mirror of
https://github.com/webfactory/ssh-agent.git
synced 2024-11-24 01:58:01 +00:00
4fcb25e7ef
Thanks to @thommyhh for this contribution! Unless the `SSH_AUTH_SOCK` is configured explicitly, this change will make the SSH agent use a random file name for the socket. That way, multiple, concurrent SSH agents can be used on non-ephemeral, self-hosted runners. A new post-action step will automatically clean up the running agent at the end of a job. Be aware of the possible security implications: Two jobs running on the same runner might be able to access each other's socket and thus access repositories and/or hosts.
51 lines
2.7 KiB
JavaScript
51 lines
2.7 KiB
JavaScript
const core = require('@actions/core');
|
|
const child_process = require('child_process');
|
|
const fs = require('fs');
|
|
|
|
try {
|
|
|
|
const home = process.env['HOME'];
|
|
const homeSsh = home + '/.ssh';
|
|
|
|
const privateKey = core.getInput('ssh-private-key');
|
|
|
|
if (!privateKey) {
|
|
core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file.");
|
|
|
|
return;
|
|
}
|
|
|
|
console.log(`Adding GitHub.com keys to ${homeSsh}/known_hosts`);
|
|
fs.mkdirSync(homeSsh, { recursive: true });
|
|
fs.appendFileSync(`${homeSsh}/known_hosts`, '\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n');
|
|
fs.appendFileSync(`${homeSsh}/known_hosts`, '\ngithub.com ssh-dss AAAAB3NzaC1kc3MAAACBANGFW2P9xlGU3zWrymJgI/lKo//ZW2WfVtmbsUZJ5uyKArtlQOT2+WRhcg4979aFxgKdcsqAYW3/LS1T2km3jYW/vr4Uzn+dXWODVk5VlUiZ1HFOHf6s6ITcZvjvdbp6ZbpM+DuJT7Bw+h5Fx8Qt8I16oCZYmAPJRtu46o9C2zk1AAAAFQC4gdFGcSbp5Gr0Wd5Ay/jtcldMewAAAIATTgn4sY4Nem/FQE+XJlyUQptPWMem5fwOcWtSXiTKaaN0lkk2p2snz+EJvAGXGq9dTSWHyLJSM2W6ZdQDqWJ1k+cL8CARAqL+UMwF84CR0m3hj+wtVGD/J4G5kW2DBAf4/bqzP4469lT+dF2FRQ2L9JKXrCWcnhMtJUvua8dvnwAAAIB6C4nQfAA7x8oLta6tT+oCk2WQcydNsyugE8vLrHlogoWEicla6cWPk7oXSspbzUcfkjN3Qa6e74PhRkc7JdSdAlFzU3m7LMkXo1MHgkqNX8glxWNVqBSc0YRdbFdTkL0C6gtpklilhvuHQCdbgB3LBAikcRkDp+FCVkUgPC/7Rw==\n');
|
|
|
|
console.log("Starting ssh-agent");
|
|
const authSock = core.getInput('ssh-auth-sock');
|
|
let sshAgentOutput = ''
|
|
if (authSock && authSock.length > 0) {
|
|
sshAgentOutput = child_process.execFileSync('ssh-agent', ['-a', authSock]);
|
|
} else {
|
|
sshAgentOutput = child_process.execFileSync('ssh-agent')
|
|
}
|
|
|
|
// Extract auth socket path and agent pid and set them as job variables
|
|
const lines = sshAgentOutput.toString().split("\n")
|
|
for (const lineNumber in lines) {
|
|
const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/.exec(lines[lineNumber])
|
|
if (matches && matches.length > 0) {
|
|
core.exportVariable(matches[1], matches[2])
|
|
}
|
|
}
|
|
|
|
console.log("Adding private key to agent");
|
|
privateKey.split(/(?=-----BEGIN)/).forEach(function(key) {
|
|
child_process.execSync('ssh-add -', { input: key.trim() + "\n" });
|
|
});
|
|
|
|
console.log("Keys added:");
|
|
child_process.execSync('ssh-add -l', { stdio: 'inherit' });
|
|
|
|
} catch (error) {
|
|
core.setFailed(error.message);
|
|
}
|