Update the CHANGELOG file

Merge remote-tracking branch 'origin/master' into camilo/log-public-key
Express logging flag in a "positive" way, not as "do not log"
2026-03-15 07:49:07 +08:00 · 2022-10-19 10:34:44 +00:00 · 2022-10-19 10:33:47 +00:00 · 2022-10-19 10:26:23 +00:00 · 2022-10-19 10:25:57 +00:00 · 2022-09-02 15:31:17 +09:00
5 changed files with 23 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+ * Add the `log-public-key` input that can be used to turn off logging key identities (#122)
+
 ## v0.6.0 [2022-10-19]

 ### Changed
--- a/README.md
+++ b/README.md
@@ -76,7 +76,16 @@ To support picking the right key in this use case, this action scans _key commen
 3. For key comments containing such URLs, a Git config setting is written that uses [`url.<base>.insteadof`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf). It will redirect `git` requests to URLs starting with either `https://github.com/owner/repo` or `git@github.com:owner/repo` to a fake hostname/URL like `git@...some.hash...:owner/repo`.
 4. An SSH configuration section is generated that applies to the fake hostname. It will map the SSH connection back to `github.com`, while at the same time pointing SSH to a file containing the appropriate key's public part. That will make SSH use the right key when connecting to GitHub.com.

+## Action Inputs
+
+The following inputs can be used to control the action's behavior:
+
+* `ssh-private-key`: Required. Use this to provide the key(s) to load as GitHub Actions secrets.
+* `ssh-auth-sock`: Can be used to control where the SSH agent socket will be placed. Ultimately affects the `$SSH_AUTH_SOCK` environment variable.
+* `log-public-key`: Set this to `false` if you want to suppress logging of _public_ key information. To simplify debugging and since it contains public key information only, this is turned on by default.
+
 ## Exported variables
+
 The action exports the `SSH_AUTH_SOCK` and `SSH_AGENT_PID` environment variables through the Github Actions core module.
 The `$SSH_AUTH_SOCK` is used by several applications like git or rsync to connect to the SSH authentication agent.
 The `$SSH_AGENT_PID` contains the process id of the agent. This is used to kill the agent in post job action.
--- a/action.yml
+++ b/action.yml
@@ -6,6 +6,10 @@ inputs:
        required: true
    ssh-auth-sock:
        description: 'Where to place the SSH Agent auth socket'
+    log-public-key:
+        description: 'Whether or not to log public key fingerprints'
+        required: false
+        default: true
 runs:
    using: 'node16'
    main: 'dist/index.js'
--- a/dist/index.js
+++ b/dist/index.js
@@ -326,6 +326,7 @@ const { home, sshAgent, sshAdd } = __webpack_require__(972);

 try {
    const privateKey = core.getInput('ssh-private-key');
+    const logPublicKey = core.getBooleanInput('log-public-key', {default: true});

    if (!privateKey) {
        core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file.");
@@ -374,8 +375,9 @@ try {
        const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);

        if (!parts) {
-            console.log(`Comment for (public) key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`);
-
+            if (logPublicKey) {
+              console.log(`Comment for (public) key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`);
+            }
            return;
        }

--- a/index.js
+++ b/index.js
@@ -6,6 +6,7 @@ const { home, sshAgent, sshAdd } = require('./paths.js');

 try {
    const privateKey = core.getInput('ssh-private-key');
+    const logPublicKey = core.getBooleanInput('log-public-key', {default: true});

    if (!privateKey) {
        core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file.");
@@ -54,8 +55,9 @@ try {
        const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);

        if (!parts) {
-            console.log(`Comment for (public) key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`);
-
+            if (logPublicKey) {
+              console.log(`Comment for (public) key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`);
+            }
            return;
        }
Author	SHA1	Message	Date
Matthias Pigulla	29c4c5bfcc	Update the CHANGELOG file	2022-10-19 10:34:44 +00:00
Matthias Pigulla	cf116fbe80	Merge remote-tracking branch 'origin/master' into camilo/log-public-key	2022-10-19 10:33:47 +00:00
Matthias Pigulla	3d2f9b9e54	Express logging flag in a "positive" way, not as "do not log"	2022-10-19 10:26:23 +00:00
Matthias Pigulla	b5b046356c	Document action inputs in the README	2022-10-19 10:25:57 +00:00
Camilo Celis Guzman	370777e6ab	build	2022-09-02 15:31:17 +09:00
Camilo Celis Guzman	f202749619	opt-out rather than opt-in	2022-09-02 15:30:25 +09:00
Camilo Celis Guzman	9683b6d018	default to true and remove need to monkeypatch getBoolean	2022-09-02 14:59:27 +09:00
Camilo Celis Guzman	79fe588704	don't log public key and add flag for it if needed	2022-09-02 14:39:57 +09:00