Add support for SSH git URLs

This commit is contained in:
maride 2023-08-31 19:00:16 +02:00
parent 11edf32c68
commit 30fe61c9c0
4 changed files with 20 additions and 3 deletions

View File

@ -1,7 +1,8 @@
FROM nginx:mainline-alpine FROM nginx:mainline-alpine
# Install hugo # Install hugo
RUN apk add hugo git RUN apk add hugo git openssh bash
# Copy over auxiliary scripts # Copy over auxiliary scripts
COPY aux/* /docker-entrypoint.d/ COPY aux /aux
COPY init/* /docker-entrypoint.d/

View File

@ -12,6 +12,12 @@ If you store your blog data in a git repository, run the container with env `REP
The repository will be pulled and built every 10 minutes. The repository will be pulled and built every 10 minutes.
#### SSH URLs
If you specify a SSH URL (`ssh:// ...`) for your repository, the host key will be automatically pulled and added as trusted host. Make sure to double-check those host keys with your git server - although a [MITM](https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/) scenario is unlikely and won't pose a big risk in the case of blogker. [YMMV](https://www.urbandictionary.com/define.php?term=ymmv), but still, this may be a security risk in some cases.
If you want to pull private repositories, you may need to generate a SSH key for this purpose, and hand in the private key file, e.g. via `-v ./id_rsa:/root/.ssh/id_rsa`.
### Passthrough via Bind ### Passthrough via Bind
To just use a specific directory as the hugo blog contents, run the container with the repository passed through as bind directory: To just use a specific directory as the hugo blog contents, run the container with the repository passed through as bind directory:

10
init/check-ssh.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
SSH_GIT_URL_REGEX="^ssh:\/\/([^@]+@)?([a-z0-9\-\.]+)[:/].*$"
if [[ "$REPO_URL" =~ $SSH_GIT_URL_REGEX ]]; then
echo "Detected SSH repo URL, importing host key"
ssh-keyscan ${BASH_REMATCH[2]} >> /root/.ssh/known_hosts || exit 1
fi
/aux/pull-n-build.sh || exit 1

View File

@ -9,7 +9,7 @@ if [ "$BUILDFREQ" == "" ]; then
fi fi
# Run the pull script regularly # Run the pull script regularly
echo "$BUILDFREQ * * * * /docker-entrypoint.d/pull-n-build.sh" >> /var/spool/cron/crontabs/root echo "$BUILDFREQ * * * * /aux/pull-n-build.sh" >> /var/spool/cron/crontabs/root
# start cron daemon (goes into background) # start cron daemon (goes into background)
crond crond