ansible-collections
diff --git a/‎.github/workflows/check_label.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/check_label.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 2 additions & 2 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.yamllint‎
Lines changed: 4 additions & 0 deletions b/‎.yamllint‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 3 deletions b/‎README.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎changelogs/fragments/add_ssh_support.yaml‎
Lines changed: 3 additions & 0 deletions b/‎changelogs/fragments/add_ssh_support.yaml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/ansible.scm.git_publish_module.rst‎
Lines changed: 33 additions & 0 deletions b/‎docs/ansible.scm.git_publish_module.rst‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎docs/ansible.scm.git_retrieve_module.rst‎
Lines changed: 35 additions & 0 deletions b/‎docs/ansible.scm.git_retrieve_module.rst‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎plugins/action/git_publish.py‎
Lines changed: 70 additions & 21 deletions b/‎plugins/action/git_publish.py‎
Lines changed: 70 additions & 21 deletions
@@ -1,5 +1,5 @@
 ---
-name: "Check label"
+name: "Check PR label 👓"
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
@@ -1,5 +1,5 @@
 ---
-name: "Release collection"
+name: "Release collection 🚀"
 on:  # yamllint disable-line rule:truthy
   release:
     types: [published]
 
@@ -1,4 +1,4 @@
-name: test
+name: "Collection Tests 🧪"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
 
@@ -1,12 +1,12 @@
 ---
 repos:
   - repo: https://github.com/ansible-network/collection_prep
-    rev: 1.1.1
+    rev: da78082ea59b03ad16cd7dbee267f53e8ff50bb5
     hooks:
       - id: update-docs
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v6.0.0
     hooks:
       - id: check-merge-conflict
       - id: check-symlinks
 
@@ -19,3 +19,7 @@ rules:
   line-length: disable
   truthy:
     check-keys: false
+
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
@@ -5,10 +5,8 @@ This repository contains the `ansible.scm` Ansible Collection that allows you to
 <!--start requires_ansible-->
 ## Ansible version compatibility
 
-This collection has been tested against following Ansible versions: **>=2.15.0**.
+This collection has been tested against the following Ansible versions: **>=2.15.0**.
 
-For collections that support Ansible 2.9, please ensure you update your `network_os` to use the
-fully qualified collection name (for example, `cisco.ios.ios`).
 Plugins and modules within a collection may be tested with only specific Ansible versions.
 A collection may contain metadata that identifies these versions.
 PEP440 is the schema used to describe the versions of Ansible.
 
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - Add ssh support for git_publish/git_retrieve and fix CI.
@@ -138,6 +138,39 @@ Parameters
                         <div>Remove the local copy of the repository if the push is successful</div>
                 </td>
             </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ssh_key_content</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The content of the SSH private key for authentication with git.</div>
+                        <div>Ideal for use with Ansible Vault or other secret management systems.</div>
+                        <div>Used only for SSH-based repository URLs.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ssh_key_file</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path to the SSH private key file to use for authentication with git.</div>
+                        <div>Used only for SSH-based repository URLs (e.g., [email protected]:...).</div>
+                </td>
+            </tr>
             <tr>
                 <td colspan="2">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>
 
@@ -133,6 +133,41 @@ Parameters
             </tr>
                                 <tr>
                     <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ssh_key_content</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The content of the SSH private key for authentication with the origin repository.</div>
+                        <div>Ideal for use with Ansible Vault or other secret management systems.</div>
+                        <div>Used only for SSH-based repository URLs.</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ssh_key_file</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path to the SSH private key file to use for authentication with the origin repository.</div>
+                        <div>Used only for SSH-based repository URLs (e.g., [email protected]:...).</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
                 <td colspan="1">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>
                     <b>tag</b>
 
@@ -5,11 +5,14 @@
 
 from __future__ import absolute_import, division, print_function
 
+import os
 import shutil
+import tempfile
 import webbrowser
 
 from contextlib import suppress
 from dataclasses import asdict, dataclass
+from pathlib import Path
 from typing import Dict, List, Optional, TypeVar, Union
 
 from ansible.errors import AnsibleActionFail
@@ -50,6 +53,7 @@ class Result(ResultBase):
 T = TypeVar("T", bound="ActionModule")  # pylint: disable=invalid-name, useless-suppression
 
 
+# pylint: disable=too-many-instance-attributes
 class ActionModule(GitBase):
     """The retrieve action plugin."""
 
@@ -90,6 +94,8 @@ def __init__(  # noqa: PLR0913
         self._play_name: str = ""
         self._supports_async = True
         self._result: Result = Result()
+        self._env: Optional[Dict[str, str]] = None
+        self._temp_ssh_key_path: Optional[str] = None
 
     def _check_argspec(self: T) -> None:
         """Check the argspec for the action plugin.
@@ -107,6 +113,34 @@ def _check_argspec(self: T) -> None:
         if self._task.args.get("token") == "":
             err = "Token can not be an empty string"
             raise AnsibleActionFail(err)
+        if self._task.args.get("ssh_key_file") and self._task.args.get("ssh_key_content"):
+            msg = "Parameters `ssh_key_file` and `ssh_key_content` are mutually exclusive."
+            raise AnsibleActionFail(msg)
+
+    def _prepare_ssh_environment(self: T) -> None:
+        """Prepare the environment for SSH key authentication."""
+        key_content = self._task.args.get("ssh_key_content")
+        key_file = self._task.args.get("ssh_key_file")
+
+        if not key_content and not key_file:
+            return
+
+        if key_content:
+            fd, self._temp_ssh_key_path = tempfile.mkstemp(prefix="ansible-git-key-")
+            os.write(fd, key_content.encode("utf-8"))
+            os.close(fd)
+            Path(self._temp_ssh_key_path).chmod(0o600)
+            key_path = self._temp_ssh_key_path
+        else:
+            key_path = key_file
+
+        ssh_command = f"ssh -i {key_path} -o IdentitiesOnly=yes -o StrictHostKeyChecking=no"
+        self._env = {"GIT_SSH_COMMAND": ssh_command}
+
+    def _cleanup_ssh_key(self: T) -> None:
+        """Remove the temporary SSH key file if it was created."""
+        if self._temp_ssh_key_path:
+            Path(self._temp_ssh_key_path).unlink()
 
     def _configure_git_user_name(self: T) -> None:
         """Configure the git user name."""
@@ -115,6 +149,7 @@ def _configure_git_user_name(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg="Failed to get current user name for git.",
+            env=self._env,
         )
         self._run_command(command=command, ignore_errors=True)
         if command.stdout:
@@ -127,6 +162,7 @@ def _configure_git_user_name(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg="Failed to configure git user name",
+            env=self._env,
         )
         self._run_command(command=command)
         self._result.user_name = name
@@ -138,6 +174,7 @@ def _configure_git_user_email(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg="Failed to get current user email for git.",
+            env=self._env,
         )
         self._run_command(command=command, ignore_errors=True)
         if command.stdout:
@@ -150,6 +187,7 @@ def _configure_git_user_email(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg="Failed to configure git user email",
+            env=self._env,
         )
         self._run_command(command=command)
         self._result.user_email = email
@@ -162,6 +200,7 @@ def _add(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg=f"Failed to add the file to the pending commit: {files}",
+            env=self._env,
         )
         self._run_command(command=command)
 
@@ -174,6 +213,7 @@ def _commit(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg=f"Failed to perform the commit: {message}",
+            env=self._env,
         )
         self._run_command(command=command)
 
@@ -189,6 +229,7 @@ def _tag(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg=f"Failed to perform tagging: {message}",
+            env=self._env,
         )
         self._run_command(command=command)
 
@@ -199,6 +240,7 @@ def _push(self: T) -> None:
         command = Command(
             command_parts=command_parts,
             fail_msg="Failed to get remote",
+            env=self._env,
         )
 
         self._run_command(command=command)
@@ -228,6 +270,7 @@ def _push(self: T) -> None:
             command_parts=command_parts,
             fail_msg="Failed to perform the push",
             no_log=no_log,
+            env=self._env,
         )
         self._run_command(command=command)
         with suppress(StopIteration):
@@ -262,32 +305,38 @@ def run(
         self._task.diff = False
         super().run(task_vars=task_vars)
 
-        self._check_argspec()
-        if self._result.failed:
-            return asdict(self._result)
+        try:
+            self._check_argspec()
+            if self._result.failed:
+                return asdict(self._result)
 
-        self._path_to_repo = self._task.args["path"]
-        self._base_command = ("git", "-C", self._path_to_repo)
-        self._timeout = self._task.args["timeout"]
+            self._prepare_ssh_environment()
 
-        steps = [
-            self._configure_git_user_name,
-            self._configure_git_user_email,
-            self._add,
-            self._commit,
-        ]
-        if self._task.args.get("tag"):
-            steps.append(self._tag)
+            self._path_to_repo = self._task.args["path"]
+            self._base_command = ("git", "-C", self._path_to_repo)
+            self._timeout = self._task.args["timeout"]
 
-        steps.extend([self._push, self._remove_repo])
+            steps = [
+                self._configure_git_user_name,
+                self._configure_git_user_email,
+                self._add,
+                self._commit,
+            ]
+            if self._task.args.get("tag"):
+                steps.append(self._tag)
 
-        for step in steps:
-            step()
-            if self._result.failed:
-                return asdict(self._result)
+            steps.extend([self._push, self._remove_repo])
+
+            for step in steps:
+                step()
+                if self._result.failed:
+                    return asdict(self._result)
+
+            if self._result.pr_url and self._task.args["open_browser"]:
+                webbrowser.open(self._result.pr_url, new=2)
 
-        if self._result.pr_url and self._task.args["open_browser"]:
-            webbrowser.open(self._result.pr_url, new=2)
+        finally:
+            self._cleanup_ssh_key()
 
         self._result.msg = f"Successfully published local changes from: {self._path_to_repo}"
         return asdict(self._result)
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-name: test`
	`1`	`+name: "Collection Tests 🧪"`
`2`	`2`
`3`	`3`	`concurrency:`
`4`	`4`	`group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+---`
	`2`	`+minor_changes:`
	`3`	`+ - Add ssh support for git_publish/git_retrieve and fix CI.`