From 63a76195d5a8ed814290f321122ba938999ecca7 Mon Sep 17 00:00:00 2001 From: John Letey Date: Wed, 29 May 2024 19:40:05 +0200 Subject: [PATCH] refactor: change to clone key --- builder/builder.go | 23 +++++++++++++++++++++-- builder/types.go | 2 +- cmd/build.go | 6 +++--- cmd/queue.go | 5 ++++- dockerfile/cosmos/Dockerfile | 13 ++++++++++--- dockerfile/cosmos/native.Dockerfile | 11 +++++++++++ 6 files changed, 50 insertions(+), 10 deletions(-) diff --git a/builder/builder.go b/builder/builder.go index 87987f9..84f16a0 100644 --- a/builder/builder.go +++ b/builder/builder.go @@ -2,6 +2,8 @@ package builder import ( "context" + "encoding/base64" + "errors" "fmt" "io" "os" @@ -16,6 +18,7 @@ import ( "github.com/go-git/go-billy/v5/memfs" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/transport/ssh" "github.com/go-git/go-git/v5/storage/memory" "golang.org/x/mod/modfile" @@ -151,6 +154,7 @@ func getModFile( repoHost string, organization string, repoName string, + cloneKey string, ref string, buildDir string, local bool, @@ -177,6 +181,21 @@ func getModFile( } // Try as tag ref first cloneOpts.ReferenceName = plumbing.NewTagReferenceName(ref) + // if there is a clone key, decode and use it to authenticate + if cloneKey != "" { + cloneKeyBz, err := base64.StdEncoding.DecodeString(cloneKey) + if err != nil { + return nil, errors.New("failed to decode clone key") + } + + key, err := ssh.NewPublicKeys("git", cloneKeyBz, "") + if err != nil { + return nil, errors.New("failed to generate public key") + } + + cloneOpts.URL = fmt.Sprintf("git@%s:%s/%s.git", repoHost, organization, repoName) + cloneOpts.Auth = key + } // Clone into memory fs := memfs.New() @@ -353,7 +372,7 @@ func (h *HeighlinerBuilder) buildChainNodeDockerImage( modFile, err := getModFile( repoHost, chainConfig.Build.GithubOrganization, chainConfig.Build.GithubRepo, - chainConfig.Ref, chainConfig.Build.BuildDir, h.local, + chainConfig.Build.CloneKey, chainConfig.Ref, chainConfig.Build.BuildDir, h.local, ) goVersion := buildCfg.GoVersion @@ -397,13 +416,13 @@ func (h *HeighlinerBuilder) buildChainNodeDockerImage( "REPO_HOST": repoHost, "GITHUB_ORGANIZATION": chainConfig.Build.GithubOrganization, "GITHUB_REPO": chainConfig.Build.GithubRepo, + "CLONE_KEY": chainConfig.Build.CloneKey, "BUILD_TARGET": chainConfig.Build.BuildTarget, "BINARIES": binaries, "LIBRARIES": libraries, "TARGET_LIBRARIES": targetLibraries, "DIRECTORIES": directories, "PRE_BUILD": chainConfig.Build.PreBuild, - "PRE_CLONE": chainConfig.Build.PreClone, "FINAL_IMAGE": chainConfig.Build.FinalImage, "BUILD_ENV": buildEnv, "BUILD_TAGS": buildTagsEnvVar, diff --git a/builder/types.go b/builder/types.go index a4ad005..11be1fb 100644 --- a/builder/types.go +++ b/builder/types.go @@ -24,6 +24,7 @@ type ChainNodeConfig struct { RepoHost string `yaml:"repo-host"` GithubOrganization string `yaml:"github-organization"` GithubRepo string `yaml:"github-repo"` + CloneKey string `yaml:"clone-key"` Language DockerfileType `yaml:"language"` // DEPRECATED, use "dockerfile" instead Dockerfile DockerfileType `yaml:"dockerfile"` BuildTarget string `yaml:"build-target"` @@ -34,7 +35,6 @@ type ChainNodeConfig struct { TargetLibraries []string `yaml:"target-libraries"` Directories []string `yaml:"directories"` PreBuild string `yaml:"pre-build"` - PreClone string `yaml:"pre-clone"` Platforms []string `yaml:"platforms"` BuildEnv []string `yaml:"build-env"` BaseImage string `yaml:"base-image"` diff --git a/cmd/build.go b/cmd/build.go index 6d613bb..6719cfa 100644 --- a/cmd/build.go +++ b/cmd/build.go @@ -25,10 +25,10 @@ type chainConfigFlags struct { orgOverride string repoOverride string repoHostOverride string + cloneKeyOverride string dockerfileOverride string buildDirOverride string preBuildOverride string - preCloneOverride string buildTargetOverride string buildEnvOverride string binariesOverride string @@ -42,11 +42,11 @@ const ( flagOrg = "org" flagRepo = "repo" flagRepoHost = "repo-host" + flagCloneKey = "clone-key" flagGitRef = "git-ref" flagDockerfile = "dockerfile" flagBuildDir = "build-dir" flagPreBuild = "pre-build" - flagPreClone = "pre-clone" flagBuildTarget = "build-target" flagBuildEnv = "build-env" flagBinaries = "binaries" @@ -152,10 +152,10 @@ An optional flag --tag/-t is now available to override the resulting docker imag buildCmd.PersistentFlags().StringVarP(&chainConfig.orgOverride, flagOrg, "o", "", "github-organization override for building from a fork") buildCmd.PersistentFlags().StringVar(&chainConfig.repoOverride, flagRepo, "", "github-repo override for building from a fork") buildCmd.PersistentFlags().StringVar(&chainConfig.repoHostOverride, flagRepoHost, "", "repo-host Git repository host override for building from a fork") + buildCmd.PersistentFlags().StringVar(&chainConfig.cloneKeyOverride, flagCloneKey, "", "base64 encoded ssh key to authenticate") buildCmd.PersistentFlags().StringVar(&chainConfig.dockerfileOverride, flagDockerfile, "", "dockerfile override (cosmos, cargo, imported, none)") buildCmd.PersistentFlags().StringVar(&chainConfig.buildDirOverride, flagBuildDir, "", "build-dir override - repo relative directory to run build target") buildCmd.PersistentFlags().StringVar(&chainConfig.preBuildOverride, flagPreBuild, "", "pre-build override - command(s) to run prior to build-target") - buildCmd.PersistentFlags().StringVar(&chainConfig.preCloneOverride, flagPreClone, "", "pre-clone override - command(s) to run prior to repo clone") buildCmd.PersistentFlags().StringVar(&chainConfig.buildTargetOverride, flagBuildTarget, "", "Build target (build-target) override") buildCmd.PersistentFlags().StringVar(&chainConfig.buildEnvOverride, flagBuildEnv, "", "build-env override - Build environment variables") buildCmd.PersistentFlags().StringVar(&chainConfig.binariesOverride, flagBinaries, "", "binaries override - Binaries after build phase to package into final image") diff --git a/cmd/queue.go b/cmd/queue.go index 731ebee..5055ea2 100644 --- a/cmd/queue.go +++ b/cmd/queue.go @@ -97,6 +97,9 @@ func queueAndBuild( if chainConfig.repoHostOverride != "" { chainNodeConfig.RepoHost = chainConfig.repoHostOverride } + if chainConfig.cloneKeyOverride != "" { + chainNodeConfig.CloneKey = chainConfig.cloneKeyOverride + } if chainConfig.buildTargetOverride != "" { chainNodeConfig.BuildTarget = chainConfig.buildTargetOverride } @@ -139,9 +142,9 @@ func queueAndBuild( RepoHost: chainConfig.repoHostOverride, GithubOrganization: chainConfig.orgOverride, GithubRepo: chainConfig.repoOverride, + CloneKey: chainConfig.cloneKeyOverride, Dockerfile: builder.DockerfileType(chainConfig.dockerfileOverride), PreBuild: chainConfig.preBuildOverride, - PreClone: chainConfig.preCloneOverride, BuildTarget: chainConfig.buildTargetOverride, BuildEnv: strings.Split(chainConfig.buildEnvOverride, " "), BuildDir: chainConfig.buildDirOverride, diff --git a/dockerfile/cosmos/Dockerfile b/dockerfile/cosmos/Dockerfile index b5d5b66..4d20346 100644 --- a/dockerfile/cosmos/Dockerfile +++ b/dockerfile/cosmos/Dockerfile @@ -12,9 +12,16 @@ RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then\ wget -c https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr;\ fi -ARG PRE_CLONE - -RUN if [ ! -z "PRE_CLONE" ]; then sh -c "${PRE_CLONE}"; fi +ARG CLONE_KEY + +RUN if [ ! -z "CLONE_KEY" ]; then\ + mkdir -p ~/.ssh;\ + echo "${CLONE_KEY}" | base64 -d > ~/.ssh/id_ed25519;\ + chmod 600 ~/.ssh/id_ed25519;\ + apk add openssh;\ + git config --global --add url."ssh://git@github.com/".insteadOf "https://github.com/";\ + ssh-keyscan github.com >> ~/.ssh/known_hosts;\ + fi ARG GITHUB_ORGANIZATION ARG REPO_HOST diff --git a/dockerfile/cosmos/native.Dockerfile b/dockerfile/cosmos/native.Dockerfile index e218a9a..11d9174 100644 --- a/dockerfile/cosmos/native.Dockerfile +++ b/dockerfile/cosmos/native.Dockerfile @@ -3,6 +3,17 @@ FROM golang:${BASE_VERSION} AS build-env RUN apk add --update --no-cache curl make git libc-dev bash gcc linux-headers eudev-dev ncurses-dev +ARG CLONE_KEY + +RUN if [ ! -z "CLONE_KEY" ]; then\ + mkdir -p ~/.ssh;\ + echo "${CLONE_KEY}" | base64 -d > ~/.ssh/id_ed25519;\ + chmod 600 ~/.ssh/id_ed25519;\ + apk add openssh;\ + git config --global --add url."ssh://git@github.com/".insteadOf "https://github.com/";\ + ssh-keyscan github.com >> ~/.ssh/known_hosts;\ + fi + ARG TARGETARCH ARG BUILDARCH ARG GITHUB_ORGANIZATION