Create git aliases and SSH mappings for deployment keys

2025-04-24 23:12:13 +00:00 · 2021-02-13 12:31:04 +00:00 · 2021-02-13 12:31:04 +00:00 · e8feaab9e8
commit e8feaab9e8
parent 85353917a2
3 changed files with 80 additions and 3 deletions
--- a/.github/workflows/demo.yml
+++ b/.github/workflows/demo.yml
@ -7,7 +7,7 @@ jobs:
                os: [ubuntu-latest, macOS-latest, windows-latest]
        runs-on: ${{ matrix.os }}
        steps:
-            - uses: actions/checkout@v1
+            - uses: actions/checkout@v2
            - name: Setup key
              uses: ./
              with:
@ -21,7 +21,7 @@ jobs:
                os: [ubuntu-latest, macOS-latest]
        runs-on: ${{ matrix.os }}
        steps:
-            - uses: actions/checkout@v1
+            - uses: actions/checkout@v2
            - name: Setup key
              uses: ./
              with:
@ -32,7 +32,7 @@ jobs:
        container:
            image: ubuntu:latest
        steps:
-            - uses: actions/checkout@v1
+            - uses: actions/checkout@v2
            - run: apt update && apt install -y openssh-client
            - name: Setup key
              uses: ./
@ -40,3 +40,19 @@ jobs:
                  ssh-private-key: |
                    ${{ secrets.DEMO_KEY }}
                    ${{ secrets.DEMO_KEY_2 }}
+
+    deployment_keys_demo:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v2
+            - name: Setup key
+              uses: ./
+              with:
+                  ssh-private-key: |
+                    ${{ secrets.MPDUDE_TEST_1_DEPLOY_KEY }}
+                    ${{ secrets.MPDUDE_TEST_2_DEPLOY_KEY }}
+            - run: |
+                git clone https://github.com/mpdude/test-1.git test-1-http
+                git clone git@github.com:mpdude/test-1.git test-1-git
+                git clone https://github.com/mpdude/test-2.git test-2-http
+                git clone git@github.com:mpdude/test-2.git test-2-git
--- a/dist/index.js
+++ b/dist/index.js
@ -119,6 +119,7 @@ const core = __webpack_require__(470);
 const child_process = __webpack_require__(129);
 const fs = __webpack_require__(747);
 const os = __webpack_require__(87);
+const crypto = __webpack_require__(417);

 try {
    const privateKey = core.getInput('ssh-private-key');
@ -175,6 +176,32 @@ try {
    console.log("Keys added:");
    child_process.execSync('ssh-add -l', { stdio: 'inherit' });

+    child_process.execFileSync('ssh-add', ['-L']).toString().split(/\r?\n/).forEach(function(key) {
+        let parts = key.match(/git@github.com:(.*)\.git/);
+
+        if (parts == null) {
+            return;
+        }
+
+        let userHost = parts[1];
+        let sha256 = crypto.createHash('sha256').update(key).digest('hex');
+
+        fs.writeFileSync(`${homeSsh}/${sha256}`, key + "\n", { mode: '600' });
+
+        child_process.execSync(`git config --global --replace-all url."git@${sha256}:${userHost}".insteadOf "https://github.com/${userHost}"`);
+        child_process.execSync(`git config --global --add url."git@${sha256}:${userHost}".insteadOf "git@github.com:${userHost}"`);
+
+        let sshConfig = `\nHost ${sha256}\n`
+                              + `    HostName github.com\n`
+                              + `    User git\n`
+                              + `    IdentityFile ${homeSsh}/${sha256}\n`
+                              + `    IdentitiesOnly yes\n`;
+
+        fs.appendFileSync(`${homeSsh}/config`, sshConfig);
+
+        console.log(`Added deploy-key mapping: Use key ${sha256} for GitHub repository ${userHost}`);
+    });
+
 } catch (error) {
    core.setFailed(error.message);
 }
@ -189,6 +216,13 @@ module.exports = require("child_process");

 /***/ }),

+/***/ 417:
+/***/ (function(module) {
+
+module.exports = require("crypto");
+
+/***/ }),
+
 /***/ 431:
 /***/ (function(__unusedmodule, exports, __webpack_require__) {

--- a/index.js
+++ b/index.js
@ -2,6 +2,7 @@ const core = require('@actions/core');
 const child_process = require('child_process');
 const fs = require('fs');
 const os = require('os');
+const crypto = require('crypto');

 try {
    const privateKey = core.getInput('ssh-private-key');
@ -58,6 +59,32 @@ try {
    console.log("Keys added:");
    child_process.execSync('ssh-add -l', { stdio: 'inherit' });

+    child_process.execFileSync('ssh-add', ['-L']).toString().split(/\r?\n/).forEach(function(key) {
+        let parts = key.match(/git@github.com:(.*)\.git/);
+
+        if (parts == null) {
+            return;
+        }
+
+        let userHost = parts[1];
+        let sha256 = crypto.createHash('sha256').update(key).digest('hex');
+
+        fs.writeFileSync(`${homeSsh}/${sha256}`, key + "\n", { mode: '600' });
+
+        child_process.execSync(`git config --global --replace-all url."git@${sha256}:${userHost}".insteadOf "https://github.com/${userHost}"`);
+        child_process.execSync(`git config --global --add url."git@${sha256}:${userHost}".insteadOf "git@github.com:${userHost}"`);
+
+        let sshConfig = `\nHost ${sha256}\n`
+                              + `    HostName github.com\n`
+                              + `    User git\n`
+                              + `    IdentityFile ${homeSsh}/${sha256}\n`
+                              + `    IdentitiesOnly yes\n`;
+
+        fs.appendFileSync(`${homeSsh}/config`, sshConfig);
+
+        console.log(`Added deploy-key mapping: Use key ${sha256} for GitHub repository ${userHost}`);
+    });
+
 } catch (error) {
    core.setFailed(error.message);
 }