add git deploy key wrapper functionality

2025-06-29 06:03:46 +00:00 · 2020-11-23 21:58:33 -07:00 · 2020-11-23 21:58:33 -07:00 · 17860381fc
commit 17860381fc
parent 73d2440ad4
9 changed files with 88 additions and 8 deletions
--- a/dist/cleanup.js
+++ b/dist/cleanup.js
@ -129,6 +129,14 @@ try {
    // Kill the started SSH agent
    console.log('Stopping SSH agent')
    execSync('kill ${SSH_AGENT_PID}', { stdio: 'inherit' })
+
+    const home = process.env['HOME'];
+    const homeSsh = `${home}/.ssh`;
+    const gitSSHWrapperPath = path.join(homeSsh, 'git-deploy-key-wrapper.sh');
+    if (fs.existsSync(gitSSHWrapperPath)) {
+        console.log('Removing ssh git SSH wrapper');
+        fs.unlinkSync(gitSSHWrapperPath);
+    }
 } catch (error) {
    console.log(error.message);
    console.log('Error stopping the SSH agent, proceeding anyway');
--- a/dist/git-deploy-key-wrapper.sh
+++ b/dist/git-deploy-key-wrapper.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+
+# The last argument is the command to be executed on the remote end, which is something
+# like "git-upload-pack 'webfactory/ssh-agent.git'". We need the repo path only, so we
+# Terraform ends up bing "git-upload-pack '/webfactory/ssh-agent.git'"
+# loop over this last argument to get the last part of if.
+for last in ${!#}; do :; done
+
+# Don't use "exec" to run "ssh" below; then the trap won't work.
+key_file=$(mktemp -u)
+trap "rm -f $key_file" EXIT
+
+eval last=$last
+
+# Try to pick the right key
+# No "--word-regexp" because Terraforms usage of git ends up as
+# "git-upload-pack 'webfactory/ssh-agent.git'". "--word-regexp" will not match it.
+# Other integrations still work without "--word-regexp"
+ssh-add -L | grep --max-count=1 $last > $key_file
+
+ssh -i $key_file "$@"
--- a/dist/index.js
+++ b/dist/index.js
@ -163,6 +163,15 @@ try {
    console.log("Keys added:");
    child_process.execSync('ssh-add -l', { stdio: 'inherit' });

+    const useGitSSHWrapper = core.getInput('use-git-deploy-key-wrapper');
+    if(useGitSSHWrapper) {
+        const gitSSHWrapperFileName = 'git-deploy-key-wrapper.sh';
+        const gitSSHWrapperPath = path.join(homeSsh, gitSSHWrapperFileName);
+        fs.copyFileSync(path.join(process.cwd(), gitSSHWrapperFileName), gitSSHWrapperPath);
+        fs.chmodSync(gitSSHWrapperPath, "755");
+
+        core.exportVariable('GIT_SSH_COMMAND', gitSSHWrapperPath);
+    }
 } catch (error) {
    core.setFailed(error.message);
 }