@misterhuydo/sentinel 1.2.9 → 1.3.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.2.9",
+  "version": "1.3.1",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/scripts/gen_deploy_keys.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+# gen_deploy_keys.sh — Generate one ed25519 deploy key per GitHub repo.
+#
+# Usage:
+#   ./gen_deploy_keys.sh org/repo1 org/repo2 ...
+#
+# What it does:
+#   1. Generates ~/.ssh/<repo>.key and ~/.ssh/<repo>.key.pub for each repo
+#   2. Adds a Host block to ~/.ssh/config so git uses the right key per repo
+#   3. Adds github.com to known_hosts (if not already there)
+#   4. Prints each public key for pasting into GitHub → Settings → Deploy keys
+#
+# After running:
+#   - Add each printed public key to its repo on GitHub (allow write access)
+#   - Use the SSH alias in git URLs:  git@github-<repo>:org/repo.git
+#   - Test with:  ssh -T github-<repo>
+
+set -euo pipefail
+
+if [[ $# -eq 0 ]]; then
+  echo "Usage: $0 org/repo1 org/repo2 ..."
+  echo "  e.g. $0 Opplysningen1881/sentinel-1881 Opplysningen1881/1881-SSOLoginWebApp"
+  exit 1
+fi
+
+SSH_DIR="$HOME/.ssh"
+mkdir -p "$SSH_DIR"
+chmod 700 "$SSH_DIR"
+
+# Add GitHub host key once
+if ! grep -q "github.com" "$SSH_DIR/known_hosts" 2>/dev/null; then
+  echo "Adding GitHub to known_hosts..."
+  ssh-keyscan github.com >> "$SSH_DIR/known_hosts" 2>/dev/null
+fi
+
+touch "$SSH_DIR/config"
+chmod 600 "$SSH_DIR/config"
+
+for repo_path in "$@"; do
+  repo="${repo_path##*/}"   # strip org/ prefix → just the repo name
+  keyfile="$SSH_DIR/${repo}.key"
+
+  echo ""
+  echo "══════════════════════════════════════════════"
+  echo "  Repo:    $repo_path"
+  echo "  Keyfile: $keyfile"
+  echo "══════════════════════════════════════════════"
+
+  # Generate (skip if key already exists)
+  if [[ -f "$keyfile" ]]; then
+    echo "  Key already exists — skipping generation (delete $keyfile to regenerate)"
+  else
+    ssh-keygen -t ed25519 -C "sentinel@${repo}" -f "$keyfile" -N "" -q
+    echo "  Key generated."
+  fi
+
+  # Add SSH config block (skip if Host already configured)
+  if ! grep -q "Host github-${repo}" "$SSH_DIR/config" 2>/dev/null; then
+    cat >> "$SSH_DIR/config" << EOF
+
+Host github-${repo}
+    HostName github.com
+    User git
+    IdentityFile ${keyfile}
+    IdentitiesOnly yes
+EOF
+    echo "  SSH config block added."
+  else
+    echo "  SSH config block already exists — skipping."
+  fi
+
+  echo ""
+  echo "  ┌─ Add this deploy key to GitHub ─────────────────────────────────────┐"
+  echo "  │  $repo_path → Settings → Deploy keys → Add deploy key"
+  echo "  │  Title: sentinel@$(hostname)"
+  echo "  │  Allow write access: ✓"
+  echo "  └──────────────────────────────────────────────────────────────────────┘"
+  echo ""
+  cat "$keyfile.pub"
+done
+
+echo ""
+echo "══════════════════════════════════════════════"
+echo "Done. After adding keys on GitHub, test each:"
+for repo_path in "$@"; do
+  repo="${repo_path##*/}"
+  echo "  ssh -T github-${repo}"
+done
+echo ""
+echo "Use SSH aliases in sentinel add:"
+for repo_path in "$@"; do
+  repo="${repo_path##*/}"
+  echo "  sentinel add git@github-${repo}:${repo_path}.git"
+done

package/python/scripts/setup_deploy_keys.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Usage: ./setup_deploy_keys.sh repo1 repo2 ...
+# Generates one deploy key per repo, prints each public key for GitHub.
+
+set -e
+
+if [[ $# -eq 0 ]]; then
+  echo "Usage: $0 repo1 repo2 ..."
+  exit 1
+fi
+
+SSH_DIR="$HOME/.ssh"
+
+# Wipe known state
+echo "Cleaning ~/.ssh ..."
+rm -f "$SSH_DIR"/known_hosts "$SSH_DIR"/known_hosts.old
+for f in "$SSH_DIR"/*.pub "$SSH_DIR"/config; do
+  [[ -f "$f" ]] && rm -f "$f" "${f%.pub}"
+done
+rm -f "$SSH_DIR"/config
+
+# Re-fetch GitHub host key once
+ssh-keyscan github.com >> "$SSH_DIR/known_hosts" 2>/dev/null
+echo "GitHub host key added."
+echo ""
+
+# Fresh SSH config
+CONFIG="$SSH_DIR/config"
+
+for repo in "$@"; do
+  keyfile="$SSH_DIR/$repo"
+
+  echo "──────────────────────────────────────────"
+  echo "Repo: $repo"
+
+  # Generate key
+  ssh-keygen -t ed25519 -C "sentinel@$repo" -f "$keyfile" -N "" -q
+
+  # Append SSH config block
+  cat >> "$CONFIG" << EOF
+
+Host github-$repo
+    HostName github.com
+    User git
+    IdentityFile $keyfile
+    IdentitiesOnly yes
+EOF
+
+  echo ""
+  echo "Deploy key for: github.com/Opplysningen1881/$repo"
+  echo "→ GitHub: Settings → Deploy keys → Add deploy key (allow write access)"
+  echo ""
+  cat "$keyfile.pub"
+  echo ""
+done
+
+chmod 600 "$CONFIG"
+
+echo "──────────────────────────────────────────"
+echo "Done. After adding keys on GitHub, test with:"
+for repo in "$@"; do
+  echo "  ssh -T github-$repo"
+done

package/python/sentinel/config_loader.py

@@ -106,6 +106,7 @@ class RepoConfig:
     cicd_job_url: str = ""
     health_url: str = ""     # optional: HTTP endpoint returning {"Status": "true"}
     cicd_token: str = ""
+    ssh_key_file: str = ""   # path to SSH private key; sets GIT_SSH_COMMAND when present
 
 
 # ── Loader ────────────────────────────────────────────────────────────────────
@@ -224,6 +225,7 @@ class ConfigLoader:
             r.cicd_job_url = d.get("CICD_JOB_URL", "")
             r.cicd_token = d.get("CICD_TOKEN", "")
             r.health_url = d.get("HEALTH_URL", "")
+            r.ssh_key_file = os.path.expanduser(d.get("SSH_KEY_FILE", ""))
             self.repos[r.repo_name] = r
 
     def _register_sighup(self):

package/python/sentinel/git_manager.py

@@ -37,8 +37,10 @@ def _git(args: list[str], cwd: str, env: dict | None = None, timeout: int = GIT_
 
 
 def _git_env(repo: RepoConfig) -> dict:
-    # GIT_SSH_COMMAND can be set externally for SSH-based repos
-    return os.environ.copy()
+    env = os.environ.copy()
+    if repo.ssh_key_file:
+        env["GIT_SSH_COMMAND"] = f"ssh -i {repo.ssh_key_file} -o StrictHostKeyChecking=no -o BatchMode=yes"
+    return env
 
 
 def _check_protected_paths(patch_path: Path) -> bool: