feat: add SSH repository URL support#118
Merged
creydr merged 10 commits intofunctions-dev:mainfrom Apr 30, 2026
Merged
Conversation
Switch URL parsing to go-git's transport.ParseURL() which handles SCP-style (git@host:path), ssh://, http://, and https:// URLs. Add SSH auth support with private key, optional passphrase, and optional known_hosts verification. Simplify temp directory naming.
Add CreateSSHKey and SSHRepoURL to RepositoryProvider interface. Add WithSSHKey option for InitializeRepoWithFunction to push via SSH. Read SSH endpoint from gitea-endpoint ConfigMap during client init.
Add tests for public SSH repos, private SSH repos with key auth, and private SSH repos without auth (expected failure). Extend auth error matcher with SSH-specific error patterns.
Document SSH key authentication secret format with sshPrivateKey, sshPrivateKeyPassword, and known_hosts fields. Add Function CR examples for both private and public SSH repos. Update API reference table with supported URL formats.
Check error return from tmpFile.Close() and extract repeated "ssh" string literal into constant.
ssh.PublicKeys with a nil Signer panics when go-git calls ClientConfig(). Use ssh.Password with empty password instead, which creates a valid SSH config for public repo access.
go-git's SSH transport falls back to loading known_hosts when HostKeyAlgorithms is empty, even if HostKeyCallback is set. Build the gossh.ClientConfig directly instead of using ssh.Password or ssh.PublicKeys, setting both HostKeyCallback and HostKeyAlgorithms to prevent the known_hosts fallback in the operator container.
Gitea requires SSH key authentication for all SSH connections, even to public repos. The public SSH test now generates a keypair and provides it via authSecretRef. Also extracts a helper to deduplicate the SSH Function creation logic across test contexts.
go-git's SSH transport tries to load known_hosts for HostKeyAlgorithms even when HostKeyCallback is already set, which fails in containers. Document why we build gossh.ClientConfig directly instead of using go-git's built-in SSH auth types.
…g builder Create an empty ~/.ssh/known_hosts in NewManager() so go-git's SSH transport can resolve host key algorithms without error. This lets us use gitssh.Password and gitssh.NewPublicKeys directly, removing the custom sshAuthFunc type and defaultHostKeyAlgorithms list.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
git@host:path) and standard (ssh://git@host/path)sshPrivateKeysecret field, with optionalsshPrivateKeyPasswordandknown_hostsfor host key verification