fetchit
fetchit copied to clipboard
containers
access git over ssh rather than http
we want to allow accessing git by ssh, with a provided (private) ssh key mounted to fetchit pod - probably will want this to be the default once we prove it's working - this will also include updating all the workflows to use ssh
as per @josephsawaya 's slack comment, something like this to the fetchit config
git-auth:
ssh:
username: (not recommended)
password: (not recommended)
pat:
see this: https://github.com/go-git/go-git/blob/master/_examples/clone/auth/ssh/main.go
@cooktheryan @djach7 is adding a PR for this :partying_face: and to run w/ ssh auth a user will need to:
podman run --rm -d \
--name fetchit \
-v fetchit-volume:/opt \
-v $HOME/.fetchit:/opt/mount \
-v /run/user/$(id -u)/podman//podman.sock:/run/podman/podman.sock \
-v $HOME/.ssh:/opt/.ssh \
-e SSH_KNOWN_HOSTS=/opt/.ssh/known_hosts \
--security-opt label=disable \
quay.io/fetchit/fetchit-amd:latest
so we'll have to document to add the
-v $HOME/.ssh:/opt/.ssh \
-e SSH_KNOWN_HOSTS=/opt/.ssh/known_hosts \
and also add to the example unit files. We'll look at best way to test this, too, once the PR is open.
absolutely amazing! For the testing we can add a github action secret that contains the contents of an example ssh priv key and then we can just touch a known hosts files
