From f5a65116e82a7975e972333c86b85076eb5e476d Mon Sep 17 00:00:00 2001
From: AdriaCarrera <adria.cm95@gmail.com>
Date: Thu, 19 Feb 2026 11:07:51 +0100
Subject: [PATCH 1/2] fix: configure SSH for private Go modules in Dockerfile
 and workflows

---
 .github/workflows/goreleaser.yml | 16 ++++++++++++++--
 .github/workflows/release.yml    |  2 ++
 Dockerfile                       |  9 +++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index 229272ad..c001b406 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -23,9 +23,21 @@ jobs:
           ref: ${{ inputs.commit_branch }}
           fetch-depth: 0
           fetch-tags: true
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
+      # Configure SSH for private Go modules
+      - name: Setup SSH for private modules
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
       # Build and push docker image
       - name: Run go releaser
         run: |
-          docker run --rm -e CGO_ENABLED -e GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
+          docker run --rm -e CGO_ENABLED -e GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} -e GOPRIVATE=github.com/xrplevm/evm-sec-papyrus\
              -v /var/run/docker.sock:/var/run/docker.sock -v $PWD:/go/src/exrp -w /go/src/exrp \
-             goreleaser/goreleaser-cross:v1.22 release --clean --skip validate
\ No newline at end of file
+             -v ~/.ssh:/root/.ssh:ro \
+             --entrypoint /bin/sh \
+             goreleaser/goreleaser-cross:v1.22 -c \
+             'git config --global --add safe.directory /go/src/exrp && git config --global url."ssh://git@github.com/xrplevm/evm-sec-papyrus".insteadOf "https://github.com/xrplevm/evm-sec-papyrus" && goreleaser release --clean --skip validate'
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f8144a37..ec0f545c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -46,6 +46,8 @@ jobs:
           tags: |
             peersyst/exrp:${{ github.event.inputs.tag }}
             ${{ fromJSON('["", "peersyst/exrp:latest"]')[github.event.inputs.is_latest_release == 'true'] }}
+          secrets: |
+            ssh_key_b64=${{ secrets.SSH_KEY_B64 }}
       - name: Publish the Release
         uses: softprops/action-gh-release@v1
         with:
diff --git a/Dockerfile b/Dockerfile
index 2e28e3c6..a20dab44 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,6 +6,15 @@ RUN apt update && \
         ca-certificates
 WORKDIR /app
 COPY . .
+
+# Hotfix to allow download of private go module
+ENV GOPRIVATE=github.com/xrplevm/evm-sec-papyrus
+RUN mkdir -p ~/.ssh
+RUN --mount=type=secret,id=ssh_key_b64 base64 -d -i /run/secrets/ssh_key_b64 > ~/.ssh/id_rsa
+RUN chmod 600 ~/.ssh/id_rsa
+RUN ssh-keyscan github.com >> ~/.ssh/known_hosts
+RUN git config --global url."ssh://git@github.com/xrplevm/evm-sec-papyrus".insteadOf "https://github.com/xrplevm/evm-sec-papyrus"
+
 RUN make install
 
 

From b3cf7f4ac19b905308f646f4c1f01a5c6cca5366 Mon Sep 17 00:00:00 2001
From: AdriaCarrera <adria.cm95@gmail.com>
Date: Thu, 19 Feb 2026 11:24:38 +0100
Subject: [PATCH 2/2] fix: configure SSH for private Go modules in Dockerfile
 and workflows

---
 .github/workflows/goreleaser.yml   |  2 +-
 .github/workflows/pull-request.yml | 26 ++++++++------------------
 2 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index c001b406..21f2865e 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Setup SSH for private modules
         run: |
           mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
+          echo "${{ secrets.SSH_KEY_B64 }}" | base64 -d > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
           ssh-keyscan github.com >> ~/.ssh/known_hosts
       # Build and push docker image
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index f0489092..eb7098fb 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -16,22 +16,12 @@ jobs:
             -   uses: actions/checkout@v2
             -   uses: docker/setup-qemu-action@v2
             -   uses: docker/setup-buildx-action@v2
-            -   uses: actions/cache@v3
-                with:
-                    path: /tmp/.buildx-cache
-                    key: ${{ github.job }}-${{ runner.os }}-${{ github.event.pull_request.number }}-buildx
-                    restore-keys: |
-                        ${{ github.job }}-${{ runner.os }}-${{ github.event.pull_request.number }}-buildx
             # Build docker image
-            -   name: Build docker image
-                uses: docker/build-push-action@v4
-                with:
-                    target: integration
-                    push: false
-                    cache-from: type=local,src=/tmp/.buildx-cache
-                    cache-to: type=local,dest=/tmp/.buildx-cache-new
-            -   name: Move cache
-                if: always()
-                run: |
-                    rm -rf /tmp/.buildx-cache
-                    mv /tmp/.buildx-cache-new /tmp/.buildx-cache
\ No newline at end of file
+            - name: Build docker image
+              uses: docker/build-push-action@v4
+              with:
+                  context: .
+                  target: integration
+                  push: false
+                  secrets: |
+                      ssh_key_b64=${{ secrets.SSH_KEY_B64 }}
\ No newline at end of file