pipe-cd · pipecd-bot · Nov 29, 2021 · Nov 29, 2021 · Nov 29, 2021 · Nov 29, 2021
@@ -64,6 +64,8 @@ spec:
 | username | string | Username used for the repository backed by HTTP basic authentication. | No |
 | password | string | Password used for the repository backed by HTTP basic authentication. | No |
 | insecure | bool | Whether to skip TLS certificate checks for the repository or not. | No |
+| gitRemote | string | Remote address of the Git repository used to clone Helm charts. | No |
+| sshKeyFile | string | The path to the private ssh key file used while cloning Helm charts from above Git repository. | No |
 
 ## CloudProvider
 

@@ -156,17 +156,15 @@ func (p *piped) run(ctx context.Context, input cli.Input) (runErr error) {
 	}
 
 	// Add configured Helm chart repositories.
-	if len(cfg.ChartRepositories) > 0 {
+	if repos := cfg.HTTPHelmChartRepositories(); len(repos) > 0 {
 		reg := toolregistry.DefaultRegistry()
-		if err := chartrepo.Add(ctx, cfg.ChartRepositories, reg, input.Logger); err != nil {
+		if err := chartrepo.Add(ctx, repos, reg, input.Logger); err != nil {
 			input.Logger.Error("failed to add configured chart repositories", zap.Error(err))
 			return err
 		}
-		if len(cfg.ChartRepositories) > 0 {
-			if err := chartrepo.Update(ctx, reg, input.Logger); err != nil {
-				input.Logger.Error("failed to update Helm chart repositories", zap.Error(err))
-				return err
-			}
+		if err := chartrepo.Update(ctx, reg, input.Logger); err != nil {
+			input.Logger.Error("failed to update Helm chart repositories", zap.Error(err))
+			return err
 		}
 	}
 
@@ -229,11 +227,19 @@ func (p *piped) run(ctx context.Context, input cli.Input) (runErr error) {
 	}
 
 	// Initialize git client.
-	gitClient, err := git.NewClient(
+	gitOptions := []git.Option{
 		git.WithUserName(cfg.Git.Username),
 		git.WithEmail(cfg.Git.Email),
 		git.WithLogger(input.Logger),
-	)
+	}
+	for _, repo := range cfg.GitHelmChartRepositories() {
+		if f := repo.SSHKeyFile; f != "" {
+			// Configure git client to use the specified SSH key while fetching private Helm charts.
+			env := fmt.Sprintf("GIT_SSH_COMMAND=ssh -i %s -o StrictHostKeyChecking=no -F /dev/null", f)
+			gitOptions = append(gitOptions, git.WithGitEnvForRepo(repo.GitRemote, env))
+		}
+	}
+	gitClient, err := git.NewClient(gitOptions...)
 	if err != nil {
 		input.Logger.Error("failed to initialize git client", zap.Error(err))
 		return err

@@ -90,6 +90,11 @@ func (s *PipedSpec) Validate() error {
 	if s.SyncInterval < 0 {
 		return errors.New("syncInterval must be greater than or equal to 0")
 	}
+	for _, r := range s.ChartRepositories {
+		if err := r.Validate(); err != nil {
+			return err
+		}
+	}
 	if s.SecretManagement != nil {
 		if err := s.SecretManagement.Validate(); err != nil {
 			return err
@@ -256,6 +261,59 @@ type HelmChartRepository struct {
 	Password string `json:"password"`
 	// Whether to skip TLS certificate checks for the repository or not.
 	Insecure bool `json:"insecure"`
+
+	// Remote address of the Git repository used to clone Helm charts.
+	// e.g. [email protected]:org/repo.git
+	GitRemote string `json:"gitRemote"`
+	// The path to the private ssh key file used while cloning Helm charts from above Git repository.
+	SSHKeyFile string `json:"sshKeyFile"`
+}
+
+func (r *HelmChartRepository) IsHTTPRepository() bool {
+	return r.Name != "" && r.Address != ""
+}
+
+func (r *HelmChartRepository) IsGitRepository() bool {
+	return r.GitRemote != ""
+}
+
+func (r *HelmChartRepository) Validate() error {
+	if r.IsHTTPRepository() {
+		if r.Name == "" {
+			return errors.New("name must be set")
+		}
+		if r.Address == "" {
+			return errors.New("address must be set")
+		}
+	}
+
+	if r.IsGitRepository() {
+		if r.GitRemote == "" {
+			return errors.New("gitRemote must be set")
+		}
+	}
+
+	return errors.New("either HTTP repository or Git repository must be configured")
+}
+
+func (s *PipedSpec) HTTPHelmChartRepositories() []HelmChartRepository {
+	repos := make([]HelmChartRepository, 0, len(s.ChartRepositories))
+	for _, r := range s.ChartRepositories {
+		if r.IsHTTPRepository() {
+			repos = append(repos, r)
+		}
+	}
+	return repos
+}
+
+func (s *PipedSpec) GitHelmChartRepositories() []HelmChartRepository {
+	repos := make([]HelmChartRepository, 0, len(s.ChartRepositories))
+	for _, r := range s.ChartRepositories {
+		if r.IsGitRepository() {
+			repos = append(repos, r)
+		}
+	}
+	return repos
 }
 
 type PipedCloudProvider struct {