search

webfactory / ssh-agent

GitHub Action to setup `ssh-agent` with a private key
MIT License
1.22k stars 253 forks source link

When upgrading from 0.7.0 to 0.8.0, functionality breaks #214

Closed harrlight00 closed 7 months ago

harrlight00 commented 7 months ago

We currently have a service that uses 4 private git repositories. We generated deploy keys for all 4, and included them in our github actions file to deploy it up. It has been working using webfactory/ssh-agent@0.7.0 for a few months, but when we attempt to upgrade to 0.8.0 or 0.9.0, functionality breaks.

This is what our current actions file looks like

      - name: checkout repository
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - uses: webfactory/ssh-agent@v0.7.0
        with:
            ssh-private-key: |
                ${{ secrets.PRIVATE_KEY_1 }}
                ${{ secrets.PRIVATE_KEY_2 }}
                ${{ secrets.PRIVATE_KEY_3 }}
                ${{ secrets.PRIVATE_KEY_4 }}

      ...

      - name: Collect Git and SSH config files in a directory that is part of the Docker build context
        run: |
          mkdir root-config
          cp -r ~/.gitconfig  ~/.ssh root-config/

     ...          

      - name: Build and push
        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/amd64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          ssh: |
            default=${{ env.SSH_AUTH_SOCK }}

When we upgrade to either 0.8.0 or 0.9.0, we then receive this error in the docker/build-push-action step

#13 [build  8/11] RUN --mount=type=ssh    go mod download
#13 1.401 go: github.com/weaviate/wcs-gql-go-client@v1.1.0: reading github.com/weaviate/wcs-gql-go-client/go.mod at revision v1.1.0: git ls-remote -q origin in /go/pkg/mod/cache/vcs/756e48a95fcbc78c1f3d2a669cecdcb76ea13b244d0af236d8833a3fba3bc8c2: exit status 128:
#13 1.401   Host key verification failed.
#13 1.401   fatal: Could not read from remote repository.
#13 1.401   
#13 1.401   Please make sure you have the correct access rights
#13 1.401   and the repository exists.
#13 ERROR: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1
------
 > [build  8/11] RUN --mount=type=ssh    go mod download:
1.401 go: github.com/weaviate/wcs-gql-go-client@v1.1.0: reading github.com/weaviate/wcs-gql-go-client/go.mod at revision v1.1.0: git ls-remote -q origin in /go/pkg/mod/cache/vcs/756e48a95fcbc78c1f3d2a669cecdcb76ea13b244d0af[236](https://github.com/weaviate/wcs-billing-management/actions/runs/8456886311/job/23167773457?pr=180#step:11:240)d8833a3fba3bc8c2: exit status 128:
1.401   Host key verification failed.
1.401   fatal: Could not read from remote repository.
1.401   
1.401   Please make sure you have the correct access rights
1.401   and the repository exists.
------
Dockerfile:12
--------------------
  11 |     
  12 | >>> RUN --mount=type=ssh \
  13 | >>>    go mod download
  14 |     COPY . .
--------------------
ERROR: failed to solve: process "/bin/sh -c go mod download" did not complete successfully: exit code: 1
harrlight00 commented 7 months ago

Might be related to https://github.com/webfactory/ssh-agent/issues/174#issuecomment-1486300082, looking

harrlight00 commented 7 months ago

Yep, adding

      - name: "Add GitHub to the SSH known hosts file"
        run: |
          mkdir -p -m 0700 /home/runner/.ssh
          curl --silent https://api.github.com/meta  | jq --raw-output '"github.com "+.ssh_keys[]' >> /home/runner/.ssh/known_hosts
          chmod 600 /home/runner/.ssh/known_hosts

before the checkout step fixed the issue.