fix: support ssh auth for git-based skills#1529
Open
jsonmp-k8 wants to merge 1 commit intokagent-dev:mainfrom
Open
fix: support ssh auth for git-based skills#1529jsonmp-k8 wants to merge 1 commit intokagent-dev:mainfrom
jsonmp-k8 wants to merge 1 commit intokagent-dev:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds SSH-based authentication support for git-backed skills by ensuring ssh-keyscan is available in the skills init image and by populating known_hosts based on SSH git URLs found in an Agent’s gitRefs.
Changes:
- Install
openssh-clientin theskills-initimage to providessh-keyscan. - Parse git SSH URLs (including scp-style and
ssh://with custom ports) to derive hosts and generateknown_hostsentries during init. - Add/extend unit + translator/golden tests to cover SSH host extraction and script generation.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| go/core/internal/controller/translator/agent/adk_api_translator.go | Adds SSH host extraction and threads derived hosts into skills-init template data. |
| go/core/internal/controller/translator/agent/skills-init.sh.tmpl | Updates init script to create .ssh with correct perms and ssh-keyscan derived hosts/ports. |
| docker/skills-init/Dockerfile | Installs openssh-client so ssh-keyscan exists at runtime. |
| go/core/internal/controller/translator/agent/skills_unit_test.go | Adds unit coverage for SSH host parsing and SSH host list derivation/sorting. |
| go/core/internal/controller/translator/agent/git_skills_test.go | Extends translator tests to validate SSH script content + secret wiring. |
| go/core/internal/controller/translator/agent/testdata/outputs/agent_with_git_skills.json | Updates golden output to reflect new SSH setup behavior in the rendered script. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
go/core/internal/controller/translator/agent/adk_api_translator.go
Outdated
Show resolved
Hide resolved
jsonmp-k8
force-pushed
the
fix/1523-git-skills-ssh-auth
branch
from
46d634a to
7ab3dc0
Compare
- add openssh-client to the skills-init image - extract gitSSHHost to derive SSH hosts from skill gitRefs URLs (ssh://, git+ssh://, and scp-style), with strict hostname/port validation to prevent command injection - normalize default port 22 to avoid redundant ssh-keyscan -p flag - gate SSH host collection behind authSecretRef != nil - add ssh-keyscan failure warning to stderr in init script - add unit, translator, and golden test coverage Fixes kagent-dev#1523 Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
jsonmp-k8
force-pushed
the
fix/1523-git-skills-ssh-auth
branch
from
0b4ac10 to
230cdc4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
openssh-clientto theskills-initimage so SSH host key discovery is availablegitRefsand populateknown_hosts, including customssh://portsTesting
go test ./core/internal/controller/translator/agentCGO_ENABLED=0 make lintFixes #1523