Support using SSH to fetch repositories on Gitea

Signed-off-by: magic_rb <richard@brezak.sk>

Author: MagicRB

buildbot_nix/buildbot_nix/__init__.py

@@ -1060,6 +1060,8 @@ def nix_eval_config(
             submodules=True,
             haltOnFailure=True,
             logEnviron=False,
+            sshPrivateKey=project.private_key_path.read_text() if project.private_key_path else None,
+            sshKnownHosts=project.known_hosts_path.read_text() if project.known_hosts_path else None,
         ),
     )
     drv_gcroots_dir = util.Interpolate(
@@ -1417,6 +1419,8 @@ def buildbot_effects_config(
             method="clean",
             submodules=True,
             haltOnFailure=True,
+            sshPrivateKey=project.private_key_path.read_text() if project.private_key_path else None,
+            sshKnownHosts=project.known_hosts_path.read_text() if project.known_hosts_path else None,
         ),
     )
     secrets_list = []

buildbot_nix/buildbot_nix/gitea_projects.py

@@ -61,7 +61,10 @@ def __init__(
 
     def get_project_url(self) -> str:
         url = urlparse(self.config.instance_url)
-        return f"{url.scheme}://git:%(secret:{self.config.token_file})s@{url.hostname}/{self.name}"
+        if self.config.ssh_private_key_file:
+            return self.data.ssh_url
+        else:
+            return f"{url.scheme}://git:%(secret:{self.config.token_file})s@{url.hostname}/{self.name}"
 
     def create_change_source(self) -> ChangeSource | None:
         return None
@@ -113,6 +116,15 @@ def belongs_to_org(self) -> bool:
         # TODO Gitea doesn't include this information
         return False  # self.data["owner"]["type"] == "Organization"
 
+    @property
+    def private_key_path(self) -> Path | None:
+        return self.config.ssh_private_key_file
+
+    @property
+    def known_hosts_path(self) -> Path | None:
+        return self.config.ssh_known_hosts_file
+
+
 
 class GiteaBackend(GitBackend):
     config: GiteaConfig

buildbot_nix/buildbot_nix/github_projects.py

@@ -770,6 +770,14 @@ def topics(self) -> list[str]:
     def belongs_to_org(self) -> bool:
         return self.data.owner.ttype == "Organization"
 
+    @property
+    def private_key_path(self) -> Path | None:
+        return None
+
+    @property
+    def known_hosts_path(self) -> Path | None:
+        return None
+
 
 def refresh_projects(
     github_token: str,

buildbot_nix/buildbot_nix/models.py

@@ -67,6 +67,9 @@ class GiteaConfig(BaseModel):
     oauth_id: str | None
     oauth_secret_file: Path | None
 
+    ssh_private_key_file: Path | None
+    ssh_known_hosts_file: Path | None
+
     @property
     def token(self) -> str:
         return read_secret_file(self.token_file)

buildbot_nix/buildbot_nix/projects.py

@@ -1,5 +1,6 @@
 from abc import ABC, abstractmethod
 from typing import Any
+from pathlib import Path
 
 from buildbot.changes.base import ChangeSource
 from buildbot.config.builder import BuilderConfig
@@ -125,3 +126,13 @@ def topics(self) -> list[str]:
     @abstractmethod
     def belongs_to_org(self) -> bool:
         pass
+
+    @property
+    @abstractmethod
+    def private_key_path(self) -> Path | None:
+        pass
+
+    @property
+    @abstractmethod
+    def known_hosts_path(self) -> Path | None:
+        pass

buildbot_nix/buildbot_nix/pull_based/project.py

@@ -1,5 +1,6 @@
 from typing import Any
 from urllib.parse import ParseResult, urlparse
+from pathlib import Path
 
 from buildbot.changes.base import ChangeSource
 from buildbot.changes.gitpoller import GitPoller
@@ -99,3 +100,11 @@ def topics(self) -> list[str]:
     @property
     def belongs_to_org(self) -> bool:
         return False
+
+    @property
+    def private_key_path(self) -> Path | None:
+        return None
+
+    @property
+    def known_hosts_path(self) -> Path | None:
+        return None

nix/master.nix

@@ -313,6 +313,23 @@ in
             If null, all projects that the buildbot Gitea user has access to, are built.
           '';
         };
+
+        sshPrivateKeyFile = lib.mkOption {
+          type = lib.types.nullOr lib.types.path;
+          default = null;
+          description = ''
+            If non-null the specified SSH key will be used to fetch all configured repositories.
+          '';
+        };
+
+        sshKnownHostsFile = lib.mkOption {
+          type = lib.types.nullOr lib.types.path;
+          default = null;
+          description = ''
+            If non-null the specified known hosts file will be matched against when connecting to
+            repositories over SSH.
+          '';
+        };
       };
       github = {
         enable = lib.mkEnableOption "Enable GitHub integration" // {
@@ -702,6 +719,8 @@ in
                       instance_url = cfg.gitea.instanceUrl;
                       oauth_id = cfg.gitea.oauthId;
                       topic = cfg.gitea.topic;
+                      ssh_private_key_file = cfg.gitea.sshPrivateKeyFile;
+                      ssh_known_hosts_file = cfg.gitea.sshKnownHostsFile;
                     };
                 github =
                   if !cfg.github.enable then