From c001f91b5eaaa588c1d1726edc5e9d0e4c4bf6d4 Mon Sep 17 00:00:00 2001 From: estebanthi Date: Sun, 4 Jan 2026 16:50:30 +0100 Subject: [PATCH] Add SSH support to reusable workflows --- .github/workflows/docker-build-publish.yml | 23 ++++++++++++++++++++++ .github/workflows/node-ci.yml | 18 +++++++++++++++++ .github/workflows/python-uv-ci.yml | 18 +++++++++++++++++ 3 files changed, 59 insertions(+) diff --git a/.github/workflows/docker-build-publish.yml b/.github/workflows/docker-build-publish.yml index 92778da..43bdbea 100644 --- a/.github/workflows/docker-build-publish.yml +++ b/.github/workflows/docker-build-publish.yml @@ -31,6 +31,10 @@ on: required: true ci_token: required: true + ssh_private_key: + required: false + ssh_known_hosts: + required: false jobs: build: @@ -40,6 +44,19 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Start ssh-agent + if: ${{ secrets.ssh_private_key != '' }} + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.ssh_private_key }} + + - name: Add SSH known hosts + if: ${{ secrets.ssh_known_hosts != '' }} + run: | + mkdir -p ~/.ssh + printf '%s\n' "${{ secrets.ssh_known_hosts }}" >> ~/.ssh/known_hosts + chmod 644 ~/.ssh/known_hosts + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -64,6 +81,11 @@ jobs: run: | set -euo pipefail + SSH_FLAGS="" + if [ -n "${SSH_AUTH_SOCK:-}" ]; then + SSH_FLAGS="--ssh default" + fi + echo "$IMAGES" | jq -c '.[]' | while read -r img; do IMAGE_NAME=$(echo "$img" | jq -r '.name') FULL_IMAGE="${{ inputs.registry_host }}/${IMAGE_NAME}" @@ -97,6 +119,7 @@ jobs: --target "$TARGET" \ --cache-from "type=registry,ref=$CACHE_REF" \ --cache-to "type=registry,ref=$CACHE_REF,mode=max" \ + $SSH_FLAGS \ --load \ $TAG_ARGS \ $BUILD_ARG_FLAGS \ diff --git a/.github/workflows/node-ci.yml b/.github/workflows/node-ci.yml index 21af66d..c438f63 100644 --- a/.github/workflows/node-ci.yml +++ b/.github/workflows/node-ci.yml @@ -27,6 +27,11 @@ on: test_command: type: string default: "pnpm test" + secrets: + ssh_private_key: + required: false + ssh_known_hosts: + required: false jobs: quality: @@ -37,6 +42,19 @@ jobs: - name: Checkout source uses: actions/checkout@v4 + - name: Start ssh-agent + if: ${{ secrets.ssh_private_key != '' }} + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.ssh_private_key }} + + - name: Add SSH known hosts + if: ${{ secrets.ssh_known_hosts != '' }} + run: | + mkdir -p ~/.ssh + printf '%s\n' "${{ secrets.ssh_known_hosts }}" >> ~/.ssh/known_hosts + chmod 644 ~/.ssh/known_hosts + - name: Set up Node uses: actions/setup-node@v4 with: diff --git a/.github/workflows/python-uv-ci.yml b/.github/workflows/python-uv-ci.yml index a1004fd..e8c1c39 100644 --- a/.github/workflows/python-uv-ci.yml +++ b/.github/workflows/python-uv-ci.yml @@ -30,6 +30,11 @@ on: test_command: type: string default: "uv run pytest" + secrets: + ssh_private_key: + required: false + ssh_known_hosts: + required: false jobs: quality: @@ -43,6 +48,19 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Start ssh-agent + if: ${{ secrets.ssh_private_key != '' }} + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.ssh_private_key }} + + - name: Add SSH known hosts + if: ${{ secrets.ssh_known_hosts != '' }} + run: | + mkdir -p ~/.ssh + printf '%s\n' "${{ secrets.ssh_known_hosts }}" >> ~/.ssh/known_hosts + chmod 644 ~/.ssh/known_hosts + - name: Set up Python uses: actions/setup-python@v5 with: