From ed8c20cc6a25d0198b1411b50396647a9a342157 Mon Sep 17 00:00:00 2001
From: sowmya-sl <lsowmyanarayanan@gmail.com>
Date: Wed, 8 Apr 2026 19:31:10 +0530
Subject: [PATCH] Add ssh parameter support for image builds

Allow passing SSH agent sockets or keys to the build API,
similar to the existing secrets parameter support.

Review comments:
- Add usage examples and reference to podman build --ssh in
  the ssh parameter docstring

Signed-off-by: sowmya-sl <lsowmyanarayanan@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
---
 podman/domain/images_build.py   | 6 ++++++
 podman/tests/unit/test_build.py | 7 +++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/podman/domain/images_build.py b/podman/domain/images_build.py
index 1850ae70..ebbebeec 100644
--- a/podman/domain/images_build.py
+++ b/podman/domain/images_build.py
@@ -70,6 +70,9 @@ def build(self, **kwargs) -> tuple[Image, Iterator[bytes]]:
             manifest (str) - add the image to the specified manifest list.
                 Creates manifest list if it does not exist.
             secrets (list[str]) - Secret files/envs to expose to the build
+            ssh (list[str]) - SSH agent socket or keys to expose to the build.
+                Format is the same as ``podman build --ssh``, e.g.
+                ``["default"]`` or ``["src=/path/to/key"]``.
 
         Returns:
             first item is the podman.domain.images.Image built
@@ -216,5 +219,8 @@ def _render_params(kwargs) -> dict[str, list[Any]]:
         if "secrets" in kwargs:
             params["secrets"] = json.dumps(kwargs.get("secrets"))
 
+        if "ssh" in kwargs and kwargs.get("ssh") != []:
+            params["ssh"] = json.dumps(kwargs["ssh"])
+
         # Remove any unset parameters
         return dict(filter(lambda i: i[1] is not None, params.items()))
diff --git a/podman/tests/unit/test_build.py b/podman/tests/unit/test_build.py
index e8df8ff6..80e7d097 100644
--- a/podman/tests/unit/test_build.py
+++ b/podman/tests/unit/test_build.py
@@ -1,8 +1,9 @@
 import io
-import requests
 import json
 import unittest
 
+import requests
+
 try:
     # Python >= 3.10
     from collections.abc import Iterable
@@ -71,7 +72,8 @@ def test_build(self, mock_prepare_containerfile, mock_create_tar):
                 "&extrahosts=%7B%22database%22%3A+%22127.0.0.1%22%7D"
                 "&labels=%7B%22Unittest%22%3A+%22true%22%7D"
                 "&manifest=example%3Av1.2.3"
-                "&secrets=%5B%22id%3Dexample%2Csrc%3Dpodman-build-secret123%22%5D",
+                "&secrets=%5B%22id%3Dexample%2Csrc%3Dpodman-build-secret123%22%5D"
+                "&ssh=%5B%22default%22%5D",
                 text=buffer.getvalue(),
             )
             mock.get(
@@ -105,6 +107,7 @@ def test_build(self, mock_prepare_containerfile, mock_create_tar):
                 labels={"Unittest": "true"},
                 manifest="example:v1.2.3",
                 secrets=["id=example,src=podman-build-secret123"],
+                ssh=["default"],
             )
             self.assertIsInstance(image, Image)
             self.assertEqual(image.id, good_image_id)