oxsecurity
how can i run megalinter if my code has private dependencies?
on my machine i can run "go mod download" which uses my ssh agent to resolve private deps. but when i try running "mega-linter-runner" it fails since it doesnt have access to private github repos.
i've already handled such cases with "docker build --ssh=default" but here im not sure what is the correct approach.
help would be appreciated 🙏
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@buzzdan did you try PRE_COMMANDS ? :)
https://megalinter.io/latest/config-precommands/
Since megalinter run inside a container i am looking for a way to use volumes to share my ssh key locally, or maybe pass it in as env var and use pre-commands to fetch it and add it to a local ssh agent
@buzzdan do you have a full example of commands that you need to get your external private dependencies ? (With example variables that you would need ?)
With such info i'll try to find a way for you pass that to MegaLinter
ok so lets say i have a Golang lib in my organization GitHub with internal/private privileges (github.com/org-name/internal-lib)
the only way you can run go mod download is if you have an ssh key installed in your ssh-agent:
~/.ssh/config:
Host github.com
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
in order to make go know it needs to fetch ssh and not http we need to configure it to do so:
git config --global url."[email protected]:org-name/".insteadOf "https://github.com/org-name/"
now when i run go mod download it will start fetching dependencies and any org dep will be fetched via ssh using my own ssh key
in github actions i currently use deploy-keys which is also a set of ssh keys so in order to make megalinter work we need the ability to safely load the ssh keys inside the container maybe start the container with a shared volume or something like that.
i gave you an example in go but i know it can be an issue with any language. thank you 🙏
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.
@buzzdan if you need to share volumes, you need to call MegaLinter manually with docker run (and not use the Github action)
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8
https://megalinter.io/latest/install-docker/
Note: if you want to use integration, you'll have to add variables
Advanced example:
docker run --rm \
-e GITHUB_SHA=$GITHUB_SHA \
-e GITHUB_REF=$GITHUB_REF \
-e GITHUB_REPOSITORY=$GITHUB_REPOSITORY \
[...+ all variables required by your integration......]
-v /var/run/docker.sock:/var/run/docker.sock:rw \
-v $(pwd):/tmp/lint:rw \
oxsecurity/megalinter:v8
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.