actions/renovatebot-github
1
0
Fork 0
mirror of https://github.com/renovatebot/github-action.git synced 2025-12-17 01:12:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat: add docker-ssh option to expose SSH credentials to container

Browse source 
Add a new `docker-ssh` input option that allows exposing SSH agent sockets
or keys to the Renovate Docker container via the `--ssh` flag. This enables
Renovate to access private repositories or registries that require SSH
authentication during the build process.

The implementation follows the same pattern as other docker-* options and
includes full documentation with usage examples.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Stefano Polloni 2025-10-21 11:23:12 -04:00
parent 2280560a1d
commit 49e993f921
No known key found for this signature in database
4 changed files with 38 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
README.md
View file

@ -14,6 +14,7 @@ GitHub Action to run Renovate self-hosted.
- [`docker-cmd-file`](#docker-cmd-file) - [`docker-cmd-file`](#docker-cmd-file)
- [`docker-network`](#docker-network) - [`docker-network`](#docker-network)
- [`docker-socket-host-path`](#docker-socket-host-path) - [`docker-socket-host-path`](#docker-socket-host-path)
- [`docker-ssh`](#docker-ssh)
- [`docker-user`](#docker-user) - [`docker-user`](#docker-user)
- [`docker-volumes`](#docker-volumes) - [`docker-volumes`](#docker-volumes)
- [`env-regex`](#env-regex) - [`env-regex`](#env-regex)
@ -120,6 +121,29 @@ Allows the overriding of the host path for the Docker socket that is mounted int
Useful on systems where the host Docker socket is located somewhere other than `/var/run/docker.sock` (the default). Useful on systems where the host Docker socket is located somewhere other than `/var/run/docker.sock` (the default).
Only applicable when `mount-docker-socket` is true. Only applicable when `mount-docker-socket` is true.
### `docker-ssh`
List of SSH agent socket or keys to expose to the build. This is passed to the Docker container via the `--ssh` flag.
This is useful when Renovate needs to access private repositories or registries via SSH during the build process.
Example usage:
```yml
....
jobs:
renovate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.2.2
- name: Self-hosted Renovate
uses: renovatebot/github-action@v43.0.17
with:
token: ${{ secrets.RENOVATE_TOKEN }}
docker-ssh: default=${{ env.SSH_AUTH_SOCK }}
```
### `docker-user` ### `docker-user`
Specify a user (or user-id) to run docker command. Specify a user (or user-id) to run docker command.

5
action.yml
View file

@ -61,6 +61,11 @@ inputs:
Docker volume mounts. Default to /tmp:/tmp Docker volume mounts. Default to /tmp:/tmp
default: /tmp:/tmp default: /tmp:/tmp
required: false required: false
docker-ssh:
description: |
List of SSH agent socket or keys to expose to the build.
This maps to the --ssh flag in docker buildx build.
required: false
runs: runs:
using: node20 using: node20

4
src/input.ts
View file

@ -96,6 +96,10 @@ export class Input {
return getInput('docker-network'); return getInput('docker-network');
} }
getDockerSsh(): string | null {
return getInput('docker-ssh') || null;
}
/** /**
* Convert to environment variables. * Convert to environment variables.
* *

5
src/renovate.ts
View file

@ -70,6 +70,11 @@ export class Renovate {
dockerArguments.push(`--network ${dockerNetwork}`); dockerArguments.push(`--network ${dockerNetwork}`);
} }
const dockerSsh = this.input.getDockerSsh();
if (dockerSsh) {
dockerArguments.push(`--ssh ${dockerSsh}`);
}
dockerArguments.push('--rm', this.docker.image()); dockerArguments.push('--rm', this.docker.image());
if (dockerCmd !== null) { if (dockerCmd !== null) {