Commit graph

24 commits

Author SHA1 Message Date
Li Sheng
4f7ffe435c add option use-base64 for encoded key 2023-09-15 15:27:39 +02:00
Matthias Pigulla
d4b9b8ff72
Stop adding GitHub SSH keys (#171)
We need to fix the SSH keys shipped with this action:
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

But, we have another issue
(https://github.com/webfactory/ssh-agent/pull/108) with regards to host
keys: On self-hosted runners which are not ephemeral the known_host file
fills up with repeated entries, because every action run adds a new line
with the same host keys.

Also, on those machines, the old key will still be in the `known_hosts`
file.

IMHO this action should not be repsonsible for shipping SSH host keys,
that's too much responsibility.

This section in the code is a leftover from early days when GitHub
provided runners did not include SSH keys at all. For a long time
already, GH takes care of placing their SSH keys in their runner images.

For self-hosted runners, those people setting up the runner should fetch
and verify SSH keys themselves and put it into the `known_hosts` file.

I know this is a breaking change and is going to annoy users. But on the
other hand, there is no better opportunity to drop this feature than
with an emergency-style key revocation as today.

Closes #106, closes #129, closes #169, closes #170, closes #172.
2023-03-24 12:15:25 +01:00
Dilum Aluthge
ea17a056b9
Add missing semicolons (#159)
Follow-up to #154
2023-01-28 08:20:24 +01:00
Dilum Aluthge
6f828ccb51
Allow the user to override the commands for git, ssh-agent, and ssh-add (#154)
On my self-hosted Windows runners, the `git`, `ssh-agent`, and `ssh-add`
commands are not located in the locations that are currently hard-coded
in `paths.js`.

With this PR, I am able to get this action to work on my runners as
follows:

```yaml
- uses: webfactory/ssh-agent@...
  with:
    ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
    git-cmd: git
    ssh-agent-cmd: ssh-agent
    ssh-add-cmd: ssh-add
```
2023-01-27 18:09:18 +01:00
Matthias Pigulla
8a9e20a586
Fix path to git binary on Windows runners (#140)
This PR fixes an apparently wrong path to the `git` binary that was added in #136. 

According to https://github.com/actions/checkout/discussions/928#discussioncomment-3861581, the path should not contain the `usr/` part, although for `ssh-add` and `ssh-agent`, it has to.
2022-10-19 14:55:54 +02:00
Matthias Pigulla
0a7dc1c09f
Avoid nonsensical log message (#139)
This change avoids the

`Comment for (public) key '' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`

log message that was caused by inappropriate parsing of `ssh-add -L` output and confused a lot of users already.
2022-10-19 14:54:52 +02:00
Oktawian Chojnacki
df2f741a87
Provide gitPath for Windows to avoid failures on windows-2022 (GitHub-hosted runner) (#137)
### Problem:
Observed error on `windows-2022` ([GitHub-hosted runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)) that `git` command cannot be found.

### Issue: 

Cannot find git executable on on windows-2022 (GitHub-hosted runner) #136 

### Solution:
This path improvement makes use of existing `path.js` to resolve and return correct `git.exe` path for Windows, leaving the executable name as it was for other operating systems.

### Caveats:
No idea how and why this `c://progra~1//git//usr//bin//git.exe` mumbo-jumbo works but it apparently did for other executables so figured it should work for `git.exe` (and it does).
2022-10-19 13:27:50 +02:00
Camilo Celis Guzman
fbef2c7bd0
Add an action input/flag to disable logging of public key information (#122)
This commit adds the new `log-public-key` action input.

Closes #122 (contains the suggested changes plus a few tweaks and documentation), fixes #100.

Co-authored-by: Matthias Pigulla <mp@webfactory.de>
2022-10-19 10:42:05 +00:00
dependabot[bot]
5a6c248f3f
Bump @actions/core from 1.2.6 to 1.9.1 (#125)
* Bump @actions/core from 1.2.6 to 1.9.1

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.6 to 1.9.1.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump the copyright year

* yarn.lock syntax updates

* Rebuild dist/

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Pigulla <mp@webfactory.de>
2022-09-01 09:02:13 +02:00
J.R. Mash
dc622c59e4
Update to Reflect Supported GitHub Host Keys (#102)
Closes #101 as well.

Co-authored-by: Matthias Pigulla <mp@webfactory.de>
2021-11-20 12:21:38 +01:00
Michael Hipp
1711bb1971 Update GitHub deploy key log comment to specify public key 2021-09-01 11:40:04 -07:00
Matthias Pigulla
aed5400f20 Log when a key is _not_ used as a deploy key
Resolves #69.

Co-authored-by: Sean Killeen <SeanKilleen@gmail.com>
2021-03-17 18:50:49 +00:00
Matthias Pigulla
4681241867 Use case-insensitive regex matching when scanning key comments
Resolves #68, closes #70, closes #71.

Co-authored-by: Sean Killeen <SeanKilleen@gmail.com>
2021-03-17 18:27:52 +00:00
Matthias Pigulla
4b6f4eb000
Windows virtual environment: Use SSH binaries from the Git suite (#63)
* Use SSH binaries from the Git suite

* Try to kill the ssh-agent upon action termination on Windows as well
2021-03-10 08:19:17 +01:00
Matthias Pigulla
598c7ea894 Handle ENOENT exceptions with a graceful message 2021-03-05 20:17:14 +00:00
Matthias Pigulla
4d06ea6a33
Add support for GitHub Deployment Keys through key comments (#59)
Fixes #30, closes #38.
2021-02-19 14:37:34 +01:00
Matthias Pigulla
edc2fe4f2e
Support container-based workflows and Windows (#17) 2021-02-13 21:02:34 +01:00
Matthias Pigulla
3dd57c80a6
Update dependencies (#43) 2020-10-07 23:06:49 +02:00
Matthias Pigulla
ef0ce0cab8
Ignore failures when trying to kill the ssh-agent (#33) 2020-06-24 08:31:28 +02:00
Thorben Nissen
4fcb25e7ef
Randomize SSH auth socket, kill agent to support non-ephemeral, self hosted runners (@thommyhh, #27)
Thanks to @thommyhh for this contribution!

Unless the `SSH_AUTH_SOCK` is configured explicitly, this change will make the SSH agent use a random file name for the socket. That way, multiple, concurrent SSH agents can be used on non-ephemeral, self-hosted runners.

A new post-action step will automatically clean up the running agent at the end of a job.

Be aware of the possible security implications: Two jobs running on the same runner might be able to access each other's socket and thus access repositories and/or hosts.
2020-05-18 09:08:29 +02:00
Matthias Pigulla
c6eb7ee1d8 Exit with a helpful error message when the secret has not been configured 2020-01-14 09:29:16 +00:00
Matthias Pigulla
6cf6299d23
Support multiple SSH keys (#14)
* Support concatenation of multiple private keys in the given secret

* Add a changelog
2020-01-14 10:21:11 +01:00
Matthias Pigulla
e181806200
Use $HOME to support OS X as well (#2)
This fixes #1. Windows is currently not supported.
2019-09-15 09:32:43 +02:00
Matthias Pigulla
64d68c7e61 Write GH action to set up ssh keys for private repos 2019-09-14 22:28:16 +00:00