actions/ssh-agent
1
0
Fork 0
mirror of https://github.com/webfactory/ssh-agent.git synced 2025-04-24 06:52:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add support for forgejo/ghes

Browse source
This commit is contained in:
cswimr 2025-03-19 14:58:39 -05:00
parent a6f90b1f12
commit f2f9c89b2e
No known key found for this signature in database
GPG key ID: 0EC431A8DA8F8087
2 changed files with 41 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
action.yml
View file

@ -6,6 +6,18 @@ inputs:
required: true required: true
ssh-auth-sock: ssh-auth-sock:
description: 'Where to place the SSH Agent auth socket' description: 'Where to place the SSH Agent auth socket'
instance-urls:
description: |-
URL(s) of the Git provider instance(s) to use.
You can specify multiple instance URls by putting each one on a separate line.
```yaml
instance-urls: |-
github.com
code.forgejo.org
codeberg.org
```
required: false
default: 'github.com'
log-public-key: log-public-key:
description: 'Whether or not to log public key fingerprints' description: 'Whether or not to log public key fingerprints'
required: false required: false

26
index.js
View file

@ -7,6 +7,7 @@ const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = require('./paths.js');
try { try {
const privateKey = core.getInput('ssh-private-key'); const privateKey = core.getInput('ssh-private-key');
const logPublicKey = core.getBooleanInput('log-public-key', {default: true}); const logPublicKey = core.getBooleanInput('log-public-key', {default: true});
const instanceUrls = core.getInput('instance-urls', { required: true });
if (!privateKey) { if (!privateKey) {
core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file."); core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file.");
@ -45,12 +46,17 @@ try {
console.log('Configuring deployment key(s)'); console.log('Configuring deployment key(s)');
const instanceUrlsArray = instanceUrls.split(/\r?\n/);
instanceUrlsArray.forEach(instanceUrl => {
const urlPattern = new RegExp(`\\b${instanceUrl.replace(/\./g, '\\.')}[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)`, 'i');
child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) { child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) {
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); const parts = key.match(urlPattern);
if (!parts) { if (!parts) {
if (logPublicKey) { if (logPublicKey) {
console.log(`Comment for (public) key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`); console.log(`Comment for (public) key '${key}' does not match ${instanceUrl} URL pattern. Not treating it as a deploy key for ${instanceUrl}.`);
} }
return; return;
} }
@ -60,18 +66,22 @@ try {
fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' }); fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' });
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`); const keyHostname = `key-${sha256}.${instanceUrl}`;
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`);
const sshConfig = `\nHost key-${sha256}.github.com\n` child_process.execSync(`${gitCmd} config --global --replace-all url."git@${keyHostname}:${ownerAndRepo}".insteadOf "https://${instanceUrl}/${ownerAndRepo}"`);
+ ` HostName github.com\n` child_process.execSync(`${gitCmd} config --global --add url."git@${keyHostname}:${ownerAndRepo}".insteadOf "git@${instanceUrl}:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@${keyHostname}:${ownerAndRepo}".insteadOf "ssh://git@${instanceUrl}/${ownerAndRepo}"`);
const sshConfig = `\nHost ${keyHostname}\n`
+ ` HostName ${instanceUrl}\n`
+ ` IdentityFile ${homeSsh}/key-${sha256}\n` + ` IdentityFile ${homeSsh}/key-${sha256}\n`
+ ` IdentitiesOnly yes\n`; + ` IdentitiesOnly yes\n`;
fs.appendFileSync(`${homeSsh}/config`, sshConfig); fs.appendFileSync(`${homeSsh}/config`, sshConfig);
console.log(`Added deploy-key mapping: Use identity '${homeSsh}/key-${sha256}' for GitHub repository ${ownerAndRepo}`); console.log(`Added deploy-key mapping: Use identity '${homeSsh}/key-${sha256}' for ${instanceUrl} repository ${ownerAndRepo}`);
});
}); });
} catch (error) { } catch (error) {