
 # We need this '|| true' because go-licenses could fail to find a license so