actions/ssh-agent
1
0
Fork 0
mirror of https://github.com/webfactory/ssh-agent.git synced 2025-04-20 05:38:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Acknowledge custom command inputs in cleanup.js (#235)

Browse source 
Refactored version of https://github.com/webfactory/ssh-agent/pull/183.

Fixes: https://github.com/webfactory/ssh-agent/issues/208
This commit is contained in:
Jano Paetzold 2025-01-08 17:59:51 +01:00 committed by GitHub
parent b504c19775
commit e3f1a8e046
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 87 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
### Fixed
* Fix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (#235)
## v0.9.0 [2024-02-06]
### Changed

1
cleanup.js
View file

@ -1,4 +1,3 @@
const core = require('@actions/core');
const { execFileSync } = require('child_process');
const { sshAgentCmd } = require('./paths.js');

72
dist/cleanup.js vendored
View file

@ -292,14 +292,13 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.prepareKeyValueMessage = exports.issueFileCommand = void 0;
exports.issueCommand = void 0;
// We use any as a valid input type
/* eslint-disable @typescript-eslint/no-explicit-any */
const fs = __importStar(__webpack_require__(747));
const os = __importStar(__webpack_require__(87));
const uuid_1 = __webpack_require__(62);
const utils_1 = __webpack_require__(82);
function issueFileCommand(command, message) {
function issueCommand(command, message) {
const filePath = process.env[`GITHUB_${command}`];
if (!filePath) {
throw new Error(`Unable to find environment variable for file command ${command}`);
@ -311,22 +310,7 @@ function issueFileCommand(command, message) {
encoding: 'utf8'
});
}
exports.issueFileCommand = issueFileCommand;
function prepareKeyValueMessage(key, value) {
const delimiter = `ghadelimiter_${uuid_1.v4()}`;
const convertedValue = utils_1.toCommandValue(value);
// These should realistically never happen, but just in case someone finds a
// way to exploit uuid generation let's not allow keys or values that contain
// the delimiter.
if (key.includes(delimiter)) {
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
}
if (convertedValue.includes(delimiter)) {
throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`);
}
return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`;
}
exports.prepareKeyValueMessage = prepareKeyValueMessage;
exports.issueCommand = issueCommand;
//# sourceMappingURL=file-command.js.map
/***/ }),
@ -613,7 +597,6 @@ exports.debug = debug; // for test
/***/ 175:
/***/ (function(__unusedmodule, __unusedexports, __webpack_require__) {
const core = __webpack_require__(470);
const { execFileSync } = __webpack_require__(129);
const { sshAgentCmd } = __webpack_require__(972);
@ -1684,6 +1667,7 @@ const file_command_1 = __webpack_require__(102);
const utils_1 = __webpack_require__(82);
const os = __importStar(__webpack_require__(87));
const path = __importStar(__webpack_require__(622));
const uuid_1 = __webpack_require__(62);
const oidc_utils_1 = __webpack_require__(742);
/**
* The code to exit an action
@ -1713,9 +1697,20 @@ function exportVariable(name, val) {
process.env[name] = convertedVal;
const filePath = process.env['GITHUB_ENV'] || '';
if (filePath) {
return file_command_1.issueFileCommand('ENV', file_command_1.prepareKeyValueMessage(name, val));
const delimiter = `ghadelimiter_${uuid_1.v4()}`;
// These should realistically never happen, but just in case someone finds a way to exploit uuid generation let's not allow keys or values that contain the delimiter.
if (name.includes(delimiter)) {
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
}
if (convertedVal.includes(delimiter)) {
throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`);
}
const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`;
file_command_1.issueCommand('ENV', commandValue);
}
else {
command_1.issueCommand('set-env', { name }, convertedVal);
}
command_1.issueCommand('set-env', { name }, convertedVal);
}
exports.exportVariable = exportVariable;
/**
@ -1733,7 +1728,7 @@ exports.setSecret = setSecret;
function addPath(inputPath) {
const filePath = process.env['GITHUB_PATH'] || '';
if (filePath) {
file_command_1.issueFileCommand('PATH', inputPath);
file_command_1.issueCommand('PATH', inputPath);
}
else {
command_1.issueCommand('add-path', {}, inputPath);
@ -1773,10 +1768,7 @@ function getMultilineInput(name, options) {
const inputs = getInput(name, options)
.split('\n')
.filter(x => x !== '');
if (options && options.trimWhitespace === false) {
return inputs;
}
return inputs.map(input => input.trim());
return inputs;
}
exports.getMultilineInput = getMultilineInput;
/**
@ -1809,12 +1801,8 @@ exports.getBooleanInput = getBooleanInput;
*/
// eslint-disable-next-line @typescript-eslint/no-explicit-any
function setOutput(name, value) {
const filePath = process.env['GITHUB_OUTPUT'] || '';
if (filePath) {
return file_command_1.issueFileCommand('OUTPUT', file_command_1.prepareKeyValueMessage(name, value));
}
process.stdout.write(os.EOL);
command_1.issueCommand('set-output', { name }, utils_1.toCommandValue(value));
command_1.issueCommand('set-output', { name }, value);
}
exports.setOutput = setOutput;
/**
@ -1943,11 +1931,7 @@ exports.group = group;
*/
// eslint-disable-next-line @typescript-eslint/no-explicit-any
function saveState(name, value) {
const filePath = process.env['GITHUB_STATE'] || '';
if (filePath) {
return file_command_1.issueFileCommand('STATE', file_command_1.prepareKeyValueMessage(name, value));
}
command_1.issueCommand('save-state', { name }, utils_1.toCommandValue(value));
command_1.issueCommand('save-state', { name }, value);
}
exports.saveState = saveState;
/**
@ -2837,8 +2821,9 @@ exports.default = _default;
/***/ (function(module, __unusedexports, __webpack_require__) {
const os = __webpack_require__(87);
const core = __webpack_require__(470);
module.exports = (process.env['OS'] != 'Windows_NT') ? {
const defaults = (process.env['OS'] != 'Windows_NT') ? {
// Use getent() system call, since this is what ssh does; makes a difference in Docker-based
// Action runs, where $HOME is different from the pwent
homePath: os.userInfo().homedir,
@ -2853,6 +2838,17 @@ module.exports = (process.env['OS'] != 'Windows_NT') ? {
gitCmdDefault: 'c://progra~1//git//bin//git.exe'
};
const sshAgentCmdInput = core.getInput('ssh-agent-cmd');
const sshAddCmdInput = core.getInput('ssh-add-cmd');
const gitCmdInput = core.getInput('git-cmd');
module.exports = {
homePath: defaults.homePath,
sshAgentCmd: sshAgentCmdInput !== '' ? sshAgentCmdInput : defaults.sshAgentCmdDefault,
sshAddCmd: sshAddCmdInput !== '' ? sshAddCmdInput : defaults.sshAddCmdDefault,
gitCmd: gitCmdInput !== '' ? gitCmdInput : defaults.gitCmdDefault,
};
/***/ })

81
dist/index.js vendored
View file

@ -292,14 +292,13 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.prepareKeyValueMessage = exports.issueFileCommand = void 0;
exports.issueCommand = void 0;
// We use any as a valid input type
/* eslint-disable @typescript-eslint/no-explicit-any */
const fs = __importStar(__webpack_require__(747));
const os = __importStar(__webpack_require__(87));
const uuid_1 = __webpack_require__(62);
const utils_1 = __webpack_require__(82);
function issueFileCommand(command, message) {
function issueCommand(command, message) {
const filePath = process.env[`GITHUB_${command}`];
if (!filePath) {
throw new Error(`Unable to find environment variable for file command ${command}`);
@ -311,22 +310,7 @@ function issueFileCommand(command, message) {
encoding: 'utf8'
});
}
exports.issueFileCommand = issueFileCommand;
function prepareKeyValueMessage(key, value) {
const delimiter = `ghadelimiter_${uuid_1.v4()}`;
const convertedValue = utils_1.toCommandValue(value);
// These should realistically never happen, but just in case someone finds a
// way to exploit uuid generation let's not allow keys or values that contain
// the delimiter.
if (key.includes(delimiter)) {
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
}
if (convertedValue.includes(delimiter)) {
throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`);
}
return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`;
}
exports.prepareKeyValueMessage = prepareKeyValueMessage;
exports.issueCommand = issueCommand;
//# sourceMappingURL=file-command.js.map
/***/ }),
@ -338,20 +322,12 @@ const core = __webpack_require__(470);
const child_process = __webpack_require__(129);
const fs = __webpack_require__(747);
const crypto = __webpack_require__(417);
const { homePath, sshAgentCmdDefault, sshAddCmdDefault, gitCmdDefault } = __webpack_require__(972);
const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = __webpack_require__(972);
try {
const privateKey = core.getInput('ssh-private-key');
const logPublicKey = core.getBooleanInput('log-public-key', {default: true});
const sshAgentCmdInput = core.getInput('ssh-agent-cmd');
const sshAddCmdInput = core.getInput('ssh-add-cmd');
const gitCmdInput = core.getInput('git-cmd');
const sshAgentCmd = sshAgentCmdInput ? sshAgentCmdInput : sshAgentCmdDefault;
const sshAddCmd = sshAddCmdInput ? sshAddCmdInput : sshAddCmdDefault;
const gitCmd = gitCmdInput ? gitCmdInput : gitCmdDefault;
if (!privateKey) {
core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file.");
@ -1765,6 +1741,7 @@ const file_command_1 = __webpack_require__(102);
const utils_1 = __webpack_require__(82);
const os = __importStar(__webpack_require__(87));
const path = __importStar(__webpack_require__(622));
const uuid_1 = __webpack_require__(62);
const oidc_utils_1 = __webpack_require__(742);
/**
* The code to exit an action
@ -1794,9 +1771,20 @@ function exportVariable(name, val) {
process.env[name] = convertedVal;
const filePath = process.env['GITHUB_ENV'] || '';
if (filePath) {
return file_command_1.issueFileCommand('ENV', file_command_1.prepareKeyValueMessage(name, val));
const delimiter = `ghadelimiter_${uuid_1.v4()}`;
// These should realistically never happen, but just in case someone finds a way to exploit uuid generation let's not allow keys or values that contain the delimiter.
if (name.includes(delimiter)) {
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
}
if (convertedVal.includes(delimiter)) {
throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`);
}
const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`;
file_command_1.issueCommand('ENV', commandValue);
}
else {
command_1.issueCommand('set-env', { name }, convertedVal);
}
command_1.issueCommand('set-env', { name }, convertedVal);
}
exports.exportVariable = exportVariable;
/**
@ -1814,7 +1802,7 @@ exports.setSecret = setSecret;
function addPath(inputPath) {
const filePath = process.env['GITHUB_PATH'] || '';
if (filePath) {
file_command_1.issueFileCommand('PATH', inputPath);
file_command_1.issueCommand('PATH', inputPath);
}
else {
command_1.issueCommand('add-path', {}, inputPath);
@ -1854,10 +1842,7 @@ function getMultilineInput(name, options) {
const inputs = getInput(name, options)
.split('\n')
.filter(x => x !== '');
if (options && options.trimWhitespace === false) {
return inputs;
}
return inputs.map(input => input.trim());
return inputs;
}
exports.getMultilineInput = getMultilineInput;
/**
@ -1890,12 +1875,8 @@ exports.getBooleanInput = getBooleanInput;
*/
// eslint-disable-next-line @typescript-eslint/no-explicit-any
function setOutput(name, value) {
const filePath = process.env['GITHUB_OUTPUT'] || '';
if (filePath) {
return file_command_1.issueFileCommand('OUTPUT', file_command_1.prepareKeyValueMessage(name, value));
}
process.stdout.write(os.EOL);
command_1.issueCommand('set-output', { name }, utils_1.toCommandValue(value));
command_1.issueCommand('set-output', { name }, value);
}
exports.setOutput = setOutput;
/**
@ -2024,11 +2005,7 @@ exports.group = group;
*/
// eslint-disable-next-line @typescript-eslint/no-explicit-any
function saveState(name, value) {
const filePath = process.env['GITHUB_STATE'] || '';
if (filePath) {
return file_command_1.issueFileCommand('STATE', file_command_1.prepareKeyValueMessage(name, value));
}
command_1.issueCommand('save-state', { name }, utils_1.toCommandValue(value));
command_1.issueCommand('save-state', { name }, value);
}
exports.saveState = saveState;
/**
@ -2918,8 +2895,9 @@ exports.default = _default;
/***/ (function(module, __unusedexports, __webpack_require__) {
const os = __webpack_require__(87);
const core = __webpack_require__(470);
module.exports = (process.env['OS'] != 'Windows_NT') ? {
const defaults = (process.env['OS'] != 'Windows_NT') ? {
// Use getent() system call, since this is what ssh does; makes a difference in Docker-based
// Action runs, where $HOME is different from the pwent
homePath: os.userInfo().homedir,
@ -2934,6 +2912,17 @@ module.exports = (process.env['OS'] != 'Windows_NT') ? {
gitCmdDefault: 'c://progra~1//git//bin//git.exe'
};
const sshAgentCmdInput = core.getInput('ssh-agent-cmd');
const sshAddCmdInput = core.getInput('ssh-add-cmd');
const gitCmdInput = core.getInput('git-cmd');
module.exports = {
homePath: defaults.homePath,
sshAgentCmd: sshAgentCmdInput !== '' ? sshAgentCmdInput : defaults.sshAgentCmdDefault,
sshAddCmd: sshAddCmdInput !== '' ? sshAddCmdInput : defaults.sshAddCmdDefault,
gitCmd: gitCmdInput !== '' ? gitCmdInput : defaults.gitCmdDefault,
};
/***/ })

10
index.js
View file

@ -2,20 +2,12 @@ const core = require('@actions/core');
const child_process = require('child_process');
const fs = require('fs');
const crypto = require('crypto');
const { homePath, sshAgentCmdDefault, sshAddCmdDefault, gitCmdDefault } = require('./paths.js');
const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = require('./paths.js');
try {
const privateKey = core.getInput('ssh-private-key');
const logPublicKey = core.getBooleanInput('log-public-key', {default: true});
const sshAgentCmdInput = core.getInput('ssh-agent-cmd');
const sshAddCmdInput = core.getInput('ssh-add-cmd');
const gitCmdInput = core.getInput('git-cmd');
const sshAgentCmd = sshAgentCmdInput ? sshAgentCmdInput : sshAgentCmdDefault;
const sshAddCmd = sshAddCmdInput ? sshAddCmdInput : sshAddCmdDefault;
const gitCmd = gitCmdInput ? gitCmdInput : gitCmdDefault;
if (!privateKey) {
core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file.");

14
paths.js
View file

@ -1,6 +1,7 @@
const os = require('os');
const core = require('@actions/core');
module.exports = (process.env['OS'] != 'Windows_NT') ? {
const defaults = (process.env['OS'] != 'Windows_NT') ? {
// Use getent() system call, since this is what ssh does; makes a difference in Docker-based
// Action runs, where $HOME is different from the pwent
homePath: os.userInfo().homedir,
@ -14,3 +15,14 @@ module.exports = (process.env['OS'] != 'Windows_NT') ? {
sshAddCmdDefault: 'c://progra~1//git//usr//bin//ssh-add.exe',
gitCmdDefault: 'c://progra~1//git//bin//git.exe'
};
const sshAgentCmdInput = core.getInput('ssh-agent-cmd');
const sshAddCmdInput = core.getInput('ssh-add-cmd');
const gitCmdInput = core.getInput('git-cmd');
module.exports = {
homePath: defaults.homePath,
sshAgentCmd: sshAgentCmdInput !== '' ? sshAgentCmdInput : defaults.sshAgentCmdDefault,
sshAddCmd: sshAddCmdInput !== '' ? sshAddCmdInput : defaults.sshAddCmdDefault,
gitCmd: gitCmdInput !== '' ? gitCmdInput : defaults.gitCmdDefault,
};