feat: Support dockerPrivateKey to specify path to SSH key

README.md

@@ -77,8 +77,20 @@ custom:
 ```
 
 The `dockerSsh` option will mount your `$HOME/.ssh/id_rsa` and `$HOME/.ssh/known_hosts` as a
-volume in the docker container. If your SSH key is password protected, you can use `ssh-agent`
-because `$SSH_AUTH_SOCK` is also mounted & the env var set.
+volume in the docker container.
+
+In case you want to use a different key, you can specify the path (absolute) to it through `dockerPrivateKey` option:
+
+```yaml
+custom:
+  pythonRequirements:
+    dockerizePip: true
+    dockerSsh: true
+    dockerPrivateKey: /home/.ssh/id_ed25519
+```
+
+If your SSH key is password protected, you can use `ssh-agent`
+because `$SSH_AUTH_SOCK` is also mounted & the env var is set.
 It is important that the host of your private repositories has already been added in your
 `$HOME/.ssh/known_hosts` file, as the install process will fail otherwise due to host authenticity
 failure.
@@ -213,7 +225,7 @@ the names in `slimPatterns`
 
 #### Option not to strip binaries
 
-In some cases, stripping binaries leads to problems like "ELF load command address/offset not properly aligned", even when done in the Docker environment. You can still slim down the package without `*.so` files with
+In some cases, stripping binaries leads to problems like "ELF load command address/offset not properly aligned", even when done in the Docker environment. You can still slim down the package without `*.so` files with:
 
 ```yaml
 custom:
@@ -566,3 +578,4 @@ package:
 - [@jacksgt](https://github.com/jacksgt) - Fixing pip issues
 - [@lephuongbg](https://github.com/lephuongbg) - Fixing single function deployment
 - [@rileypriddle](https://github.com/rileypriddle) - Introducing schema validation for `module` property
+- [@martinezpl](https://github.com/martinezpl) - Fixing test issues, adding `dockerPrivateKey` option

index.js

@@ -15,7 +15,6 @@ const { installAllRequirements } = require('./lib/pip');
 const { pipfileToRequirements } = require('./lib/pipenv');
 const { pyprojectTomlToRequirements } = require('./lib/poetry');
 const { cleanup, cleanupCache } = require('./lib/clean');
-
 BbPromise.promisifyAll(fse);
 
 /**
@@ -45,6 +44,7 @@ class ServerlessPythonRequirements {
             : this.serverless.service.provider.runtime || 'python',
         dockerizePip: false,
         dockerSsh: false,
+        dockerPrivateKey: null,
         dockerImage: null,
         dockerFile: null,
         dockerEnv: false,
@@ -71,7 +71,10 @@ class ServerlessPythonRequirements {
     }
     if (
       !options.dockerizePip &&
-      (options.dockerSsh || options.dockerImage || options.dockerFile)
+      (options.dockerSsh ||
+        options.dockerImage ||
+        options.dockerFile ||
+        options.dockerPrivateKey)
     ) {
       if (!this.warningLogged) {
         if (this.log) {

lib/pip.js

@@ -275,12 +275,16 @@ async function installRequirements(targetFolder, pluginInstance) {
 
       dockerCmd.push('docker', 'run', '--rm', '-v', `${bindPath}:/var/task:z`);
       if (options.dockerSsh) {
+        const homePath = require('os').homedir();
+        const sshKeyPath =
+          options.dockerPrivateKey || `${homePath}/.ssh/id_rsa`;
+
         // Mount necessary ssh files to work with private repos
         dockerCmd.push(
           '-v',
-          `${process.env.HOME}/.ssh/id_rsa:/root/.ssh/id_rsa:z`,
+          `${sshKeyPath}:/root/.ssh/${sshKeyPath.split('/').splice(-1)[0]}:z`,
           '-v',
-          `${process.env.HOME}/.ssh/known_hosts:/root/.ssh/known_hosts:z`,
+          `${homePath}/.ssh/known_hosts:/root/.ssh/known_hosts:z`,
           '-v',
           `${process.env.SSH_AUTH_SOCK}:/tmp/ssh_sock:z`,
           '-e',

test.js

@@ -200,6 +200,30 @@ const canUseDocker = () => {
 // Skip if running on these platforms.
 const brokenOn = (...platforms) => platforms.indexOf(process.platform) != -1;
 
+test(
+  'can package private repo with dockerPrivateKey option',
+  async (t) => {
+    process.chdir('tests/base');
+    const path = npm(['pack', '../..']);
+    npm(['i', path]);
+    sls(['package'], {
+      env: {
+        dockerizePip: true,
+        dockerSsh: true,
+        dockerPrivateKey: `${__dirname}${sep}tests${sep}base${sep}id_ed25519`,
+        fileName: 'requirements-w-git-ssh.txt',
+      },
+    });
+    const zipfiles = await listZipFiles('.serverless/sls-py-req-test.zip');
+    t.true(
+      zipfiles.includes(`dockerPrivateKey_test/__init__.py`),
+      'private repo accessed with specified key'
+    );
+    t.end();
+  },
+  { skip: !canUseDocker() || brokenOn('win32') }
+);
+
 test(
   'default pythonBin can package flask with default options',
   async (t) => {

tests/base/id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAns3vFG1eJtPnqVRylDQsyu4QGpkvqlH/mj8N6eYIqXAAAAKDM80pnzPNK
+ZwAAAAtzc2gtZWQyNTUxOQAAACAns3vFG1eJtPnqVRylDQsyu4QGpkvqlH/mj8N6eYIqXA
+AAAECYfiON2DfcWuu1uDsUs5INIh1adTbdwSmWa1khvvAawyeze8UbV4m0+epVHKUNCzK7
+hAamS+qUf+aPw3p5gipcAAAAG2Zpc2hlcm1hbm5ATWFyY2lucy1BaXIuaG9tZQEC
+-----END OPENSSH PRIVATE KEY-----

tests/base/requirements-w-git-ssh.txt

@@ -0,0 +1,2 @@
+flask
+git+ssh://[email protected]/martinezpl/[email protected]#egg=dockerPrivateKey_test

tests/base/serverless.yml

@@ -10,6 +10,8 @@ custom:
   pythonRequirements:
     zip: ${env:zip, self:custom.defaults.zip}
     dockerizePip: ${env:dockerizePip, self:custom.defaults.dockerizePip}
+    dockerSsh: ${env:dockerSsh, self:custom.defaults.dockerSsh}
+    dockerPrivateKey: ${env:dockerPrivateKey, self:custom.defaults.dockerPrivateKey}
     slim: ${env:slim, self:custom.defaults.slim}
     slimPatterns: ${file(./slimPatterns.yml):slimPatterns, self:custom.defaults.slimPatterns}
     slimPatternsAppendDefaults: ${env:slimPatternsAppendDefaults, self:custom.defaults.slimPatternsAppendDefaults}
@@ -24,6 +26,8 @@ custom:
     slimPatternsAppendDefaults: true
     zip: false
     dockerizePip: false
+    dockerSsh: false
+    dockerPrivateKey: ''
     individually: false
     useStaticCache: true
     useDownloadCache: true