actions/ssh-agent
1
0
Fork 0
mirror of https://github.com/webfactory/ssh-agent.git synced 2025-04-24 23:12:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge fe90c7bf94 into a6f90b1f12

Browse source
This commit is contained in:
rus364 2025-03-17 17:32:56 +03:00 committed by GitHub
commit 4779a3f805
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 28 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -78,6 +78,7 @@ To support picking the right key in this use case, this action scans _key commen
The following inputs can be used to control the action's behavior:
* `instance-domain`: Optional. The domain name of the github/gitea/forgejo instance. Defaults to `github.com`.
* `ssh-private-key`: Required. Use this to provide the key(s) to load as GitHub Actions secrets.
* `ssh-auth-sock`: Can be used to control where the SSH agent socket will be placed. Ultimately affects the `$SSH_AUTH_SOCK` environment variable.
* `log-public-key`: Set this to `false` if you want to suppress logging of _public_ key information. To simplify debugging and since it contains public key information only, this is turned on by default.

3
action.yml
View file

@ -1,6 +1,9 @@
name: 'webfactory/ssh-agent'
description: 'Run `ssh-agent` and load an SSH key to access other private repositories'
inputs:
instance-domain:
description: 'Domain name of the github/gitea/forgejo instance'
required: false
ssh-private-key:
description: 'Private SSH key to register in the SSH agent'
required: true

18
dist/index.js vendored
View file

@ -325,6 +325,11 @@ const crypto = __webpack_require__(417);
const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = __webpack_require__(972);
try {
const instanceURL = core.getInput('instance-url') || process.env.GITHUB_SERVER_URL || 'https://github.com';
const instanceDomain = instanceURL.replace(/^https?:\/\//, '');
const escapedDomain = instanceDomain.replace(/[-.]/g, '\\$&');
const regexDomain = new RegExp(`\\b${escapedDomain}[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)`, 'i');
const privateKey = core.getInput('ssh-private-key');
const logPublicKey = core.getBooleanInput('log-public-key', {default: true});
@ -366,7 +371,8 @@ try {
console.log('Configuring deployment key(s)');
child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) {
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);
console.log('Instance domain is:', instanceDomain);
const parts = key.match(regexDomain);
if (!parts) {
if (logPublicKey) {
@ -380,12 +386,12 @@ try {
fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' });
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.${instanceDomain}:${ownerAndRepo}".insteadOf "https://${instanceDomain}/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.${instanceDomain}:${ownerAndRepo}".insteadOf "git@${instanceDomain}:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.${instanceDomain}:${ownerAndRepo}".insteadOf "ssh://git@${instanceDomain}/${ownerAndRepo}"`);
const sshConfig = `\nHost key-${sha256}.github.com\n`
+ ` HostName github.com\n`
const sshConfig = `\nHost key-${sha256}.${instanceDomain}\n`
+ ` HostName ${instanceDomain}\n`
+ ` IdentityFile ${homeSsh}/key-${sha256}\n`
+ ` IdentitiesOnly yes\n`;

18
index.js
View file

@ -5,6 +5,11 @@ const crypto = require('crypto');
const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = require('./paths.js');
try {
const instanceURL = core.getInput('instance-url') || process.env.GITHUB_SERVER_URL || 'https://github.com';
const instanceDomain = instanceURL.replace(/^https?:\/\//, '');
const escapedDomain = instanceDomain.replace(/[-.]/g, '\\$&');
const regexDomain = new RegExp(`\\b${escapedDomain}[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)`, 'i');
const privateKey = core.getInput('ssh-private-key');
const logPublicKey = core.getBooleanInput('log-public-key', {default: true});
@ -46,7 +51,8 @@ try {
console.log('Configuring deployment key(s)');
child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) {
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);
console.log('Instance domain is:', instanceDomain);
const parts = key.match(regexDomain);
if (!parts) {
if (logPublicKey) {
@ -60,12 +66,12 @@ try {
fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' });
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.${instanceDomain}:${ownerAndRepo}".insteadOf "https://${instanceDomain}/${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.${instanceDomain}:${ownerAndRepo}".insteadOf "git@${instanceDomain}:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.${instanceDomain}:${ownerAndRepo}".insteadOf "ssh://git@${instanceDomain}/${ownerAndRepo}"`);
const sshConfig = `\nHost key-${sha256}.github.com\n`
+ ` HostName github.com\n`
const sshConfig = `\nHost key-${sha256}.${instanceDomain}\n`
+ ` HostName ${instanceDomain}\n`
+ ` IdentityFile ${homeSsh}/key-${sha256}\n`
+ ` IdentitiesOnly yes\n`;