Use the officially supported apache mina sshd in m2k-func

.github/workflows/m2k-func.yaml

@@ -3,10 +3,10 @@ name: Build and push move2kube Knative function container image
 on:
   workflow_call:
     inputs:
-      push_pr:
+      it_mode:
         required: false
         type: boolean
-        default: true
+        default: false
   workflow_dispatch:
   push:
     branches: [ "main" ]
@@ -49,20 +49,20 @@ jobs:
           ${{ env.WORKDIR }}/src/main/docker/Dockerfile.jvm
 
     - name: Buildah push to OCI Arcive
-      if: ${{ ! inputs.push_pr }}
+      if: ${{ inputs.it_mode }}
       run: |
         buildah push serverless-workflow-m2k-kfunc:${{ github.sha }} \
           oci-archive:serverless-workflow-m2k-kfunc-${{ github.sha }}.tar:kind.local/orchestrator/serverless-workflow-m2k-kfunc:${{ github.sha }}
 
     - name: Save OCI archive
-      if: ${{ ! inputs.push_pr }}
+      if: ${{ inputs.it_mode }}
       uses: actions/upload-artifact@v4
       with:
         name: serverless-workflow-m2k-kfunc-${{ github.sha }}.tar
         path: serverless-workflow-m2k-kfunc-${{ github.sha }}.tar
 
     - name: Push To quay.io
-      if: ${{ inputs.push_pr }}
+      if: ${{ ! inputs.it_mode }}
       id: push-to-quay
       uses: redhat-actions/push-to-registry@v2
       with:
@@ -76,6 +76,7 @@ jobs:
       run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
 
     - uses: actions/github-script@v7
+      if: ${{ inputs.it_mode }}
       id: get_pr_data
       with:
         script: |

.github/workflows/move2kube-e2e.yaml

@@ -24,7 +24,7 @@ jobs:
     uses: ./.github/workflows/m2k-func.yaml
     secrets: inherit
     with:
-      push_pr: false
+      it_mode: true
 
   run-m2k-e2e:
     runs-on: ubuntu-latest
@@ -98,10 +98,6 @@ jobs:
             --type merge \
             -p '{"data":{"kubernetes.podspec-init-containers": "enabled", "kubernetes.podspec-securitycontext": "enabled"}}'
 
-          ###### workaround till https://issues.redhat.com/browse/FLPATH-892 is solved
-          # yq  --inplace '.spec.podTemplate.container |= ( . +  {"imagePullPolicy": "IfNotPresent"} )' manifests/01-sonataflow_m2k.yaml
-          ###### end workaround
-
           yq  --inplace '.spec.podTemplate.container |= ( . +  {"env": [{"name": "K_SINK", "value": "http://broker-ingress.knative-eventing.svc.cluster.local/sonataflow-infra/default"}]} )' manifests/01-sonataflow_m2k.yaml
 
           # Disable persistence for e2e tests
@@ -128,11 +124,8 @@ jobs:
 
       - name: Deploy Knative function
         run: |
-          ###### workaround till https://issues.redhat.com/browse/FLPATH-892 is solved
-          yq  --inplace '.spec.template.spec.containers[0] |= ( . +  {"imagePullPolicy": "IfNotPresent"} )' e2e/resources/knative-service.yaml
-          ###### end workaround
+          kubectl apply -f e2e/resources/move2kube-configmaps.yaml
           yq  --inplace '.spec.template.spec.containers[0] |= ( . +  {"image": "kind.local/orchestrator/serverless-workflow-m2k-kfunc:${{ github.sha }}"} )' e2e/resources/knative-service.yaml
-          # deploy the manifests created by the  ${{ steps.build-image.outputs.image }}"                                                                    
           kubectl apply -f e2e/resources/knative-service.yaml
           kubectl apply -f e2e/resources/knative-resources.yaml
           kubectl wait ksvc m2k-save-transformation-func --for=condition=Ready=true --timeout=5m

.gitleaks.toml

@@ -0,0 +1,10 @@
+[allowlist]
+  description = "Global Allowlist"
+
+  # Ignore based on any subset of the file path
+  paths = [
+
+    # Ignore some long path
+    '''move2kube\/m2k-func\/src\/test\/resources\/m2k-test-ssh-id_ed25519$''',
+  ]
+

e2e/resources/knative-service.yaml

@@ -1,12 +1,3 @@
-apiVersion: v1
-data:
-  config: |
-    Host *
-      StrictHostKeyChecking no
-kind: ConfigMap
-metadata:
-  name: m2k-ssh-config
----
 apiVersion: serving.knative.dev/v1
 kind: Service
 metadata:

e2e/resources/move2kube-configmaps.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: m2k-ssh-config
+data:
+  config: |
+    Host *
+        StrictHostKeyChecking no

move2kube/m2k-func/pom.xml

@@ -51,19 +51,8 @@
     </dependency>
     <dependency>
       <groupId>org.eclipse.jgit</groupId>
-      <artifactId>org.eclipse.jgit.ssh.jsch</artifactId>
+      <artifactId>org.eclipse.jgit.ssh.apache</artifactId>
       <version>${jgit-version}</version>
-      <exclusions>
-        <exclusion>
-          <groupId>com.jcraft</groupId>
-          <artifactId>jsch</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>com.github.mwiede</groupId>
-      <artifactId>jsch</artifactId>
-      <version>0.2.9</version>
     </dependency>
     <dependency>
       <groupId>dev.parodos</groupId>
@@ -125,6 +114,12 @@
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-rest-client-reactive-jackson</artifactId>
     </dependency>
+      <dependency>
+          <groupId>org.apache.sshd</groupId>
+          <artifactId>sshd-git</artifactId>
+          <version>2.10.0</version>
+          <scope>test</scope>
+      </dependency>
   </dependencies>
   <profiles>
     <profile>

move2kube/m2k-func/src/main/java/dev/parodos/service/GitServiceImpl.java

@@ -1,9 +1,13 @@
 package dev.parodos.service;
 
-import com.jcraft.jsch.JSch;
-import com.jcraft.jsch.JSchException;
-import com.jcraft.jsch.Session;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Collections;
+
 import jakarta.enterprise.context.ApplicationScoped;
+
 import org.eclipse.jgit.api.CloneCommand;
 import org.eclipse.jgit.api.CommitCommand;
 import org.eclipse.jgit.api.Git;
@@ -14,16 +18,11 @@
 import org.eclipse.jgit.api.errors.InvalidRemoteException;
 import org.eclipse.jgit.transport.SshTransport;
 import org.eclipse.jgit.transport.Transport;
-import org.eclipse.jgit.transport.ssh.jsch.JschConfigSessionFactory;
-import org.eclipse.jgit.transport.ssh.jsch.OpenSshConfig;
-import org.eclipse.jgit.util.FS;
+import org.eclipse.jgit.transport.sshd.SshdSessionFactoryBuilder;
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.IOException;
-import java.nio.file.Path;
-
 @ApplicationScoped
 public class GitServiceImpl implements GitService {
   private static final Logger log = LoggerFactory.getLogger(GitServiceImpl.class);
@@ -97,27 +96,18 @@ public static TransportConfigCallback getTransport(Path sshKeyPath) throws IOExc
       throw new IOException("SSH key file at '%s' does not exists".formatted(sshKeyPath.toString()));
     }
 
-    var sshSessionFactory = new JschConfigSessionFactory() {
-      @Override
-      protected void configure(OpenSshConfig.Host host, Session session) {
-        session.setConfig("StrictHostKeyChecking", "no");
-        session.setConfig("PreferredAuthentications", "publickey");
-      }
+    var sshSessionFactory = new SshdSessionFactoryBuilder()
+            .setDefaultIdentities(f -> Collections.singletonList(sshKeyPath))
+            .setPreferredAuthentications("publickey")
+            .setSshDirectory(sshKeyPath.getParent().toFile())
+            .setHomeDirectory(sshKeyPath.getParent().toFile())
+            .build(null);
 
-      @Override
-      protected JSch createDefaultJSch(FS fs) throws JSchException {
-        JSch defaultJSch = super.createDefaultJSch(fs);
-        defaultJSch.removeAllIdentity();
-        defaultJSch.addIdentity(sshKeyPath.toString());
-        return defaultJSch;
-      }
-    };
     return new TransportConfigCallback() {
       @Override
       public void configure(Transport transport) {
         SshTransport sshTransport = (SshTransport) transport;
         sshTransport.setSshSessionFactory(sshSessionFactory);
-
       }
     };
   }

move2kube/m2k-func/src/test/java/dev/parodos/service/GitServiceImplTest.java

@@ -0,0 +1,123 @@
+package dev.parodos.service;
+
+import java.io.IOException;
+import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermissions;
+import java.util.Collections;
+import java.util.Comparator;
+
+import org.apache.sshd.common.keyprovider.ClassLoadableResourceKeyPairProvider;
+import org.apache.sshd.git.GitLocationResolver;
+import org.apache.sshd.git.pack.GitPackCommandFactory;
+import org.apache.sshd.server.SshServer;
+import org.apache.sshd.server.auth.password.AcceptAllPasswordAuthenticator;
+import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
+import org.apache.sshd.sftp.server.SftpSubsystemFactory;
+import org.eclipse.jgit.api.AddCommand;
+import org.eclipse.jgit.api.Git;
+import org.eclipse.jgit.api.errors.GitAPIException;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.storage.file.FileRepositoryBuilder;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+
+class GitServiceImplTest {
+    static SshServer sshd;
+    static Path serverDir;
+    static Path cloneDir;
+    static final String testFile = "test-file";
+    static final String testFileContent = "test-content";
+    GitServiceImpl underTest = new GitServiceImpl();
+
+    @Test
+    void cloneRepo() throws IOException, GitAPIException {
+        try (Git git = underTest.cloneRepo("ssh://%s:%d%s".formatted(sshd.getHost(), sshd.getPort(), serverDir.toString()), "", cloneDir)) {
+            Path testfile = cloneDir.resolve(testFile);
+            Assertions.assertTrue(Files.exists(testfile), "cloned file doesn't exists");
+            Assertions.assertEquals(Files.readString(testfile), testFileContent);
+        }
+    }
+
+    @Test
+    void push() throws IOException, GitAPIException {
+        try (Git git = underTest.cloneRepo("ssh://%s:%d%s".formatted(sshd.getHost(), sshd.getPort(), serverDir.toString()), "", cloneDir)) {
+            Files.write(cloneDir.resolve("push-test-file"), "foo".getBytes());
+            underTest.commit(git, "push test commit", ".");
+            Assertions.assertDoesNotThrow(() -> underTest.push(git));
+        }
+    }
+
+    @BeforeAll
+    static void init() throws IOException, GitAPIException {
+        // create an ssh server
+        sshd = SshServer.setUpDefaultServer();
+        sshd.setHost("localhost");
+        sshd.setPort(30022);
+        URL hostkey = GitServiceImplTest.class.getClassLoader().getResource("m2k-test-ssh-id_ed25519.pub");
+        SimpleGeneratorHostKeyProvider keyPairProvider = new SimpleGeneratorHostKeyProvider(Paths.get(hostkey.getPath()));
+        sshd.setKeyPairProvider(keyPairProvider);
+        keyPairProvider.loadKeys(null);
+        sshd.setPasswordAuthenticator(AcceptAllPasswordAuthenticator.INSTANCE);
+
+        serverDir = Files.createTempDirectory(
+                "m2kfunc-test-git-repo-server",
+                PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rwxrwxrwx")));
+
+        sshd.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory()));
+        sshd.setCommandFactory(new GitPackCommandFactory(GitLocationResolver.constantPath(Paths.get("/"))));
+        sshd.setKeyPairProvider(new ClassLoadableResourceKeyPairProvider("test.key"));
+        sshd.setPublickeyAuthenticator((username, key, session) -> true);
+        sshd.start();
+
+        // crete git repo on the ssh server
+        Repository repo = new FileRepositoryBuilder().setWorkTree(serverDir.toFile()).build();
+        repo.create(true);
+        Files.write(serverDir.resolve(testFile).toAbsolutePath(), testFileContent.getBytes());
+        new AddCommand(repo).addFilepattern(".").call();
+        Git git = new Git(repo);
+        git.add().addFilepattern(".").call();
+        git.commit().setAuthor("me", "me@me").setMessage("first commit from test init").call();
+    }
+
+    @AfterAll
+    static void afterAll() throws IOException {
+        try (var walk = Files.walk(serverDir)) {
+            walk.sorted(Comparator.reverseOrder()).forEach(path -> {
+                try {
+                    Files.deleteIfExists(path);
+                } catch (IOException e) {
+                    throw new RuntimeException(e);
+                }
+            });
+        }
+    }
+
+    @BeforeEach
+    void setup() throws IOException {
+        cloneDir = Files.createTempDirectory(
+                "m2kfunc-test-git-repo-clone",
+                PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rwxrwxrwx")));
+    }
+
+    @AfterEach
+    void teardown() throws IOException {
+        try (var walk = Files.walk(cloneDir)) {
+            walk.sorted(Comparator.reverseOrder()).forEach(path -> {
+                try {
+                    Files.deleteIfExists(path);
+                } catch (IOException e) {
+                    throw new RuntimeException(e);
+                }
+            });
+        }
+    }
+
+}

move2kube/m2k-func/src/test/resources/application.properties

@@ -0,0 +1,2 @@
+ssh-priv-key-path=${PWD}/src/test/resources/m2k-test-ssh-id_ed25519
+quarkus.log.level=INFO

move2kube/m2k-func/src/test/resources/config

@@ -0,0 +1,2 @@
+Host *
+    StrictHostKeyChecking no

move2kube/m2k-func/src/test/resources/m2k-test-ssh-id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDyPQxDOPtUCJI386z0a2G6b3uWDSTBvB2Q3m4EHY4zZQAAAJAgrbKCIK2y
+ggAAAAtzc2gtZWQyNTUxOQAAACDyPQxDOPtUCJI386z0a2G6b3uWDSTBvB2Q3m4EHY4zZQ
+AAAECWBqGUjVKfROUwn54KARnsnOX+Y8PAAhHWJG3tYZaoyfI9DEM4+1QIkjfzrPRrYbpv
+e5YNJMG8HZDebgQdjjNlAAAADXJnb2xhbkBmZWRvcmE=
+-----END OPENSSH PRIVATE KEY-----

move2kube/m2k-func/src/test/resources/m2k-test-ssh-id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPI9DEM4+1QIkjfzrPRrYbpve5YNJMG8HZDebgQdjjNl rgolan@fedora

move2kube/m2k-func/src/test/resources/test.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAxuhZr4YA7l0S/yij3IXXf9jcLxgHdenjRGrF8tGbYp5n7IQb
+msbXcfBeUcsmtrBx02TB45nQ5Nox2Lqch5OyKbVo8FzO5m5RGmmHPUokgJGwBtgH
+SwxlX/dJ3X/T0Hk7s9X04t4wfbopWRPFIf+tUMp65XxgAdOpfM/yO4MjoRB3zL3X
+wI2KDecpwg10SMLiLXSuHZrMnYDMIie3WSBXur5OHQrNfLDLIvZQxAvgO0O3MaKn
+Pcq3XgtXonagYniwtUSi0VqUYUjDUTjwr5pc0v+UIJap610Mx8fiT1B63+YBUbQe
+C+Ol82FMUKGKM8igDm9xRBD1LFVYg1YLrdBCGwIDAQABAoIBAB8f1oDXuCeUWteg
+dVuZeeogdfvMh8ZUreJTztu7HtRksyBYX7VtbeL/WNL1tf4aSAVrG8fQltZoqioe
+sUWpv9Q09dG+xAVct8YpQyc9Bc80fNXlUebVbruAh4dobC2P+t6eGS6y0+WojrXI
+mS1Dw8wDkw17084VX80PAPl9AMM/+EzxJvf09nDBj1vn5JJm3TsPC7NhR0Fhe7pz
+yNY1CFu1sK6ZcaQdg4ratyRZ0LxBAbPK3fALnqJQqIMAwK9QW1lLQDpavZHKXooe
+UEj84kfmOJPT7wjOgh9CjFsjYOGPdkIDq0dGJ01X+mEQ4stdBToosPSl0NLdcItv
+KGR5F7ECgYEA/ofmSuZ2mO0e2MyUrBYdBj7NR4vW6Kprsvg0MzmGkj2SqPeYD/D2
+9AHRErkZ1Vns3m8OafpMSGRraMs3KxTCZBrCTRwvEVQBge9e+K3yiMzTpCznQ/I0
+7v7Vufn13gevgZmza0PelLemCuzOpF7jUfRw0d75sAYD0mxSRKC4GqMCgYEAyA5C
+uG9ykp+fJg9gp8m3N8ZOXLK+Dt7Eycght1k+l0NandMj/+9AU7AUZGKLEPHSUSOF
+15b7juerMiAvNv5AoUnJkUFdimC7jUJGv9TKxTOEhUgscZAScyppUU5lUk4oExdK
+O7ttbM/Ou9wEIRBJ0W3/pK29fWZ3yFIvfirJ6ikCgYAT44iiN6nyvyyW4j2HyN6R
+u1yNB6dOXOq3fF+P1SHn0XnhTB+Mt1aEsJOms+IJ4tH4e5MTwuQtD/O4p5BzBFdA
+PTsLjXU8FGVdwteX9Perqt2qyXt0urtaJX2L37VPmSgkp172tcHxuvv1hJWNEIEQ
+yVn7fEHkeEPaMG6pQCnCowKBgGJIh0TfE9Wu79wd7+les1GGblciRTc/AET1uoK+
+KH7dyzYAVg5Vty+mMM6Ejze65g2Qux+IgHvbmwKcRzXoQU471vgyucbS8TFb3zA9
+VYT+Y1urcpI0KqxDqMwWDLcbyJpgdcrUsNSlXzZxx+GKhAmM1exMouxpm+1hWw3L
+7bjJAoGAAep1Yg8/b0NRJtYQK6duFccrVzeXXSJ6nYcHgquVmg+VEQKwdaZBVDwv
+u5QZXEhcC7dziq07Sh4FziGJXKwNzV86860w+MxkJcqrWSuQkprw/3UcODtE+RyN
+j4b8grxg4ejd0KtCYzLy+ZpTqZZuotENpXhhcOH9VQRhWYXSSJg=
+-----END RSA PRIVATE KEY-----