diff --git a/app/Jobs/ApplicationDeploymentJob.php b/app/Jobs/ApplicationDeploymentJob.php index 811d0c9bd..1b8ef3fc4 100644 --- a/app/Jobs/ApplicationDeploymentJob.php +++ b/app/Jobs/ApplicationDeploymentJob.php @@ -2260,7 +2260,7 @@ private function gitLsRemoteCommand(string $lsRemoteRef, ?string $identityFile = $sshCommand = "ssh -o ConnectTimeout=30 -p {$this->customPort} -o Port={$this->customPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; if ($identityFile !== null) { - $sshCommand .= " -i {$identityFile}"; + $sshCommand .= " -i {$identityFile} -o IdentitiesOnly=yes"; } return 'GIT_SSH_COMMAND="'.$sshCommand.'" git ls-remote '.escapeshellarg($this->fullRepoUrl).' '.escapeshellarg($lsRemoteRef); @@ -2300,18 +2300,19 @@ private function check_git_if_build_needed() $private_key = data_get($this->application, 'private_key.private_key'); if ($private_key) { $private_key = base64_encode($private_key); + $customSshKeyLocation = "/root/.ssh/id_rsa_coolify_{$this->deployment_uuid}"; $this->execute_remote_command( [ executeInDocker($this->deployment_uuid, 'mkdir -p /root/.ssh'), ], [ - executeInDocker($this->deployment_uuid, "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null"), + executeInDocker($this->deployment_uuid, "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null"), ], [ - executeInDocker($this->deployment_uuid, 'chmod 600 /root/.ssh/id_rsa'), + executeInDocker($this->deployment_uuid, "chmod 600 {$customSshKeyLocation}"), ], [ - executeInDocker($this->deployment_uuid, $this->gitLsRemoteCommand($lsRemoteRef, '/root/.ssh/id_rsa')), + executeInDocker($this->deployment_uuid, $this->gitLsRemoteCommand($lsRemoteRef, $customSshKeyLocation)), 'hidden' => true, 'save' => 'git_commit_sha', ] diff --git a/app/Models/Application.php b/app/Models/Application.php index 3ad167887..b2f852f15 100644 --- a/app/Models/Application.php +++ b/app/Models/Application.php @@ -1358,6 +1358,7 @@ public function generateGitLsRemoteCommands(string $deployment_uuid, bool $exec_ $branch = $this->git_branch; ['repository' => $customRepository, 'port' => $customPort] = $this->customRepository(); $commands = collect([]); + $customSshKeyLocation = "/root/.ssh/id_rsa_coolify_{$deployment_uuid}"; $base_command = 'git ls-remote'; if ($this->deploymentType() === 'source') { @@ -1411,19 +1412,20 @@ public function generateGitLsRemoteCommands(string $deployment_uuid, bool $exec_ $private_key = base64_encode($private_key); $gitlabPort = $gitlabSource->custom_port ?? 22; $escapedCustomRepository = str_replace("'", "'\\''", $customRepository); - $base_command = "GIT_SSH_COMMAND=\"ssh -o ConnectTimeout=30 -p {$gitlabPort} -o Port={$gitlabPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa\" {$base_command} '{$escapedCustomRepository}'"; + $base_command = "GIT_SSH_COMMAND=\"ssh -o ConnectTimeout=30 -p {$gitlabPort} -o Port={$gitlabPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {$customSshKeyLocation} -o IdentitiesOnly=yes\" {$base_command} '{$escapedCustomRepository}'"; if ($exec_in_docker) { $commands = collect([ executeInDocker($deployment_uuid, 'mkdir -p /root/.ssh'), - executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null"), - executeInDocker($deployment_uuid, 'chmod 600 /root/.ssh/id_rsa'), + executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null"), + executeInDocker($deployment_uuid, "chmod 600 {$customSshKeyLocation}"), ]); } else { $commands = collect([ + "trap 'rm -f {$customSshKeyLocation}' EXIT", 'mkdir -p /root/.ssh', - "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null", - 'chmod 600 /root/.ssh/id_rsa', + "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null", + "chmod 600 {$customSshKeyLocation}", ]); } @@ -1469,19 +1471,20 @@ public function generateGitLsRemoteCommands(string $deployment_uuid, bool $exec_ // When used with executeInDocker (which uses bash -c '...'), we need to escape for bash context // Replace ' with '\'' to safely escape within single-quoted bash strings $escapedCustomRepository = str_replace("'", "'\\''", $customRepository); - $base_command = "GIT_SSH_COMMAND=\"ssh -o ConnectTimeout=30 -p {$customPort} -o Port={$customPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa\" {$base_command} '{$escapedCustomRepository}'"; + $base_command = "GIT_SSH_COMMAND=\"ssh -o ConnectTimeout=30 -p {$customPort} -o Port={$customPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {$customSshKeyLocation} -o IdentitiesOnly=yes\" {$base_command} '{$escapedCustomRepository}'"; if ($exec_in_docker) { $commands = collect([ executeInDocker($deployment_uuid, 'mkdir -p /root/.ssh'), - executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null"), - executeInDocker($deployment_uuid, 'chmod 600 /root/.ssh/id_rsa'), + executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null"), + executeInDocker($deployment_uuid, "chmod 600 {$customSshKeyLocation}"), ]); } else { $commands = collect([ + "trap 'rm -f {$customSshKeyLocation}' EXIT", 'mkdir -p /root/.ssh', - "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null", - 'chmod 600 /root/.ssh/id_rsa', + "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null", + "chmod 600 {$customSshKeyLocation}", ]); } @@ -1544,6 +1547,7 @@ public function generateGitImportCommands(string $deployment_uuid, int $pull_req $branch = $this->git_branch; ['repository' => $customRepository, 'port' => $customPort] = $this->customRepository(); $baseDir = $custom_base_dir ?? $this->generateBaseDir($deployment_uuid); + $customSshKeyLocation = "/root/.ssh/id_rsa_coolify_{$deployment_uuid}"; // Escape shell arguments for safety to prevent command injection $escapedBranch = escapeshellarg($branch); @@ -1650,7 +1654,7 @@ public function generateGitImportCommands(string $deployment_uuid, int $pull_req $private_key = base64_encode($private_key); $gitlabPort = $gitlabSource->custom_port ?? 22; $escapedCustomRepository = escapeshellarg($customRepository); - $gitlabSshCommand = "ssh -o ConnectTimeout=30 -p {$gitlabPort} -o Port={$gitlabPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa"; + $gitlabSshCommand = "ssh -o ConnectTimeout=30 -p {$gitlabPort} -o Port={$gitlabPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {$customSshKeyLocation} -o IdentitiesOnly=yes"; $gitlabGitSshCommand = "GIT_SSH_COMMAND=\"{$gitlabSshCommand}\""; $git_clone_command_base = "{$gitlabGitSshCommand} {$git_clone_command} {$escapedCustomRepository} {$escapedBaseDir}"; if ($only_checkout) { @@ -1661,14 +1665,15 @@ public function generateGitImportCommands(string $deployment_uuid, int $pull_req if ($exec_in_docker) { $commands = collect([ executeInDocker($deployment_uuid, 'mkdir -p /root/.ssh'), - executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null"), - executeInDocker($deployment_uuid, 'chmod 600 /root/.ssh/id_rsa'), + executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null"), + executeInDocker($deployment_uuid, "chmod 600 {$customSshKeyLocation}"), ]); } else { $commands = collect([ + "trap 'rm -f {$customSshKeyLocation}' EXIT", 'mkdir -p /root/.ssh', - "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null", - 'chmod 600 /root/.ssh/id_rsa', + "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null", + "chmod 600 {$customSshKeyLocation}", ]); } @@ -1726,7 +1731,7 @@ public function generateGitImportCommands(string $deployment_uuid, int $pull_req } $private_key = base64_encode($private_key); $escapedCustomRepository = escapeshellarg($customRepository); - $deployKeySshCommand = "ssh -o ConnectTimeout=30 -p {$customPort} -o Port={$customPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa"; + $deployKeySshCommand = "ssh -o ConnectTimeout=30 -p {$customPort} -o Port={$customPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {$customSshKeyLocation} -o IdentitiesOnly=yes"; $deployKeyGitSshCommand = "GIT_SSH_COMMAND=\"{$deployKeySshCommand}\""; $git_clone_command_base = "{$deployKeyGitSshCommand} {$git_clone_command} {$escapedCustomRepository} {$escapedBaseDir}"; if ($only_checkout) { @@ -1737,14 +1742,15 @@ public function generateGitImportCommands(string $deployment_uuid, int $pull_req if ($exec_in_docker) { $commands = collect([ executeInDocker($deployment_uuid, 'mkdir -p /root/.ssh'), - executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null"), - executeInDocker($deployment_uuid, 'chmod 600 /root/.ssh/id_rsa'), + executeInDocker($deployment_uuid, "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null"), + executeInDocker($deployment_uuid, "chmod 600 {$customSshKeyLocation}"), ]); } else { $commands = collect([ + "trap 'rm -f {$customSshKeyLocation}' EXIT", 'mkdir -p /root/.ssh', - "echo '{$private_key}' | base64 -d | tee /root/.ssh/id_rsa > /dev/null", - 'chmod 600 /root/.ssh/id_rsa', + "echo '{$private_key}' | base64 -d | tee {$customSshKeyLocation} > /dev/null", + "chmod 600 {$customSshKeyLocation}", ]); } if ($pull_request_id !== 0) { @@ -1755,7 +1761,7 @@ public function generateGitImportCommands(string $deployment_uuid, int $pull_req } else { $commands->push("echo 'Checking out $branch'"); } - $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$deployKeySshCommand}\" git fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $deployKeySshCommand); + $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && {$deployKeyGitSshCommand} git fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $deployKeySshCommand); } elseif ($git_type === 'github' || $git_type === 'gitea') { $branch = "pull/{$pull_request_id}/head:$pr_branch_name"; if ($exec_in_docker) { @@ -1763,14 +1769,14 @@ public function generateGitImportCommands(string $deployment_uuid, int $pull_req } else { $commands->push("echo 'Checking out $branch'"); } - $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$deployKeySshCommand}\" git fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $deployKeySshCommand); + $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && {$deployKeyGitSshCommand} git fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $deployKeySshCommand); } elseif ($git_type === 'bitbucket') { if ($exec_in_docker) { $commands->push(executeInDocker($deployment_uuid, "echo 'Checking out $branch'")); } else { $commands->push("echo 'Checking out $branch'"); } - $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$deployKeySshCommand}\" ".$this->buildGitCheckoutCommand($commit, $deployKeySshCommand); + $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && {$deployKeyGitSshCommand} ".$this->buildGitCheckoutCommand($commit, $deployKeySshCommand); } } diff --git a/tests/Unit/DeployKeyDedicatedPathTest.php b/tests/Unit/DeployKeyDedicatedPathTest.php new file mode 100644 index 000000000..a3373f42a --- /dev/null +++ b/tests/Unit/DeployKeyDedicatedPathTest.php @@ -0,0 +1,189 @@ +) instead of the shared + * /root/.ssh/id_rsa, so it can neither overwrite the server root's own key nor race with other + * concurrent operations on the same host. `-o IdentitiesOnly=yes` makes ssh offer only that key. + * On the host path an EXIT trap removes the key when the shell finishes; the docker path runs in an + * ephemeral container, so it needs no cleanup. + */ +$keyPath = '/root/.ssh/id_rsa_coolify_test-deployment-uuid'; + +it('writes a deploy key to a per-deployment path and cleans it up for ls-remote on the host', function () use ($keyPath) { + $privateKey = Mockery::mock(PrivateKey::class)->makePartial(); + $privateKey->shouldReceive('getAttribute')->with('private_key')->andReturn('fake-private-key'); + + $application = Mockery::mock(Application::class)->makePartial(); + $application->git_branch = 'main'; + $application->shouldReceive('deploymentType')->andReturn('deploy_key'); + $application->shouldReceive('customRepository')->andReturn(['repository' => 'git@gitlab.com:user/repo.git', 'port' => 22]); + $application->shouldReceive('getAttribute')->with('private_key')->andReturn($privateKey); + + $result = $application->generateGitLsRemoteCommands('test-deployment-uuid', false); + + expect($result['commands']) + ->toContain("tee {$keyPath}") + ->toContain("-i {$keyPath} -o IdentitiesOnly=yes") + ->toContain("trap 'rm -f {$keyPath}' EXIT") // removed when the shell exits + ->not->toContain('tee /root/.ssh/id_rsa >'); // never overwrites the host root's own key +}); + +it('writes a deploy key to a per-deployment path for ls-remote inside docker without a trap', function () use ($keyPath) { + $privateKey = Mockery::mock(PrivateKey::class)->makePartial(); + $privateKey->shouldReceive('getAttribute')->with('private_key')->andReturn('fake-private-key'); + + $application = Mockery::mock(Application::class)->makePartial(); + $application->git_branch = 'main'; + $application->shouldReceive('deploymentType')->andReturn('deploy_key'); + $application->shouldReceive('customRepository')->andReturn(['repository' => 'git@gitlab.com:user/repo.git', 'port' => 22]); + $application->shouldReceive('getAttribute')->with('private_key')->andReturn($privateKey); + + $result = $application->generateGitLsRemoteCommands('test-deployment-uuid', true); + + expect($result['commands']) + ->toContain("tee {$keyPath}") + ->toContain("-i {$keyPath} -o IdentitiesOnly=yes") + ->not->toContain('trap ') // ephemeral container, no cleanup needed + ->not->toContain('tee /root/.ssh/id_rsa >'); +}); + +it('writes a GitLab source private key to a per-deployment path with cleanup on the host', function () use ($keyPath) { + $privateKey = Mockery::mock(PrivateKey::class)->makePartial(); + $privateKey->shouldReceive('getAttribute')->with('private_key')->andReturn('fake-private-key'); + + $gitlabSource = Mockery::mock(GitlabApp::class)->makePartial(); + $gitlabSource->shouldReceive('getMorphClass')->andReturn(GitlabApp::class); + $gitlabSource->shouldReceive('getAttribute')->with('html_url')->andReturn('https://gitlab.com'); + $gitlabSource->shouldReceive('getAttribute')->with('privateKey')->andReturn($privateKey); + $gitlabSource->shouldReceive('getAttribute')->with('private_key_id')->andReturn(1); + $gitlabSource->shouldReceive('getAttribute')->with('custom_port')->andReturn(22); + + $application = Mockery::mock(Application::class)->makePartial(); + $application->git_branch = 'main'; + $application->shouldReceive('deploymentType')->andReturn('source'); + $application->shouldReceive('customRepository')->andReturn(['repository' => 'git@gitlab.com:user/repo.git', 'port' => 22]); + $application->shouldReceive('getAttribute')->with('source')->andReturn($gitlabSource); + $application->source = $gitlabSource; + + $result = $application->generateGitLsRemoteCommands('test-deployment-uuid', false); + + expect($result['commands']) + ->toContain("tee {$keyPath}") + ->toContain("-i {$keyPath} -o IdentitiesOnly=yes") + ->toContain("trap 'rm -f {$keyPath}' EXIT") + ->not->toContain('tee /root/.ssh/id_rsa >'); +}); + +it('writes a deploy key to a per-deployment path and cleans it up when cloning on the host', function () use ($keyPath) { + $privateKey = Mockery::mock(PrivateKey::class)->makePartial(); + $privateKey->shouldReceive('getAttribute')->with('private_key')->andReturn('fake-private-key'); + + $settings = Mockery::mock(ApplicationSetting::class)->makePartial(); + $settings->shouldReceive('getAttribute')->with('is_git_shallow_clone_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_submodules_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_lfs_enabled')->andReturn(false); + + $application = Mockery::mock(Application::class)->makePartial(); + $application->git_branch = 'main'; + $application->shouldReceive('deploymentType')->andReturn('deploy_key'); + $application->shouldReceive('customRepository')->andReturn(['repository' => 'git@gitlab.com:user/repo.git', 'port' => 22]); + $application->shouldReceive('getAttribute')->with('private_key')->andReturn($privateKey); + $application->shouldReceive('getAttribute')->with('settings')->andReturn($settings); + $application->shouldReceive('getAttribute')->with('git_commit_sha')->andReturn('HEAD'); + + // exec_in_docker = false → the loadComposeFile / host clone path + $result = $application->generateGitImportCommands('test-deployment-uuid', 0, null, false); + + expect($result['commands']) + ->toContain("tee {$keyPath}") + ->toContain("-i {$keyPath} -o IdentitiesOnly=yes") + ->toContain("trap 'rm -f {$keyPath}' EXIT") + ->not->toContain('tee /root/.ssh/id_rsa >'); +}); + +it('writes a GitLab source private key to a per-deployment path and cleans it up when cloning on the host', function () use ($keyPath) { + $privateKey = Mockery::mock(PrivateKey::class)->makePartial(); + $privateKey->shouldReceive('getAttribute')->with('private_key')->andReturn('fake-private-key'); + + $gitlabSource = Mockery::mock(GitlabApp::class)->makePartial(); + $gitlabSource->shouldReceive('getMorphClass')->andReturn(GitlabApp::class); + $gitlabSource->shouldReceive('getAttribute')->with('html_url')->andReturn('https://gitlab.com'); + $gitlabSource->shouldReceive('getAttribute')->with('privateKey')->andReturn($privateKey); + $gitlabSource->shouldReceive('getAttribute')->with('custom_port')->andReturn(22); + + $settings = Mockery::mock(ApplicationSetting::class)->makePartial(); + $settings->shouldReceive('getAttribute')->with('is_git_shallow_clone_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_submodules_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_lfs_enabled')->andReturn(false); + + $application = Mockery::mock(Application::class)->makePartial(); + $application->git_branch = 'main'; + $application->source = $gitlabSource; + $application->shouldReceive('deploymentType')->andReturn('source'); + $application->shouldReceive('customRepository')->andReturn(['repository' => 'git@gitlab.com:user/repo.git', 'port' => 22]); + $application->shouldReceive('getAttribute')->with('source')->andReturn($gitlabSource); + $application->shouldReceive('getAttribute')->with('settings')->andReturn($settings); + $application->shouldReceive('getAttribute')->with('git_commit_sha')->andReturn('HEAD'); + + $result = $application->generateGitImportCommands('test-deployment-uuid', 0, null, false); + + expect($result['commands']) + ->toContain("tee {$keyPath}") + ->toContain("-i {$keyPath} -o IdentitiesOnly=yes") + ->toContain("trap 'rm -f {$keyPath}' EXIT") + ->not->toContain('tee /root/.ssh/id_rsa >'); +}); + +it('uses the per-deployment deploy key for pull request fetches', function () use ($keyPath) { + $privateKey = Mockery::mock(PrivateKey::class)->makePartial(); + $privateKey->shouldReceive('getAttribute')->with('private_key')->andReturn('fake-private-key'); + + $settings = Mockery::mock(ApplicationSetting::class)->makePartial(); + $settings->shouldReceive('getAttribute')->with('is_git_shallow_clone_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_submodules_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_lfs_enabled')->andReturn(false); + + $application = Mockery::mock(Application::class)->makePartial(); + $application->git_branch = 'main'; + $application->shouldReceive('deploymentType')->andReturn('deploy_key'); + $application->shouldReceive('customRepository')->andReturn(['repository' => 'git@github.com:user/repo.git', 'port' => 22]); + $application->shouldReceive('getAttribute')->with('private_key')->andReturn($privateKey); + $application->shouldReceive('getAttribute')->with('settings')->andReturn($settings); + $application->shouldReceive('getAttribute')->with('git_commit_sha')->andReturn('HEAD'); + + $result = $application->generateGitImportCommands('test-deployment-uuid', 123, 'github', false); + + expect($result['commands']) + ->toContain("GIT_SSH_COMMAND=\"ssh -o ConnectTimeout=30 -p 22 -o Port=22 -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {$keyPath} -o IdentitiesOnly=yes\" git fetch origin pull/123/head:pr-123-coolify") + ->not->toContain('GIT_SSH_COMMAND="ssh -o ConnectTimeout=30 -p 22 -o Port=22 -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa" git fetch origin pull/123/head:pr-123-coolify'); +}); + +it('does not force a missing per-deployment key for other repository pull request fetches', function () use ($keyPath) { + $settings = Mockery::mock(ApplicationSetting::class)->makePartial(); + $settings->shouldReceive('getAttribute')->with('is_git_shallow_clone_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_submodules_enabled')->andReturn(false); + $settings->shouldReceive('getAttribute')->with('is_git_lfs_enabled')->andReturn(false); + + $application = Mockery::mock(Application::class)->makePartial(); + $application->git_branch = 'main'; + $application->shouldReceive('deploymentType')->andReturn('other'); + $application->shouldReceive('customRepository')->andReturn(['repository' => 'git@github.com:user/repo.git', 'port' => 22]); + $application->shouldReceive('getAttribute')->with('settings')->andReturn($settings); + $application->shouldReceive('getAttribute')->with('git_commit_sha')->andReturn('HEAD'); + + $result = $application->generateGitImportCommands('test-deployment-uuid', 123, 'github', false); + + expect($result['commands']) + ->toContain('GIT_SSH_COMMAND="ssh -o ConnectTimeout=30 -p 22 -o Port=22 -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa" git fetch origin pull/123/head:pr-123-coolify') + ->not->toContain($keyPath); +}); diff --git a/tests/Unit/GitSubmoduleCredentialTest.php b/tests/Unit/GitSubmoduleCredentialTest.php index 5ac5c501a..d22e1ad4c 100644 --- a/tests/Unit/GitSubmoduleCredentialTest.php +++ b/tests/Unit/GitSubmoduleCredentialTest.php @@ -156,7 +156,7 @@ exec_in_docker: false, ); - $sshCommand = 'ssh -o ConnectTimeout=30 -p 22 -o Port=22 -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa'; + $sshCommand = 'ssh -o ConnectTimeout=30 -p 22 -o Port=22 -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa_coolify_test-uuid -o IdentitiesOnly=yes'; expect($result['commands']) ->toContain('GIT_SSH_COMMAND="'.$sshCommand.'" git fetch origin merge-requests/123/head:pr-123-coolify')