ops/ssh-agent
1
0
Fork 0
mirror of https://github.com/webfactory/ssh-agent.git synced 2026-03-26 21:09:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ops:v0.7.0
Branches Tags
ops:master ops:mkdir-p ops:camilo/log-public-key ops:demo-go-get ops:debug-windows-ssh ops:deploy-key-wrapper
ops:v0.10.0 ops:v0.9.1 ops:v0.9.0 ops:v0.8.0 ops:v0.7.0 ops:v0.6.0 ops:v0.5.4 ops:v0.5.3 ops:v0.5.2 ops:v0.5.1 ops:v0.5.0 ops:v0.4.1 ops:v0.4.0 ops:v0.3.0 ops:v0.2.0 ops:v0.1.1 ops:v0.1.0
..
compare: ops:camilo/log-public-key
Branches Tags
ops:master ops:mkdir-p ops:camilo/log-public-key ops:demo-go-get ops:debug-windows-ssh ops:deploy-key-wrapper
ops:v0.10.0 ops:v0.9.1 ops:v0.9.0 ops:v0.8.0 ops:v0.7.0 ops:v0.6.0 ops:v0.5.4 ops:v0.5.3 ops:v0.5.2 ops:v0.5.1 ops:v0.5.0 ops:v0.4.1 ops:v0.4.0 ops:v0.3.0 ops:v0.2.0 ops:v0.1.1 ops:v0.1.0

8 Commits
v0.7.0 ... camilo/log

Author SHA1 Message Date
Matthias Pigulla
29c4c5bfcc Update the CHANGELOG file 2022-10-19 10:34:44 +00:00
Matthias Pigulla
cf116fbe80 Merge remote-tracking branch 'origin/master' into camilo/log-public-key 2022-10-19 10:33:47 +00:00
Matthias Pigulla
3d2f9b9e54 Express logging flag in a "positive" way, not as "do not log" 2022-10-19 10:26:23 +00:00
Matthias Pigulla
b5b046356c Document action inputs in the README 2022-10-19 10:25:57 +00:00
Camilo Celis Guzman
370777e6ab build 2022-09-02 15:31:17 +09:00
Camilo Celis Guzman
f202749619 opt-out rather than opt-in 2022-09-02 15:30:25 +09:00
Camilo Celis Guzman
9683b6d018 default to true and remove need to monkeypatch getBoolean 2022-09-02 14:59:27 +09:00
Camilo Celis Guzman
79fe588704 don't log public key and add flag for it if needed 2022-09-02 14:39:57 +09:00
8 changed files with 58 additions and 91 deletions
Expand all files Collapse all files

11
CHANGELOG.md
View File

@@ -7,17 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
## v0.7.0 [2022-10-19]
### Added
* Add the `log-public-key` input that can be used to turn off logging key identities (#122) * Add the `log-public-key` input that can be used to turn off logging key identities (#122)
### Fixed
* Fix path to `git` binary on Windows, assuming GitHub-hosted runners (#136, #137)
* Fix a nonsensical log message (#139)
## v0.6.0 [2022-10-19] ## v0.6.0 [2022-10-19]
### Changed ### Changed
@@ -40,7 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed ### Fixed
* Fixed cleanup phase to really terminate the ssh-agent (#80) * Fixed cleanup phase to really terminate the ssh-agent (#80)
* Fix termination of ssh-agent also on workflow failure (#79) * Fix termination of ssh-agent also on workflow faiulre (#79)
### Changed ### Changed

32
README.md
View File

@@ -114,7 +114,7 @@ If you are using this action on container-based workflows, make sure the contain
If you are using the `docker/build-push-action`, and would like to pass the SSH key, you can do so by adding the following config to pass the socket file through: If you are using the `docker/build-push-action`, and would like to pass the SSH key, you can do so by adding the following config to pass the socket file through:
```yml ```
- name: Build and push - name: Build and push
id: docker_build id: docker_build
uses: docker/build-push-action@v2 uses: docker/build-push-action@v2
@@ -123,36 +123,6 @@ If you are using the `docker/build-push-action`, and would like to pass the SSH
default=${{ env.SSH_AUTH_SOCK }} default=${{ env.SSH_AUTH_SOCK }}
``` ```
### Using the `docker/build-push-action` Action together with multiple Deploy Keys
If you use the `docker/build-push-action` and want to use multiple GitHub deploy keys, you need to copy the git and ssh configuration to the container during the build. Otherwise, the Docker build process would still not know how to handle multiple deploy keys. Even if the ssh agent was set up correctly on the runner.
This requires an additional step in the actions workflow and two additional lines in the Dockerfile.
Workflow:
```yml
- name: Prepare git and ssh config for build context
run: |
mkdir root-config
cp -r ~/.gitconfig ~/.ssh root-config/
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
ssh: |
default=${{ env.SSH_AUTH_SOCK }}
```
Dockerfile:
```Dockerfile
COPY root-config /root/
RUN sed 's|/home/runner|/root|g' -i.bak /root/.ssh/config
```
Have in mind that the Dockerfile now contains customized git and ssh configurations. If you don't want that in your final image, use multi-stage builds.
### Cargo's (Rust) Private Dependencies on Windows ### Cargo's (Rust) Private Dependencies on Windows
If you are using private repositories in your dependencies like this: If you are using private repositories in your dependencies like this:

4
cleanup.js
View File

@@ -1,11 +1,11 @@
const core = require('@actions/core'); const core = require('@actions/core');
const { execFileSync } = require('child_process'); const { execFileSync } = require('child_process');
const { sshAgentCmd } = require('./paths.js'); const { sshAgent } = require('./paths.js');
try { try {
// Kill the started SSH agent // Kill the started SSH agent
console.log('Stopping SSH agent'); console.log('Stopping SSH agent');
execFileSync(sshAgentCmd, ['-k'], { stdio: 'inherit' }); execFileSync(sshAgent, ['-k'], { stdio: 'inherit' });
} catch (error) { } catch (error) {
console.log(error.message); console.log(error.message);
console.log('Error stopping the SSH agent, proceeding anyway'); console.log('Error stopping the SSH agent, proceeding anyway');

24
dist/cleanup.js vendored
View File

@@ -599,12 +599,12 @@ exports.debug = debug; // for test
const core = __webpack_require__(470); const core = __webpack_require__(470);
const { execFileSync } = __webpack_require__(129); const { execFileSync } = __webpack_require__(129);
const { sshAgentCmd } = __webpack_require__(972); const { sshAgent } = __webpack_require__(972);
try { try {
// Kill the started SSH agent // Kill the started SSH agent
console.log('Stopping SSH agent'); console.log('Stopping SSH agent');
execFileSync(sshAgentCmd, ['-k'], { stdio: 'inherit' }); execFileSync(sshAgent, ['-k'], { stdio: 'inherit' });
} catch (error) { } catch (error) {
console.log(error.message); console.log(error.message);
console.log('Error stopping the SSH agent, proceeding anyway'); console.log('Error stopping the SSH agent, proceeding anyway');
@@ -2824,21 +2824,23 @@ exports.default = _default;
const os = __webpack_require__(87); const os = __webpack_require__(87);
module.exports = (process.env['OS'] != 'Windows_NT') ? { module.exports = (process.env['OS'] != 'Windows_NT') ? {
// Use getent() system call, since this is what ssh does; makes a difference in Docker-based // Use getent() system call, since this is what ssh does; makes a difference in Docker-based
// Action runs, where $HOME is different from the pwent // Action runs, where $HOME is different from the pwent
homePath: os.userInfo().homedir, home: os.userInfo().homedir,
sshAgentCmd: 'ssh-agent', sshAgent: 'ssh-agent',
sshAddCmd: 'ssh-add', sshAdd: 'ssh-add'
gitCmd: 'git'
} : { } : {
// Assuming GitHub hosted `windows-*` runners for now
homePath: os.homedir(), home: os.homedir(),
sshAgentCmd: 'c://progra~1//git//usr//bin//ssh-agent.exe', sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe',
sshAddCmd: 'c://progra~1//git//usr//bin//ssh-add.exe', sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe'
gitCmd: 'c://progra~1//git//bin//git.exe'
}; };
/***/ }) /***/ })
/******/ }); /******/ });

38
dist/index.js vendored
View File

@@ -322,7 +322,7 @@ const core = __webpack_require__(470);
const child_process = __webpack_require__(129); const child_process = __webpack_require__(129);
const fs = __webpack_require__(747); const fs = __webpack_require__(747);
const crypto = __webpack_require__(417); const crypto = __webpack_require__(417);
const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = __webpack_require__(972); const { home, sshAgent, sshAdd } = __webpack_require__(972);
try { try {
const privateKey = core.getInput('ssh-private-key'); const privateKey = core.getInput('ssh-private-key');
@@ -334,7 +334,7 @@ try {
return; return;
} }
const homeSsh = homePath + '/.ssh'; const homeSsh = home + '/.ssh';
console.log(`Adding GitHub.com keys to ${homeSsh}/known_hosts`); console.log(`Adding GitHub.com keys to ${homeSsh}/known_hosts`);
@@ -349,7 +349,7 @@ try {
const sshAgentArgs = (authSock && authSock.length > 0) ? ['-a', authSock] : []; const sshAgentArgs = (authSock && authSock.length > 0) ? ['-a', authSock] : [];
// Extract auth socket path and agent pid and set them as job variables // Extract auth socket path and agent pid and set them as job variables
child_process.execFileSync(sshAgentCmd, sshAgentArgs).toString().split("\n").forEach(function(line) { child_process.execFileSync(sshAgent, sshAgentArgs).toString().split("\n").forEach(function(line) {
const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/.exec(line); const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/.exec(line);
if (matches && matches.length > 0) { if (matches && matches.length > 0) {
@@ -362,16 +362,16 @@ try {
console.log("Adding private key(s) to agent"); console.log("Adding private key(s) to agent");
privateKey.split(/(?=-----BEGIN)/).forEach(function(key) { privateKey.split(/(?=-----BEGIN)/).forEach(function(key) {
child_process.execFileSync(sshAddCmd, ['-'], { input: key.trim() + "\n" }); child_process.execFileSync(sshAdd, ['-'], { input: key.trim() + "\n" });
}); });
console.log("Key(s) added:"); console.log("Key(s) added:");
child_process.execFileSync(sshAddCmd, ['-l'], { stdio: 'inherit' }); child_process.execFileSync(sshAdd, ['-l'], { stdio: 'inherit' });
console.log('Configuring deployment key(s)'); console.log('Configuring deployment key(s)');
child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) { child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key) {
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);
if (!parts) { if (!parts) {
@@ -386,9 +386,9 @@ try {
fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' }); fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' });
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`); child_process.execSync(`git config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`); child_process.execSync(`git config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`); child_process.execSync(`git config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`);
const sshConfig = `\nHost key-${sha256}.github.com\n` const sshConfig = `\nHost key-${sha256}.github.com\n`
+ ` HostName github.com\n` + ` HostName github.com\n`
@@ -2903,21 +2903,23 @@ exports.default = _default;
const os = __webpack_require__(87); const os = __webpack_require__(87);
module.exports = (process.env['OS'] != 'Windows_NT') ? { module.exports = (process.env['OS'] != 'Windows_NT') ? {
// Use getent() system call, since this is what ssh does; makes a difference in Docker-based // Use getent() system call, since this is what ssh does; makes a difference in Docker-based
// Action runs, where $HOME is different from the pwent // Action runs, where $HOME is different from the pwent
homePath: os.userInfo().homedir, home: os.userInfo().homedir,
sshAgentCmd: 'ssh-agent', sshAgent: 'ssh-agent',
sshAddCmd: 'ssh-add', sshAdd: 'ssh-add'
gitCmd: 'git'
} : { } : {
// Assuming GitHub hosted `windows-*` runners for now
homePath: os.homedir(), home: os.homedir(),
sshAgentCmd: 'c://progra~1//git//usr//bin//ssh-agent.exe', sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe',
sshAddCmd: 'c://progra~1//git//usr//bin//ssh-add.exe', sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe'
gitCmd: 'c://progra~1//git//bin//git.exe'
}; };
/***/ }) /***/ })
/******/ }); /******/ });

18
index.js
View File

@@ -2,7 +2,7 @@ const core = require('@actions/core');
const child_process = require('child_process'); const child_process = require('child_process');
const fs = require('fs'); const fs = require('fs');
const crypto = require('crypto'); const crypto = require('crypto');
const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = require('./paths.js'); const { home, sshAgent, sshAdd } = require('./paths.js');
try { try {
const privateKey = core.getInput('ssh-private-key'); const privateKey = core.getInput('ssh-private-key');
@@ -14,7 +14,7 @@ try {
return; return;
} }
const homeSsh = homePath + '/.ssh'; const homeSsh = home + '/.ssh';
console.log(`Adding GitHub.com keys to ${homeSsh}/known_hosts`); console.log(`Adding GitHub.com keys to ${homeSsh}/known_hosts`);
@@ -29,7 +29,7 @@ try {
const sshAgentArgs = (authSock && authSock.length > 0) ? ['-a', authSock] : []; const sshAgentArgs = (authSock && authSock.length > 0) ? ['-a', authSock] : [];
// Extract auth socket path and agent pid and set them as job variables // Extract auth socket path and agent pid and set them as job variables
child_process.execFileSync(sshAgentCmd, sshAgentArgs).toString().split("\n").forEach(function(line) { child_process.execFileSync(sshAgent, sshAgentArgs).toString().split("\n").forEach(function(line) {
const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/.exec(line); const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/.exec(line);
if (matches && matches.length > 0) { if (matches && matches.length > 0) {
@@ -42,16 +42,16 @@ try {
console.log("Adding private key(s) to agent"); console.log("Adding private key(s) to agent");
privateKey.split(/(?=-----BEGIN)/).forEach(function(key) { privateKey.split(/(?=-----BEGIN)/).forEach(function(key) {
child_process.execFileSync(sshAddCmd, ['-'], { input: key.trim() + "\n" }); child_process.execFileSync(sshAdd, ['-'], { input: key.trim() + "\n" });
}); });
console.log("Key(s) added:"); console.log("Key(s) added:");
child_process.execFileSync(sshAddCmd, ['-l'], { stdio: 'inherit' }); child_process.execFileSync(sshAdd, ['-l'], { stdio: 'inherit' });
console.log('Configuring deployment key(s)'); console.log('Configuring deployment key(s)');
child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) { child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key) {
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);
if (!parts) { if (!parts) {
@@ -66,9 +66,9 @@ try {
fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' }); fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' });
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`); child_process.execSync(`git config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`); child_process.execSync(`git config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`); child_process.execSync(`git config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`);
const sshConfig = `\nHost key-${sha256}.github.com\n` const sshConfig = `\nHost key-${sha256}.github.com\n`
+ ` HostName github.com\n` + ` HostName github.com\n`

2
package.json
View File

@@ -2,7 +2,7 @@
"name": "webfactory-action-ssh-agent", "name": "webfactory-action-ssh-agent",
"repository": "git@github.com:webfactory/ssh-agent.git", "repository": "git@github.com:webfactory/ssh-agent.git",
"description": "GitHub Action to set up ssh-agent with a private SSH key", "description": "GitHub Action to set up ssh-agent with a private SSH key",
"version": "0.7.0", "version": "0.6.0",
"main": "index.js", "main": "index.js",
"author": "webfactory GmbH <info@webfactory.de>", "author": "webfactory GmbH <info@webfactory.de>",
"license": "MIT", "license": "MIT",

20
paths.js
View File

@@ -1,16 +1,18 @@
const os = require('os'); const os = require('os');
module.exports = (process.env['OS'] != 'Windows_NT') ? { module.exports = (process.env['OS'] != 'Windows_NT') ? {
// Use getent() system call, since this is what ssh does; makes a difference in Docker-based // Use getent() system call, since this is what ssh does; makes a difference in Docker-based
// Action runs, where $HOME is different from the pwent // Action runs, where $HOME is different from the pwent
homePath: os.userInfo().homedir, home: os.userInfo().homedir,
sshAgentCmd: 'ssh-agent', sshAgent: 'ssh-agent',
sshAddCmd: 'ssh-add', sshAdd: 'ssh-add'
gitCmd: 'git'
} : { } : {
// Assuming GitHub hosted `windows-*` runners for now
homePath: os.homedir(), home: os.homedir(),
sshAgentCmd: 'c://progra~1//git//usr//bin//ssh-agent.exe', sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe',
sshAddCmd: 'c://progra~1//git//usr//bin//ssh-add.exe', sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe'
gitCmd: 'c://progra~1//git//bin//git.exe'
}; };