From fe0a7422e1b519ec6e558327e75597937cf905b2 Mon Sep 17 00:00:00 2001
From: Dmitry Savintsev <dsavints@gmail.com>
Date: Wed, 26 Feb 2025 20:35:18 +0100
Subject: [PATCH] mount the SSH_AUTH_SOCK socket for ssh-agent

Mount the SSH_AUTH_SOCK into the docker-dev-shell container
to propagate the SSH agent credentials and allow git access
to servers/repositories which require the ssh credentials.

The added volume mapping in 'docker run' applies only if
${SSH_AUTH_SOCK} is not empty.
For Mac with Docker or Rancher Desktop, map
/run/host-services/ssh-auth.sock, for the other cases /
standard Linux, use the value of $SSH_AUTH_SOCK.

Issue #11544 - addresses the second checkbox:
ssh-add -l shows the same ssh keys as in the "outside" user session.

Signed-off-by: Dmitry Savintsev <dsavints@gmail.com>
---
 bin/docker-dev-shell | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/bin/docker-dev-shell b/bin/docker-dev-shell
index db611bf4c7..fa48a0d367 100755
--- a/bin/docker-dev-shell
+++ b/bin/docker-dev-shell
@@ -109,6 +109,23 @@ if [ "$#" -gt "1" ]; then
   CONTAINER_ARGS=("${@:2}")
 fi
 
+SSH_MOUNT_ARGS=()
+# Detect if running on Mac with Docker Desktop or Rancher Desktop
+if [[ -n "$SSH_AUTH_SOCK" ]] && [[ "$OSTYPE" == "darwin"* ]] && \
+  { [ -e "/run/host-services/ssh-auth.sock" ] || [ -d "/Applications/Docker.app" ] || [ -d "/Applications/Rancher Desktop.app" ]; }; then
+    # Mac with Docker/Rancher Desktop configuration
+    SSH_MOUNT_ARGS+=("-v")
+    SSH_MOUNT_ARGS+=("/run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock")
+    SSH_MOUNT_ARGS+=("-e")
+    SSH_MOUNT_ARGS+=("SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock")
+elif [[ -n "$SSH_AUTH_SOCK" ]]; then
+    # Standard Linux configuration with SSH_AUTH_SOCK non-empty
+    SSH_MOUNT_ARGS+=("-v")
+    SSH_MOUNT_ARGS+=("$SSH_AUTH_SOCK:/tmp/ssh-auth.sock")
+    SSH_MOUNT_ARGS+=("-e")
+    SSH_MOUNT_ARGS+=("SSH_AUTH_SOCK=/tmp/ssh-auth.sock")
+fi
+
 echo "$(tput setaf 2)=> running docker development shell$(tput sgr0)"
 CODE_DIR="/home/dependabot"
 touch .core-bash_history
@@ -251,6 +268,7 @@ docker run --rm -ti \
   -v "$(pwd)/updater/Gemfile:$CODE_DIR/dependabot-updater/Gemfile" \
   -v "$(pwd)/updater/lib:$CODE_DIR/dependabot-updater/lib" \
   -v "$(pwd)/updater/spec:$CODE_DIR/dependabot-updater/spec" \
+  "${SSH_MOUNT_ARGS[@]}" \
   --name "$CONTAINER_NAME" \
   --env "LOCAL_GITHUB_ACCESS_TOKEN=$LOCAL_GITHUB_ACCESS_TOKEN" \
   --env "DEPENDABOT_TEST_ACCESS_TOKEN" \