Allow configuring multiple ssh deploy keys with git

ComposerGitHubPrivateRepoSSH

#!/bin/bash
# Script to use custom ssh keys for various git repositories
# Run without arguments to get usage info.
#
# How it works:
# When used with SSH, git sends the path to the repository in the SSH command.
#   @see: https://github.com/git/git/blob/e870325/connect.c#L1268
# We extract this info and search for a key with the name.
# Based on the source, this seems to be used format since v2.0 at least.
#   @see: https://github.com/git/git/commit/a2036d7

if [[ $# -eq 0 ]]; then
	echo "Usage"
	echo "Set script as GIT_SSH_COMMAND"
	echo "Add SSH keys for git repositories under ~/.ssh/git-keys/ folder."
	echo "File name format:"
	echo "  For the repository [email protected]:github/practice.git"
	echo "  Put the private key into the file github-practice"
	echo "  (Note: slash converted to dash in path, no extension)"
	echo ""
	echo "Uses ssh by default, use GIT_SSH_COMMAND_REALSSH envvar to override."
	echo "For debugging set log output in envvar GIT_SSH_COMMAND_DEBUGLOG."
	exit 1
fi

function debuglog() {
	[ ! -z "$GIT_SSH_COMMAND_DEBUGLOG" ] && (echo `date +%FT%T` "$@") >> $GIT_SSH_COMMAND_DEBUGLOG
	return 0
}

for CMD_BUF in "$@"; do :; done

debuglog "Value of cmd.buf is: '$CMD_BUF'"

# @source: https://superuser.com/a/1142939/277157
declare -a "array=($( echo "$CMD_BUF" | sed 's/[][`~!@#$%^&*():;<>.,?/\|{}=+-]/\\&/g' ))"
for CMD_PATH in "${array[@]}"; do :; done
CMD_PATH=$(echo "$CMD_PATH" | sed 's/\\//g')
IDENTITY=
if [[ $CMD_PATH == *.git ]] ;
then
	REPOKEY=$(echo "$CMD_PATH" | sed 's/\.git//g' | sed 's/\//-/g')
	KEYFILE=$(echo ~/.ssh/git-keys/$REPOKEY)
	if [[ -f "$KEYFILE" ]]
	then
		debuglog "Key '$KEYFILE' exists"
		IDENTITY=$(echo "-i $KEYFILE")
	else
		debuglog "Key '$KEYFILE' is missing"
	fi
else
	debuglog "No repo name detected. Skipping"
fi

SSH=${GIT_SSH_COMMAND_REALSSH:-ssh}
set -- $SSH $IDENTITY "$@"
debuglog "Calling with '$@'"

"$@"

For anyone wanting to use this with GitHub actions. You can create a deploy key for each repo you want to pull in, then put the private key into the GitHub Secret of the repo that will pull it. Then you need to add the following 2 steps before you call composer install in your main.yaml file:

      - name: Set Private Repos
        run : |
          mkdir ~/.ssh ~/.ssh/git-keys
          echo '${{ secrets.YOUR_SECRET_DEPLOY_KEY }}' > ~/.ssh/git-keys/VENDOR-REPO-NAME
          find ~/.ssh/git-keys/ -type f -name "*" -exec chmod 600 {} +

      - name: Set Git SSH Wrapper
        run : |
          sudo apt-get -qq -y update && sudo apt-get -qq -y install wget
          wget -nv -O ~/custom_keys_git_ssh https://gist.githubusercontent.com/vhermecz/4e2ae9468f2ff7532bf3f8155ac95c74/raw/f01b4b0c03d0b11dbbdc3967c7a566b2c6db17df/custom_keys_git_ssh
          chmod u+x ~/custom_keys_git_ssh
          git config --global core.sshCommand ~/custom_keys_git_ssh

This assumes you are using ubuntu-latest for your CI. You can also copy paste the echo '${{ secrets.YOUR_SECRET_DEPLOY_KEY }}' > ~/.ssh/git-keys/VENDOR-REPO-NAME below itself as many times as you need for the number of private repos you are using.

If you need to get the debug output you can just set the GIT_SSH_COMMAND_DEBUGLOG environmental variable and create a step with run: cat ~/git_ssh.log at some point after you run composer install. ​If setting GIT_SSH_COMMAND_DEBUGLOG in your main.yaml you MUST use /home/runner/ instead of ~/ or it won't write the output.

env:
 ​GIT_SSH_COMMAND_DEBUGLOG: /home/runner/git_ssh.log