Skip to content

fix(gh-action): install openssh-client in Docker image #1389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
codejedi365 merged 2 commits into from
Dec 14, 2025
Merged

fix(gh-action): install openssh-client in Docker image #1389

codejedi365 merged 2 commits into from
Dec 14, 2025
+107 −0

Conversation

Copy link
Contributor

Copilot AI commented Dec 12, 2025
edited
Loading

Purpose

Fixes #1376. The GitHub Action Docker image lacks SSH client tools required for SSH key signing functionality.

Rationale

The action script (src/gh_action/action.sh:159-160) invokes ssh-agent and ssh-add for SSH key signing when ssh_public_signing_key and ssh_private_signing_key inputs are provided. These binaries are not present in python:3.14-slim-trixie base image. The switch to the slim variant removed openssh-client which was implicitly included in the standard base image.

How did you test?

Built test Docker image from python:3.14-slim-trixie with openssh-client installed. Verified ssh-agent and ssh-add binaries are available at /usr/bin/ssh-agent and /usr/bin/ssh-add. Confirmed other action script dependencies (stat, sha256sum, chmod, mkdir, chown) remain available.

Added automated test case test_version_ssh_signing.sh in tests/gh_action/suite/ that:

  • Generates an Ed25519 SSH key pair dynamically for testing
  • Passes keys via INPUT_SSH_PUBLIC_SIGNING_KEY and INPUT_SSH_PRIVATE_SIGNING_KEY environment variables
  • Validates SSH setup message appears in output
  • Confirms ssh-agent starts successfully (checks for "Agent pid" message)
  • Confirms ssh-add adds the key successfully (checks for "Identity added" message)
  • Verifies semantic-release command executes correctly

How to Verify

  1. Use the action with SSH signing enabled via ssh_public_signing_key and ssh_private_signing_key inputs
  2. Verify action completes without "command not found" errors for ssh-agent or ssh-add
  3. Confirm commits/tags are signed with SSH key
  4. Run the test suite with bash tests/gh_action/run.sh to verify the new test passes

PR Completion Checklist

  • Reviewed & followed the Contributor Guidelines

  • Changes Implemented & Validation pipeline succeeds

  • Commits follow the Conventional Commits standard
    and are separated into the proper commit type and scope (recommended order: test, build, feat/fix, docs)

  • Appropriate Unit tests added/updated

  • Appropriate End-to-End tests added/updated

  • Appropriate Documentation added/updated and syntax validated for sphinx build (see Contributor Guidelines)

Original prompt

Can you update the GitHub action docker file to include installing SSH and any other applications that are required for the action script (src/gh_action/action.sh). This should resolve #1376 which occurred because I switched to the slim base container image and did not verify the action script components fully.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Update GitHub action Dockerfile to install SSH and required applications fix(gh-action): install openssh-client in Docker image Dec 12, 2025
Copilot AI requested a review from codejedi365 December 12, 2025 08:00
@codejedi365 codejedi365 force-pushed the copilot/update-dockerfile-ssh-install branch from 5d79678 to ccc0a26 Compare December 13, 2025 07:26
@codejedi365 codejedi365 marked this pull request as ready for review December 13, 2025 07:27
@codejedi365 codejedi365 force-pushed the copilot/update-dockerfile-ssh-install branch from 524ecba to 68eed57 Compare December 13, 2025 17:55
@codejedi365
Copy link
Contributor

codejedi365 commented Dec 13, 2025

@copilot can you add a github action test to tests/gh_action that will test the passing of the "INPUT_SSH_PUBLIC_SIGNING_KEY" and "INPUT_SSH_PRIVATE_SIGNING_KEY" variables into the action.sh command. You will need to add a test setup that will generate a ssh key pair that will be available in the container environment.

Copy link
Contributor Author

Copilot AI commented Dec 13, 2025

@copilot can you add a github action test to tests/gh_action that will test the passing of the "INPUT_SSH_PUBLIC_SIGNING_KEY" and "INPUT_SSH_PRIVATE_SIGNING_KEY" variables into the action.sh comma...

Added test case in commit f94a081. The test generates an Ed25519 SSH key pair and validates that ssh-agent and ssh-add execute successfully when INPUT_SSH_PUBLIC_SIGNING_KEY and INPUT_SSH_PRIVATE_SIGNING_KEY are provided. The test verifies SSH setup messages, agent startup, key addition, and command execution.

Copilot AI and others added 2 commits December 13, 2025 19:48
@codejedi365
test(gh-action): add SSH signing test case
152112a 
Add test to verify SSH signing key configuration in the GitHub Action.
The test generates an SSH key pair and validates that ssh-agent and
ssh-add commands execute successfully when SSH signing keys are provided.

Co-authored-by: codejedi365 <17354856+codejedi365@users.noreply.github.com>
@codejedi365
fix(github-action): fix failed signing issue when ssh was missing fro…
af3a29a 
…m action environment

Install openssh-client in the slim container image

Resolves: #1376
@codejedi365 codejedi365 force-pushed the copilot/update-dockerfile-ssh-install branch 2 times, most recently from af3a29a to 152112a Compare December 14, 2025 18:06
@codejedi365 codejedi365 merged commit 18b7eda into master Dec 14, 2025
13 checks passed
@codejedi365 codejedi365 deleted the copilot/update-dockerfile-ssh-install branch December 14, 2025 18:13
@codejedi365
Copy link
Contributor

codejedi365 commented Dec 15, 2025

🎉 This PR has been published as part of v10.5.3 🎉

You can find more information about this release on the GitHub Releases page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@codejedi365 codejedi365 codejedi365 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@codejedi365 codejedi365

Copilot code review Copilot

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ssh-agent & ssh-add is missing from python-semantic-release github action

2 participants

@codejedi365