feat: update helm-repo-updater to be able to use a string input for SSH Private Key (#28)

Author: xoanmm

.github/workflows/release.yaml

@@ -19,24 +19,11 @@ jobs:
       - name: Unshallow
         run: git fetch --prune --unshallow
 
-      - name: Set Docker Image Registry Env
-        run: |
-          echo DOCKER_IMAGE_REGISTRY=$(echo "${{ env.REGISTRY}}/${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
-
-
       - name: Set up Go
         uses: actions/setup-go@v1
         with:
           go-version: 1.17.x
 
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v1
-        with:
-          version: latest
-          args: release --rm-dist
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Get the version to publish
         id: get_version
         run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/v}
@@ -55,3 +42,11 @@ jobs:
         run: make publish
         env:
           VERSION: ${{ steps.get_version.outputs.VERSION }}
+
+      - name: Run GoReleaser to publish release
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: v1.6.1
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -40,8 +40,8 @@ This repo aims to manage the development of `helm-repo-updater`, a CLI tool whos
     Flags:
           --app-name string                  app name
           --dry-run                          run in dry-run mode. If set to true, do not perform any changes
-          --git-branch string                branch (default "develop")
-          --git-commit-email string          E-Mail address to use for Git commits
+          --git-branch string                git repo branch (default "develop")
+          --git-commit-email string          e-mail address to use for Git commits
           --git-commit-user string           Username to use for Git commits
           --git-dir string                   file eg. /production/charts/
           --git-file string                  file eg. values.yaml
@@ -50,7 +50,8 @@ This repo aims to manage the development of `helm-repo-updater`, a CLI tool whos
           --helm-key-values stringToString   helm key-values sets (default [])
       -h, --help                             help for run
           --logLevel string                  set the loglevel to one of trace|debug|info|warn|error (default "info")
-          --ssh-private-key string           ssh private key (only using
+          --ssh-private-key string           ssh private key
+          --ssh-private-key-inline           ssh private key inline creation, if true it will use ssh-private-key as input for create ssh private key file in temporal directory
 
     Global Flags:
           --config string   config file (default is $HOME/.helm-repo-updater.yaml)

cmd/run.go

@@ -31,6 +31,8 @@ const (
 	AppName = "app-name"
 	// SSHPrivateKey is the location of the SSH private key used for auth
 	SSHPrivateKey = "ssh-private-key"
+	// UseSSHPrivateKeyAsInline indicates if the SSHPrivateKey is going to be created based in a string provided
+	UseSSHPrivateKeyAsInline = "use-ssh-private-key-as-inline"
 	// DryRun is going to indicate if the changes are going to be committed or not
 	DryRun = "dry-run"
 	// LogLevel will indicate the log level
@@ -74,6 +76,8 @@ var runCmd = &cobra.Command{
 		}
 
 		var updateApps []updater.ChangeEntry
+		var tpl *template.Template
+		var err error
 		for k, v := range helmKVs {
 			updateApps = append(updateApps, updater.ChangeEntry{
 				Key:      k,
@@ -95,15 +99,13 @@ var runCmd = &cobra.Command{
 
 		logCtx := log.WithContext().AddField("application", appName)
 
-		if tpl, err := template.New("commitMessage").Parse(git.DefaultGitCommitMessage); err != nil {
+		if tpl, err = template.New("commitMessage").Parse(git.DefaultGitCommitMessage); err != nil {
 			logCtx.Fatalf("could not parse commit message template: %v", err)
 
 			return
-		} else {
-			logCtx.Debugf("Successfully parsed commit message template")
-
-			gitConf.Message = tpl
 		}
+		logCtx.Debugf("Successfully parsed commit message template")
+		gitConf.Message = tpl
 
 		cfg = updater.HelmUpdaterConfig{
 			DryRun:         dryRun,
@@ -115,7 +117,7 @@ var runCmd = &cobra.Command{
 			GitConf:        gitConf,
 		}
 
-		if err := runImageUpdater(cfg); err != nil {
+		if err = runImageUpdater(cfg); err != nil {
 			logCtx.Errorf("Error trying to update the %s application: %v", appName, err)
 		}
 	},
@@ -146,14 +148,15 @@ func init() {
 	rootCmd.AddCommand(runCmd)
 
 	runCmd.Flags().String(GitCommitUser, "", "Username to use for Git commits")
-	runCmd.Flags().String(GitCommitEmail, "", "E-Mail address to use for Git commits")
+	runCmd.Flags().String(GitCommitEmail, "", "e-mail address to use for Git commits")
 	runCmd.Flags().String(GitPassword, "", "Password for github user")
-	runCmd.Flags().String(GitBranch, "develop", "branch")
+	runCmd.Flags().String(GitBranch, "develop", "git repo branch")
 	runCmd.Flags().String(GitRepoURL, "", "git repo url")
 	runCmd.Flags().String(GitFile, "", "file eg. values.yaml")
 	runCmd.Flags().String(GitDir, "", "file eg. /production/charts/")
 	runCmd.Flags().String(AppName, "", "app name")
 	runCmd.Flags().String(SSHPrivateKey, "", "ssh private key")
+	runCmd.Flags().Bool(UseSSHPrivateKeyAsInline, false, "ssh private key inline creation, if true it will use ssh-private-key as input for create ssh private key file in temporal directory")
 	runCmd.Flags().Bool(DryRun, false, "run in dry-run mode. If set to true, do not perform any changes")
 	runCmd.Flags().String(LogLevel, "info", "set the loglevel to one of trace|debug|info|warn|error")
 	runCmd.Flags().StringToString(HelmKeyValues, nil, "helm key-values sets")

goreleaser.yml

@@ -14,6 +14,17 @@ builds:
       - amd64
       - arm64
 
+release:
+  github:
+    owner: DocPlanner
+    name: helm-repo-updater
+  footer: |
+    ## Docker Images
+    - `docplanner/helm-repo-updater:{{ trimprefix .Tag "v" }}`
+    - `docplanner/helm-repo-updater:latest`
+    - `ghcr.io/docplanner/helm-repo-updater:{{ trimprefix .Tag "v" }}`
+    - `ghcr.io/docplanner/helm-repo-updater:latest`
+
 changelog:
   sort: desc
 

internal/app/git/creds.go

@@ -2,9 +2,11 @@ package git
 
 import (
 	"fmt"
+	"os"
 	"regexp"
 
 	"github.com/docplanner/helm-repo-updater/internal/app/log"
+	app_utils "github.com/docplanner/helm-repo-updater/internal/app/utils"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
@@ -17,10 +19,11 @@ var (
 
 // Credentials is a git credential config
 type Credentials struct {
-	Username   string
-	Password   string
-	Email      string
-	SSHPrivKey string
+	Username             string
+	Password             string
+	Email                string
+	SSHPrivKey           string
+	SSHPrivKeyFileInline bool
 }
 
 // NewGitCreds returns credentials for use with go-git library
@@ -57,8 +60,20 @@ func isHTTPSURL(url string) bool {
 
 // generateAuthForSSH generate the necessary public keys as auth for git repository using
 // the provided privateKeyFile containing a valid SSH private key
-func generateAuthForSSH(repoURL string, userName string, privateKeyFile string, password string) (ssh.AuthMethod, error) {
-	publicKeys, err := ssh.NewPublicKeysFromFile("git", privateKeyFile, password)
+func generateAuthForSSH(repoURL string, userName string, privateKeyFile string, SSHPrivKeyFileInline bool, password string) (ssh.AuthMethod, error) {
+	sshPrivKeyFileName := privateKeyFile
+	if SSHPrivKeyFileInline {
+		sshPrivKeyFile, err := app_utils.CreateAndWriteContentInTempFile("sshPrivKey", privateKeyFile)
+		if err != nil {
+			return nil, err
+		}
+		sshPrivKeyFileName = sshPrivKeyFile.Name()
+		// close and remove the temporary file at the end of the program
+		defer sshPrivKeyFile.Close()
+		defer os.Remove(sshPrivKeyFileName)
+		log.Infof("Generated file in %s location with content of SSH private key provided as input", sshPrivKeyFileName)
+	}
+	publicKeys, err := ssh.NewPublicKeysFromFile("git", sshPrivKeyFileName, password)
 	if err != nil {
 		log.Warnf("generate publickeys failed: %s\n", err.Error())
 		return nil, err
@@ -69,7 +84,7 @@ func generateAuthForSSH(repoURL string, userName string, privateKeyFile string,
 // fromSSH generate a valid credentials using ssh key
 func (c Credentials) fromSSH(repoURL string, password string) (ssh.AuthMethod, error) {
 	if c.allowsSSHAuth() {
-		sshPublicKeys, err := generateAuthForSSH(repoURL, c.Username, c.SSHPrivKey, password)
+		sshPublicKeys, err := generateAuthForSSH(repoURL, c.Username, c.SSHPrivKey, c.SSHPrivKeyFileInline, password)
 		if err != nil {
 			return nil, err
 		}

internal/app/git/creds_test.go

@@ -14,10 +14,17 @@ const (
 	validGitCredentialsUsername  = "test-user"
 	validGitCredentialsPassword  = "test-password"
 	validSSHPrivKeyRelativeRoute = "/test-git-server/private_keys/helm-repo-updater-test"
-	validGitRepoSSHURL           = "git@github.com:kubernetes/kubernetes.git"
-	validGitRepoHTTPSURL         = "https://github.com/kubernetes/kubernetes.git"
-	invalidGitRepoURL            = "github.com/kubernetes/kubernetes.git"
-	invalidPrivKeyRoute          = "/tmp/key-dont-exists"
+	validSSHPrivKeyString        = `-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCNAv45QMrXuGuWk7uadYNOlL1B2q/g2pw1g+xP5oD/EQAAAJjmelMZ5npT
+GQAAAAtzc2gtZWQyNTUxOQAAACCNAv45QMrXuGuWk7uadYNOlL1B2q/g2pw1g+xP5oD/EQ
+AAAEA8ubLuVW5jc+Q9a2divLLVfm0Up+eus/9f7/HvACUD2o0C/jlAyte4a5aTu5p1g06U
+vUHar+DanDWD7E/mgP8RAAAAFWRldm9wc0Bkb2NwbGFubmVyLmNvbQ==
+-----END OPENSSH PRIVATE KEY-----`
+	validGitRepoSSHURL   = "git@github.com:kubernetes/kubernetes.git"
+	validGitRepoHTTPSURL = "https://github.com/kubernetes/kubernetes.git"
+	invalidGitRepoURL    = "github.com/kubernetes/kubernetes.git"
+	invalidPrivKeyRoute  = "/tmp/key-dont-exists"
 )
 
 func TestNewCredsSSHURLSSHPrivKey(t *testing.T) {
@@ -44,6 +51,25 @@ func TestNewCredsSSHURLSSHPrivKey(t *testing.T) {
 	assert.DeepEqual(t, creds.String(), expectedCredsString)
 }
 
+func TestNewCredsSSHURLSSHPrivKeyFromString(t *testing.T) {
+	g := Credentials{
+		Username:             validGitCredentialsUsername,
+		Email:                validGitCredentialsEmail,
+		SSHPrivKey:           validSSHPrivKeyString,
+		SSHPrivKeyFileInline: true,
+	}
+
+	repoURL := validGitRepoSSHURL
+
+	creds, err := g.NewGitCreds(repoURL, g.Password)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	expectedCredsString := "user: git, name: ssh-public-keys"
+	assert.DeepEqual(t, creds.String(), expectedCredsString)
+}
+
 func TestNewCredsHTPPSURLUsernamePassword(t *testing.T) {
 
 	g := Credentials{

internal/app/updater/commit.go

@@ -285,7 +285,6 @@ func commitChangesGit(cfg HelmUpdaterConfig, write changeWriter) (*[]ChangeEntry
 	var apps []ChangeEntry
 
 	logCtx := log.WithContext().AddField("application", cfg.AppName)
-
 	creds, err := cfg.GitCredentials.NewGitCreds(cfg.GitConf.RepoURL, cfg.GitCredentials.Password)
 	if err != nil {
 		return nil, fmt.Errorf("could not get creds for repo '%s': %v", cfg.AppName, err)

internal/app/updater/commit_test.go

@@ -2,6 +2,7 @@ package updater
 
 import (
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os"
 	"testing"
@@ -181,6 +182,63 @@ func TestUpdateApplicationDryRun(t *testing.T) {
 	assert.DeepEqual(t, *apps, changeEntries)
 }
 
+func TestUpdateApplicationDryRunSSHPrivKeyString(t *testing.T) {
+	sshPrivKeyRoute, err := app_utils.GetRouteRelativePath(2, validSSHPrivKeyRelativeRoute)
+	if err != nil {
+		log.Fatal(err)
+	}
+	content, err := ioutil.ReadFile(*sshPrivKeyRoute)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Convert []byte to string
+	validSSHPrivKeyString := string(content)
+	gCred := git.Credentials{
+		Email:                validGitCredentialsEmail,
+		Username:             validGitCredentialsUsername,
+		SSHPrivKey:           validSSHPrivKeyString,
+		SSHPrivKeyFileInline: true,
+	}
+
+	validGitRepoURL := getSSHRepoHostnameAndPort() + validGitRepoRoute
+
+	gConf := git.Conf{
+		RepoURL: validGitRepoURL,
+		Branch:  validGitRepoBranch,
+		File:    "",
+	}
+
+	changeEntry := ChangeEntry{
+		OldValue: "1.0.0",
+		NewValue: "1.1.0",
+		File:     "",
+		Key:      ".image.tag",
+	}
+	changeEntries := []ChangeEntry{
+		changeEntry,
+	}
+
+	cfg := HelmUpdaterConfig{
+		DryRun:         true,
+		LogLevel:       "info",
+		AppName:        validHelmAppName,
+		UpdateApps:     changeEntries,
+		File:           validHelmAppFileToChange,
+		GitCredentials: &gCred,
+		GitConf:        &gConf,
+	}
+
+	syncState := NewSyncIterationState()
+	apps, err := UpdateApplication(cfg, syncState)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	assert.DeepEqual(t, *apps, changeEntries)
+}
+
 func TestUpdateApplicationDryRunInvalidFile(t *testing.T) {
 
 	sshPrivKeyRoute, err := app_utils.GetRouteRelativePath(2, validSSHPrivKeyRelativeRoute)

internal/app/utils/route_utils.go

@@ -19,3 +19,21 @@ func GetRouteRelativePath(numRelativePath int, relativePath string) (*string, er
 	finalPath = finalPath + relativePath
 	return &finalPath, nil
 }
+
+// CreateAndWriteContentInTempFile writes the string content in a temporary file
+// based in a pattern and creating the file in the default tmpDir of the machine
+func CreateAndWriteContentInTempFile(tempFilePattern string, content string) (*os.File, error) {
+	// create and open a temporary file
+	f, err := os.CreateTemp(os.TempDir(), tempFilePattern)
+	if err != nil {
+		return nil, err
+	}
+
+	// write data to the temporary file
+	data := []byte(content)
+	if _, err := f.Write(data); err != nil {
+		return nil, err
+	}
+
+	return f, nil
+}