Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mount the SSH_AUTH_SOCK socket for ssh-agent #11683

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

mount the SSH_AUTH_SOCK socket for ssh-agent #11683

wants to merge 1 commit into from

Conversation

dmitris
Copy link
Contributor

@dmitris dmitris commented Feb 26, 2025
edited
Loading

What are you trying to accomplish?

PR is part of the "plan" in #11544 - addressing its second checkbox:

  • ssh-add -l shows the same ssh keys as in the "outside" user session

It allows to run bin/docker-dev-shell and propagate your host SSH credentials. The end goal is to be able to run the tests and dependabot actions that require SSH credentials for access to the code repositories.

Anything you want to highlight for special attention from reviewers?

I wonder if I should add a flag to activate propagation of the ssh credentials (so that you wouldn't have anything changed compared to the status quo without the flag)?

How will you know you've accomplished your goal?

  • Most importantly - nothing breaks for users that don't have SSH_AUTH_SOCK set (or if we use the flag, who don't pass the flag to propagate their ssh credentials)
  • ssh-add -l inside the container shows the same keys as in the "outer" host

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@github-actions github-actions bot added L: elixir:hex Elixir packages via hex L: terraform Terraform packages L: docker Docker containers L: dotnet:nuget NuGet packages via nuget or dotnet L: javascript L: python L: docker:compose Docker Compose labels Feb 26, 2025
@dmitris dmitris force-pushed the ssh-in-docker-images branch 3 times, most recently from fe0a742 to 328da8a Compare February 27, 2025 21:57
@dmitris dmitris mentioned this pull request Feb 27, 2025
Open
6 tasks
@dmitris dmitris force-pushed the ssh-in-docker-images branch from 328da8a to 3d149ac Compare February 28, 2025 16:34
@dmitris
mount the SSH_AUTH_SOCK socket for ssh-agent
31b067d 
Mount the SSH_AUTH_SOCK into the docker-dev-shell container
to propagate the SSH agent credentials and allow git access
to servers/repositories which require the ssh credentials.

The added volume mapping in 'docker run' applies only if
${SSH_AUTH_SOCK} is not empty.
For Mac with Docker or Rancher Desktop, map
/run/host-services/ssh-auth.sock, for the other cases /
standard Linux, use the value of $SSH_AUTH_SOCK.

Issue dependabot#11544 - addresses the second checkbox:
ssh-add -l shows the same ssh keys as in the "outside" user session.

Signed-off-by: Dmitry Savintsev <dsavints@gmail.com>
@dmitris dmitris force-pushed the ssh-in-docker-images branch from 3d149ac to 31b067d Compare February 28, 2025 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
L: docker:compose Docker Compose L: docker Docker containers L: dotnet:nuget NuGet packages via nuget or dotnet L: elixir:hex Elixir packages via hex L: javascript L: python L: terraform Terraform packages
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dmitris