[FE]: Support for private key connection

[damsien]

Roadmap 2025/10 Support for ssh connection
As a the DevOps of my team, I want to be able to connect to my git platform using a private ssh key instead of a token.

What to do

1. Add a sshPrivateKey field in the gitUser struct

syngit/internal/interceptor/webhook_request_checker.go

Lines 26 to 30 in 4b54d53

	type gitUser struct {
	gitUser string
	gitEmail string
	gitToken string
	}

2. Allow kubernetes.io/ssh-auth secret type

When getting the user's secret, check for the Secret type (secret.Type). If it is kubernetes.io/basic-auth, then keep the existing lines (get username & password). If it is kubernetes.io/ssh-auth, then get the ssh-privatekey key from the Secret like describe in the Kubernetes documentation.

syngit/internal/interceptor/webhook_request_checker.go

Lines 414 to 422 in 4b54d53

	secret := &corev1.Secret{}
	err := wrc.k8sClient.Get(ctx, *secretNamespacedName, secret)
	if err == nil {
	userGitName = string(secret.Data["username"])
	userGitToken = string(secret.Data["password"])
	secretCount++
	userGitEmail = remoteUser.Spec.Email
	}

3. Add the ssh private key to the existing gitUser

syngit/internal/interceptor/webhook_request_checker.go

Lines 424 to 428 in 4b54d53

	gitUser := &gitUser{
	gitUser: userGitName,
	gitEmail: userGitEmail,
	gitToken: userGitToken,
	}

4. Add a sshPrivateKey field in the GitPusher struct

syngit/internal/interceptor/git_pusher.go

Lines 24 to 35 in 4b54d53

	type GitPusher struct {
	remoteSyncer syngit.RemoteSyncer
	remoteTarget syngit.RemoteTarget
	interceptedYAML string
	interceptedGVR schema.GroupVersionResource
	interceptedName string
	gitUser string
	gitEmail string
	gitToken string
	operation admissionv1.Operation
	caBundle []byte
	}

5. Global BasicAuth

Create a http.BasicAuth object that will be used to clone & push. Create a function that build the BasicAuth depending on the the type (basic auth or ssh). Replace the existing ones with the global one.

syngit/internal/interceptor/git_pusher.go

Lines 269 to 272 in 4b54d53

	Auth: &http.BasicAuth{
	Username: gp.gitUser,
	Password: gp.gitToken,
	},

Each http.BasicAuth object must also be changed in the repo retriever file.

Remove the Name field from the commit signature (because it can not to exist if the type is ssh).

syngit/internal/interceptor/git_pusher.go

Lines 241 to 245 in 4b54d53

	Author: &object.Signature{
	Name: gp.gitUser,
	Email: gp.gitEmail,
	When: time.Now(),
	},

Additional context

If you have any questions, please tag @damsien.