Mount the entire user SSH directory into build container #489
Conversation
|
Adding some tests sounds like a good idea, however I'm not very experienced with JS tests.
|
jacksgt
force-pushed
the
mount-ssh-dir
branch
7 times, most recently
from
e1d74fb to
43d0469
Compare
|
@miketheman Hey, I tried adding a test, but I'm not sure why the test does not produce a ZIP file (and subsequently fails). |
jacksgt
force-pushed
the
mount-ssh-dir
branch
8 times, most recently
from
d285c58 to
3be471f
Compare
|
@miketheman After a few more attempts I got it working. Could you review the PR again when you find the time? Thanks. |
There was a problem hiding this comment.
This looks great, thanks for taking the time to write the test!
I know that this branch is out of date from master and @bsamuel-ui has been focusing on changing the CI/CD from CircleCI to GitHub Actions - so I'd recommend rebasing/merging after that PR is on master so as to exercise this one more time in the new CI before merging.
jacksgt
force-pushed
the
mount-ssh-dir
branch
2 times, most recently
from
040adee to
12326b5
Compare
|
Since there hasn't been any activity on the github actions PR for a two weeks now, could we merge this one in anyway? |
|
@jacksgt I was looking at that merge conflict, I could sort of resolve that through the editor, but I'm just as likely to screw it up. You just need to make sure your new test is present and is async, and as soon as you can do that we can merge this. |
This enables the user to use an key file format (RSA, ED25519, ...). Additionally, it allows more complex workflows (such as different SSH keys for specfic sites, such as Github or Bitbucket), since the .ssh/config file is also mounted into the container. Fixes serverless#488
This test makes sure the plugin actually mounts the SSH directory into the container, if the dockerizePip and dockerSsh are given. It does this by creating a new known_hosts file and placing the RSA fingerprint of Github inside, then installing a package via Git, which requires this fingerprint to be present in known_hosts. If it is not present, the process will fail. This patch also adds minor debugging output, in case no requirements.txt is found.
jacksgt
force-pushed
the
mount-ssh-dir
branch
from
270ab71 to
0217946
Compare
|
@bsamuel-ui Hey, thanks for getting back on this one and keeping the project going! I rebased on master, but now the test is failing with a git error code that seems to indicate there is no public/private ssh key present on the host machine. |
|
Seeing a bunch of issues here that aren't in other branches. I'm going to take some time to dig into it on Tuesday per #550 |
| t.true(zipfiles.includes(`boto3/__init__.py`), 'boto3 is packaged via ssh'); | ||
| t.end(); | ||
| }, | ||
| { skip: !canUseDocker() } |
There was a problem hiding this comment.
Have you tested this on Windows?
There was a problem hiding this comment.
Nope, not sure if its gonna work on Windows.
There was a problem hiding this comment.
Then the skip section should be skipping the test on Windows, and you can create an issue noting that this functionality doesn't work on Windows yet.
|
Hey, having this issue as well. EDIT But having the same issue. So this does not solve the problem :( |
|
Any move with this? Something I can help with to have this eligible for merge? This is the current source code: // Mount necessary ssh files to work with private repos
if (options.dockerSsh) {
// Mount necessary ssh files to work with private repos
dockerCmd.push(
'-v',
`${process.env.HOME}/.ssh/id_rsa:/root/.ssh/id_rsa:z`,
'-v',
`${process.env.HOME}/.ssh/known_hosts:/root/.ssh/known_hosts:z`,
'-v',
`${process.env.SSH_AUTH_SOCK}:/tmp/ssh_sock:z`,
'-e',
'SSH_AUTH_SOCK=/tmp/ssh_sock'
);
}RSA keys are considered legacy, I don't think it's reasonable to continue expecting (or forcing, pretty much) this format.
Creating a new RSA key and registering it to my GH account worked for me. |
|
Hey @martinezpl - this PR has been dead for a long time - if you'd like to take over and propose a new one, feel free to do so 💯 |
|
Hey @jacksgt - it's been a long time since this PR was proposed. I'm going to close it, if you feel like the issue is valid, please open a new issue or a new PR against the latest main branch. Thanks 🙇 |
This enables the user to use an key file format (RSA, ED25519, ...).
Additionally, it allows more complex workflows (such as different SSH keys for
specfic sites, such as Github or Bitbucket), since the .ssh/config
file is also mounted into the container.
Fixes #488