pipe-cd · t-kikuc · Oct 7, 2024 · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024
@@ -62,7 +62,8 @@ Flags:
       --git-branch string                     Branch of git repository to for Piped config.
       --git-piped-config-file string          Relative path within git repository to locate Piped config file.
       --git-repo-url string                   The remote URL of git repository to fetch Piped config.
-      --git-ssh-key-file string               The path to SSH private key to fetch private git repository.
+      --git-ssh-key-env string                The name of environment variable of SSH private key to fetch Piped config from the private git repository.
+      --git-ssh-key-file string               The path to SSH private key to fetch Piped config from private git repository.
       --grace-period duration                 How long to wait for graceful shutdown. (default 30s)
   -h, --help                                  help for launcher
       --home-dir string                       The working directory of Launcher.

@@ -73,6 +73,7 @@
 	gitBranch                      string
 	gitPipedConfigFile             string
 	gitSSHKeyFile                  string
+	gitSSHKeyEnv                   string
 	insecure                       bool
 	certFile                       string
 	homeDir                        string
@@ -119,7 +120,8 @@
 	cmd.Flags().StringVar(&l.gitRepoURL, "git-repo-url", l.gitRepoURL, "The remote URL of git repository to fetch Piped config.")
 	cmd.Flags().StringVar(&l.gitBranch, "git-branch", l.gitBranch, "Branch of git repository to for Piped config.")
 	cmd.Flags().StringVar(&l.gitPipedConfigFile, "git-piped-config-file", l.gitPipedConfigFile, "Relative path within git repository to locate Piped config file.")
-	cmd.Flags().StringVar(&l.gitSSHKeyFile, "git-ssh-key-file", l.gitSSHKeyFile, "The path to SSH private key to fetch private git repository.")
+	cmd.Flags().StringVar(&l.gitSSHKeyFile, "git-ssh-key-file", l.gitSSHKeyFile, "The path to SSH private key to fetch Piped config from the private git repository.")
+	cmd.Flags().StringVar(&l.gitSSHKeyEnv, "git-ssh-key-env", l.gitSSHKeyEnv, "The name of environment variable of SSH private key to fetch Piped config from the private git repository.")
 
 	cmd.Flags().BoolVar(&l.insecure, "insecure", l.insecure, "Whether disabling transport security while connecting to control-plane.")
 	cmd.Flags().StringVar(&l.certFile, "cert-file", l.certFile, "The path to the TLS certificate file.")
@@ -146,6 +148,7 @@
 		"git-branch":                          {},
 		"git-piped-config-file":               {},
 		"git-ssh-key-file":                    {},
+		"git-ssh-key-env":                     {},
 		"home-dir":                            {},
 		"default-version":                     {},
 		"launcher-admin-port":                 {},
@@ -181,6 +184,9 @@
 		if l.gitPipedConfigFile == "" {
 			return fmt.Errorf("git-piped-config-path must be set to load config from a git repository")
 		}
+		if l.gitSSHKeyFile != "" && l.gitSSHKeyEnv != "" {
+			return fmt.Errorf("only one of git-ssh-key-file and git-ssh-key-env can be set")
+		}
 	}
 	return nil
 }
@@ -227,6 +233,21 @@
 		if l.gitSSHKeyFile != "" {
 			options = append(options, git.WithGitEnv(fmt.Sprintf("GIT_SSH_COMMAND=ssh -i %s -o StrictHostKeyChecking=no -F /dev/null", l.gitSSHKeyFile)))
 		}
+		if l.gitSSHKeyEnv != "" {
+			key := os.Getenv(l.gitSSHKeyEnv)
+			tmpKeyFile, err := os.CreateTemp("", "git-ssh-key-env")
+			if err != nil {
+				return fmt.Errorf("failed to create a temp file for SSH key from env (%w)", err)
+			}
+			key += "\n" // Without this, the key will be invalid.
+			if _, err = tmpKeyFile.WriteString(key); err != nil {
+				return fmt.Errorf("failed to write SSH key to a temp file from env %s (%w)", l.gitSSHKeyEnv, err)
+			}
+
+			options = append(options, git.WithGitEnv(fmt.Sprintf("GIT_SSH_COMMAND=ssh -i %s -o StrictHostKeyChecking=no -F /dev/null", tmpKeyFile.Name())))
+			defer os.Remove(tmpKeyFile.Name())
+		}
+
 		gc, err := git.NewClient(options...)
 		if err != nil {
 			input.Logger.Error("failed to initialize git client", zap.Error(err))