Using SSH_AUTH_SOCK (ssh agent forwarding) to pull upm private repos

[ivan-hernandez-scopely]

Changes

• This PR is a proposal to fix this issue: Can't fetch private UPM Packages from github because can't add my github credentials to Unity #161
• In order to get the SSH_AUTH_SOCK we used Advised usage for docker integration webfactory/ssh-agent#11
• sshAgent is an optional input parameter.

Usage

      - name: Setup SSH Agent
        uses: webfactory/ssh-agent@v0.5.2
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Unity Builder
        uses: ivan-hernandez-scopely/unity-builder@feature/ssh-agent-for-private-upm
        env:
          UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
          UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
          UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
        with:
          projectPath: ${{ matrix.projectPath }}
          targetPlatform: ${{ matrix.targetPlatform }}
          sshAgent: ${{ env.SSH_AUTH_SOCK }}

Checklist

• Read the contribution guide and accept the code of conduct
• Readme (updated or not needed)
• Tests (added, updated or not needed)

[github-actions]

[webbertakken]

This looks like a great approach to me.

The hardest part about merging this is actually figuring out whether this would be the default approach that we'll support from here on forward (or risk bc break in future versions) @davidmfinol @GabLeRoux @frostebite please let me know your thoughts on this.

[webbertakken]

I think we should add openssh-client to the base image. We've been trying to work around it but use cases keep popping up that require this.

Does your use-case work without recommends (how we usually install packages in the base image)?

[frostebite]

@webbertakken is there any alternative? My understanding is this demonstrates a situation we simply need it?

[webbertakken]

I agree. I think we need this, but not as part of builder. This is why I'm suggesting to move it to the base image.

The base image installs everything with the flag --no-install-recommends, to keep the image as small as possible.

The reason I'm asking is that it would be too much for me to check these kind of things for every PR by myself (as it requires reproducing exact use cases).

[webbertakken]

What made you chose this approach over mounting ~/.ssh/ (which is an existing mount)?

[codecov-commenter]

Codecov Report

Merging #256 (c28d546) into main (71ca7bd) will decrease coverage by 0.10%.
The diff coverage is 40.00%.

@@            Coverage Diff             @@
##             main     #256      +/-   ##
==========================================
- Coverage   56.32%   56.21%   -0.11%     
==========================================
  Files          23       23              
  Lines         767      772       +5     
  Branches      143      147       +4     
==========================================
+ Hits          432      434       +2     
- Misses        334      337       +3     
  Partials        1        1              

Impacted Files	Coverage Δ
src/model/build-parameters.ts	100.00% <ø> (ø)
src/model/docker.ts	17.64% <0.00%> (-3.79%)	⬇️
src/model/input.ts	100.00% <100.00%> (ø)

[webbertakken]

Great work. Thank you very much!

Note that this will start working only after 0.14 of the docker images has been released.

[uchar]

@ivan-hernandez-scopely Does your solution works with private GitHub repositories?

[ivan-hernandez-scopely]

@ivan-hernandez-scopely Does your solution works with private GitHub repositories?

Note that this will start working only after 0.14 of the docker images has been released

@uchar yes. Notice that you need to provide the ssh private key to the webfactory/ssh-agent as a github secret:

• https://github.com/XXX/YYY/settings/secrets/actions

And setup its ssh public key in:

• https://github.com/settings/keys

[uchar]

@webbertakken When does the new version going to release?

[webbertakken]

@uchar I should have time in the weekend.

In the meantime you can use the specific commit hash until the new version is there.

[ivan-hernandez-scopely]

@uchar I should have time in the weekend.

In the meantime you can use the specific commit hash until the new version is there.

But this commit hash will require the docker images 0.14 released. right?

[webbertakken]

Oh yes, you're right. I was waiting for game-ci/docker#116 to be merged for that. It's currently pending a last change.

[uchar]

@webbertakken Can you please release the new version, I really need this 🙏

[webbertakken]

Thanks for the heads-up. Indeed, the other PR doesn't seem to be moving as fast as we'd hoped.

I just released a new version for both docker and builder. Please follow the progress of the docker images on our image versions page. Please allow up to 24 hours for all of them to be published.