flxbl/sfp-server-mangement-template
22
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SSH key permissions inside Docker container

Browse Source 
Run container as root and chmod the mounted SSH key before
executing the sfp CLI command.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
azlam-salam
2026-04-14 11:26:03 +10:00
parent 44020ee09f
commit 00a2a1347a
2 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/init.yml
+13 -3
View File
@@ -97,15 +97,25 @@ jobs:
fi fi
# Run sfp CLI from inside the Docker image # Run sfp CLI from inside the Docker image
# Copy SSH key into a temp dir with correct permissions (container may not run as root)
SSH_DIR=$(mktemp -d)
cp ~/.ssh/deploy_key "$SSH_DIR/deploy_key"
cp ~/.ssh/known_hosts "$SSH_DIR/known_hosts"
chmod 600 "$SSH_DIR/deploy_key"
chmod 644 "$SSH_DIR/known_hosts"
docker run --rm \ docker run --rm \
-v ~/.ssh/deploy_key:/root/.ssh/deploy_key:ro \ --user root \
-v ~/.ssh/known_hosts:/root/.ssh/known_hosts:ro \ -v "$SSH_DIR/deploy_key":/root/.ssh/deploy_key:ro \
-v "$SSH_DIR/known_hosts":/root/.ssh/known_hosts:ro \
-e DOCKER_REGISTRY \ -e DOCKER_REGISTRY \
-e DOCKER_REGISTRY_TOKEN \ -e DOCKER_REGISTRY_TOKEN \
-e ORIGIN_CERT \ -e ORIGIN_CERT \
-e ORIGIN_KEY \ -e ORIGIN_KEY \
"$SFP_IMAGE" \ "$SFP_IMAGE" \
bash -c "$INIT_CMD" bash -c "chmod 600 /root/.ssh/deploy_key && $INIT_CMD"
rm -rf "$SSH_DIR"
- name: Output init results - name: Output init results
if: always() if: always()
.github/workflows/update.yml
+13 -3
View File
@@ -102,13 +102,23 @@ jobs:
fi fi
# Run sfp CLI from inside the Docker image # Run sfp CLI from inside the Docker image
# Copy SSH key into a temp dir with correct permissions
SSH_DIR=$(mktemp -d)
cp ~/.ssh/deploy_key "$SSH_DIR/deploy_key"
cp ~/.ssh/known_hosts "$SSH_DIR/known_hosts"
chmod 600 "$SSH_DIR/deploy_key"
chmod 644 "$SSH_DIR/known_hosts"
docker run --rm \ docker run --rm \
-v ~/.ssh/deploy_key:/root/.ssh/deploy_key:ro \ --user root \
-v ~/.ssh/known_hosts:/root/.ssh/known_hosts:ro \ -v "$SSH_DIR/deploy_key":/root/.ssh/deploy_key:ro \
-v "$SSH_DIR/known_hosts":/root/.ssh/known_hosts:ro \
-e DOCKER_REGISTRY \ -e DOCKER_REGISTRY \
-e DOCKER_REGISTRY_TOKEN \ -e DOCKER_REGISTRY_TOKEN \
"$SFP_IMAGE" \ "$SFP_IMAGE" \
bash -c "$UPDATE_CMD" bash -c "chmod 600 /root/.ssh/deploy_key && $UPDATE_CMD"
rm -rf "$SSH_DIR"
- name: Output update results - name: Output update results
if: always() if: always()