Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sshkey option for git based formula dependencies. #302

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

jzandbergen
Copy link
Contributor

@jzandbergen jzandbergen commented Feb 24, 2020

Hi all,

At our company we have our salt-formula's in private git repo's and need to authenticate with a deploy key before we can access them. This PR adds the possibility to use ssh deploy keys for dependencies.

You can specify a key per repo as follows:

...
suites:
  - name: check31
    provisioner:
      name: salt_solo
      is_file_root: true
      loglevel: debug
      require_chef: false
      ssh_key: ~/.ssh/general-deploy-key
      dependencies:
        - name: baseline
          repo: git
          source: [email protected]:acme/baseline-formula.git
        - name: something
          repo: git
          source: [email protected]:acme/something-formula.git
          ssh_key: ~/.ssh/something-deploy-key
...

The only problem I have for now is that this PR needs git version >= 2.3.0 because it relies on the GIT_SSH_COMMAND environment variable. This ssh version is for example not available on CentOS 7.

I am not a developer by trade so let me know if it needs some polishing.

Thanks for considering.

@jzandbergen
Copy link
Contributor Author

Ai, I've noticed it needs a bit more work to contruct proper commands when mixing https/ssh and authn. Please stay tuned for a update

@jzandbergen
Copy link
Contributor Author

I have added a commit with a verified pgp signature. I do not understand why the GPG is now failing?

@s0undt3ch
Copy link
Contributor

The other commits aren't signed, that's why. If you rebase you should be fine.

@jzandbergen
Copy link
Contributor Author

@s0undt3ch,
I see, I'm not sure how to proceed. I'm trying to find out how to rebase but i'm not sure how. Is the following correct?

git remote add upstream https://github.com/saltstack/kitchen-salt.git
git fetch upstream
git checkout task-add-git-ssh-deploykeys
git rebase -S upstream/master
git push --force # yikes?!

@s0undt3ch
Copy link
Contributor

s0undt3ch commented Apr 6, 2020

git remote add upstream https://github.com/saltstack/kitchen-salt.git
git fetch upstream
git checkout task-add-git-ssh-deploykeys
git rebase -i FETCH_HEAD
git push --force # yikes?! yes, yikes! :)

@jzandbergen
Copy link
Contributor Author

So close, yet so far... :)

@jzandbergen
Copy link
Contributor Author

The build fails now on ubuntu because:
On ubuntu 16.04

W: The repository 'https://repo.saltstack.com/apt/ubuntu/16.04/amd64//latest xenial Release' does not have a Release file.

       E: Failed to fetch https://repo.saltstack.com/apt/ubuntu/16.04/amd64//latest/dists/xenial/main/binary-amd64/Packages  404  Not Found

And ubuntu 18.04

       [ERROR   ] stderr: E: The repository 'https://repo.saltstack.com/apt/ubuntu/18.04/amd64//latest bionic Release' does not have a Release file.

       [ERROR   ] retcode: 100

       [ERROR   ] An error was encountered while checking the newest available version of package(s): E: The repository 'https://repo.saltstack.com/apt/ubuntu/18.04/amd64//latest bionic Release' does not have a Release file.

@s0undt3ch
Copy link
Contributor

Sorry, we now have conflicts, could you please resolve them?

@jzandbergen
Copy link
Contributor Author

Back to fixing the build....
Command "/usr/bin/python2 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-yFwp2Z/salt/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-G_UBTl-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-yFwp2Z/salt/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants