Better handling of private SSH key

lboix · lboix · commit a1d9f5c7a58b · 2025-02-26T14:44:56.000-05:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,17 +1,13 @@
 FROM alpine:latest
 
-RUN apk add git openssh-client yq bash curl
+RUN apk add --no-cache git openssh yq bash curl
 
 # TODO : put the email and name of the Git user that have access to your cluster repo, through the SSH key below
 RUN git config --global user.email "your-git-username@email.com"
 RUN git config --global user.name "your-git-username"
 
-RUN mkdir /root/.ssh
-COPY id_rsa* /root/.ssh/
-RUN chmod 400 /root/.ssh/id_rsa*
-# TODO : this line does assume this Git repo is on gitlab.com, so adapt accordingly
-RUN echo -e "Host gitlab.com\n\tStrictHostKeyChecking no" > /root/.ssh/config
+COPY ssh/prepare_ssh.sh /
+RUN chmod +x /prepare_ssh.sh
 
 COPY main.sh /
-
 RUN chmod +x /main.sh
diff --git a/README.md b/README.md
@@ -14,6 +14,7 @@ It's really possible (I hope not ^^) that I "reinventend the wheel" here so if y
 
 ## Description of environment variables used by the current script
 - CLUSTER_GIT_CLONE_URL : the cluster Git repo URL to git clone (through SSH)
+- GIT_REPO_USER_RSA : the private SSH key linked to the user you are using to git clone your manifests repo
 - YAML_FILE_PATH : the path to the .yaml file containing the Deployment to update
 - NAMESPACE : the namespace belonging to your Deployment
 - DOCKER_REPO : the name of the registry repo of your image to deploy (*repo*/deployment-name:tag)
@@ -54,9 +55,8 @@ deploy:
 ```
 
 ## Improvement ideas
-- Think about the best way to use a SSH key through a Dockerfile
 - Add snippets and templates for other tools
-- Add a retry scheme in the script : if your CI pipeline is launching parrallel deployment jobs (using this image), then some ones can fail with message `cannot lock ref 'refs/heads/master'` :
+- Add a retry scheme in the script : if your CI pipeline is launching parallel deployment jobs (using this image), then some ones can fail with message `cannot lock ref 'refs/heads/master'` :
   - I tried but it's more complicated that it sounds in Bash (any help or insight will be really appreciated)
   - _But_ there are two workarounds in Gitlab CI that you can use :
     - add a `- sleep 5` just before the `- /main.sh` line
diff --git a/id_rsa b/id_rsa
diff --git a/id_rsa.pub b/id_rsa.pub
diff --git a/main.sh b/main.sh
@@ -37,6 +37,8 @@ fi
 #     exit 1
 # fi
 
+/prepare_ssh.sh
+
 git clone --depth=1 $CLUSTER_GIT_CLONE_URL
 # if needed :
 # cd some-folder/some-subfolder/
diff --git a/ssh/prepare_ssh.sh b/ssh/prepare_ssh.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+mkdir /root/.ssh
+echo "${GIT_REPO_USER_RSA}" > /root/.ssh/id_rsa
+chmod 400 /root/.ssh/id_rsa
+# TODO : this line does assume this Git repo is on gitlab.com, so adapt accordingly
+echo -e "Host gitlab.com\n\tStrictHostKeyChecking no" > /root/.ssh/config
