Move most of the ssh key munging out into the workflow.

Author: joshhvulcan

.github/workflows/build_test.yaml

@@ -95,16 +95,37 @@ jobs:
           echo "=== Git Config URL Rewrites ==="
           git config --global --get-regexp 'url\..*\.insteadof' || echo "No git URL rewrites found"
 
-      # Write SSH keys to files for use inside Docker container
-      # The SSH agent runs on the runner but we need actual key files inside the
-      # Docker container to create SSH config with host aliases. We write the keys
-      # to .docker-ssh/ which gets copied into the container during build.
+      # Prepare all SSH configuration files for Docker build
+      # The SSH agent runs on the runner but we need actual key files and config
+      # inside the Docker container. We pre-build everything here in the workflow
+      # to keep the Dockerfile simple and free of CI-specific logic.
       - name: Prepare SSH keys for Docker build
         run: |
           mkdir -p .docker-ssh
+
+          # Write SSH private keys
           echo "${{ secrets.DEPLOY_KEY_FOR_OLMOEARTH_PRETRAIN_CLONE }}" > .docker-ssh/olmoearth_pretrain_key
           echo "${{ secrets.DEPLOY_KEY_FOR_OLMOEARTH_RUN_CLONE }}" > .docker-ssh/olmoearth_run_key
-          chmod 600 .docker-ssh/*
+          chmod 600 .docker-ssh/*_key
+
+          # Create SSH config with host aliases
+          cat > .docker-ssh/config << 'EOF'
+          Host github-olmoearth-pretrain
+            HostName github.com
+            IdentityFile /root/.ssh/olmoearth_pretrain_key
+            IdentitiesOnly yes
+
+          Host github-olmoearth-run
+            HostName github.com
+            IdentityFile /root/.ssh/olmoearth_run_key
+            IdentitiesOnly yes
+          EOF
+
+          # Create modified requirements files with host aliases
+          sed 's|git@github\.com/allenai/olmoearth_pretrain|git@github-olmoearth-pretrain/allenai/olmoearth_pretrain|g' \
+            requirements-olmoearth_pretrain.txt > .docker-ssh/requirements-olmoearth_pretrain.txt
+          sed 's|git@github\.com/allenai/olmoearth_run|git@github-olmoearth-run/allenai/olmoearth_run|g' \
+            requirements-olmoearth_run.txt > .docker-ssh/requirements-olmoearth_run.txt
 
 ## REMOVE BEFORE MERGE! ####
 #      - name: Clone olmoearth repositories and update requirements-extra.txt

Dockerfile

@@ -89,20 +89,11 @@ COPY . /opt/rslearn_projects/
 ARG USE_SSH_KEYS_FROM_BUILD=false
 RUN if [ "$USE_SSH_KEYS_FROM_BUILD" = "true" ] && [ -d /opt/rslearn_projects/.docker-ssh ]; then \
       echo "Setting up SSH keys from build context..." && \
-      cp /opt/rslearn_projects/.docker-ssh/* /root/.ssh/ && \
-      chmod 600 /root/.ssh/*_key && \
-      echo "Host github-olmoearth-pretrain" >> /root/.ssh/config && \
-      echo "  HostName github.com" >> /root/.ssh/config && \
-      echo "  IdentityFile /root/.ssh/olmoearth_pretrain_key" >> /root/.ssh/config && \
-      echo "  IdentitiesOnly yes" >> /root/.ssh/config && \
-      echo "" >> /root/.ssh/config && \
-      echo "Host github-olmoearth-run" >> /root/.ssh/config && \
-      echo "  HostName github.com" >> /root/.ssh/config && \
-      echo "  IdentityFile /root/.ssh/olmoearth_run_key" >> /root/.ssh/config && \
-      echo "  IdentitiesOnly yes" >> /root/.ssh/config && \
-      chmod 600 /root/.ssh/config && \
-      sed -i 's|git@github\.com/allenai/olmoearth_pretrain|git@github-olmoearth-pretrain/allenai/olmoearth_pretrain|g' /opt/rslearn_projects/requirements-olmoearth_pretrain.txt && \
-      sed -i 's|git@github\.com/allenai/olmoearth_run|git@github-olmoearth-run/allenai/olmoearth_run|g' /opt/rslearn_projects/requirements-olmoearth_run.txt && \
+      cp /opt/rslearn_projects/.docker-ssh/*_key /root/.ssh/ && \
+      cp /opt/rslearn_projects/.docker-ssh/config /root/.ssh/config && \
+      chmod 600 /root/.ssh/*_key /root/.ssh/config && \
+      cp /opt/rslearn_projects/.docker-ssh/requirements-olmoearth_pretrain.txt /opt/rslearn_projects/requirements-olmoearth_pretrain.txt && \
+      cp /opt/rslearn_projects/.docker-ssh/requirements-olmoearth_run.txt /opt/rslearn_projects/requirements-olmoearth_run.txt && \
       echo "SSH multi-key setup complete."; \
     else \
       echo "Using default SSH configuration (single key or SSH agent)."; \