diff --git a/action.yml b/action.yml index 16aaba6..f05be61 100644 --- a/action.yml +++ b/action.yml @@ -1,16 +1,21 @@ -name: 'webfactory/ssh-agent' -description: 'Run `ssh-agent` and load an SSH key to access other private repositories' +name: "webfactory/ssh-agent" +description: "Run `ssh-agent` and load an SSH key to access other private repositories" inputs: ssh-private-key: - description: 'Private SSH key to register in the SSH agent' + description: "Private SSH key to register in the SSH agent" required: true ssh-auth-sock: - description: 'Where to place the SSH Agent auth socket' + description: "Where to place the SSH Agent auth socket" + required: false + linux-use-homedir: + description: Changes the way user home directory is looked up. + required: false + default: "false" runs: - using: 'node12' - main: 'dist/index.js' - post: 'dist/cleanup.js' - post-if: 'always()' + using: "node12" + main: "dist/index.js" + post: "dist/cleanup.js" + post-if: "always()" branding: icon: loader - color: 'yellow' + color: "yellow" diff --git a/dist/cleanup.js b/dist/cleanup.js index 38a3d56..ee6440e 100644 --- a/dist/cleanup.js +++ b/dist/cleanup.js @@ -488,23 +488,24 @@ module.exports = require("fs"); const os = __webpack_require__(87); -module.exports = (process.env['OS'] != 'Windows_NT') ? { +module.exports = (linuxUseHomedir) => { + (process.env['OS'] != 'Windows_NT') ? { - // Use getent() system call, since this is what ssh does; makes a difference in Docker-based - // Action runs, where $HOME is different from the pwent - home: os.userInfo().homedir, - sshAgent: 'ssh-agent', - sshAdd: 'ssh-add' + // Use getent() system call, since this is what ssh does; makes a difference in Docker-based + // Action runs, where $HOME is different from the pwent + // Adds ability to use use os.homedir() to try and counter https://github.com/nodejs/node/issues/25714 + home: linuxUseHomedir === "true" ? os.homedir() : os.userInfo().homedir, + sshAgent: 'ssh-agent', + sshAdd: 'ssh-add' -} : { - - home: os.homedir(), - sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe', - sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe' - -}; + } : { + home: os.homedir(), + sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe', + sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe' + }; +} /***/ }) diff --git a/dist/index.js b/dist/index.js index 8ab265a..2d1fffc 100644 --- a/dist/index.js +++ b/dist/index.js @@ -119,10 +119,14 @@ const core = __webpack_require__(470); const child_process = __webpack_require__(129); const fs = __webpack_require__(747); const crypto = __webpack_require__(417); -const { home, sshAgent, sshAdd } = __webpack_require__(972); +const getPaths = __webpack_require__(972); + try { const privateKey = core.getInput('ssh-private-key'); + const linuxUseHomedir = core.getInput('linux-use-homedir'); + + const { home, sshAgent, sshAdd } = getPaths(linuxUseHomedir); if (!privateKey) { core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file."); @@ -145,7 +149,7 @@ try { const sshAgentArgs = (authSock && authSock.length > 0) ? ['-a', authSock] : []; // Extract auth socket path and agent pid and set them as job variables - child_process.execFileSync(sshAgent, sshAgentArgs).toString().split("\n").forEach(function(line) { + child_process.execFileSync(sshAgent, sshAgentArgs).toString().split("\n").forEach(function (line) { const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/.exec(line); if (matches && matches.length > 0) { @@ -157,7 +161,7 @@ try { console.log("Adding private key(s) to agent"); - privateKey.split(/(?=-----BEGIN)/).forEach(function(key) { + privateKey.split(/(?=-----BEGIN)/).forEach(function (key) { child_process.execFileSync(sshAdd, ['-'], { input: key.trim() + "\n" }); }); @@ -167,7 +171,7 @@ try { console.log('Configuring deployment key(s)'); - child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key) { + child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function (key) { const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); if (!parts) { @@ -186,9 +190,9 @@ try { child_process.execSync(`git config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`); const sshConfig = `\nHost key-${sha256}.github.com\n` - + ` HostName github.com\n` - + ` IdentityFile ${homeSsh}/key-${sha256}\n` - + ` IdentitiesOnly yes\n`; + + ` HostName github.com\n` + + ` IdentityFile ${homeSsh}/key-${sha256}\n` + + ` IdentitiesOnly yes\n`; fs.appendFileSync(`${homeSsh}/config`, sshConfig); @@ -572,23 +576,24 @@ module.exports = require("fs"); const os = __webpack_require__(87); -module.exports = (process.env['OS'] != 'Windows_NT') ? { +module.exports = (linuxUseHomedir) => { + (process.env['OS'] != 'Windows_NT') ? { - // Use getent() system call, since this is what ssh does; makes a difference in Docker-based - // Action runs, where $HOME is different from the pwent - home: os.userInfo().homedir, - sshAgent: 'ssh-agent', - sshAdd: 'ssh-add' + // Use getent() system call, since this is what ssh does; makes a difference in Docker-based + // Action runs, where $HOME is different from the pwent + // Adds ability to use use os.homedir() to try and counter https://github.com/nodejs/node/issues/25714 + home: linuxUseHomedir === "true" ? os.homedir() : os.userInfo().homedir, + sshAgent: 'ssh-agent', + sshAdd: 'ssh-add' -} : { - - home: os.homedir(), - sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe', - sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe' - -}; + } : { + home: os.homedir(), + sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe', + sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe' + }; +} /***/ }) diff --git a/index.js b/index.js index e08d46f..e56806f 100644 --- a/index.js +++ b/index.js @@ -2,10 +2,14 @@ const core = require('@actions/core'); const child_process = require('child_process'); const fs = require('fs'); const crypto = require('crypto'); -const { home, sshAgent, sshAdd } = require('./paths.js'); +const getPaths = require('./paths.js'); + try { const privateKey = core.getInput('ssh-private-key'); + const linuxUseHomedir = core.getInput('linux-use-homedir'); + + const { home, sshAgent, sshAdd } = getPaths(linuxUseHomedir); if (!privateKey) { core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file."); @@ -28,7 +32,7 @@ try { const sshAgentArgs = (authSock && authSock.length > 0) ? ['-a', authSock] : []; // Extract auth socket path and agent pid and set them as job variables - child_process.execFileSync(sshAgent, sshAgentArgs).toString().split("\n").forEach(function(line) { + child_process.execFileSync(sshAgent, sshAgentArgs).toString().split("\n").forEach(function (line) { const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/.exec(line); if (matches && matches.length > 0) { @@ -40,7 +44,7 @@ try { console.log("Adding private key(s) to agent"); - privateKey.split(/(?=-----BEGIN)/).forEach(function(key) { + privateKey.split(/(?=-----BEGIN)/).forEach(function (key) { child_process.execFileSync(sshAdd, ['-'], { input: key.trim() + "\n" }); }); @@ -50,7 +54,7 @@ try { console.log('Configuring deployment key(s)'); - child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key) { + child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function (key) { const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); if (!parts) { @@ -69,9 +73,9 @@ try { child_process.execSync(`git config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`); const sshConfig = `\nHost key-${sha256}.github.com\n` - + ` HostName github.com\n` - + ` IdentityFile ${homeSsh}/key-${sha256}\n` - + ` IdentitiesOnly yes\n`; + + ` HostName github.com\n` + + ` IdentityFile ${homeSsh}/key-${sha256}\n` + + ` IdentitiesOnly yes\n`; fs.appendFileSync(`${homeSsh}/config`, sshConfig); diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..66564fe --- /dev/null +++ b/package-lock.json @@ -0,0 +1,47 @@ +{ + "name": "webfactory-action-ssh-agent", + "version": "0.1.0", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "webfactory-action-ssh-agent", + "version": "0.1.0", + "license": "MIT", + "devDependencies": { + "@actions/core": "^1.2.4", + "@zeit/ncc": "^0.20.5" + } + }, + "node_modules/@actions/core": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz", + "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==", + "dev": true + }, + "node_modules/@zeit/ncc": { + "version": "0.20.5", + "resolved": "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.20.5.tgz", + "integrity": "sha512-XU6uzwvv95DqxciQx+aOLhbyBx/13ky+RK1y88Age9Du3BlA4mMPCy13BGjayOrrumOzlq1XV3SD/BWiZENXlw==", + "deprecated": "@zeit/ncc is no longer maintained. Please use @vercel/ncc instead.", + "dev": true, + "bin": { + "ncc": "dist/ncc/cli.js" + } + } + }, + "dependencies": { + "@actions/core": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz", + "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==", + "dev": true + }, + "@zeit/ncc": { + "version": "0.20.5", + "resolved": "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.20.5.tgz", + "integrity": "sha512-XU6uzwvv95DqxciQx+aOLhbyBx/13ky+RK1y88Age9Du3BlA4mMPCy13BGjayOrrumOzlq1XV3SD/BWiZENXlw==", + "dev": true + } + } +} diff --git a/package.json b/package.json index bb68cef..5e0d76b 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "webfactory-action-ssh-agent", "repository": "git@github.com:webfactory/ssh-agent.git", "description": "GitHub Action to set up ssh-agent with a private SSH key", - "version": "0.1.0", + "version": "0.1.1", "main": "index.js", "author": "webfactory GmbH ", "license": "MIT", @@ -13,4 +13,4 @@ "scripts": { "build": "node scripts/build.js" } -} +} \ No newline at end of file diff --git a/paths.js b/paths.js index 8ee7afd..c0998ad 100644 --- a/paths.js +++ b/paths.js @@ -1,18 +1,20 @@ const os = require('os'); -module.exports = (process.env['OS'] != 'Windows_NT') ? { +module.exports = (linuxUseHomedir) => { + (process.env['OS'] != 'Windows_NT') ? { - // Use getent() system call, since this is what ssh does; makes a difference in Docker-based - // Action runs, where $HOME is different from the pwent - home: os.userInfo().homedir, - sshAgent: 'ssh-agent', - sshAdd: 'ssh-add' + // Use getent() system call, since this is what ssh does; makes a difference in Docker-based + // Action runs, where $HOME is different from the pwent + // Adds ability to use use os.homedir() to try and counter https://github.com/nodejs/node/issues/25714 + home: linuxUseHomedir === "true" ? os.homedir() : os.userInfo().homedir, + sshAgent: 'ssh-agent', + sshAdd: 'ssh-add' -} : { + } : { - home: os.homedir(), - sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe', - sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe' - -}; + home: os.homedir(), + sshAgent: 'c://progra~1//git//usr//bin//ssh-agent.exe', + sshAdd: 'c://progra~1//git//usr//bin//ssh-add.exe' + }; +} \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 83381c3..b4c2851 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3,11 +3,11 @@ "@actions/core@^1.2.4": - version "1.2.6" - resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.2.6.tgz#a78d49f41a4def18e88ce47c2cac615d5694bf09" - integrity sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA== + "integrity" "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==" + "resolved" "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz" + "version" "1.2.6" "@zeit/ncc@^0.20.5": - version "0.20.5" - resolved "https://registry.yarnpkg.com/@zeit/ncc/-/ncc-0.20.5.tgz#a41af6e6bcab4a58f4612bae6137f70bce0192e3" - integrity sha512-XU6uzwvv95DqxciQx+aOLhbyBx/13ky+RK1y88Age9Du3BlA4mMPCy13BGjayOrrumOzlq1XV3SD/BWiZENXlw== + "integrity" "sha512-XU6uzwvv95DqxciQx+aOLhbyBx/13ky+RK1y88Age9Du3BlA4mMPCy13BGjayOrrumOzlq1XV3SD/BWiZENXlw==" + "resolved" "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.20.5.tgz" + "version" "0.20.5"