From ad6643f7053e0afbd2701670df746f69255670bf Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 30 Apr 2020 15:56:29 +0800 Subject: [PATCH 001/167] chore: support ciphers Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8f40339..e46084a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.5.6-linux-amd64 +FROM appleboy/drone-ssh:1.5.7-linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From a912e225ec2ce9b442f4c521d2f08467691ecb67 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 8 May 2020 19:05:47 +0800 Subject: [PATCH 002/167] chore: Add limitation in readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7f9c8dc..50a286c 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,8 @@ [![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) +**Importment**: Only support **Linux** container. + ## Usage Executing remote ssh commands. From 6b00175bad1b79cfa1d2399fa8dd357373cceb31 Mon Sep 17 00:00:00 2001 From: Daniel Hwang Date: Mon, 18 May 2020 23:21:26 -0700 Subject: [PATCH 003/167] add support for fingerprint: (#54) --- Dockerfile | 2 +- README.md | 2 ++ action.yml | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e46084a..7c278f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.5.7-linux-amd64 +FROM appleboy/drone-ssh:1.5.8-linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/README.md b/README.md index 50a286c..f8e500f 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ See [action.yml](./action.yml) for more detailed information. * command_timeout - timeout for ssh command, default is `10m` * key - content of ssh private key. ex raw content of ~/.ssh/id_rsa * key_path - path of ssh private key +* fingerprint - fingerprint SHA256 of the host public key, default is to skip verification * script - execute commands * script_stop - stop script after first failure * envs - pass environment variable to shell script @@ -72,6 +73,7 @@ SSH Proxy Setting: * proxy_timeout - timeout for ssh to proxy host, default is `30s` * proxy_key - content of ssh proxy private key. * proxy_key_path - path of ssh proxy private key +* proxy_fingerprint - fingerprint SHA256 of the proxy host public key, default is to skip verification ### Example diff --git a/action.yml b/action.yml index c76b730..04aa19d 100644 --- a/action.yml +++ b/action.yml @@ -26,6 +26,8 @@ inputs: description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa' key_path: description: 'path of ssh private key' + fingerprint: + description: 'sha256 fingerprint of the host public key' proxy_host: description: 'ssh proxy host' proxy_port: @@ -44,6 +46,8 @@ inputs: description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa' proxy_key_path: description: 'path of ssh proxy private key' + proxy_fingerprint: + description: 'sha256 fingerprint of the proxy host public key' script: description: 'execute commands' script_stop: From c9eebc1cde37bec0e73a313e766b036690c783fe Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 24 May 2020 10:54:31 +0800 Subject: [PATCH 004/167] chore: support use_insecure_cipher (#57) --- .github/workflows/ci.yml | 10 ++++++++++ Dockerfile | 2 +- README.md | 2 ++ action.yml | 6 ++++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bb997fe..4130a2f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -92,3 +92,13 @@ jobs: script: | whoami ls -al + + - name: use insecure cipher + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami + use_insecure_cipher: true diff --git a/Dockerfile b/Dockerfile index 7c278f5..7f61ac5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.5.8-linux-amd64 +FROM appleboy/drone-ssh:1.5.9-linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/README.md b/README.md index f8e500f..c679439 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ See [action.yml](./action.yml) for more detailed information. * script_stop - stop script after first failure * envs - pass environment variable to shell script * debug - enable debug mode +* use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) SSH Proxy Setting: @@ -74,6 +75,7 @@ SSH Proxy Setting: * proxy_key - content of ssh proxy private key. * proxy_key_path - path of ssh proxy private key * proxy_fingerprint - fingerprint SHA256 of the proxy host public key, default is to skip verification +* proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) ### Example diff --git a/action.yml b/action.yml index 04aa19d..b15f758 100644 --- a/action.yml +++ b/action.yml @@ -16,6 +16,9 @@ inputs: sync: description: 'synchronous execution if multiple hosts' default: false + use_insecure_cipher: + description: 'include more ciphers with use_insecure_cipher' + default: false timeout: description: 'timeout for ssh to host' default: "30s" @@ -48,6 +51,9 @@ inputs: description: 'path of ssh proxy private key' proxy_fingerprint: description: 'sha256 fingerprint of the proxy host public key' + proxy_use_insecure_cipher: + description: 'include more ciphers with use_insecure_cipher' + default: false script: description: 'execute commands' script_stop: From 1cb5cd31c9ef6be392b4c8cd1ce1613b0bf87775 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 24 May 2020 12:09:05 +0800 Subject: [PATCH 005/167] chore: update to latest version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7f61ac5..3ff5c6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.5.9-linux-amd64 +FROM appleboy/drone-ssh:linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 03b440e441c83c0da28c9f9e3b187d2595174e73 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 24 May 2020 13:13:09 +0800 Subject: [PATCH 006/167] docs: add cipher parameter --- README.md | 2 ++ action.yml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index c679439..191abf1 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ See [action.yml](./action.yml) for more detailed information. * envs - pass environment variable to shell script * debug - enable debug mode * use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) +* cipher - the allowed cipher algorithms. If unspecified then a sensible SSH Proxy Setting: @@ -76,6 +77,7 @@ SSH Proxy Setting: * proxy_key_path - path of ssh proxy private key * proxy_fingerprint - fingerprint SHA256 of the proxy host public key, default is to skip verification * proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) +* proxy_cipher - the allowed cipher algorithms. If unspecified then a sensible ### Example diff --git a/action.yml b/action.yml index b15f758..65891e8 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,8 @@ inputs: use_insecure_cipher: description: 'include more ciphers with use_insecure_cipher' default: false + cipher: + description: 'the allowed cipher algorithms. If unspecified then a sensible' timeout: description: 'timeout for ssh to host' default: "30s" @@ -51,6 +53,8 @@ inputs: description: 'path of ssh proxy private key' proxy_fingerprint: description: 'sha256 fingerprint of the proxy host public key' + proxy_cipher: + description: 'the allowed cipher algorithms. If unspecified then a sensible' proxy_use_insecure_cipher: description: 'include more ciphers with use_insecure_cipher' default: false From 682eb0ddda5d4b97a4b9b7ae1314c2f75254f9d9 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 24 May 2020 13:59:21 +0800 Subject: [PATCH 007/167] chore: bump drone-ssh to v1.6.0 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3ff5c6d..814e6c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:linux-amd64 +FROM appleboy/drone-ssh:1.6.0-linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From b315fb5f9815538e20c48d60513b7954af3f8500 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 5 Jun 2020 09:03:15 +0800 Subject: [PATCH 008/167] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 191abf1..38a6959 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) -**Importment**: Only support **Linux** container. +**Importment**: Only support **Linux** [docker](https://www.docker.com/) container. ## Usage From 5711a203b3207eb1c6cebec6ac2152ab210ec3ae Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 5 Jun 2020 09:05:02 +0800 Subject: [PATCH 009/167] fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 38a6959..fc34527 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) -**Importment**: Only support **Linux** [docker](https://www.docker.com/) container. +**Important**: Only support **Linux** [docker](https://www.docker.com/) container. ## Usage From e2cbea5f00b5f8d63f24ff104ec5446ca9dbc56c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 15 Jun 2020 16:45:26 +0800 Subject: [PATCH 010/167] chore: bump drone-ssh to v1.6.1 (#63) Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 814e6c2..10c47e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.0-linux-amd64 +FROM appleboy/drone-ssh:1.6.1-linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From a2f91cbad15a1f1f30ed316d0a9cbccdc33f23d4 Mon Sep 17 00:00:00 2001 From: Yashu Mittal Date: Wed, 8 Jul 2020 14:16:24 +0530 Subject: [PATCH 011/167] (info) Pass env variable as string (#69) --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index fc34527..0ac0383 100644 --- a/README.md +++ b/README.md @@ -177,6 +177,8 @@ Pass environment variable to shell script echo "sha: $SHA" ``` +_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ + Stop script after first failure. ex: missing `abc` folder ```diff From 269a4479ebb619c3582f8c376e4cd8a83e90c232 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 3 Aug 2020 22:15:09 +0800 Subject: [PATCH 012/167] chore: Multiline SSH commands interpreted as single lines --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4130a2f..ef49038 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -100,5 +100,7 @@ jobs: username: ${{ secrets.USERNAME }} password: ${{ secrets.PASSWORD }} port: ${{ secrets.PORT }} - script: whoami + script: | + ls \ + -lah use_insecure_cipher: true From 3ac4675689ed1a354107ee6aa7f634fddbb1c3fc Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 8 Aug 2020 12:26:01 +0800 Subject: [PATCH 013/167] chore: Add Multiline SSH commands interpreted as single lines --- .github/workflows/ci.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ef49038..2415a20 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -104,3 +104,17 @@ jobs: ls \ -lah use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true From d09b6e0211778e27a745cf9b0f5dc6a9194e674c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 8 Aug 2020 15:34:38 +0800 Subject: [PATCH 014/167] chore: try the latest version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 10c47e9..3ff5c6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.1-linux-amd64 +FROM appleboy/drone-ssh:linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From bf84735fa9986d048980965656d55112e863f432 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 8 Aug 2020 15:39:00 +0800 Subject: [PATCH 015/167] fix: Multiline SSH commands interpreted as single lines fix https://github.com/appleboy/ssh-action/issues/75 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3ff5c6d..042c990 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:linux-amd64 +FROM appleboy/drone-ssh:1.6.2-linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 8bd4933b73586b028df7d6e9756173a779091964 Mon Sep 17 00:00:00 2001 From: Himanshu Garg <35988194+merrcury@users.noreply.github.com> Date: Wed, 12 Aug 2020 22:33:55 +0530 Subject: [PATCH 016/167] Instructions to use SSH Key (#77) --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 0ac0383..747a601 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,21 @@ SSH Proxy Setting: * proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) * proxy_cipher - the allowed cipher algorithms. If unspecified then a sensible +### Setting up SSH Key +Make sure to follow the below steps while creating SSH Keys and using them. +* Login with username specified in Github Secrets. +* Generate a RSA Key-Pair. + ```bash + ssh-keygen -t rsa -b 4096 -C "your_email@example.com" + ``` +* Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). + ```bash + cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys + ``` +* Copy Private Key content and paste in Github Secrets. + ```bash + clip < ~/.ssh/id_rsa + ``` ### Example Executing remote ssh commands using password. From ffff33f8fe0318345a4f00f0e847325954b2a3ed Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Aug 2020 01:06:27 +0800 Subject: [PATCH 017/167] docs: update readme --- README.md | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 747a601..6ffa1c8 100644 --- a/README.md +++ b/README.md @@ -80,20 +80,28 @@ SSH Proxy Setting: * proxy_cipher - the allowed cipher algorithms. If unspecified then a sensible ### Setting up SSH Key -Make sure to follow the below steps while creating SSH Keys and using them. -* Login with username specified in Github Secrets. -* Generate a RSA Key-Pair. - ```bash - ssh-keygen -t rsa -b 4096 -C "your_email@example.com" - ``` -* Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). - ```bash - cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys - ``` -* Copy Private Key content and paste in Github Secrets. - ```bash - clip < ~/.ssh/id_rsa - ``` + +Make sure to follow the below steps while creating SSH Keys and using them. +Login with username specified in Github Secrets. Generate a RSA Key-Pair: + + ```bash + ssh-keygen -t rsa -b 4096 -C "your_email@example.com" + ``` + +Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). + +```bash +cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys +``` + +Copy Private Key content and paste in Github Secrets. + +```bash +clip < ~/.ssh/id_rsa +``` + +See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html) + ### Example Executing remote ssh commands using password. From fd39ef0f1814d986b5d9c5246ad0414060fe2e14 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 31 Oct 2020 07:03:29 +0800 Subject: [PATCH 018/167] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6ffa1c8..98336a2 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ SSH Proxy Setting: ### Setting up SSH Key Make sure to follow the below steps while creating SSH Keys and using them. +The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair: ```bash @@ -91,7 +92,7 @@ Login with username specified in Github Secrets. Generate a RSA Key-Pair: Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). ```bash -cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` Copy Private Key content and paste in Github Secrets. From 9fb11fb1f539dca2ede9fd4fbbdded2bb2fd678d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 17 Nov 2020 10:20:18 +0800 Subject: [PATCH 019/167] chore(host): support multiple port https://github.com/appleboy/ssh-action/issues/85 Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 14 ++++++++++++++ Dockerfile | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2415a20..0ca56b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -118,3 +118,17 @@ jobs: ls \ -lah use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: ./ + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true diff --git a/Dockerfile b/Dockerfile index 042c990..3ff5c6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.2-linux-amd64 +FROM appleboy/drone-ssh:linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 1d1b21ca96111b1eb4c03c21c14ebb971d2200f6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 17 Nov 2020 10:51:06 +0800 Subject: [PATCH 020/167] Support multiple host with different port (#94) --- Dockerfile | 2 +- README.md | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3ff5c6d..93e707f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:linux-amd64 +FROM appleboy/drone-ssh:1.6.3-linux-amd64 ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/README.md b/README.md index 98336a2..e14a81e 100644 --- a/README.md +++ b/README.md @@ -164,6 +164,21 @@ Multiple Hosts ls -al ``` +Multiple Hosts with differebt port + +```diff + - name: multiple host + uses: appleboy/ssh-action@master + with: +- host: "foo.com" ++ host: "foo.com:1234,bar.com:5678" + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + script: | + whoami + ls -al +``` + Synchronous execution on multiple hosts ```diff From 61e292b601b405c4b211ea30a046bb1a97e45bdc Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 17 Nov 2020 10:54:18 +0800 Subject: [PATCH 021/167] docs: fix typo Signed-off-by: Bo-Yi Wu --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e14a81e..33ed151 100644 --- a/README.md +++ b/README.md @@ -164,7 +164,7 @@ Multiple Hosts ls -al ``` -Multiple Hosts with differebt port +Multiple hosts with different port ```diff - name: multiple host From 63dd9dd662e35cedefd05fa36e163608893bf31d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 13 Feb 2021 10:55:57 +0800 Subject: [PATCH 022/167] chore: replace ADD with COPY --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 93e707f..6ee3e3c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM appleboy/drone-ssh:1.6.3-linux-amd64 -ADD entrypoint.sh /entrypoint.sh +COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] From c7104ccac4e360f9f77c0b93afdb6d8974df5b16 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 6 Mar 2021 23:00:38 +0800 Subject: [PATCH 023/167] chore: add ED25519 example --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0ca56b0..d6a683a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -132,3 +132,12 @@ jobs: ls \ -lah use_insecure_cipher: true + + - name: SSH ED25519 Private Key + uses: ./ + with: + host: ${{ secrets.TUNNEL_HOST }} + username: ${{ secrets.TUNNEL_USERNAME }} + key: ${{ secrets.ID_ED25519 }} + port: ${{ secrets.TUNNEL_PORT }} + script: whoami From e59c0ee97a7e5240ed9eb489791adbb9c9ac7f6b Mon Sep 17 00:00:00 2001 From: h1dden-da3m0n <33120068+h1dden-da3m0n@users.noreply.github.com> Date: Sat, 3 Apr 2021 23:59:44 +0200 Subject: [PATCH 024/167] docu(restructure): update readme structure and add ed25519 ssh key instructions (#113) --- README.md | 168 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 117 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 33ed151..f828639 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,42 @@ **Important**: Only support **Linux** [docker](https://www.docker.com/) container. +## Input variables + +See [action.yml](./action.yml) for more detailed information. + +* `host` - ssh host +* `port` - ssh port, default is `22` +* `username` - ssh username +* `password` - ssh password +* `passphrase` - the passphrase is usually to encrypt the private key +* `sync` - synchronous execution if multiple hosts, default is false +* `timeout` - timeout for ssh to remote host, default is `30s` +* `command_timeout` - timeout for ssh command, default is `10m` +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa +* `key_path` - path of ssh private key +* `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification +* `script` - execute commands +* `script_stop` - stop script after first failure +* `envs` - pass environment variable to shell script +* `debug` - enable debug mode +* `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) +* `cipher` - the allowed cipher algorithms. If unspecified then a sensible + +SSH Proxy Setting: + +* `proxy_host` - proxy host +* `proxy_port` - proxy port, default is `22` +* `proxy_username` - proxy username +* `proxy_password` - proxy password +* `proxy_passphrase` - the passphrase is usually to encrypt the private key +* `proxy_timeout` - timeout for ssh to proxy host, default is `30s` +* `proxy_key` - content of ssh proxy private key. +* `proxy_key_path` - path of ssh proxy private key +* `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification +* `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) +* `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible + ## Usage Executing remote ssh commands. @@ -43,69 +79,87 @@ out: *** ============================================== ``` -## Input variables - -See [action.yml](./action.yml) for more detailed information. - -* host - ssh host -* port - ssh port, default is `22` -* username - ssh username -* password - ssh password -* passphrase - the passphrase is usually to encrypt the private key -* sync - synchronous execution if multiple hosts, default is false -* timeout - timeout for ssh to remote host, default is `30s` -* command_timeout - timeout for ssh command, default is `10m` -* key - content of ssh private key. ex raw content of ~/.ssh/id_rsa -* key_path - path of ssh private key -* fingerprint - fingerprint SHA256 of the host public key, default is to skip verification -* script - execute commands -* script_stop - stop script after first failure -* envs - pass environment variable to shell script -* debug - enable debug mode -* use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* cipher - the allowed cipher algorithms. If unspecified then a sensible - -SSH Proxy Setting: - -* proxy_host - proxy host -* proxy_port - proxy port, default is `22` -* proxy_username - proxy username -* proxy_password - proxy password -* proxy_passphrase - the passphrase is usually to encrypt the private key -* proxy_timeout - timeout for ssh to proxy host, default is `30s` -* proxy_key - content of ssh proxy private key. -* proxy_key_path - path of ssh proxy private key -* proxy_fingerprint - fingerprint SHA256 of the proxy host public key, default is to skip verification -* proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* proxy_cipher - the allowed cipher algorithms. If unspecified then a sensible - -### Setting up SSH Key +### Setting up a SSH Key Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair: - ```bash - ssh-keygen -t rsa -b 4096 -C "your_email@example.com" - ``` +
+rsa +

+ +```bash +ssh-keygen -t rsa -b 4096 -C "your_email@example.com" +``` + +

+
+ +
+ed25519 +

+ +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + +

+
Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). +
+rsa +

+ ```bash cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` +

+
+ +
+ed25519 +

+ +```bash +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' +``` + +

+
+ Copy Private Key content and paste in Github Secrets. +
+rsa +

+ ```bash clip < ~/.ssh/id_rsa ``` +

+
+ +
+ed25519 +

+ +```bash +clip < ~/.ssh/id_ed25519 +``` + +

+
+ See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html) ### Example -Executing remote ssh commands using password. +#### Executing remote ssh commands using password ```yaml - name: executing remote ssh commands using password @@ -118,7 +172,7 @@ Executing remote ssh commands using password. script: whoami ``` -Using private key +#### Using private key ```yaml - name: executing remote ssh commands using ssh key @@ -131,7 +185,7 @@ Using private key script: whoami ``` -Multiple Commands +#### Multiple Commands ```yaml - name: multiple command @@ -148,7 +202,7 @@ Multiple Commands ![result](./images/output-result.png) -Multiple Hosts +#### Multiple Hosts ```diff - name: multiple host @@ -164,7 +218,7 @@ Multiple Hosts ls -al ``` -Multiple hosts with different port +#### Multiple hosts with different port ```diff - name: multiple host @@ -179,7 +233,7 @@ Multiple hosts with different port ls -al ``` -Synchronous execution on multiple hosts +#### Synchronous execution on multiple hosts ```diff - name: multiple host @@ -195,7 +249,7 @@ Synchronous execution on multiple hosts ls -al ``` -Pass environment variable to shell script +#### Pass environment variable to shell script ```diff - name: pass environment @@ -218,7 +272,9 @@ Pass environment variable to shell script _Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ -Stop script after first failure. ex: missing `abc` folder +#### Stop script after first failure + +> ex: missing `abc` folder ```diff - name: stop script if command error @@ -247,7 +303,7 @@ err: mkdir: cannot create directory ‘abc/def’: No such file or directory ##[error]Docker run failed with exit code 1 ``` -How to connect remote server using `ProxyCommand`? +#### How to connect remote server using `ProxyCommand`? ```bash +--------+ +----------+ +-----------+ @@ -271,7 +327,7 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -How to convert to YAML format of GitHubActions. +#### How to convert to YAML format of GitHubActions ```diff - name: ssh proxy command @@ -290,7 +346,11 @@ How to convert to YAML format of GitHubActions. ls -al ``` -Protecting a Private Key. The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. +#### Protecting a Private Key + +The purpose of the passphrase is usually to encrypt the private key. +This makes the key file by itself useless to an attacker. +It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. ```diff - name: ssh key passphrase @@ -305,3 +365,9 @@ Protecting a Private Key. The purpose of the passphrase is usually to encrypt th whoami ls -al ``` + +## Contributing +We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! + +## License +The scripts and documentation in this project are released under the [MIT License](LICENSE) From 29007ce6fb5efec2eaa8fd3b1220343a6f1d913e Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 9 May 2021 21:11:10 +0800 Subject: [PATCH 025/167] chore: update ssh key part part from https://github.com/appleboy/ssh-action/issues/80 --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f828639..1ece7cc 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,13 @@ clip < ~/.ssh/id_ed25519

-See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html) +See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). + +**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: + +* Put the public key in `.ssh/authorized_keys2` +* Change the permissions of `.ssh` to 700 +* Change the permissions of `.ssh/authorized_keys2` to 640 ### Example From 1a8b3784eaa665f677fa114edd5683bb6a6bfaa8 Mon Sep 17 00:00:00 2001 From: Nicklas Frahm Date: Sat, 15 May 2021 17:05:07 +0200 Subject: [PATCH 026/167] Document setup of SSH host fingerprint validation (#120) --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 1ece7cc..779db86 100644 --- a/README.md +++ b/README.md @@ -372,6 +372,32 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ls -al ``` +#### Using host fingerprint verification + +Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host. + +In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7). + +``` +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 +``` + +Now you can adjust you config: + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ fingerprint: ${{ secrets.FINGERPRINT }} + script: | + whoami + ls -al +``` + ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From c7671d858f032e258a724d8ab1475e9be42cf391 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 6 Feb 2022 15:15:00 +0800 Subject: [PATCH 027/167] docs: update format Signed-off-by: Bo-Yi Wu --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 779db86..bcf4469 100644 --- a/README.md +++ b/README.md @@ -378,7 +378,7 @@ Setting up SSH host fingerprint verification can help to prevent Person-in-the-M In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7). -``` +```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` @@ -399,7 +399,9 @@ Now you can adjust you config: ``` ## Contributing + We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! ## License + The scripts and documentation in this project are released under the [MIT License](LICENSE) From ba1d4fb0eb89e3b83ad843bd875398d0d73fe721 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 6 Feb 2022 16:12:37 +0800 Subject: [PATCH 028/167] chore(CI): show secrets. Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d6a683a..3a13e96 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,6 +39,7 @@ jobs: ls -al # - name: stop script if command error + # if: always() # uses: ./ # with: # host: ${{ secrets.HOST }} @@ -70,16 +71,18 @@ jobs: FOO: "BAR" BAR: "FOO" SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA + envs: FOO,BAR,SHA,PORT script: | echo "I am $FOO, thanks" echo "I am $BAR, thanks" echo "sha: $SHA" + echo "port: $PORT" - name: ssh key passphrase uses: ./ From c732d38392bd59adadcb5e688fb1f7f1d29c6951 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 28 Feb 2022 07:08:00 +0800 Subject: [PATCH 029/167] chore: Add global environments Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3a13e96..efa88cd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,10 @@ name: remote ssh command on: [push] + +env: + FOO: "BAR" + BAR: "FOO" + jobs: build: From ea5c23a2b57ea400480c9cad9e2738aae1bca226 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 26 May 2022 09:02:47 +0800 Subject: [PATCH 030/167] Enable Sponsor Button --- .github/FUNDING.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..df9ae63 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,13 @@ +# These are supported funding model platforms + +github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +patreon: # Replace with a single Patreon username +open_collective: # Replace with a single Open Collective username +ko_fi: # Replace with a single Ko-fi username +tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +liberapay: # Replace with a single Liberapay username +issuehunt: # Replace with a single IssueHunt username +otechie: # Replace with a single Otechie username +lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry +custom: ['https://www.paypal.me/appleboy46'] From dce9d565de8d876c11d93fa4fe677c0285a66d78 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 28 May 2022 16:42:12 +0800 Subject: [PATCH 031/167] Update FUNDING.yml --- .github/FUNDING.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index df9ae63..c08c914 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -2,7 +2,7 @@ github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] patreon: # Replace with a single Patreon username -open_collective: # Replace with a single Open Collective username +open_collective: ssh-action ko_fi: # Replace with a single Ko-fi username tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry From ed1f3fc7c1bdb438aa7317557a0eb980aea774ad Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 29 Jul 2022 20:54:56 +0800 Subject: [PATCH 032/167] docs: problem with an EC2 instance Signed-off-by: Bo-Yi Wu --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index bcf4469..3a70693 100644 --- a/README.md +++ b/README.md @@ -398,6 +398,25 @@ Now you can adjust you config: ls -al ``` +## FAQ + +### Login with an EC2 instance + +See the [solution](https://github.com/appleboy/ssh-action/issues/80#issuecomment-1130407377). Open the following file + +```sh +/etc/ssh/sshd_config +``` + +and add the following configuration + +```sh +PubkeyAuthentication yes +PubkeyAcceptedKeyTypes=+ssh-rsa +``` + +restart the ssh server finally. + ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From f82e23f1a370495df4b0418d27fdbfbfd14994f8 Mon Sep 17 00:00:00 2001 From: Alister MacCormack <78695941+a-maccormack@users.noreply.github.com> Date: Fri, 29 Jul 2022 08:58:30 -0400 Subject: [PATCH 033/167] updated README to include OpenSSH comments (#161) --- README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/README.md b/README.md index 3a70693..4761996 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,26 @@ See the detail information about [SSH login without password](http://www.linuxpr * Change the permissions of `.ssh` to 700 * Change the permissions of `.ssh/authorized_keys2` to 640 +### If you are using OpenSSH +If you are currently using OpenSSH and are getting the following error: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +Make sure that your key algorithm of choice is supported. +On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under +`/etc/ssh/sshd_config.d/`): + +``` +CASignatureAlgorithms +ssh-rsa +``` + +Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + ### Example #### Executing remote ssh commands using password From a8d82ec39b75784f1bcd3d44e6c8261b710311d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A1niel=20Dobos?= <73838420+DanielDobos1985@users.noreply.github.com> Date: Fri, 29 Jul 2022 15:19:21 +0200 Subject: [PATCH 034/167] Switch to appleboy/drone-ssh:1.6.4 (#171) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6ee3e3c..416b5df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.3-linux-amd64 +FROM appleboy/drone-ssh:1.6.4-linux-amd64 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From e1116226a05cf6016654f0734e48b6d537501723 Mon Sep 17 00:00:00 2001 From: Ayanwola Ayomide <77179231+devvspaces@users.noreply.github.com> Date: Fri, 29 Jul 2022 14:19:55 +0100 Subject: [PATCH 035/167] updated readme envs option in example (#172) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4761996..bde11bf 100644 --- a/README.md +++ b/README.md @@ -289,7 +289,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} -+ envs: FOO,BAR ++ envs: FOO,BAR,SHA script: | echo "I am $FOO" echo "I am $BAR" From f9010ff7f1bbd7db1a0b4bab661437550cea20c0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 29 Jul 2022 21:24:53 +0800 Subject: [PATCH 036/167] docs: remove FAQ section Signed-off-by: Bo-Yi Wu --- README.md | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index bde11bf..c1f7233 100644 --- a/README.md +++ b/README.md @@ -164,21 +164,22 @@ See the detail information about [SSH login without password](http://www.linuxpr * Change the permissions of `.ssh/authorized_keys2` to 640 ### If you are using OpenSSH + If you are currently using OpenSSH and are getting the following error: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Make sure that your key algorithm of choice is supported. -On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under +Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): -``` +```bash CASignatureAlgorithms +ssh-rsa ``` Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: + ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` @@ -375,7 +376,7 @@ Host FooServer #### Protecting a Private Key The purpose of the passphrase is usually to encrypt the private key. -This makes the key file by itself useless to an attacker. +This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. ```diff @@ -418,25 +419,6 @@ Now you can adjust you config: ls -al ``` -## FAQ - -### Login with an EC2 instance - -See the [solution](https://github.com/appleboy/ssh-action/issues/80#issuecomment-1130407377). Open the following file - -```sh -/etc/ssh/sshd_config -``` - -and add the following configuration - -```sh -PubkeyAuthentication yes -PubkeyAcceptedKeyTypes=+ssh-rsa -``` - -restart the ssh server finally. - ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From cc051b07ed0666619f6ea5703319edf00d06be13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Delgado?= Date: Mon, 17 Oct 2022 11:00:39 -0300 Subject: [PATCH 037/167] Update README.md (#188) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c1f7233..01e0173 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ See [action.yml](./action.yml) for more detailed information. * `sync` - synchronous execution if multiple hosts, default is false * `timeout` - timeout for ssh to remote host, default is `30s` * `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, rembemer include the BEGIN and END lines * `key_path` - path of ssh private key * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification * `script` - execute commands From f23dd5c68131bcfedeeb014c00136c5278de8166 Mon Sep 17 00:00:00 2001 From: Inaction Date: Sat, 26 Nov 2022 11:24:18 +0100 Subject: [PATCH 038/167] docs(readme): Fix typo (#191) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 01e0173..2cf4618 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ See [action.yml](./action.yml) for more detailed information. * `sync` - synchronous execution if multiple hosts, default is false * `timeout` - timeout for ssh to remote host, default is `30s` * `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, rembemer include the BEGIN and END lines +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines * `key_path` - path of ssh private key * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification * `script` - execute commands From 9a7da95c8c2bfb2b69be5e3dfe9f5f170cbdc91d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 9 Dec 2022 10:13:56 +0800 Subject: [PATCH 039/167] chore(ssh): upgrade to drone 1.6.5 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 416b5df..5fd496f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.4-linux-amd64 +FROM appleboy/drone-ssh:1.6.5-linux-amd64 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From db9be1d5f2fa6a5590015d66861ca0f073c62fe1 Mon Sep 17 00:00:00 2001 From: Leo Schick <67712864+leo-schick@users.noreply.github.com> Date: Fri, 9 Dec 2022 03:16:07 +0100 Subject: [PATCH 040/167] use fixed version in documentation (#199) --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 2cf4618..af27276 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 0d5a3d0e48ba0a3f30d82c05f994722d3386888f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 9 Dec 2022 10:17:03 +0800 Subject: [PATCH 041/167] test: comment the ED25519 ssh testing --- .github/workflows/ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index efa88cd..db6c341 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -141,11 +141,11 @@ jobs: -lah use_insecure_cipher: true - - name: SSH ED25519 Private Key - uses: ./ - with: - host: ${{ secrets.TUNNEL_HOST }} - username: ${{ secrets.TUNNEL_USERNAME }} - key: ${{ secrets.ID_ED25519 }} - port: ${{ secrets.TUNNEL_PORT }} - script: whoami + # - name: SSH ED25519 Private Key + # uses: ./ + # with: + # host: ${{ secrets.TUNNEL_HOST }} + # username: ${{ secrets.TUNNEL_USERNAME }} + # key: ${{ secrets.ID_ED25519 }} + # port: ${{ secrets.TUNNEL_PORT }} + # script: whoami From 4a03da89e5c43da56e502053be4bbcb293411883 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 9 Dec 2022 10:32:49 +0800 Subject: [PATCH 042/167] docs: update to v0.1.6 --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index af27276..13968f8 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From d91a1af6f57cd4478ceee14d7705601dafabaa19 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 8 Jan 2023 09:08:14 +0800 Subject: [PATCH 043/167] Fix(envs): set environment variable instead of bash variable (#209) --- .github/workflows/ci.yml | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index db6c341..27fe433 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -88,6 +88,7 @@ jobs: echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" + sh test.sh - name: ssh key passphrase uses: ./ diff --git a/Dockerfile b/Dockerfile index 5fd496f..6249d23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.5-linux-amd64 +FROM appleboy/drone-ssh:1.6.8-linux-amd64 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From c1965ddd2563844fddc1ec01cafc798365706143 Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Sun, 8 Jan 2023 09:13:12 +0800 Subject: [PATCH 044/167] docs: upgrade to v0.1.7 Signed-off-by: Bo-Yi.Wu --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 13968f8..cbb2c34 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 7bf58514dbdd91c9949688650956cb60e92b469b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 28 Feb 2023 17:11:47 +0800 Subject: [PATCH 045/167] chore(auth): allow set password and private key at same time. (#226) --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ Dockerfile | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27fe433..2c44c53 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,26 @@ jobs: - name: checkout uses: actions/checkout@v1 + - name: correct password but wrong key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami + + - name: wrong password but correct key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + - name: executing remote ssh commands using password uses: ./ with: diff --git a/Dockerfile b/Dockerfile index 6249d23..56289e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.8-linux-amd64 +FROM appleboy/drone-ssh COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From ae2bb3c3dc0ff64e47218f5a068dc63c201c785e Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 28 Feb 2023 17:16:13 +0800 Subject: [PATCH 046/167] chore(docker): update appleboy/drone-ssh to v1.6.10 version Signed-off-by: Bo-Yi.Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 56289e6..0f1e3c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh +FROM appleboy/drone-ssh:1.6.10 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From b60142998894e495c513803efc6d5d72a72c968a Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 28 Feb 2023 17:18:27 +0800 Subject: [PATCH 047/167] docs: update to v0.1.8 version Signed-off-by: Bo-Yi.Wu --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cbb2c34..40569ba 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 495830820fa9cf8c3026738073281a05f0d6dfeb Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 28 Feb 2023 18:12:19 +0800 Subject: [PATCH 048/167] docs: add traditional chinese documentation. Signed-off-by: Bo-Yi.Wu --- README.zh-tw.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 README.zh-tw.md diff --git a/README.zh-tw.md b/README.zh-tw.md new file mode 100644 index 0000000..f08a5f7 --- /dev/null +++ b/README.zh-tw.md @@ -0,0 +1,45 @@ +# 🚀 用於 GitHub Actions 的 SSH + +[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. + +![ssh workflow](./images/ssh-workflow.png) + +[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) + +**注意**: 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。 + +## 輸入變數 + +更詳細的資訊,請參閱 [action.yml](./action.yml)。 + +* `host` - SSH 主機 +* `port` - SSH 連接埠,預設為 `22` +* `username` - SSH 使用者名稱 +* `password` - SSH 密碼 +* `passphrase` - 通常用於加密私鑰的 passphrase +* `sync` - 同步執行多個主機上的命令,預設為 false +* `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s` +* `command_timeout` - SSH 命令超時時間,預設為 10m +* `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行 +* `key_path` - SSH 私鑰的路徑 +* `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 +* `script` - 執行命令 +* `script_stop` - 當出現第一個錯誤時停止執行命令 +* `envs` - 傳遞環境變數到 shell script +* `debug` - 啟用偵錯模式 +* `use_insecure_cipher` - 使用不安全的密碼(ciphers)進行加密,參見 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `cipher` - 允許使用的密碼(ciphers)演算法。如果未指定,則使用適當的演算法 + +SSH 代理設置: + +* `proxy_host` - 代理主機 +* `proxy_port` - 代理端口,預設為 `22` +* `proxy_username` - 代理使用者名稱 +* `proxy_password` - 代理密碼 +* `proxy_passphrase` - 密碼通常用於加密私有金鑰 +* `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s` +* `proxy_key` - SSH 代理私有金鑰內容 +* `proxy_key_path` - SSH 代理私有金鑰路徑 +* `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 +* `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 From 51b83ba47471c1d7399cec9b43aaf0d57432f707 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Mar 2023 10:22:51 +0800 Subject: [PATCH 049/167] docs: format --- README.md | 47 ++++++++--------------------------------------- 1 file changed, 8 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 40569ba..2e0aa53 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ See [action.yml](./action.yml) for more detailed information. * `sync` - synchronous execution if multiple hosts, default is false * `timeout` - timeout for ssh to remote host, default is `30s` * `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines * `key_path` - path of ssh private key * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification * `script` - execute commands @@ -85,76 +85,46 @@ Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair: -
-rsa -

+rsa ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -

-
- -
-ed25519 -

+ed25519 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -

-
- Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). -
-rsa -

+rsa ```bash cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -

-
- -
-ed25519 -

+ed25519 ```bash cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -

-
- Copy Private Key content and paste in Github Secrets. -
-rsa -

+rsa ```bash clip < ~/.ssh/id_rsa ``` -

-
- -
-ed25519 -

+ed25519 ```bash clip < ~/.ssh/id_ed25519 ``` -

-
- See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). **A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: @@ -171,8 +141,7 @@ If you are currently using OpenSSH and are getting the following error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under -`/etc/ssh/sshd_config.d/`): +Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): ```bash CASignatureAlgorithms +ssh-rsa From e4a881008dbb8a3c211786f8a9c0c7a21c339a3c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Mar 2023 10:26:23 +0800 Subject: [PATCH 050/167] docs(readme): update --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2e0aa53..87f303d 100644 --- a/README.md +++ b/README.md @@ -85,13 +85,13 @@ Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair: -rsa +### Generate rsa key ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -ed25519 +### Generate ed25519 key ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -99,13 +99,13 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). -rsa +### Add rsa key into Authorized keys ```bash cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -ed25519 +### Add ed25519 key into Authorized keys ```bash cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' @@ -113,13 +113,13 @@ cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' Copy Private Key content and paste in Github Secrets. -rsa +### Copy rsa Private key ```bash clip < ~/.ssh/id_rsa ``` -ed25519 +### Copy ed25519 Private key ```bash clip < ~/.ssh/id_ed25519 From 6a1b59d972b8284bc1127691af3cb964ae4c841b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Mar 2023 10:45:48 +0800 Subject: [PATCH 051/167] docs: add chinese --- README.md | 2 + README.zh-tw.md | 348 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 350 insertions(+) diff --git a/README.md b/README.md index 87f303d..460866f 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # 🚀 SSH for GitHub Actions +[繁體中文](./README.zh-tw.md) + [GitHub Action](https://github.com/features/actions) for executing remote ssh commands. ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-tw.md b/README.zh-tw.md index f08a5f7..eeeca6d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -43,3 +43,351 @@ SSH 代理設置: * `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 * `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) * `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 + +## 使用方式 + +執行遠端 SSH 命令 + +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +畫面輸出 + +```sh +======CMD====== +whoami +======END====== +out: *** +============================================== +✅ Successfully executed commands to all host. +============================================== +``` + +### 設置 SSH 金鑰 + +請在創建 SSH 金鑰並使用 SSH 金鑰時遵循以下步驟。最佳做法是在本地機器上創建 SSH 金鑰而不是遠端機器上。請使用 Github Secrets 中指定的用戶名登錄。生成 RSA 金鑰: + +### 生成 RSA 金鑰 + +```bash +ssh-keygen -t rsa -b 4096 -C "your_email@example.com" +``` + +### 生成 ed25519 金鑰 + +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + +將新生成的金鑰添加到已授權的金鑰中。詳細了解已授權的金鑰請點擊[此處](https://www.ssh.com/ssh/authorized_keys/). + +### 將 RSA 金鑰添加到已授權金鑰中 + +```bash +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +``` + +### 將 ed25519 金鑰添加到已授權金鑰中 + +```bash +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' +``` + +複製私鑰內容,然後將其粘貼到 Github Secrets 中。 + +### 複製 rsa 私鑰內容 + +```bash +clip < ~/.ssh/id_rsa +``` + +### 複製 ed25519 私鑰內容 + +```bash +clip < ~/.ssh/id_ed25519 +``` + +有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 + +**來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: + +* 將公鑰放在 `.ssh/authorized_keys2` 中 +* 將 `.ssh` 的權限更改為700 +* 將 `.ssh/authorized_keys2` 的權限更改為640 + +### 如果你使用的是 OpenSSH + +如果您正在使用 OpenSSH,並出現以下錯誤: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +請確保您所選擇的密鑰演算法得到支援。在 Ubuntu 20.04 或更高版本上,您必須明確允許使用 SSH-RSA 演算法。請在 OpenSSH 守護進程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一個附著文件): + +```bash +CASignatureAlgorithms +ssh-rsa +``` + +或者,`Ed25519` 密鑰在 OpenSSH 中默認被接受。如果需要,您可以使用它來替代 RSA。 + +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + +### Example + +#### 使用密碼執行遠端 SSH 命令 + +```yaml +- name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 使用私鑰 + +```yaml +- name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 多個命令 + +```yaml +- name: multiple command + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +![result](./images/output-result.png) + +#### 多台主機 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v0.1.8 + with: +- host: "foo.com" ++ host: "foo.com,bar.com" + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 多個不同端口的主機 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v0.1.8 + with: +- host: "foo.com" ++ host: "foo.com:1234,bar.com:5678" + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + script: | + whoami + ls -al +``` + +#### 在多個主機上同步執行 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v0.1.8 + with: + host: "foo.com,bar.com" ++ sync: true + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 將環境變量傳遞到 Shell 腳本 + +```diff + - name: pass environment + uses: appleboy/ssh-action@v0.1.8 ++ env: ++ FOO: "BAR" ++ BAR: "FOO" ++ SHA: ${{ github.sha }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ envs: FOO,BAR,SHA + script: | + echo "I am $FOO" + echo "I am $BAR" + echo "sha: $SHA" +``` + +_在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ + +#### 在第一次失敗後停止腳本 + +> ex: missing `abc` folder + +```diff + - name: stop script if command error + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ script_stop: true + script: | + mkdir abc/def + ls -al +``` + +畫面輸出: + +```sh +======CMD====== +mkdir abc/def +ls -al + +======END====== +2019/11/21 01:16:21 Process exited with status 1 +err: mkdir: cannot create directory ‘abc/def’: No such file or directory +##[error]Docker run failed with exit code 1 +``` + +#### 如何使用 `ProxyCommand` 連接遠程服務器? + +```bash ++--------+ +----------+ +-----------+ +| Laptop | <--> | Jumphost | <--> | FooServer | ++--------+ +----------+ +-----------+ +``` + +在您的 `~/.ssh/config` 文件中,您會看到以下內容。 + +```bash +Host Jumphost + HostName Jumphost + User ubuntu + Port 22 + IdentityFile ~/.ssh/keys/jump_host.pem + +Host FooServer + HostName FooServer + User ubuntu + Port 22 + ProxyCommand ssh -q -W %h:%p Jumphost +``` + +#### 如何將其轉換為 GitHubActions 的 YAML 格式? + +```diff + - name: ssh proxy command + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ proxy_host: ${{ secrets.PROXY_HOST }} ++ proxy_username: ${{ secrets.PROXY_USERNAME }} ++ proxy_key: ${{ secrets.PROXY_KEY }} ++ proxy_port: ${{ secrets.PROXY_PORT }} + script: | + mkdir abc/def + ls -al +``` + +#### 如何保護私鑰? + +密碼短語通常用於加密私鑰。這使得攻擊者無法單獨使用密鑰文件。文件泄露可能來自備份或停用的硬件,黑客通常可以從受攻擊系統中洩露文件。因此,保護私鑰非常重要。 + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al +``` + +#### 使用主機指紋驗證 + +設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 + +現代 OpenSSH 版本中,需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 + +```sh +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 +``` + +現在您可以調整您的配置: + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ fingerprint: ${{ secrets.FINGERPRINT }} + script: | + whoami + ls -al +``` + +## 貢獻 + +我們非常希望您為 `appleboy/ssh-action` 做出貢獻,歡迎提交請求! + +## 授權方式 + +本項目中的腳本和文檔采用 [MIT](LICENSE) 許可證 發布。 From 3cd1bcf7713f758a2c03f1fa7b0401826d0b1dcf Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 4 Apr 2023 17:25:53 +0800 Subject: [PATCH 052/167] feat: refactor code for parallel execution on multiple hosts (#237) - Update Dockerfile to use a newer version of `drone-ssh` - Modify `ci.yml` to use `continue-on-error` instead of commenting out code fix https://github.com/appleboy/ssh-action/issues/233 --- .github/workflows/ci.yml | 26 ++++++++++++++------------ Dockerfile | 2 +- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2c44c53..8494f9c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -63,18 +63,20 @@ jobs: whoami ls -al - # - name: stop script if command error - # if: always() - # uses: ./ - # with: - # host: ${{ secrets.HOST }} - # username: ${{ secrets.USERNAME }} - # key: ${{ secrets.KEY }} - # port: ${{ secrets.PORT }} - # script_stop: true - # script: | - # mkdir abc/def - # ls -al + - name: stop script if command error + uses: ./ + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al - name: pass environment uses: ./ diff --git a/Dockerfile b/Dockerfile index 0f1e3c8..6cd936d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.10 +FROM ghcr.io/appleboy/drone-ssh:1.6.12 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 5f64c95280a8e7632da28096e00ccaecb296d200 Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 4 Apr 2023 17:37:29 +0800 Subject: [PATCH 053/167] chore: improve SSH key handling and documentation - Upgrade the ssh-action package from version `v0.1.8` to `v0.1.9` - Update the ssh-keygen command to use `-t ed25519 -a 200 -C` flag with an email address - Clarify how to pass environment variables as strings in the `env` object - Add a command to check the fingerprint of an ed25519 key in the README - Remove duplicate Host entry for `FooServer` in the Chinese version of the README Signed-off-by: Bo-Yi.Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 460866f..0bf9bb8 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -161,7 +161,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -174,7 +174,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -187,7 +187,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -204,7 +204,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -220,7 +220,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -235,7 +235,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: "foo.com,bar.com" + sync: true @@ -251,7 +251,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 + env: + FOO: "BAR" + BAR: "FOO" @@ -276,7 +276,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -329,7 +329,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -378,7 +378,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index eeeca6d..e81326c 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 6268c80dd6526b1531eedc69f6c315e9d3848673 Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 4 Apr 2023 17:56:49 +0800 Subject: [PATCH 054/167] docs: add external resources to README file - Add a line linking to Golang and drone-ssh in the README file Signed-off-by: Bo-Yi.Wu --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0bf9bb8..783d892 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ **Important**: Only support **Linux** [docker](https://www.docker.com/) container. +This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 + ## Input variables See [action.yml](./action.yml) for more detailed information. From 334f9259f2f8eb3376d33fa4c684fff373f2c2a6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 11:15:42 +0800 Subject: [PATCH 055/167] chore: update action configuration for greater flexibility (#240) - Update base image version from `1.6.12` to `1.6.13` in Dockerfile - Add `envs_format` input with flexible configuration in action.yml - Add a line to README.md pointing to action.yml for more information fix https://github.com/appleboy/ssh-action/issues/213 --- .github/workflows/ci.yml | 97 +++++++++++++++++++++++++--------------- Dockerfile | 2 +- README.md | 1 + action.yml | 2 + 4 files changed, 65 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8494f9c..58d418c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,8 +7,8 @@ env: jobs: - build: - name: Build + testing01: + name: default flag testing runs-on: ubuntu-latest steps: - name: checkout @@ -78,40 +78,6 @@ jobs: mkdir abc/def ls -al - - name: pass environment - uses: ./ - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: ./ - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh - - name: ssh key passphrase uses: ./ with: @@ -172,3 +138,62 @@ jobs: # key: ${{ secrets.ID_ED25519 }} # port: ${{ secrets.TUNNEL_PORT }} # script: whoami + + testing02: + name: testing with envs + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: pass environment + uses: ./ + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: ./ + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: ./ + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" diff --git a/Dockerfile b/Dockerfile index 6cd936d..ffdb73d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.12 +FROM ghcr.io/appleboy/drone-ssh:1.6.13 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/README.md b/README.md index 783d892..425658d 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ See [action.yml](./action.yml) for more detailed information. * `debug` - enable debug mode * `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) * `cipher` - the allowed cipher algorithms. If unspecified then a sensible +* `envs_format` - flexible configuration of environment value transfer. default is `export {NAME}={VALUE}` SSH Proxy Setting: diff --git a/action.yml b/action.yml index 65891e8..3cdc797 100644 --- a/action.yml +++ b/action.yml @@ -65,6 +65,8 @@ inputs: default: false envs: description: 'pass environment variable to shell script' + envs_format: + description: 'flexible configuration of environment value transfer' debug: description: 'enable debug mode' default: false From 2b7de38eedf6e1cd145f62cad6c0b85f5c757757 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 12:18:50 +0800 Subject: [PATCH 056/167] chore: update `appleboy/ssh-action` to latest version - Update the version of `appleboy/ssh-action` from `v0.1.9` to `v0.1.10` in multiple files. Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 425658d..181fd18 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index e81326c..700a2bb 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 3130c7a2bcc2189118f51bfacd60c0974a89f031 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 14:38:24 +0800 Subject: [PATCH 057/167] ci: improve CI workflow for private repository cloning (#241) - Add a new job for git clone and pull in CI - Clone a private repository in CI with secrets - Remove a directory in the cloned repository ref: https://github.com/appleboy/ssh-action/issues/65 --- .github/workflows/ci.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 58d418c..9da0438 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -197,3 +197,22 @@ jobs: echo "I am $TEST_BAR, thanks" echo "I am $BAR, thanks" echo "I am $TEST_AAA, thanks" + + testing03: + name: git clone and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: clone private repository + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository From d87d276960fd7693a6c0d13631bf6e92196a62b9 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 18 Apr 2023 09:31:39 +0800 Subject: [PATCH 058/167] ci: add Docker login and pull job to CI pipeline (#244) - Add a new job named "testing04" for docker login and pull in ci.yml file. ref: https://github.com/appleboy/ssh-action/issues/230 --- .github/workflows/ci.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9da0438..d1b576f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -216,3 +216,32 @@ jobs: script: | git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository rm -rf test_repository + + testing04: + name: docker login and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: login GitHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + + - name: login DockerHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin From f579d71942bc5b32150f75471c095aa438c5689d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 11:06:25 +0800 Subject: [PATCH 059/167] chore: improve action.yml clarity and update default values - Update descriptions for input fields in action.yml for better clarity - Change default values for SSH port and SSH proxy port to string format Signed-off-by: Bo-Yi Wu --- action.yml | 67 +++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/action.yml b/action.yml index 3cdc797..2e04181 100644 --- a/action.yml +++ b/action.yml @@ -3,73 +3,68 @@ description: 'Executing remote ssh commands' author: 'Bo-Yi Wu' inputs: host: - description: 'ssh host' + description: 'SSH host address.' port: - description: 'ssh port' - default: 22 + description: 'SSH port number.' + default: "22" passphrase: - description: 'ssh key passphrase' + description: 'Passphrase for the SSH key.' username: - description: 'ssh username' + description: 'SSH username.' password: - description: 'ssh password' + description: 'SSH password.' sync: - description: 'synchronous execution if multiple hosts' - default: false + description: 'Enable synchronous execution if multiple hosts are involved.' use_insecure_cipher: - description: 'include more ciphers with use_insecure_cipher' - default: false + description: 'Include more ciphers by using insecure ciphers.' cipher: - description: 'the allowed cipher algorithms. If unspecified then a sensible' + description: 'Allowed cipher algorithms. If unspecified, a sensible default is used.' timeout: - description: 'timeout for ssh to host' + description: 'Timeout duration for establishing SSH connection to the host.' default: "30s" command_timeout: - description: 'timeout for ssh command' + description: 'Timeout duration for SSH commands execution.' default: "10m" key: - description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa' + description: 'Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa.' key_path: - description: 'path of ssh private key' + description: 'Path to the SSH private key file.' fingerprint: - description: 'sha256 fingerprint of the host public key' + description: 'SHA256 fingerprint of the host public key.' proxy_host: - description: 'ssh proxy host' + description: 'SSH proxy host address.' proxy_port: - description: 'ssh proxy port' - default: 22 + description: 'SSH proxy port number.' + default: "22" proxy_username: - description: 'ssh proxy username' + description: 'SSH proxy username.' proxy_password: - description: 'ssh proxy password' + description: 'SSH proxy password.' proxy_passphrase: - description: 'ssh proxy key passphrase' + description: 'SSH proxy key passphrase.' proxy_timeout: - description: 'timeout for ssh to proxy host' + description: 'Timeout duration for establishing SSH connection to the proxy host.' default: "30s" proxy_key: - description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa' + description: 'Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa.' proxy_key_path: - description: 'path of ssh proxy private key' + description: 'Path to the SSH proxy private key file.' proxy_fingerprint: - description: 'sha256 fingerprint of the proxy host public key' + description: 'SHA256 fingerprint of the proxy host public key.' proxy_cipher: - description: 'the allowed cipher algorithms. If unspecified then a sensible' + description: 'Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used.' proxy_use_insecure_cipher: - description: 'include more ciphers with use_insecure_cipher' - default: false + description: 'Include more ciphers for the proxy by using insecure ciphers.' script: - description: 'execute commands' + description: 'Commands to be executed.' script_stop: - description: 'stop script after first failure' - default: false + description: 'Stop the script after the first failure.' envs: - description: 'pass environment variable to shell script' + description: 'Environment variables to be passed to the shell script.' envs_format: - description: 'flexible configuration of environment value transfer' + description: 'Flexible configuration for environment value transfer.' debug: - description: 'enable debug mode' - default: false + description: 'Enable debug mode.' runs: using: 'docker' image: 'Dockerfile' From c7d850f6cdde249c4ca63d8651271f7a24959b4f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 11:08:59 +0800 Subject: [PATCH 060/167] docs: improve readability and functionality across project - Reformat input parameters in README.md as a table for better readability Signed-off-by: Bo-Yi Wu --- README.md | 63 +++++++++++++++++++++++++++---------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 181fd18..974c7de 100644 --- a/README.md +++ b/README.md @@ -16,38 +16,37 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. -* `host` - ssh host -* `port` - ssh port, default is `22` -* `username` - ssh username -* `password` - ssh password -* `passphrase` - the passphrase is usually to encrypt the private key -* `sync` - synchronous execution if multiple hosts, default is false -* `timeout` - timeout for ssh to remote host, default is `30s` -* `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines -* `key_path` - path of ssh private key -* `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification -* `script` - execute commands -* `script_stop` - stop script after first failure -* `envs` - pass environment variable to shell script -* `debug` - enable debug mode -* `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* `cipher` - the allowed cipher algorithms. If unspecified then a sensible -* `envs_format` - flexible configuration of environment value transfer. default is `export {NAME}={VALUE}` - -SSH Proxy Setting: - -* `proxy_host` - proxy host -* `proxy_port` - proxy port, default is `22` -* `proxy_username` - proxy username -* `proxy_password` - proxy password -* `proxy_passphrase` - the passphrase is usually to encrypt the private key -* `proxy_timeout` - timeout for ssh to proxy host, default is `30s` -* `proxy_key` - content of ssh proxy private key. -* `proxy_key_path` - path of ssh proxy private key -* `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification -* `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible +| Input Parameter | Description | Default Value | +|-------------------------|-----------------------------------------------------------------|---------------| +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | SSH key passphrase | | +| username | SSH username | | +| password | SSH password | | +| sync | Enable synchronous execution if multiple hosts | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| timeout | Timeout duration for SSH to host | 30s | +| command_timeout | Timeout duration for SSH command | 10m | +| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | +| key_path | Path of SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| script | Execute commands | | +| script_stop | Stop script after first failure | false | +| envs | Pass environment variables to shell script | | +| envs_format | Flexible configuration of environment value transfer | | +| debug | Enable debug mode | false | ## Usage From a01d3ea1dfcdbed994ab6c85fb3d7daf5e785f85 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 16:30:25 +0800 Subject: [PATCH 061/167] chore: improve performance and test coverage across OSs - Update the Dockerfile to use drone-ssh version 1.6.14 Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ffdb73d..533f0f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.13 +FROM ghcr.io/appleboy/drone-ssh:1.6.14 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 5ac43dd7628ddabb9fc5fae29368b663142fcc8f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 23 Jul 2023 09:53:20 +0800 Subject: [PATCH 062/167] chore(ssh): pass all ENV variables to script (#259) --- .github/workflows/ci.yml | 18 ++++++++++++++++++ Dockerfile | 2 +- action.yml | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d1b576f..8e8e5dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -198,6 +198,23 @@ jobs: echo "I am $BAR, thanks" echo "I am $TEST_AAA, thanks" + - name: pass all ENV variables to script + uses: ./ + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" + testing03: name: git clone and pull runs-on: ubuntu-latest @@ -245,3 +262,4 @@ jobs: script_stop: true script: | echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + diff --git a/Dockerfile b/Dockerfile index 533f0f9..cb97f5b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.14 +FROM ghcr.io/appleboy/drone-ssh:1.7.0 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/action.yml b/action.yml index 2e04181..405b14a 100644 --- a/action.yml +++ b/action.yml @@ -65,6 +65,8 @@ inputs: description: 'Flexible configuration for environment value transfer.' debug: description: 'Enable debug mode.' + allenvs: + description: 'pass all environment variable to shell script.' runs: using: 'docker' image: 'Dockerfile' From 8d9094f3b161ae3721150b835be0dfa3a3f65f4a Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 09:57:59 +0800 Subject: [PATCH 063/167] docs: "Introduce `allenvs` option for shell script execution" - Add a new option `allenvs` in the README to pass all environment variables to the shell script. Signed-off-by: appleboy --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 974c7de..7ac1189 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | +| allenvs | Pass all environment variables to shell script | false | ## Usage From 55dabf81b49d4120609345970c91507e2d734799 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 10:01:08 +0800 Subject: [PATCH 064/167] docs: update appleboy/ssh-action version in README - Update the version of `appleboy/ssh-action` from `v0.1.10` to `v0.2.0` in multiple places in the README file. Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 7ac1189..ed77ce2 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 4330a1ea489ced98a6778fb35bb6bfed8b61fca5 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 10:05:56 +0800 Subject: [PATCH 065/167] docs: update appleboy/ssh-action version in README - Update the version of `appleboy/ssh-action` from `v0.2.0` to `v1.0.0` in multiple places in the README. Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index ed77ce2..77f71dd 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From b9f6bf6223b169d55fdc9d4317424830474585e6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:07:39 +0800 Subject: [PATCH 066/167] style: refine CI Workflow and Test Configurations - Remove empty lines from the GitHub Actions CI workflow file Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 410 +++++++++++++++++++-------------------- 1 file changed, 204 insertions(+), 206 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e8e5dd..e9f2b7c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,129 +6,128 @@ env: BAR: "FOO" jobs: - testing01: name: default flag testing runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: correct password but wrong key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami + - name: correct password but wrong key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami - - name: wrong password but correct key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami + - name: wrong password but correct key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami - - name: executing remote ssh commands using password - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami - - name: executing remote ssh commands using ssh key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using ssh key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami - - name: multiple command - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al + - name: multiple command + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al - - name: stop script if command error - uses: ./ - continue-on-error: true - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al + - name: stop script if command error + uses: ./ + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al - - name: ssh key passphrase - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} - script: | - whoami - ls -al + - name: ssh key passphrase + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH2 }} + port: ${{ secrets.PORT }} + passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al - - name: use insecure cipher - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | + - name: use insecure cipher + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script_stop: true - script: | + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: ./ - with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 - script_stop: true - script: | + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: ./ + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true # - name: SSH ED25519 Private Key # uses: ./ @@ -143,123 +142,122 @@ jobs: name: testing with envs runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: pass environment - uses: ./ - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" + - name: pass environment + uses: ./ + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" - - name: pass multiple environment - uses: ./ - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh + - name: pass multiple environment + uses: ./ + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh - - name: custom envs format - uses: ./ - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" + - name: custom envs format + uses: ./ + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" - - name: pass all ENV variables to script - uses: ./ - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" + - name: pass all ENV variables to script + uses: ./ + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" testing03: name: git clone and pull runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: clone private repository - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository + - name: clone private repository + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository testing04: name: docker login and pull runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: login GitHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + - name: login GitHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + - name: login DockerHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin From 2344d975738ad85c2c0bc848a78cef0d4ce17ec0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:11:53 +0800 Subject: [PATCH 067/167] chore(security): update drone-ssh to v1.7.1 (#286) - Update the base image in Dockerfile from `1.7.0` to `1.7.1` - Change the location of `entrypoint.sh` from root to `/bin/` directory in Dockerfile - Remove the explicit `chmod +x` command for `entrypoint.sh` in Dockerfile Signed-off-by: Bo-Yi Wu --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index cb97f5b..bc4c6cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.0 +FROM ghcr.io/appleboy/drone-ssh:1.7.1 -COPY entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] +COPY entrypoint.sh /bin/entrypoint.sh + +ENTRYPOINT ["/bin/entrypoint.sh"] From 8f949198563a347a01c65ffc60399aef2b59d4ab Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:13:15 +0800 Subject: [PATCH 068/167] chore: update appleboy/ssh-action to v1.0.1 in documentation - Update appleboy/ssh-action from v1.0.0 to v1.0.1 in README.md - Update appleboy/ssh-action from v0.1.10 to v1.0.1 in README.zh-tw.md Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 77f71dd..1ffd1ce 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 700a2bb..081c8ca 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 1f3c33893694c04aef214bb7cf82793046ec9ca1 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 1 Jan 2024 14:22:41 +0800 Subject: [PATCH 069/167] chore: update base image to 1.7.2 in Dockerfile - Update the base image from `1.7.1` to `1.7.2` in the Dockerfile Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bc4c6cf..d065a87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.1 +FROM ghcr.io/appleboy/drone-ssh:1.7.2 COPY entrypoint.sh /bin/entrypoint.sh From 2451745138b602d3e100a6def50c8e4e39591d4c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 1 Jan 2024 14:23:27 +0800 Subject: [PATCH 070/167] chore: update SSH action version in README files - Update the version of the `appleboy/ssh-action` to `v1.0.2` in the `README.md` and `README.zh-tw.md` files. Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 1ffd1ce..84aaaf4 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 081c8ca..94b7e9c 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From d134a26a1f62a1eb6f470f543cb0a988f888573d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:39:23 +0800 Subject: [PATCH 071/167] fix(sudo): support request_pty to execute sudo command (#288) - Add a new job called `testing05` to the CI workflow - Update the base image in the Dockerfile from `1.7.2` to `1.7.3` - Update the action name, description, and author in the action.yml file - Update the descriptions for various inputs in the action.yml file - Add a new input `request_pty` with a description in the action.yml file - Update the `using` and `image` fields in the action.yml file - Update the `using` and `image` fields in the runs section of the action.yml file - Update the `icon` and `color` fields in the branding section of the action.yml file Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 21 +++++++++++ Dockerfile | 2 +- action.yml | 76 +++++++++++++++++++++------------------- 3 files changed, 61 insertions(+), 38 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9f2b7c..b676e5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -261,3 +261,24 @@ jobs: script_stop: true script: | echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + + testing05: + name: switch user + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: switch to root user + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami diff --git a/Dockerfile b/Dockerfile index d065a87..dd5119d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.2 +FROM ghcr.io/appleboy/drone-ssh:1.7.3 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/action.yml b/action.yml index 405b14a..2d1067e 100644 --- a/action.yml +++ b/action.yml @@ -1,76 +1,78 @@ -name: 'SSH Remote Commands' -description: 'Executing remote ssh commands' -author: 'Bo-Yi Wu' +name: "SSH Remote Commands" +description: "Executing remote ssh commands" +author: "Bo-Yi Wu" inputs: host: - description: 'SSH host address.' + description: "SSH host address." port: - description: 'SSH port number.' + description: "SSH port number." default: "22" passphrase: - description: 'Passphrase for the SSH key.' + description: "Passphrase for the SSH key." username: - description: 'SSH username.' + description: "SSH username." password: - description: 'SSH password.' + description: "SSH password." sync: - description: 'Enable synchronous execution if multiple hosts are involved.' + description: "Enable synchronous execution if multiple hosts are involved." use_insecure_cipher: - description: 'Include more ciphers by using insecure ciphers.' + description: "Include more ciphers by using insecure ciphers." cipher: - description: 'Allowed cipher algorithms. If unspecified, a sensible default is used.' + description: "Allowed cipher algorithms. If unspecified, a sensible default is used." timeout: - description: 'Timeout duration for establishing SSH connection to the host.' + description: "Timeout duration for establishing SSH connection to the host." default: "30s" command_timeout: - description: 'Timeout duration for SSH commands execution.' + description: "Timeout duration for SSH commands execution." default: "10m" key: - description: 'Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa.' + description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa." key_path: - description: 'Path to the SSH private key file.' + description: "Path to the SSH private key file." fingerprint: - description: 'SHA256 fingerprint of the host public key.' + description: "SHA256 fingerprint of the host public key." proxy_host: - description: 'SSH proxy host address.' + description: "SSH proxy host address." proxy_port: - description: 'SSH proxy port number.' + description: "SSH proxy port number." default: "22" proxy_username: - description: 'SSH proxy username.' + description: "SSH proxy username." proxy_password: - description: 'SSH proxy password.' + description: "SSH proxy password." proxy_passphrase: - description: 'SSH proxy key passphrase.' + description: "SSH proxy key passphrase." proxy_timeout: - description: 'Timeout duration for establishing SSH connection to the proxy host.' + description: "Timeout duration for establishing SSH connection to the proxy host." default: "30s" proxy_key: - description: 'Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa.' + description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa." proxy_key_path: - description: 'Path to the SSH proxy private key file.' + description: "Path to the SSH proxy private key file." proxy_fingerprint: - description: 'SHA256 fingerprint of the proxy host public key.' + description: "SHA256 fingerprint of the proxy host public key." proxy_cipher: - description: 'Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used.' + description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used." proxy_use_insecure_cipher: - description: 'Include more ciphers for the proxy by using insecure ciphers.' + description: "Include more ciphers for the proxy by using insecure ciphers." script: - description: 'Commands to be executed.' + description: "Commands to be executed." script_stop: - description: 'Stop the script after the first failure.' + description: "Stop the script after the first failure." envs: - description: 'Environment variables to be passed to the shell script.' + description: "Environment variables to be passed to the shell script." envs_format: - description: 'Flexible configuration for environment value transfer.' + description: "Flexible configuration for environment value transfer." debug: - description: 'Enable debug mode.' + description: "Enable debug mode." allenvs: - description: 'pass all environment variable to shell script.' + description: "pass all environment variable to shell script." + request_pty: + description: "Request a pseudo-terminal from the server." runs: - using: 'docker' - image: 'Dockerfile' + using: "docker" + image: "Dockerfile" branding: - icon: 'terminal' - color: 'gray-dark' + icon: "terminal" + color: "gray-dark" From 029f5b4aeeeb58fdfe1410a5d17f967dacf36262 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:40:43 +0800 Subject: [PATCH 072/167] docs: update README.md and improve code documentation - Add a new entry for `request_pty` in the README.md file Signed-off-by: Bo-Yi Wu --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 84aaaf4..c21143f 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ See [action.yml](./action.yml) for more detailed information. | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | | allenvs | Pass all environment variables to shell script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From 9b978f09f2587beff9c80449f57cb0f0612d3039 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:48:12 +0800 Subject: [PATCH 073/167] chore: update SSH action version in README files - Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.md file - Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.zh-tw.md file Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index c21143f..37265d6 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -165,7 +165,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -178,7 +178,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -191,7 +191,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -208,7 +208,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -224,7 +224,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: "foo.com,bar.com" + sync: true @@ -255,7 +255,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" @@ -280,7 +280,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -333,7 +333,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -356,7 +356,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -382,7 +382,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 94b7e9c..9c37b34 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 8a779a5b1a8a79465e63ce4724624b4755fed49b Mon Sep 17 00:00:00 2001 From: Kushal Dhakal <55182298+hussu010@users.noreply.github.com> Date: Sat, 16 Mar 2024 07:28:37 +0545 Subject: [PATCH 074/167] docs: describe true usage of allenvs parameter (#301) --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 37265d6..7fc55db 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ See [action.yml](./action.yml) for more detailed information. | username | SSH username | | | password | SSH password | | | sync | Enable synchronous execution if multiple hosts | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | | cipher | Allowed cipher algorithms. If unspecified, a sensible default | | | timeout | Timeout duration for SSH to host | 30s | | command_timeout | Timeout duration for SSH command | 10m | @@ -36,19 +36,19 @@ See [action.yml](./action.yml) for more detailed information. | proxy_username | SSH proxy username | | | proxy_password | SSH proxy password | | | proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | -| script_stop | Stop script after first failure | false | +| script_stop | Stop script after first failure | false | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | Pass all environment variables to shell script | false | -| request_pty | Request a pseudo-terminal from the server | false | +| allenvs | pass the environment variables with prefix value of GITHUB_ and INPUT_ to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From c78141851a6d716353b2ce13c978924e0300775e Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 15:45:28 +0800 Subject: [PATCH 075/167] ci: enhance GitHub Actions for IPv6 and flexibility (#303) * ci: enhance GitHub Actions for IPv6 and flexibility - Add a new CI job for testing IPv6 in GitHub Actions workflow - Update the Docker image version from `1.7.3` to `1.7.4` - Add a new `protocol` input parameter to the GitHub action with a default value of `tcp` - Change the GitHub action to use a composite run steps action instead of a Docker container - Update the `entrypoint.sh` script to use `bash` instead of `sh`, set stricter error handling, and add a function to detect client platform and architecture - Modify the `entrypoint.sh` script to download a specific version of `drone-ssh` based on the detected client info and execute it Signed-off-by: Bo-Yi Wu * ci: refactor CI workflow and Docker setup - Remove IPv6 ping command from CI workflow - Uncomment Docker run configuration in action.yml Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 28 +++++++++++++++++ Dockerfile | 2 +- action.yml | 50 +++++++++++++++++++++++++++++-- entrypoint.sh | 65 ++++++++++++++++++++++++++++++++++++++-- 4 files changed, 139 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b676e5f..e188bf9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -282,3 +282,31 @@ jobs: script: | whoami && echo 'hello world' && touch todo.txt sudo whoami + + testing06: + name: testing ipv6 + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: Set up WARP + uses: fscarmen/warp-on-actions@v1.1 + with: + stack: dual + + - name: testing ipv6 for command + run: | + curl -m 9 --ipv6 --verbose https://google.com + + - name: testing ipv6 + uses: ./ + with: + host: 2402:1f00:8000:800::2628 + username: ubuntu + password: ${{ secrets.OVH_PASSWORD }} + protocol: tcp6 + port: 22 + command_timeout: 30s + script: | + whoami diff --git a/Dockerfile b/Dockerfile index dd5119d..d84c375 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.3 +FROM ghcr.io/appleboy/drone-ssh:1.7.4 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/action.yml b/action.yml index 2d1067e..4a16472 100644 --- a/action.yml +++ b/action.yml @@ -13,6 +13,9 @@ inputs: description: "SSH username." password: description: "SSH password." + protocol: + description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + default: "tcp" sync: description: "Enable synchronous execution if multiple hosts are involved." use_insecure_cipher: @@ -69,9 +72,52 @@ inputs: description: "pass all environment variable to shell script." request_pty: description: "Request a pseudo-terminal from the server." + runs: - using: "docker" - image: "Dockerfile" + using: "composite" + steps: + - name: Set GitHub Path + run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH + shell: bash + env: + GITHUB_ACTION_PATH: ${{ github.action_path }} + - name: Run entrypoint.sh + run: entrypoint.sh + shell: bash + env: + GITHUB_ACTION_PATH: ${{ github.action_path }} + INPUT_HOST: ${{ inputs.host }} + INPUT_PORT: ${{ inputs.port }} + INPUT_PROTOCOL: ${{ inputs.protocol }} + INPUT_USERNAME: ${{ inputs.username }} + INPUT_PASSWORD: ${{ inputs.password }} + INPUT_PASSPHRASE: ${{ inputs.passphrase }} + INPUT_KEY: ${{ inputs.key }} + INPUT_KEY_PATH: ${{ inputs.key_path }} + INPUT_FINGERPRINT: ${{ inputs.fingerprint }} + INPUT_PROXY_HOST: ${{ inputs.proxy_host }} + INPUT_PROXY_PORT: ${{ inputs.proxy_port }} + INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }} + INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }} + INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }} + INPUT_PROXY_KEY: ${{ inputs.proxy_key }} + INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }} + INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }} + INPUT_TIMEOUT: ${{ inputs.timeout }} + INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} + INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} + INPUT_SCRIPT: ${{ inputs.script }} + INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} + INPUT_ENVS: ${{ inputs.envs }} + INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} + INPUT_DEBUG: ${{ inputs.debug }} + INPUT_ALL_ENVS: ${{ inputs.allenvs }} + INPUT_REQUEST_PTY: ${{ inputs.request_pty }} + INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }} + INPUT_CIPHER: ${{ inputs.cipher }} + INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} + INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} + INPUT_SYNC: ${{ inputs.sync }} branding: icon: "terminal" diff --git a/entrypoint.sh b/entrypoint.sh index f880594..e4e661c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,7 +1,66 @@ -#!/bin/sh +#!/usr/bin/env bash -set -eu +set -o errexit +set -o nounset +set -o pipefail export GITHUB="true" -sh -c "/bin/drone-ssh $*" +DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" + +function detect_client_info() { + if [ -n "${SSH_CLIENT_OS-}" ]; then + CLIENT_PLATFORM="${SSH_CLIENT_OS}" + else + local kernel + kernel="$(uname -s)" + case "${kernel}" in + Darwin) + CLIENT_PLATFORM="darwin" + ;; + Linux) + CLIENT_PLATFORM="linux" + ;; + Windows) + CLIENT_PLATFORM="windows" + ;; + *) + echo "Unknown, unsupported platform: ${kernel}." >&2 + echo "Supported platforms: Linux, Darwin and Windows." >&2 + echo "Bailing out." >&2 + exit 2 + esac + fi + + if [ -n "${SSH_CLIENT_ARCH-}" ]; then + CLIENT_ARCH="${SSH_CLIENT_ARCH}" + else + # TODO: migrate the kube::util::host_platform function out of hack/lib and + # use it here. + local machine + machine="$(uname -m)" + case "${machine}" in + x86_64*|i?86_64*|amd64*) + CLIENT_ARCH="amd64" + ;; + aarch64*|arm64*) + CLIENT_ARCH="arm64" + ;; + *) + echo "Unknown, unsupported architecture (${machine})." >&2 + echo "Supported architectures x86_64, i686, arm64." >&2 + echo "Bailing out." >&2 + exit 3 + ;; + esac + fi +} + +detect_client_info +DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" +CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" +echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" +curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${GITHUB_ACTION_PATH}/drone-ssh +chmod +x ${GITHUB_ACTION_PATH}drone-ssh +sh -c "${GITHUB_ACTION_PATH}/drone-ssh $*" From fe44be0b96e09ca219322f172bc338fd0718a55b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 15:47:10 +0800 Subject: [PATCH 076/167] docs: improve documentation and CI robustness - Add backticks around `GITHUB_` and `INPUT_` in the README for clarity Signed-off-by: Bo-Yi Wu --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7fc55db..8e850a1 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of GITHUB_ and INPUT_ to the script | false | +| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | ## Usage From 1991c553ec29aeb9fe1cbffabfabe0c2f0ea891e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 16 Mar 2024 15:59:42 +0800 Subject: [PATCH 077/167] chore(file): update target file Signed-off-by: appleboy --- entrypoint.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index e4e661c..f50d56e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,6 +6,7 @@ set -o pipefail export GITHUB="true" +GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" @@ -36,8 +37,6 @@ function detect_client_info() { if [ -n "${SSH_CLIENT_ARCH-}" ]; then CLIENT_ARCH="${SSH_CLIENT_ARCH}" else - # TODO: migrate the kube::util::host_platform function out of hack/lib and - # use it here. local machine machine="$(uname -m)" case "${machine}" in @@ -60,7 +59,8 @@ function detect_client_info() { detect_client_info DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" +TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${GITHUB_ACTION_PATH}/drone-ssh -chmod +x ${GITHUB_ACTION_PATH}drone-ssh -sh -c "${GITHUB_ACTION_PATH}/drone-ssh $*" +curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +chmod +x ${TARGET} +sh -c "${TARGET} $*" From dd0f09ca072e60babe3cc58ed83c66a86176300c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 16:04:59 +0800 Subject: [PATCH 078/167] docs: improve README clarity and completeness - Update the README table formatting to include an additional column separator - Add documentation for the SSH protocol version option in the README table Signed-off-by: Bo-Yi Wu --- README.md | 67 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 8e850a1..186602a 100644 --- a/README.md +++ b/README.md @@ -16,39 +16,40 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. -| Input Parameter | Description | Default Value | -|-------------------------|-----------------------------------------------------------------|---------------| -| host | SSH host address | | -| port | SSH port number | 22 | -| passphrase | SSH key passphrase | | -| username | SSH username | | -| password | SSH password | | -| sync | Enable synchronous execution if multiple hosts | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | -| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | -| timeout | Timeout duration for SSH to host | 30s | -| command_timeout | Timeout duration for SSH command | 10m | -| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | -| key_path | Path of SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | -| script | Execute commands | | -| script_stop | Stop script after first failure | false | -| envs | Pass environment variables to shell script | | -| envs_format | Flexible configuration of environment value transfer | | -| debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | -| request_pty | Request a pseudo-terminal from the server | false | +| Input Parameter | Description | Default Value | +|---------------------------|------------------------------------------------------------------------------------------|---------------| +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | SSH key passphrase | | +| username | SSH username | | +| password | SSH password | | +| protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | +| sync | Enable synchronous execution if multiple hosts | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| timeout | Timeout duration for SSH to host | 30s | +| command_timeout | Timeout duration for SSH command | 10m | +| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | +| key_path | Path of SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| script | Execute commands | | +| script_stop | Stop script after first failure | false | +| envs | Pass environment variables to shell script | | +| envs_format | Flexible configuration of environment value transfer | | +| debug | Enable debug mode | false | +| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From d2d68588591b705c406168accae85968a2f75c0d Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 21 Mar 2024 21:38:55 +0800 Subject: [PATCH 079/167] ci: enhance GitHub workflow for SSH actions and deployments - Add a new GitHub workflow file `version.yml` - Define environment variables `FOO` and `BAR` - Add multiple jobs for testing different scenarios - Include steps for SSH actions using different authentication methods - Implement scripts for executing remote SSH commands - Configure SSH key passphrase authentication - Add a job for using insecure cipher - Include a job for executing multiline SSH commands - Implement a job for deployment to multiple hosts with different ports - Add jobs for passing environment variables to scripts - Configure custom environment variables format - Implement a job for passing all ENV variables to a script - Include jobs for cloning private repositories and logging into container registries - Implement a job for switching users and testing IPv6 connectivity Signed-off-by: appleboy --- .github/workflows/version.yml | 312 ++++++++++++++++++++++++++++++++++ 1 file changed, 312 insertions(+) create mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml new file mode 100644 index 0000000..0d2b264 --- /dev/null +++ b/.github/workflows/version.yml @@ -0,0 +1,312 @@ +name: the stable version of ssh-action +on: [push] + +env: + FOO: "BAR" + BAR: "FOO" + +jobs: + testing01: + name: default flag testing + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: correct password but wrong key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami + + - name: wrong password but correct key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: multiple command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al + + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al + + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH2 }} + port: ${{ secrets.PORT }} + passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al + + - name: use insecure cipher + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: appleboy/ssh-action@v1.0.3 + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # - name: SSH ED25519 Private Key + # uses: appleboy/ssh-action@v1.0.3 + # with: + # host: ${{ secrets.TUNNEL_HOST }} + # username: ${{ secrets.TUNNEL_USERNAME }} + # key: ${{ secrets.ID_ED25519 }} + # port: ${{ secrets.TUNNEL_PORT }} + # script: whoami + + testing02: + name: testing with envs + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" + + - name: pass all ENV variables to script + uses: appleboy/ssh-action@v1.0.3 + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" + + testing03: + name: git clone and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: clone private repository + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository + + testing04: + name: docker login and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: login GitHub Container Registry + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + + - name: login DockerHub Container Registry + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + + testing05: + name: switch user + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: switch to root user + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami + + testing06: + name: testing ipv6 + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: Set up WARP + uses: fscarmen/warp-on-actions@v1.1 + with: + stack: dual + + - name: testing ipv6 for command + run: | + curl -m 9 --ipv6 --verbose https://google.com + + - name: testing ipv6 + uses: appleboy/ssh-action@v1.0.3 + with: + host: 2402:1f00:8000:800::2628 + username: ubuntu + password: ${{ secrets.OVH_PASSWORD }} + protocol: tcp6 + port: 22 + command_timeout: 30s + script: | + whoami From 551964ebda1034f0b5449d74db25c42e371ca1f7 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 22 Mar 2024 13:21:33 +0800 Subject: [PATCH 080/167] ci: optimize GitHub Actions workflow configuration - Remove the `testing06` job related to testing IPv6 from the GitHub Actions workflow. Signed-off-by: Bo-Yi Wu --- .github/workflows/version.yml | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 0d2b264..a15c0af 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -282,31 +282,3 @@ jobs: script: | whoami && echo 'hello world' && touch todo.txt sudo whoami - - testing06: - name: testing ipv6 - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: Set up WARP - uses: fscarmen/warp-on-actions@v1.1 - with: - stack: dual - - - name: testing ipv6 for command - run: | - curl -m 9 --ipv6 --verbose https://google.com - - - name: testing ipv6 - uses: appleboy/ssh-action@v1.0.3 - with: - host: 2402:1f00:8000:800::2628 - username: ubuntu - password: ${{ secrets.OVH_PASSWORD }} - protocol: tcp6 - port: 22 - command_timeout: 30s - script: | - whoami From f9163462563f649b27272d32e585525a5fe68d76 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 4 May 2024 19:52:33 +0800 Subject: [PATCH 081/167] ci: refactor CI workflow and improve robustness (#320) * ci: refactor CI workflow and improve robustness - Update GitHub Actions checkout step from version 1 to version 4 in multiple jobs within the CI workflow Signed-off-by: Bo-Yi Wu * docs: improve non-interactive shell command handling - Add a Q&A section to the README with information on resolving 'command not found' errors for non-interactive shells - Provide a solution involving editing `/etc/bash.bashrc` to ensure commands are added to the path in non-interactive shells Signed-off-by: Bo-Yi Wu * docs: improve documentation and CI robustness - Update acknowledgment for the interactive shell solution in the README.md file Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 12 ++++++------ README.md | 23 +++++++++++++++++++++++ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e188bf9..a62c774 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: correct password but wrong key uses: ./ @@ -143,7 +143,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: pass environment uses: ./ @@ -219,7 +219,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: clone private repository uses: ./ @@ -238,7 +238,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: login GitHub Container Registry uses: ./ @@ -267,7 +267,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: switch to root user uses: ./ @@ -288,7 +288,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: Set up WARP uses: fscarmen/warp-on-actions@v1.1 diff --git a/README.md b/README.md index 186602a..0e11a25 100644 --- a/README.md +++ b/README.md @@ -395,6 +395,29 @@ Now you can adjust you config: ls -al ``` +## Q&A + +### Command not found (npm or other command) + +See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. + +Basically, if you are running a command in a non interactive shell, like ssh-action, on many linux distros, + +`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, + +```sh +# /etc/bash.bashrc +# System-wide .bashrc file for interactive bash(1) shells. + +# To enable the settings / commands in this file for login shells as well, +# this file has to be sourced in /etc/profile. + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return` +``` + +just comment out the line that returns early and everything should work fine, or you can use the real paths of the commands that you would like to use. + ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From aabaf1254d78efafd55cd5880a874e9715b4c6e8 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 1 Jun 2024 14:20:58 +0800 Subject: [PATCH 082/167] ci: add bug report template --- .github/ISSUE_TEMPLATE/bug_report.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..75125d9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,24 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: bug +assignees: appleboy + +--- + +## Describe the bug + +A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem. + +## Yaml Config + +Please post your Yaml configuration file along with the output results. + +## Related environment + +Please provide the following information: + +1. Your hosting provider information, such as DigitalOcean, Linode, AWS, or GCP. +2. The version information of your host's SSH service. +3. The information from your host's SSH configuration file. From c8594ae37d5bd9a779dc12abd0236b1bcff70119 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 1 Jun 2024 14:22:37 +0800 Subject: [PATCH 083/167] ci: implement GitHub Actions for remote SSH execution - Add example GitHub Actions workflow for executing remote SSH commands using password authentication Signed-off-by: appleboy --- .github/ISSUE_TEMPLATE/bug_report.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 75125d9..6e2dcf4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -11,10 +11,29 @@ assignees: appleboy A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem. -## Yaml Config +## Yaml Config Please post your Yaml configuration file along with the output results. +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + ## Related environment Please provide the following information: From 40aad53c5a18b2676371816d258458b2ccd56c50 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 13:34:57 +0800 Subject: [PATCH 084/167] ci: add SSH authentication setup for GitHub Actions - Add a GitHub Action workflow to set up an OpenSSH server using Docker - Add RSA private key for SSH authentication in test data - Add RSA public key for SSH authentication in test data - Add OpenSSH private key for SSH authentication in test data - Add OpenSSH public key for SSH authentication in test data Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 40 +++++++++++++++++++++++++ testdata/.ssh/id_rsa | 27 +++++++++++++++++ testdata/.ssh/id_rsa.pub | 1 + testdata/.ssh/test | 50 ++++++++++++++++++++++++++++++++ testdata/.ssh/test.pub | 1 + 5 files changed, 119 insertions(+) create mode 100644 .github/workflows/ssh-server.yml create mode 100644 testdata/.ssh/id_rsa create mode 100644 testdata/.ssh/id_rsa.pub create mode 100644 testdata/.ssh/test create mode 100644 testdata/.ssh/test.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml new file mode 100644 index 0000000..3d3b0a7 --- /dev/null +++ b/.github/workflows/ssh-server.yml @@ -0,0 +1,40 @@ +name: openssh-server + +on: [push] + +jobs: + default-user-name-password: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + + - name: executing remote ssh commands using password (1.0.3) + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script: whoami diff --git a/testdata/.ssh/id_rsa b/testdata/.ssh/id_rsa new file mode 100644 index 0000000..6270f55 --- /dev/null +++ b/testdata/.ssh/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4e2D/qPN08pzTac+a8ZmlP1ziJOXk45CynMPtva0rtK/RB26 +VbfAF0hIJji7ltvnYnqCU9oFfvEM33cTn7T96+od8ib/Vz25YU8ZbstqtIskPuwC +bv3K0mAHgsviJyRD7yM+QKTbBQEgbGuW6gtbMKhiYfiIB4Dyj7AdS/fk3v26wDgz +7SHI5OBqu9bv1KhxQYdFEnU3PAtAqeccgzNpbH3eYLyGzuUxEIJlhpZ/uU2G9ppj +/cSrONVPiI8Ahi4RrlZjmP5l57/sq1ClGulyLpFcMw68kP5FikyqHpHJHRBNgU57 +1y0Ph33SjBbs0haCIAcmreWEhGe+/OXnJe6VUQIDAQABAoIBAH97emORIm9DaVSD +7mD6DqA7c5m5Tmpgd6eszU08YC/Vkz9oVuBPUwDQNIX8tT0m0KVs42VVPIyoj874 +bgZMJoucC1G8V5Bur9AMxhkShx9g9A7dNXJTmsKilRpk2TOk7wBdLp9jZoKoZBdJ +jlp6FfaazQjjKD6zsCsMATwAoRCBpBNsmT6QDN0n0bIgY0tE6YGQaDdka0dAv68G +R0VZrcJ9voT6+f+rgJLoojn2DAu6iXaM99Gv8FK91YCymbQlXXgrk6CyS0IHexN7 +V7a3k767KnRbrkqd3o6JyNun/CrUjQwHs1IQH34tvkWScbseRaFehcAm6mLT93RP +muauvMECgYEA9AXGtfDMse0FhvDPZx4mx8x+vcfsLvDHcDLkf/lbyPpu97C27b/z +ia07bu5TAXesUZrWZtKA5KeRE5doQSdTOv1N28BEr8ZwzDJwfn0DPUYUOxsN2iIy +MheO5A45Ko7bjKJVkZ61Mb1UxtqCTF9mqu9R3PBdJGthWOd+HUvF460CgYEA7QRf +Z8+vpGA+eSuu29e0xgRKnRzed5zXYpcI4aERc3JzBgO4Z0er9G8l66OWVGdMfpe6 +CBajC5ToIiT8zqoYxXwqJgN+glir4gJe3mm8J703QfArZiQrdk0NTi5bY7+vLLG/ +knTrtpdsKih6r3kjhuPPaAsIwmMxIydFvATKjLUCgYEAh/y4EihRSk5WKC8GxeZt +oiZ58vT4z+fqnMIfyJmD5up48JuQNcokw/LADj/ODiFM7GUnWkGxBrvDA3H67WQm +49bJjs8E+BfUQFdTjYnJRlpJZ+7Zt1gbNQMf5ENw5CCchTDqEq6pN0DVf8PBnSIF +KvkXW9KvdV5J76uCAn15mDkCgYA1y8dHzbjlCz9Cy2pt1aDfTPwOew33gi7U3skS +RTerx29aDyAcuQTLfyrROBkX4TZYiWGdEl5Bc7PYhCKpWawzrsH2TNa7CRtCOh2E +R+V/84+GNNf04ALJYCXD9/ugQVKmR1XfDRCvKeFQFE38Y/dvV2etCswbKt5tRy2p +xkCe/QKBgQCkLqafD4S20YHf6WTp3jp/4H/qEy2X2a8gdVVBi1uKkGDXr0n+AoVU +ib4KbP5ovZlrjL++akMQ7V2fHzuQIFWnCkDA5c2ZAqzlM+ZN+HRG7gWur7Bt4XH1 +7XC9wlRna4b3Ln8ew3q1ZcBjXwD4ppbTlmwAfQIaZTGJUgQbdsO9YA== +-----END RSA PRIVATE KEY----- diff --git a/testdata/.ssh/id_rsa.pub b/testdata/.ssh/id_rsa.pub new file mode 100644 index 0000000..2983f04 --- /dev/null +++ b/testdata/.ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh7YP+o83TynNNpz5rxmaU/XOIk5eTjkLKcw+29rSu0r9EHbpVt8AXSEgmOLuW2+dieoJT2gV+8QzfdxOftP3r6h3yJv9XPblhTxluy2q0iyQ+7AJu/crSYAeCy+InJEPvIz5ApNsFASBsa5bqC1swqGJh+IgHgPKPsB1L9+Te/brAODPtIcjk4Gq71u/UqHFBh0USdTc8C0Cp5xyDM2lsfd5gvIbO5TEQgmWGln+5TYb2mmP9xKs41U+IjwCGLhGuVmOY/mXnv+yrUKUa6XIukVwzDryQ/kWKTKoekckdEE2BTnvXLQ+HfdKMFuzSFoIgByat5YSEZ7785ecl7pVR drone-scp@localhost diff --git a/testdata/.ssh/test b/testdata/.ssh/test new file mode 100644 index 0000000..89cc6ec --- /dev/null +++ b/testdata/.ssh/test @@ -0,0 +1,50 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZka7A7i +FscMeJBPyPteclAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2o +nnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mh +HBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+ +rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMG +vX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv +9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOr +b93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mr +D2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jI +NHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE +3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpv +jwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQAAB1CnEMQGwAKZbd3F1DJqwfPf +KWjoUJKbTRiav6h5pQr65JaqDe/7YE2ZHYo5917AC2vPLwPxAnoHFMsbObd5mWcmpATg/0 +K/qkN5Z4Ml5U3bwr51wfSPh1MiAP21Aickt09BDstIJzNNwwgcY31O3k/d6VBjqyM6Ezop +66LI4s/IIni1BI+cALyEfzE4Qu16GfzIeM+JVxildP4VImhvNBESmmbBL8rNmSzlQ+FTuF +JVmowUbcon1O0CppM1MRVPeG805XDwjxHXKwOp5O7MdTz7H8JeORoe8D6+4rNfJE0eQGY7 +Nm4+Wa97HzAFbT9IS433rxoGx9Qps3LAySFONso2JWSOEfo8rxnqO04DrfVHQhY3DkkwQt +FsDnMtkthJa+ZzUYc75fnS0DBPGuF9DZUCqrev5oAUHP6C4Vc4b33JJQD4FZJ+ehk3Xsci +cwJQsmgLyc5Jdh543Dm7kZoM9ku7HDNrB4H/1p45Vo6aBZMAY50x+fTdBeTgCzzhzzTbf+ +0IF8W3yW3/BYD+S2Byo3JKp6NH0Q8cgPJrGTl6GltGfpVuc6kLjMZ5zvxRbyWaqtIygM46 +W1izbA+9jwbHhitCtOk42e/ff6iEB1MVC13LqPty3gPNR8Pv0rDUDjJS4KiVwXqUY+bMr0 +C8l/hx93euHjLUJ49Ru6uy/2fBlHZEj6GmEAJhu/i6t2c1Rq0HBLis9X356oQT+YZnIai2 +ym0MknPxjeYBAItOV3zhRd1cYnk7CDcl1XALcnh0tqP712x24IJ+Ytqg7nvB2NZV8T469I +8Fp254Nr89HOMAXaZD0UcIPm7D2rfWV+YJFI3ZcJ/8DM99H3tpXe2j4oHMdmAbBd++09sx +KBRdFLcvnBfd1lqwxpA7hbxzrxi/yehYCqzh5KQGaf2UXej6TPiVzBWVYbp34cMZtsT6mF +K8SS3l5TXoNK2DNEk30o8K3q+vngQpfC9GZ/id4B7LS/3ybellxemZHXQoU4PxDkLKt7jd +AAsd5WO13dv3n/qgyu8iBRiFU+W66NX0RJGkp+lZMnta0YzukafM2n6GDn/r/Cx/y21PAi +ah8i41ByI1QLI4m1r+bRHdUxAarS/XJw4tTSFiZu3zddMYrlzeG9O3VUX9zBvBtfQbSmeJ +omml0zlr/qD7TMsORiujy7XIn7sMW+Ls/NA8TvX8oRnACjXe/MYNEZ8WDu2rkZuY/Dfc+o +NyYWO7kZ3kcejQZ1NusJSA7MG0FFGYSIaC9T9CWqYd5IcRSJW4dZnCt9z8CIJ6TSUFqMb/ +H1Y5Rmi0IIX+8qbGGXVBDIBk5y9xtS43+nz1nsdXwDmkTiXN9+ZX+GDsLxCWoHGryrWDbk +EuOAlqpvxFKzEkNsx+AC5wae6i/hBeiEce9bm4nZp+hFv1ic1Z9WS8B37YOFgJ4utGeOjB +6hnywUUJ3aH0LnCQNB3UzeFR7BmEaxmYD/phJodmjA5SD3CWpeizdXfrUjtqXGhYlr2jzq +vBAeeYEO4uaHIGxg8GqoqtaseqVcIdtouHxrVAxxXkjShV2ji7oJ/AtrLZNlkKYxMk0TpX +fFiKqL/uKfS78FfvVOhOkHZTD6ZeMgmdL/uOghEAtrf08ChyRvdp7QLjA802aio9eUVIQm +lHb1ltPEbIZNuvQ5kTIwk2eM6EAkOh0MBMoAYOxOpIb00XHNRDGJYuLewByjMQa8EoT6VM +NoiFIzJU9lLAXE6yz6JswctpTpLHK9Aq5vY7ObaOvrmpCQqsXfOuVUo2nR/FyEes97zuXG +E4aKaHK4IAW4UY/oGYk7pU/yRpudhiNRMXzmcQXfVmBEHuvDrh2chg8lDYn++07F7RWqkI +nfMAOWR8UEl4xp4zJtThDjRxNW6QLl8E1ADjndA9wVaKNSzv2i1TLXKBr5luFqY9MSJ2rm +yBR5EwairH/Qn9TUxaDD+0p6J+E9iz1l8UPTJa/cjtwiySljahY/6tHHnr9YQVnox92yfU +UXpfINGjYrpqh6EFwmyRw9fryIMvMhgZYo6ZoCRBCK2GfGAB0VTzJy2FGs4GecZK5ptXKu +sOX8BgGX/Q/nAJ7PWf9hgYlX2YyjmLjQZDMWECp05VFx9znEETNKlwF1FX5/E/37ISyz4d +I1LVSKOEccJX7jCR32LzvRW1UBX47Z+q3LVE4sa0QAV/JoISq6Qn6zAsVIV0yEPmVbd/xx +aX2uBUGHhmd99YJDh81xJIoYEMRzoGVfp0JjfYcDUc+2I6JdrOMF9/KmMA5wsZl4OKiu/F +cTRGjUkgw/cF2EFRGWknee2esYRB7tOr4y56qZ4gxqw8q9rYXhyB42jbdTvt5xcCm/ynid +sn4InokRRoIiMIPL5Ur7FZQHOP+915MWUBsrTJtkCWQuqJheYUi3mCzh/7NadAKplRpaKb +rS/DJIOOkjnGni/sDxJzPq7STDBVy4WStwQl6NI5hq+/c+JvN9GI4Vu/kz0z8qUcdShLaH +l4njcaMpg4tpQMHtCBOicGyV0= +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/test.pub b/testdata/.ssh/test.pub new file mode 100644 index 0000000..559daf2 --- /dev/null +++ b/testdata/.ssh/test.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh From 0b0e77098a4fa59703014092ddd6d2ad7267088f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 13:54:09 +0800 Subject: [PATCH 085/167] ci: optimize and enhance SSH server workflow - Add a 5-second sleep command to the SSH server workflow Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 3d3b0a7..f0e5521 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -29,6 +29,7 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" + sleep 5 - name: executing remote ssh commands using password (1.0.3) uses: appleboy/ssh-action@v1.0.3 From 977b74a12d4201105f3b851126516847ed6b80b0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 14:54:29 +0800 Subject: [PATCH 086/167] ci: enhance CI workflow with SSH job and optimizations - Remove an empty line in the jobs section - Reduce sleep duration from 5 seconds to 3 seconds - Add a new job `check-ssh-key` to the workflow - Add steps to create a new SSH server using Docker - Add steps to set environment variables for remote host and private key - Add a step to execute remote SSH commands using the `appleboy/ssh-action` GitHub Action Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 43 ++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index f0e5521..c410658 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -5,7 +5,6 @@ on: [push] jobs: default-user-name-password: runs-on: ubuntu-latest - steps: - name: Checkout code uses: actions/checkout@v4 @@ -29,7 +28,7 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 5 + sleep 3 - name: executing remote ssh commands using password (1.0.3) uses: appleboy/ssh-action@v1.0.3 @@ -39,3 +38,43 @@ jobs: password: password port: 2222 script: whoami + + check-ssh-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2223:2222 \ + -e PUBLIC_KEY=$(cat testdata/.ssh/id_rsa.pub) \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 3 + + - name: executing remote ssh commands using password (1.0.3) + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2223 + script: whoami From 2eeab5bdbadfcfd821c3f107a694803080f4b126 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:53:33 +0800 Subject: [PATCH 087/167] ci: refactor GitHub Actions key management - Add steps to set public and private keys in GitHub Actions environment - Replace inline public key assignment with environment variable reference - Remove redundant steps for setting private key in GitHub Actions environment Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index c410658..98bbd69 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -45,13 +45,28 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_rsa.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_rsa + echo "============================" + - name: create new ssh server run: | docker run -d \ --name=openssh-server \ --hostname=openssh-server \ -p 2223:2222 \ - -e PUBLIC_KEY=$(cat testdata/.ssh/id_rsa.pub) \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=false \ -e PASSWORD_ACCESS=true \ -e USER_PASSWORD=password \ @@ -62,9 +77,6 @@ jobs: echo "REMOTE_HOST<> $GITHUB_ENV cat ip.txt >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_rsa >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV echo "======= container ip address =========" cat ip.txt echo "======================================" From da612c801589d64bea89ca943c84fe1aae7a1d06 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:54:35 +0800 Subject: [PATCH 088/167] refactor: optimize CI pipeline for faster execution - Reduce sleep duration from 3 seconds to 2 seconds - Rename SSH job steps for clarity - Change port mapping from 2223 to 2222 Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 98bbd69..0a19104 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -28,9 +28,9 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 3 + sleep 2 - - name: executing remote ssh commands using password (1.0.3) + - name: ssh by username and password uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} @@ -65,7 +65,7 @@ jobs: docker run -d \ --name=openssh-server \ --hostname=openssh-server \ - -p 2223:2222 \ + -p 2222:2222 \ -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=false \ -e PASSWORD_ACCESS=true \ @@ -80,13 +80,13 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 3 + sleep 2 - - name: executing remote ssh commands using password (1.0.3) + - name: ssh by private uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io key: ${{ env.PRIVATE_KEY }} - port: 2223 + port: 2222 script: whoami From acd41e5091e04c5db86c78f86723e9baec27f452 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:57:27 +0800 Subject: [PATCH 089/167] ci: enhance SSH job testing with varied key/password scenarios - Correct the name of the SSH job from "ssh by private" to "ssh by private key" - Add a job to test SSH with the correct key but wrong password - Add a job to test SSH with the correct password but wrong key Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 0a19104..cfe805c 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -82,7 +82,7 @@ jobs: echo "======================================" sleep 2 - - name: ssh by private + - name: ssh by private key uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} @@ -90,3 +90,23 @@ jobs: key: ${{ env.PRIVATE_KEY }} port: 2222 script: whoami + + - name: wrong password but correct key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: "abcdef" + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: whoami + + - name: correct password but wrong key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script: whoami From f05aefe3514f74f9cda4825a2a5d9905aa45ae2a Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:59:32 +0800 Subject: [PATCH 090/167] ci: enhance SSH action configuration and error handling - Add a step to stop the script if a command error occurs using `appleboy/ssh-action@v1.0.3` - Configure SSH action with host, username, password, key, port, and other parameters - Add script to create a directory and list its contents Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index cfe805c..837dd0a 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -110,3 +110,19 @@ jobs: key: password port: 2222 script: whoami + + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al From e40b597081b0c96e4f93bee63cec35d4ea3b4d3a Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 16:13:42 +0800 Subject: [PATCH 091/167] ci: add GitHub Actions job for SSH key passphrase support - Add a new job `support-key-passphrase` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add a step to the new job for running an SSH command with a passphrase - Add a new private SSH key file `id_passphrase` to the test data - Add a new public SSH key file `id_passphrase.pub` to the test data Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 55 ++++++++++++++++++++++++++++++++ testdata/.ssh/id_passphrase | 39 ++++++++++++++++++++++ testdata/.ssh/id_passphrase.pub | 1 + 3 files changed, 95 insertions(+) create mode 100644 testdata/.ssh/id_passphrase create mode 100644 testdata/.ssh/id_passphrase.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 837dd0a..1fce1b2 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -126,3 +126,58 @@ jobs: script: | mkdir abc/def ls -al + + support-key-passphrase: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 + script: | + whoami + ls -al diff --git a/testdata/.ssh/id_passphrase b/testdata/.ssh/id_passphrase new file mode 100644 index 0000000..089d425 --- /dev/null +++ b/testdata/.ssh/id_passphrase @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA5p9eRXu +BJantF5ARnBfnqAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vl +v3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE +0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fD +o08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG +3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLq +xI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ +7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98 +QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+ +vsAPSHdnEjP58AAAWQCUj9ajDO6N0sI5jzkRxiMIaeDvP7Ns+cJtE1uxzrm7Ecgf7kBL2V +9Ru0gW1+ii3U/hPLkxwBwd3xvoc1Xy+n+c7D6bQVviv1lsbY1uPzxGR3fUfRCu2M1D8OEH +vol7jvFAZmtrpgy3gY45k2lbsY368bIJ+hYIqeHRqFsD+SyM/xSnj5/bZNvNrc+kHikiA3 +uVSvXe9oWVNm3hxLDppYPEYkORERHx9EWh5sruLwoM2NW6qwE+wGw0Vx1AuA7cNszDdmMs +qJFq0n5cQ78E3q0V49e0FOBjMoSJBxdQRHRz2al9MzJlcVVs5LGwmgVH0ur0V9QR8zv2Pv +ZV6r+H9mMo2eCtUDlKUXlCnfgwDP0ghXysFKSDLzXNEPrddmvzQeWA973fcguniLLq7Gbw +gpHSuP/vqVqtQQbXEdozgUl666SXC7GdPqaA5YsfGIJ4Ank3/Vjb3hc0/hElx4O0fEn18E +TWbd9o6v70mNbu3LjeJPNDwODMGn9GC3kRtSc5bU0A8YAM+gFaeytrz2W/vCe3EST8VBcQ +UtvYqGG/zGJhV8+OYoIZZQQkyCmTt0i4nTCJAMUnZ+pgY6YJk+UdBGhLvwNBtl4Z1nQKSA +hcBBo6T08bQfe/HmVs4dcwBO956qiOX/QjHDLew81MfpvjZ2kGD5Hp/qhieUdJ3IiUEsOC +FQC01JeEJlkEqd2jqBR/9RDnK7O8gTR0AA858L+MftN4nN2h2UkGjWMWSbkmwGMqyRGfRa +TJeg5njxYJVcRlWZ/KvNPxis8wIuCaRMbPT2WpHsRr1lY3s4IzFn+EMCkybHZArQVYtl1O +iGXYjpxe+cOc02PM1aKlUfCQfsr0CrXwwGzIQ73uXVSQgP5pQdV3iN/57+5aiH8F9D7X3n +p5QJzBuLGvhUDWqqwbwWy+81k3Y8rHXNfhVSlRmtGJXAPqpw0PCyquySJNwogi4rBkg0jF +xuqvimvhNcWzF7yf+fnYa6H+N8PavH32HRM50AYyWPyKWBp3Syri0P54cnkBjKTjTKGYA6 +4KwizazsbOMY5kp0UAmgX6XyM5OSROtxUp4P6T20okjKaSzamgMBKZULP/b768l4UYRgFe +uohg2/9A1fwYB/K8I+V7Qw9079JvAG05eIOgce3Dd+bXoH6j/Ylmk5Gj7LzhEXtMz3NEpj +LCg8tx0YFpuyoCaRlqOnsZCpc1EnL0UyMguCh9ADTG9h6V3Xf2j2Q94rKvAc4ZrBtj6qXT +BIfGsBIA7vA1KnKHB9oOFQZ26iRU7oTAunAQvSKF7/7luTqONoni6U/RpvERT/KeeIDSxz +uzFQ+apy/PTESSUtutpnTug6rexwrPb6ugJipag8ebNWVdOgaNBUL8wciW4lN8YkzjhXMw +xHB0PUuSXcBuuPDQuYZk84dpXxM10fWwuCTMlH1bXatSQhtRVbjVJIDXnnYpQKtuURiwMm +j4WLEt10hvu6t4aNJzzVY80/iLMb4ZGQgHotrjFfx9nzwe3SioINPaxRIb3m2gTsi8Nr/p +Y5zNjV9NOjONktUjLznRpfY/yBxOtPe9lxnaKfniRTK5HjBbi8hmei9G8lIHV9qyhpURYM +1EdZB86uZWJOaRA8/fpwt8z2stmpKpuGFQOSgr7W5JQWSFeTAMYPoafsm0PD1zSyw7j1wE +DWlmUAzpMirSnPUQndR8IcF7fZmI8J1g30eIFTQpoTDCyoiegkOXHa9HyWwmEAwws1PCWZ +a5Viw6XLJI3tahSNhZzdY/UNFikuO8AuIDXykBM7riaqK4PADtmGY88QGWXQbw5xxWtH6r +Wwk4KzDL9UFeCMSiQo//e+kg/mPLml6Sa4THOzP3iOmx810JoMDmF/jvtpC+ew5HpPPtg4 +h55pSap77CEhEhE5FPZKuH9f7/E= +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_passphrase.pub b/testdata/.ssh/id_passphrase.pub new file mode 100644 index 0000000..1d84832 --- /dev/null +++ b/testdata/.ssh/id_passphrase.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vlv3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fDo08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLqxI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+vsAPSHdnEjP58= mtk10671@NB22040567 From 15b64dc8919f9e984dd7c4e96fdd5d74ccc03088 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 16:16:59 +0800 Subject: [PATCH 092/167] ci: enhance CI pipeline with SSH key handling improvements - Add a job to handle missing SSH key passphrase with `appleboy/ssh-action` and `continue-on-error` set to true Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1fce1b2..8f753cd 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -181,3 +181,15 @@ jobs: script: | whoami ls -al + + - name: missing ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al From a39b3cce7dbd84fb06164ac1a60a27615417de71 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 17:00:36 +0800 Subject: [PATCH 093/167] ci: enhance CI/CD pipeline with SSH command execution - Add a step to execute multiline SSH commands using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 8f753cd..f381c32 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -193,3 +193,18 @@ jobs: script: | whoami ls -al + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true From 815c5743ac3927b147e22309d57a1f5a140a2d30 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 17:01:56 +0800 Subject: [PATCH 094/167] ci: enhance deployment with multi-host SSH action - Add deployment step for multiple hosts with different ports using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index f381c32..bba8b45 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -208,3 +208,18 @@ jobs: ls \ -lah use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: appleboy/ssh-action@v1.0.3 + with: + host: "${{ env.REMOTE_HOST }}:2222" + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 1111 + passphrase: 1234 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true From 378323e4c85be1bb394f07e5a3a3c7c687499829 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 19:07:07 +0800 Subject: [PATCH 095/167] ci: add multi-server support to CI workflow - Add a new job `multiple-server` to the GitHub Actions workflow - Configure the job to run on `ubuntu-latest` - Add steps to checkout code, add public and private keys to environment variables, and create two new SSH servers using Docker - Update the `host` configuration to include both new SSH servers - Remove the `port` configuration - Replace the command `ls -lah` with `whoami` - Remove the `use_insecure_cipher` configuration Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 70 +++++++++++++++++++++++++++++--- 1 file changed, 65 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index bba8b45..6d987a2 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -209,17 +209,77 @@ jobs: -lah use_insecure_cipher: true + multiple-server: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server-01 \ + --hostname=openssh-server-01 \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt + echo "REMOTE_HOST_01<> $GITHUB_ENV + cat ip01.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip01.txt + echo "======================================" + + docker run -d \ + --name=openssh-server-02 \ + --hostname=openssh-server-02 \ + -p 2223:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt + echo "REMOTE_HOST_02<> $GITHUB_ENV + cat ip02.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip02.txt + echo "======================================" + + sleep 2 + # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports uses: appleboy/ssh-action@v1.0.3 with: - host: "${{ env.REMOTE_HOST }}:2222" + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2223" username: linuxserver.io key: ${{ env.PRIVATE_KEY }} - port: 1111 passphrase: 1234 script_stop: true script: | - ls \ - -lah - use_insecure_cipher: true + whoami From aa293c24bb8b49499c238d2260b26a5ab2ee10e0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 19:22:24 +0800 Subject: [PATCH 096/167] chore: optimize system configuration and API integration - Change port for REMOTE_HOST_02 from `2223` to `2222` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 6d987a2..b7ecec1 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -276,7 +276,7 @@ jobs: - name: Deployment to multiple hosts with different ports uses: appleboy/ssh-action@v1.0.3 with: - host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2223" + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io key: ${{ env.PRIVATE_KEY }} passphrase: 1234 From fc1c1fce5140b0530a36d88286de8a29df8518bb Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:01:23 +0800 Subject: [PATCH 097/167] ci: add GitHub Actions job for ed25519 key support - Add a new job `support-ed25519-key` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add steps to the new job for testing the `id_ed25519` key using `appleboy/ssh-action` - Add a new private SSH key file `testdata/.ssh/id_ed25519` - Add a new public SSH key file `testdata/.ssh/id_ed25519.pub` Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 54 ++++++++++++++++++++++++++++++++ testdata/.ssh/id_ed25519 | 7 +++++ testdata/.ssh/id_ed25519.pub | 1 + 3 files changed, 62 insertions(+) create mode 100644 testdata/.ssh/id_ed25519 create mode 100644 testdata/.ssh/id_ed25519.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index b7ecec1..576207c 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -283,3 +283,57 @@ jobs: script_stop: true script: | whoami + + support-ed25519-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al diff --git a/testdata/.ssh/id_ed25519 b/testdata/.ssh/id_ed25519 new file mode 100644 index 0000000..9dc32bb --- /dev/null +++ b/testdata/.ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2AAAAKBF5e2SReXt +kgAAAAtzc2gtZWQyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2A +AAAEBrsLG1vSg08yaQgYM46KQW93Lz2ZikS1tTMH35gfHhpOiLsWW1AKqlamisqHrWclQ8 +h5rNRh3N2y2dyh5TldLYAAAAFnlvdXJfZW1haWxAZXhhbXBsZS5jb20BAgMEBQYH +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_ed25519.pub b/testdata/.ssh/id_ed25519.pub new file mode 100644 index 0000000..14f2085 --- /dev/null +++ b/testdata/.ssh/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiLsWW1AKqlamisqHrWclQ8h5rNRh3N2y2dyh5TldLY your_email@example.com From f0e5a23d530cb42b84b01340c5fb1a6ad570d4e8 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:04:07 +0800 Subject: [PATCH 098/167] ci: add environment variable handling in GitHub Actions - Add a new job `testing-with-env` to the GitHub Actions workflow - Add steps to set up environment variables for public and private SSH keys - Add a step to create a new SSH server using Docker - Add a step to test the SSH connection using the `id_ed25519` key - Add a step to pass a single environment variable to the SSH action - Add a step to pass multiple environment variables to the SSH action - Add a step to use a custom format for environment variables - Add a step to pass all environment variables to the SSH action Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 123 +++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 576207c..1742641 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -337,3 +337,126 @@ jobs: script: | whoami ls -al + + testing-with-env: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" + + - name: pass all ENV variables to script + uses: appleboy/ssh-action@v1.0.3 + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" From 9c32aa61f8c24f38e93a3282178429b314c14e8a Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:07:39 +0800 Subject: [PATCH 099/167] ci: refactor workflows and API integrations - Remove the execution of `test.sh` from the SSH server workflow Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1742641..0dbe24a 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -424,7 +424,6 @@ jobs: echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" - sh test.sh - name: custom envs format uses: appleboy/ssh-action@v1.0.3 From 97f8d752b568999364c7296fa08e33d68367e3fd Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:18:46 +0800 Subject: [PATCH 100/167] ci: enable root access in CI pipeline - Change `SUDO_ACCESS` environment variable from `false` to `true` - Add a step to switch to root user using `appleboy/ssh-action@v1.0.3` with specified parameters and commands Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 0dbe24a..4aec5ac 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -366,7 +366,7 @@ jobs: --hostname=openssh-server \ -p 2222:2222 \ -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ + -e SUDO_ACCESS=true \ -e PASSWORD_ACCESS=true \ -e USER_PASSWORD=password \ -e USER_NAME=linuxserver.io \ @@ -459,3 +459,17 @@ jobs: echo "I am $INPUT_AAA, thanks" echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" + + - name: switch to root user + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami From 5a8776fd157405e3e88da24413b04c2aaf01e99c Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:30:47 +0800 Subject: [PATCH 101/167] ci: switch to password authentication in GitHub workflow - Replace SSH key authentication with password authentication in GitHub workflow Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 4aec5ac..1599b96 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -465,7 +465,7 @@ jobs: with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} + password: password port: 2222 script_stop: true request_pty: true From 0c7561b1a30e223b97730bb8b92671995d9fb1d0 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:35:45 +0800 Subject: [PATCH 102/167] fix: switch to SSH key authentication for security - Remove hardcoded user password from environment variables - Replace hardcoded password with a private key for SSH authentication Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1599b96..1719cf6 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -368,7 +368,6 @@ jobs: -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=true \ -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ -e USER_NAME=linuxserver.io \ --restart unless-stopped \ lscr.io/linuxserver/openssh-server:latest @@ -465,7 +464,7 @@ jobs: with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io - password: password + key: ${{ env.PRIVATE_KEY }} port: 2222 script_stop: true request_pty: true From b6941ae5d5746e351d7fede90e718688304d2b4a Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:38:35 +0800 Subject: [PATCH 103/167] ci: refactor codebase and optimize performance - Delete the GitHub Actions workflow file `version.yml` Signed-off-by: appleboy --- .github/workflows/version.yml | 284 ---------------------------------- 1 file changed, 284 deletions(-) delete mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml deleted file mode 100644 index a15c0af..0000000 --- a/.github/workflows/version.yml +++ /dev/null @@ -1,284 +0,0 @@ -name: the stable version of ssh-action -on: [push] - -env: - FOO: "BAR" - BAR: "FOO" - -jobs: - testing01: - name: default flag testing - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: correct password but wrong key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami - - - name: wrong password but correct key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami - - - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: multiple command - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al - - - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 - continue-on-error: true - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al - - - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} - script: | - whoami - ls -al - - - name: use insecure cipher - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | - ls \ - -lah - use_insecure_cipher: true - - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - ls \ - -lah - use_insecure_cipher: true - - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.0.3 - with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 - script_stop: true - script: | - ls \ - -lah - use_insecure_cipher: true - - # - name: SSH ED25519 Private Key - # uses: appleboy/ssh-action@v1.0.3 - # with: - # host: ${{ secrets.TUNNEL_HOST }} - # username: ${{ secrets.TUNNEL_USERNAME }} - # key: ${{ secrets.ID_ED25519 }} - # port: ${{ secrets.TUNNEL_PORT }} - # script: whoami - - testing02: - name: testing with envs - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: pass environment - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh - - - name: custom envs format - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" - - - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.0.3 - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" - - testing03: - name: git clone and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: clone private repository - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository - - testing04: - name: docker login and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: login GitHub Container Registry - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - testing05: - name: switch user - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: switch to root user - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - request_pty: true - command_timeout: 30s - script: | - whoami && echo 'hello world' && touch todo.txt - sudo whoami From 43895f2cd585d373b747690a3e7f9bdcdd09e1cd Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:55:28 +0800 Subject: [PATCH 104/167] ci: refactor SSH testing workflows and job configurations - Rename workflow from "remote ssh command" to "testing main branch" - Remove environment variables `FOO` and `BAR` - Rename job `testing01` to `default-user-name-password` - Rename step "checkout" to "Checkout code" - Replace step "correct password but wrong key" with "create new ssh server" using Docker - Update SSH connection details to use environment variables for host, username, password, and port - Add new job `check-ssh-key` with steps to add public key to environment and create a new SSH server - Add new job `support-key-passphrase` with steps to add public key to environment and create a new SSH server - Add new job `multiple-server` to create and manage multiple SSH servers - Add new job `support-ed25519-key` with steps to add public key to environment and create a new SSH server - Add new job `testing-with-env` with steps to add public key to environment and create a new SSH server - Remove jobs `testing02`, `testing03`, `testing04`, and `testing05` - Rename workflow in `ssh-server.yml` from "openssh-server" to "testing stable version" Signed-off-by: appleboy --- .github/workflows/ci.yml | 508 +++++++++++++++++++++---------- .github/workflows/ssh-server.yml | 2 +- 2 files changed, 350 insertions(+), 160 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a62c774..e4a92da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,75 +1,125 @@ -name: remote ssh command +name: testing main branch + on: [push] -env: - FOO: "BAR" - BAR: "FOO" - jobs: - testing01: - name: default flag testing + default-user-name-password: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 - - name: correct password but wrong key + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by username and password uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script: whoami + + check-ssh-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_rsa.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_rsa + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by private key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - name: wrong password but correct key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - - name: executing remote ssh commands using password + - name: correct password but wrong key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 script: whoami - - name: executing remote ssh commands using ssh key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: multiple command - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al - - name: stop script if command error uses: ./ continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 script_stop: true sync: true debug: true @@ -77,83 +127,279 @@ jobs: mkdir abc/def ls -al + support-key-passphrase: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + - name: ssh key passphrase uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script: | whoami ls -al - - name: use insecure cipher + - name: missing ssh key passphrase uses: ./ + continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: | - ls \ - -lah - use_insecure_cipher: true + whoami + ls -al # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script_stop: true script: | ls \ -lah use_insecure_cipher: true + multiple-server: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server-01 \ + --hostname=openssh-server-01 \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt + echo "REMOTE_HOST_01<> $GITHUB_ENV + cat ip01.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip01.txt + echo "======================================" + + docker run -d \ + --name=openssh-server-02 \ + --hostname=openssh-server-02 \ + -p 2223:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt + echo "REMOTE_HOST_02<> $GITHUB_ENV + cat ip02.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip02.txt + echo "======================================" + + sleep 2 + # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports uses: ./ with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + passphrase: 1234 script_stop: true script: | - ls \ - -lah - use_insecure_cipher: true + whoami - # - name: SSH ED25519 Private Key - # uses: ./ - # with: - # host: ${{ secrets.TUNNEL_HOST }} - # username: ${{ secrets.TUNNEL_USERNAME }} - # key: ${{ secrets.ID_ED25519 }} - # port: ${{ secrets.TUNNEL_PORT }} - # script: whoami - - testing02: - name: testing with envs + support-ed25519-key: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + + testing-with-env: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=true \ + -e PASSWORD_ACCESS=true \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + - name: pass environment uses: ./ env: FOO: "BAR" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO script: | echo "I am $FOO, thanks" @@ -167,17 +413,16 @@ jobs: SHA: ${{ github.sha }} PORT: ${{ secrets.PORT }} with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,SHA,PORT script: | echo "I am $FOO, thanks" echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" - sh test.sh - name: custom envs format uses: ./ @@ -185,10 +430,10 @@ jobs: FOO: "BAR" AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,AAA envs_format: export TEST_{NAME}={VALUE} script: | @@ -203,10 +448,10 @@ jobs: INPUT_FOO: "BAR" INPUT_AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 allenvs: true script: | echo "I am $INPUT_FOO, thanks" @@ -214,68 +459,13 @@ jobs: echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" - testing03: - name: git clone and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: clone private repository - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository - - testing04: - name: docker login and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: login GitHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - testing05: - name: switch user - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - name: switch to root user uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script_stop: true request_pty: true command_timeout: 30s diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1719cf6..86ab7dc 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -1,4 +1,4 @@ -name: openssh-server +name: testing stable version on: [push] From 71d43ea0f75a1f73c9b0e4608c059783968ad29c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 6 Jun 2024 08:30:06 +0800 Subject: [PATCH 105/167] docs: improve documentation and testing configurations - Add note about the default value of `port` being `22` in the README Signed-off-by: Bo-Yi Wu --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0e11a25..7055cf5 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,8 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` +The default value of `port` is `22`. + #### Multiple hosts with different port ```diff From 036cad7df774e9168d1de6c77d668c6a292d4540 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:17:12 +0800 Subject: [PATCH 106/167] chore: update drone-ssh to version 1.7.7 - Update drone-ssh Docker image version from `1.7.4` to `1.7.7` - Update DRONE_SSH_VERSION environment variable default from `1.7.4` to `1.7.7` Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d84c375..960d488 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.4 +FROM ghcr.io/appleboy/drone-ssh:1.7.7 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index f50d56e..c48f963 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ export GITHUB="true" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.7}" function detect_client_info() { if [ -n "${SSH_CLIENT_OS-}" ]; then From 8b6078208d71a6d9364c7f23d78ca9b38bed48c0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:21:41 +0800 Subject: [PATCH 107/167] chore(cli): enhance version handling and testing mechanisms - Add a command to print the version of the target before running the main command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index c48f963..a9e359d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -63,4 +63,5 @@ TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} -sh -c "${TARGET} $*" +sh -c "${TARGET} --version" # print version +sh -c "${TARGET} $*" # run the command From 5ade82648576fb5118b586573e9c607af4941b24 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:42:46 +0800 Subject: [PATCH 108/167] chore: improve CLI reliability and version visibility - Increase curl retry attempts from 3 to 5 - Add echo statements to display CLI version before and after running the version command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index a9e359d..19d6b5d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -61,7 +61,9 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +curl -fL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} +echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version +echo "===========================" sh -c "${TARGET} $*" # run the command From 28428a13f5b0283d667b1c6501d144f15b059726 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:59:55 +0800 Subject: [PATCH 109/167] docs: improve cross-platform clipboard support for key copying - Add instructions to install `xclip` on Ubuntu before copying the private key - Replace `clip` command with platform-specific commands (`pbcopy` for macOS and `xclip` for Ubuntu) for copying the private key Signed-off-by: Bo-Yi Wu --- README.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7055cf5..75fe1c4 100644 --- a/README.md +++ b/README.md @@ -122,14 +122,29 @@ Copy Private Key content and paste in Github Secrets. ### Copy rsa Private key +Before copying the private key, install `clip` command as shown below: + ```bash -clip < ~/.ssh/id_rsa +# Ubuntu +sudo apt-get install xclip +``` + +copy the private key: + +```bash +# macOS +pbcopy < ~/.ssh/id_rsa +# Ubuntu +xclip < ~/.ssh/id_rsa ``` ### Copy ed25519 Private key ```bash -clip < ~/.ssh/id_ed25519 +# macOS +pbcopy < ~/.ssh/id_ed25519 +# Ubuntu +xclip < ~/.ssh/id_ed25519 ``` See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). From 06fa62e61cac6c39015db4efcde64776f56965c4 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 17:19:13 +0800 Subject: [PATCH 110/167] ci: rename the workflow files. - Rename `ci.yml` to `main.yml` - Rename `ssh-server.yml` to `stable.yml` Signed-off-by: Bo-Yi Wu --- .github/workflows/{ci.yml => main.yml} | 0 .github/workflows/{ssh-server.yml => stable.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{ci.yml => main.yml} (100%) rename .github/workflows/{ssh-server.yml => stable.yml} (100%) diff --git a/.github/workflows/ci.yml b/.github/workflows/main.yml similarity index 100% rename from .github/workflows/ci.yml rename to .github/workflows/main.yml diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/stable.yml similarity index 100% rename from .github/workflows/ssh-server.yml rename to .github/workflows/stable.yml From eaeb06998d86f5e66259ee8dc3d0909612f0ce65 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 20:55:52 +0800 Subject: [PATCH 111/167] chore(cli): enhance curl command with silent mode and redirects - Add silent mode and follow redirects to curl command in entrypoint.sh Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 19d6b5d..67132c6 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -61,7 +61,7 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version From b4a07ca5940a7dc94925e99f8e6eab3671b0fa64 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 20 Jul 2024 13:32:11 +0800 Subject: [PATCH 112/167] ci: enhance GitHub Actions with secret variable support (#330) * ci: enhance GitHub Actions with secret variable support - Add a step to pass secret variables in the shell within the GitHub Actions workflow Signed-off-by: appleboy * ci: enhance CI workflow and API integration - Add `continue-on-error: true` to the GitHub Actions workflow Signed-off-by: appleboy * ci: improve GitHub Actions workflow reliability - Add `continue-on-error: true` to the GitHub Actions workflow Signed-off-by: appleboy --------- Signed-off-by: appleboy --- .github/workflows/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e4a92da..cfe58fb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -459,6 +459,16 @@ jobs: echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" + - name: pass secret variable in shell + uses: ./ + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: cd ${{ secrets.PORT }} + - name: switch to root user uses: ./ with: @@ -491,6 +501,7 @@ jobs: - name: testing ipv6 uses: ./ + continue-on-error: true with: host: 2402:1f00:8000:800::2628 username: ubuntu From d732991ab09097d8c8f390d91385b0386e619598 Mon Sep 17 00:00:00 2001 From: archiguru Date: Sat, 7 Sep 2024 15:36:08 +0800 Subject: [PATCH 113/167] docs(lang): README.zh-cn Document (#332) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add README.zh-cn Document * feat: add zh-cn superlink --- README.md | 1 + README.zh-cn.md | 393 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 394 insertions(+) create mode 100644 README.zh-cn.md diff --git a/README.md b/README.md index 75fe1c4..218ed33 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # 🚀 SSH for GitHub Actions [繁體中文](./README.zh-tw.md) +[简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) for executing remote ssh commands. diff --git a/README.zh-cn.md b/README.zh-cn.md new file mode 100644 index 0000000..44ac07d --- /dev/null +++ b/README.zh-cn.md @@ -0,0 +1,393 @@ +# 🚀 用于 GitHub Actions 的 SSH + +[GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 + +![ssh workflow](./images/ssh-workflow.png) + +[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) + +**注意**: 只支持在 **Linux** [docker](https://www.docker.com/) 容器上执行。 + +## 输入变量 + +更详细的信息,请参考 [action.yml](./action.yml)。 + +* `host` - SSH 主机 +* `port` - SSH 连接端口,默认为 `22` +* `username` - SSH 用户名称 +* `password` - SSH 密码 +* `passphrase` - 通常用于加密私钥的 passphrase +* `sync` - 同步执行多个主机上的命令,默认为 false +* `timeout` - SSH 连接到远程主机的超时时间,默认为 `30s` +* `command_timeout` - SSH 命令超时时间,默认为 10m +* `key` - SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容,请记得包含 BEGIN 和 END 行 +* `key_path` - SSH 私钥的路径 +* `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 +* `script` - 执行命令 +* `script_stop` - 当出现第一个错误时停止执行命令 +* `envs` - 传递环境变量到 shell script +* `debug` - 启用调试模式 +* `use_insecure_cipher` - 使用不安全的密码(ciphers)进行加密,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `cipher` - 允许使用的密码(ciphers)算法。如果未指定,则使用适当的算法 + +SSH 代理设置: + +* `proxy_host` - 代理主机 +* `proxy_port` - 代理端口,默认为 `22` +* `proxy_username` - 代理用户名 +* `proxy_password` - 代理密码 +* `proxy_passphrase` - 密码通常用于加密私有密钥 +* `proxy_timeout` - SSH 连接至代理主机的超时时间,默认为 `30s` +* `proxy_key` - SSH 代理私有密钥内容 +* `proxy_key_path` - SSH 代理私有密钥路径 +* `proxy_fingerprint` - 代理主机公钥的 SHA256 指纹,默认为跳过验证 +* `proxy_use_insecure_cipher` - 使用不安全的加密方式,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `proxy_cipher` - 允许的加密算法。如果未指定,则使用合理的算法 + +## 使用方法 + +执行远程 SSH 命令 + +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +画面输出 + +```sh +======CMD====== +whoami +======END====== +out: *** +============================================== +✅ Successfully executed commands to all host. +============================================== +``` + +### 设置 SSH 密钥 + +请在创建 SSH 密钥并使用 SSH 密钥时遵循以下步骤。最佳做法是在本地机器上创建 SSH 密钥而不是远程机器上。请使用 Github Secrets 中指定的用户名登录。生成 RSA 密钥: + +### 生成 RSA 密钥 + +```bash +ssh-keygen -t rsa -b 4096 -C ”your_email@example.com“ +``` + +### 生成 ed25519 密钥 + +```bash +ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +``` + +将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 + +### 将 RSA 密钥添加到已授权密钥中 + +```bash +cat .ssh/id_rsa.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +``` + +### 将 ed25519 密钥添加到已授权密钥中 + +```bash +cat .ssh/id_ed25519.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +``` + +复制私钥内容,然后将其粘贴到 Github Secrets 中。 + +### 复制 rsa 私钥内容 + +```bash +clip < ~/.ssh/id_rsa +``` + +### 复制 ed25519 私钥内容 + +```bash +clip < ~/.ssh/id_ed25519 +``` + +有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 + +**来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改: + +* 将公钥放在 `.ssh/authorized_keys2` 中 +* 将 `.ssh` 的权限更改为700 +* 将 `.ssh/authorized_keys2` 的权限更改为640 + +### 如果你使用的是 OpenSSH + +如果您正在使用 OpenSSH,并出现以下错误: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 SSH-RSA 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): + +```bash +CASignatureAlgorithms +ssh-rsa +``` + +或者,`Ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA。 + +```bash +ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +``` + +### Example + +#### 使用密码执行远程 SSH 命令 + +```yaml +- name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 使用私钥 + +```yaml +- name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 多个命令 + +```yaml +- name: multiple command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +![result](./images/output-result.png) + +#### 多台主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: +- host: ”foo.com“ ++ host: ”foo.com,bar.com“ + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 多个不同端口的主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: +- host: ”foo.com“ ++ host: ”foo.com:1234,bar.com:5678“ + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + script: | + whoami + ls -al +``` + +#### 在多台主机上同步执行 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: + host: ”foo.com,bar.com“ ++ sync: true + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 将环境变量传递到 Shell 脚本 + +```diff + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 ++ env: ++ FOO: ”BAR“ ++ BAR: ”FOO“ ++ SHA: ${{ github.sha }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ envs: FOO,BAR,SHA + script: | + echo ”I am $FOO“ + echo ”I am $BAR“ + echo ”sha: $SHA“ +``` + +_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ + +#### 在第一次失败后停止脚本 + +> ex: missing `abc` folder + +```diff + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ script_stop: true + script: | + mkdir abc/def + ls -al +``` + +画面输出: + +```sh +======CMD====== +mkdir abc/def +ls -al + +======END====== +2019/11/21 01:16:21 Process exited with status 1 +err: mkdir: cannot create directory ‘abc/def’: No such file or directory +##[error]Docker run failed with exit code 1 +``` + +#### 如何使用 `ProxyCommand` 连接远程服务器? + +```bash ++———+ +-———+ +————+ +| Laptop | <—> | Jumphost | <—> | FooServer | ++———+ +-———+ +————+ +``` + +在您的 `~/.ssh/config` 文件中,您会看到以下内容。 + +```bash +Host Jumphost + HostName Jumphost + User ubuntu + Port 22 + IdentityFile ~/.ssh/keys/jump_host.pem + +Host FooServer + HostName FooServer + User ubuntu + Port 22 + ProxyCommand ssh -q -W %h:%p Jumphost +``` + +#### 如何将其转换为 GitHubActions 的 YAML 格式? + +```diff + - name: ssh proxy command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ proxy_host: ${{ secrets.PROXY_HOST }} ++ proxy_username: ${{ secrets.PROXY_USERNAME }} ++ proxy_key: ${{ secrets.PROXY_KEY }} ++ proxy_port: ${{ secrets.PROXY_PORT }} + script: | + mkdir abc/def + ls -al +``` + +#### 如何保护私钥? + +密码短语通常用于加密私钥。这使得攻击者无法单独使用密钥文件。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。因此,保护私钥非常重要。 + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al +``` + +#### 使用主机指纹验证 + +设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 + +现代 OpenSSH 版本中,需要提取的_默认密钥_类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 + +```sh +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2 +``` + +现在您可以调整您的配置: + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ fingerprint: ${{ secrets.FINGERPRINT }} + script: | + whoami + ls -al +``` + +## 贡献 + +我们非常希望您为 `appleboy/ssh-action` 做出贡献,欢迎提交请求! + +## 授权方式 + +本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 \ No newline at end of file From 58164d0dc2b76ba5c47e110152e94bfbd13ea235 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 22 Sep 2024 08:12:49 +0800 Subject: [PATCH 114/167] chore: remove Dockerfile and related configurations - Remove Dockerfile and its associated configurations Signed-off-by: appleboy --- Dockerfile | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 960d488..0000000 --- a/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.7 - -COPY entrypoint.sh /bin/entrypoint.sh - -ENTRYPOINT ["/bin/entrypoint.sh"] From 25ce8cbbcb08177468c7ff7ec5cbfa236f9341e1 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 6 Oct 2024 21:15:22 +0800 Subject: [PATCH 115/167] ci: implement automated release workflow with GoReleaser - Add GitHub Actions workflow for GoReleaser - Configure GoReleaser to skip builds - Set up changelog groups for features, bug fixes, enhancements, refactors, build process updates, and documentation updates Signed-off-by: appleboy --- .github/workflows/goreleaser.yml | 33 ++++++++++++++++++++++++++++++++ .goreleaser.yaml | 28 +++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 .github/workflows/goreleaser.yml create mode 100644 .goreleaser.yaml diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml new file mode 100644 index 0000000..7f1ae24 --- /dev/null +++ b/.github/workflows/goreleaser.yml @@ -0,0 +1,33 @@ +name: Goreleaser + +on: + push: + tags: + - "*" + +permissions: + contents: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup go + uses: actions/setup-go@v5 + with: + go-version: "^1" + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v6 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..01b1081 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,28 @@ +builds: + - # If true, skip the build. + # Useful for library projects. + # Default is false + skip: true + +changelog: + use: github + groups: + - title: Features + regexp: "^.*feat[(\\w)]*:+.*$" + order: 0 + - title: "Bug fixes" + regexp: "^.*fix[(\\w)]*:+.*$" + order: 1 + - title: "Enhancements" + regexp: "^.*chore[(\\w)]*:+.*$" + order: 2 + - title: "Refactor" + regexp: "^.*refactor[(\\w)]*:+.*$" + order: 3 + - title: "Build process updates" + regexp: ^.*?(build|ci)(\(.+\))??!?:.+$ + order: 4 + - title: "Documentation updates" + regexp: ^.*?docs?(\(.+\))??!?:.+$ + order: 4 + - title: Others From bb32884d53eb81279b477ae19ecf3d319978c768 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 6 Oct 2024 21:19:31 +0800 Subject: [PATCH 116/167] chore: enhance CI/CD workflows and documentation formatting - Update `appleboy/ssh-action` from version `v1.0.3` to `v1.1.0` in multiple instances - Fix table formatting in `README.md` Signed-off-by: appleboy --- README.md | 26 +++++++++++++------------- README.zh-cn.md | 26 +++++++++++++------------- README.zh-tw.md | 24 ++++++++++++------------ 3 files changed, 38 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 218ed33..c6dbe2c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. | Input Parameter | Description | Default Value | -|---------------------------|------------------------------------------------------------------------------------------|---------------| +| ------------------------- | ---------------------------------------------------------------------------------------- | ------------- | | host | SSH host address | | | port | SSH port number | 22 | | passphrase | SSH key passphrase | | @@ -66,7 +66,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -182,7 +182,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -195,7 +195,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -208,7 +208,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -225,7 +225,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -243,7 +243,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -258,7 +258,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: "foo.com,bar.com" + sync: true @@ -274,7 +274,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -299,7 +299,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -375,7 +375,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -401,7 +401,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 44ac07d..8afa230 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: ”foo.com“ + host: ”foo.com,bar.com“ @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: ”foo.com“ + host: ”foo.com:1234,bar.com:5678“ @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ”foo.com,bar.com“ + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: ”BAR“ + BAR: ”FOO“ @@ -272,7 +272,7 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -390,4 +390,4 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ## 授权方式 -本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 \ No newline at end of file +本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 9c37b34..b5d64cb 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 3f1416813d34f7167832a87fe9607a99b05622a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Tesa=C5=99?= Date: Sun, 13 Oct 2024 03:00:02 +0200 Subject: [PATCH 117/167] fix: typo in success message (#340) Reflects changes made by [drone-ssh#283](https://github.com/appleboy/drone-ssh/pull/283) --- README.md | 6 +++--- README.zh-cn.md | 6 +++--- README.zh-tw.md | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c6dbe2c..347f512 100644 --- a/README.md +++ b/README.md @@ -82,9 +82,9 @@ output: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### Setting up a SSH Key diff --git a/README.zh-cn.md b/README.zh-cn.md index 8afa230..6e7e69d 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -74,9 +74,9 @@ jobs: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### 设置 SSH 密钥 diff --git a/README.zh-tw.md b/README.zh-tw.md index b5d64cb..b5674f3 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -74,9 +74,9 @@ jobs: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### 設置 SSH 金鑰 From 2763143a97c8f9c4e85766b7458183ec99341e81 Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 24 Oct 2024 01:25:39 +0800 Subject: [PATCH 118/167] ci(script): enhance CI workflows and API integration - Change script execution to a multi-line bash script with error handling in GitHub workflow Signed-off-by: appleboy --- .github/workflows/stable.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 86ab7dc..ce98c8e 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -37,7 +37,10 @@ jobs: username: linuxserver.io password: password port: 2222 - script: whoami + script: | + #!/usr/bin/env bash + set -e + whoami check-ssh-key: runs-on: ubuntu-latest From 8b84eaec3a216f1a0a6f56e15a7ab08f9975236a Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 24 Oct 2024 01:27:03 +0800 Subject: [PATCH 119/167] ci(script): improve CI robustness and coverage across environments - Change single-line script to multi-line bash script with error handling in GitHub Actions workflow Signed-off-by: appleboy --- .github/workflows/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cfe58fb..e248967 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,10 @@ jobs: username: linuxserver.io password: password port: 2222 - script: whoami + script: | + #!/usr/bin/env bash + set -e + whoami check-ssh-key: runs-on: ubuntu-latest From 703ffa3c1ee959aa3694ac64b3a8a9bfa38c2c20 Mon Sep 17 00:00:00 2001 From: appleboy Date: Mon, 28 Oct 2024 22:36:36 +0800 Subject: [PATCH 120/167] feat(actions): enhance system performance and API integration - Add `proxy_protocol` input with description and default value "tcp" Signed-off-by: appleboy --- action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/action.yml b/action.yml index 4a16472..bf15e25 100644 --- a/action.yml +++ b/action.yml @@ -43,6 +43,9 @@ inputs: description: "SSH proxy username." proxy_password: description: "SSH proxy password." + proxy_protocol: + description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + default: "tcp" proxy_passphrase: description: "SSH proxy key passphrase." proxy_timeout: From ab698e59d82afb1b65ffe8f70a0d482d744d6239 Mon Sep 17 00:00:00 2001 From: appleboy Date: Mon, 28 Oct 2024 22:37:55 +0800 Subject: [PATCH 121/167] docs(readme): enhance network protocol support and testing - Add `proxy_protocol` option to the README with possible values `tcp`, `tcp4`, `tcp6` and default `tcp` Signed-off-by: appleboy --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 347f512..da31541 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ See [action.yml](./action.yml) for more detailed information. | fingerprint | SHA256 fingerprint of the host public key | | | proxy_host | SSH proxy host | | | proxy_port | SSH proxy port | 22 | +| proxy_protocol | SSH proxy protocol version (tcp, tcp4, tcp6) | tcp | | proxy_username | SSH proxy username | | | proxy_password | SSH proxy password | | | proxy_passphrase | SSH proxy key passphrase | | From 362a7f1677aa40aaec6bb1d6fd119b2e080fd7f3 Mon Sep 17 00:00:00 2001 From: Kyle Leonhard Date: Sat, 16 Nov 2024 22:57:46 -0800 Subject: [PATCH 122/167] chore: support running commands from a file (#341) --- .github/workflows/main.yml | 9 +++++++++ README.md | 14 ++++++++++++++ action.yml | 3 +++ testdata/test.sh | 3 +++ 4 files changed, 29 insertions(+) create mode 100644 testdata/test.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e248967..6c35463 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,6 +42,15 @@ jobs: set -e whoami + - name: ssh commands from a file + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script_path: testdata/test.sh + check-ssh-key: runs-on: ubuntu-latest steps: diff --git a/README.md b/README.md index da31541..56c6cec 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ See [action.yml](./action.yml) for more detailed information. | proxy_cipher | Allowed cipher algorithms for the proxy | | | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | +| script_file | Execute commands from a file | | | script_stop | Stop script after first failure | false | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | @@ -222,6 +223,19 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) +#### Commands from a file + +```yaml +- name: file commands + uses: appleboy/ssh-action@v1.1.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_path: scripts/script.sh +``` + #### Multiple Hosts ```diff diff --git a/action.yml b/action.yml index bf15e25..19668ab 100644 --- a/action.yml +++ b/action.yml @@ -63,6 +63,8 @@ inputs: description: "Include more ciphers for the proxy by using insecure ciphers." script: description: "Commands to be executed." + script_path: + description: "Path to the file containing commands to be executed." script_stop: description: "Stop the script after the first failure." envs: @@ -110,6 +112,7 @@ runs: INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} INPUT_SCRIPT: ${{ inputs.script }} + INPUT_SCRIPT_FILE: ${{ inputs.script_path }} INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} INPUT_ENVS: ${{ inputs.envs }} INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} diff --git a/testdata/test.sh b/testdata/test.sh new file mode 100644 index 0000000..3574ebc --- /dev/null +++ b/testdata/test.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +set -e +whoami \ No newline at end of file From bf84378588277d5361a4cb8b7b3b42912fc3fcab Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:00:26 +0800 Subject: [PATCH 123/167] refactor: refactor codebase and improve API performance - Signed-off-by: appleboy --- testdata/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testdata/test.sh b/testdata/test.sh index 3574ebc..a229cae 100644 --- a/testdata/test.sh +++ b/testdata/test.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash set -e -whoami \ No newline at end of file +whoami From 25259c3d5059bb20c4b45bf5089d58098b0a5b93 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:02:20 +0800 Subject: [PATCH 124/167] fix: refactor and enhance API and testing infrastructure - Update DRONE_SSH_VERSION from 1.7.7 to 1.8.0 - Add missing case statement terminator in detect_client_info function Signed-off-by: appleboy --- entrypoint.sh | 55 ++++++++++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 67132c6..abd5809 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ export GITHUB="true" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.7}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.0}" function detect_client_info() { if [ -n "${SSH_CLIENT_OS-}" ]; then @@ -17,20 +17,21 @@ function detect_client_info() { local kernel kernel="$(uname -s)" case "${kernel}" in - Darwin) - CLIENT_PLATFORM="darwin" - ;; - Linux) - CLIENT_PLATFORM="linux" - ;; - Windows) - CLIENT_PLATFORM="windows" - ;; - *) - echo "Unknown, unsupported platform: ${kernel}." >&2 - echo "Supported platforms: Linux, Darwin and Windows." >&2 - echo "Bailing out." >&2 - exit 2 + Darwin) + CLIENT_PLATFORM="darwin" + ;; + Linux) + CLIENT_PLATFORM="linux" + ;; + Windows) + CLIENT_PLATFORM="windows" + ;; + *) + echo "Unknown, unsupported platform: ${kernel}." >&2 + echo "Supported platforms: Linux, Darwin and Windows." >&2 + echo "Bailing out." >&2 + exit 2 + ;; esac fi @@ -40,18 +41,18 @@ function detect_client_info() { local machine machine="$(uname -m)" case "${machine}" in - x86_64*|i?86_64*|amd64*) - CLIENT_ARCH="amd64" - ;; - aarch64*|arm64*) - CLIENT_ARCH="arm64" - ;; - *) - echo "Unknown, unsupported architecture (${machine})." >&2 - echo "Supported architectures x86_64, i686, arm64." >&2 - echo "Bailing out." >&2 - exit 3 - ;; + x86_64* | i?86_64* | amd64*) + CLIENT_ARCH="amd64" + ;; + aarch64* | arm64*) + CLIENT_ARCH="arm64" + ;; + *) + echo "Unknown, unsupported architecture (${machine})." >&2 + echo "Supported architectures x86_64, i686, arm64." >&2 + echo "Bailing out." >&2 + exit 3 + ;; esac fi } From 176437b5488c703fa41f14a89a8458192086f8f3 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:05:56 +0800 Subject: [PATCH 125/167] chore: refactor codebase for improved consistency and performance - Change the username from `${{ secrets.USERNAME }}` to `linuxserver.io` - Update the output from `***` to `linuxserver.io` Signed-off-by: appleboy --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 56c6cec..71e8bb7 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ jobs: uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + username: linuxserver.io password: ${{ secrets.PASSWORD }} port: ${{ secrets.PORT }} script: whoami @@ -83,7 +83,7 @@ output: ======CMD====== whoami ======END====== -out: *** +linuxserver.io =============================================== ✅ Successfully executed commands to all hosts. =============================================== From 7eaf76671a0d7eec5d98ee897acda4f968735a17 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:08:23 +0800 Subject: [PATCH 126/167] docs(readme): update SSH action and enhance Chinese README files - Update `appleboy/ssh-action` from version `v1.1.0` to `v1.2.0` in multiple instances - Add `script_file` option to the Chinese (Simplified) and Chinese (Traditional) README files - Add example for executing commands from a file in the Chinese (Simplified) and Chinese (Traditional) README files Signed-off-by: appleboy --- README.md | 26 +++++++++++++------------- README.zh-cn.md | 38 ++++++++++++++++++++++++++------------ README.zh-tw.md | 38 ++++++++++++++++++++++++++------------ 3 files changed, 65 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 71e8bb7..d769662 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -184,7 +184,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -197,7 +197,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -210,7 +210,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -227,7 +227,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -240,7 +240,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -258,7 +258,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -273,7 +273,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: "foo.com,bar.com" + sync: true @@ -289,7 +289,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -314,7 +314,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -367,7 +367,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -390,7 +390,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -416,7 +416,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 6e7e69d..3a52957 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -24,6 +24,7 @@ * `key_path` - SSH 私钥的路径 * `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 * `script` - 执行命令 +* `script_file` - 執行命令的文件 * `script_stop` - 当出现第一个错误时停止执行命令 * `envs` - 传递环境变量到 shell script * `debug` - 启用调试模式 @@ -58,7 +59,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +158,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +171,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +184,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +201,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: ”foo.com“ + host: ”foo.com,bar.com“ @@ -212,11 +213,24 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ls -al ``` +#### Commands from a file + +```yaml +- name: file commands + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_path: scripts/script.sh +``` + #### 多个不同端口的主机 ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: ”foo.com“ + host: ”foo.com:1234,bar.com:5678“ @@ -231,7 +245,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ”foo.com,bar.com“ + sync: true @@ -247,7 +261,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: pass environment - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 + env: + FOO: ”BAR“ + BAR: ”FOO“ @@ -272,7 +286,7 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +339,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +360,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +386,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index b5674f3..3b4246b 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -24,6 +24,7 @@ * `key_path` - SSH 私鑰的路徑 * `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 * `script` - 執行命令 +* `script_file` - 執行命令的文件 * `script_stop` - 當出現第一個錯誤時停止執行命令 * `envs` - 傳遞環境變數到 shell script * `debug` - 啟用偵錯模式 @@ -58,7 +59,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +158,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +171,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +184,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,11 +197,24 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) +#### Commands from a file + +```yaml +- name: file commands + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_path: scripts/script.sh +``` + #### 多台主機 ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +230,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +245,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +261,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +286,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +339,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +360,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +386,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 8fdfeb034ef6e9033a8a4407975aedbc12a08737 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:17:02 +0800 Subject: [PATCH 127/167] chore(github): update `appleboy/ssh-action` to version `v1.2.0` across workflows - Update `appleboy/ssh-action` from version `v1.0.3` to `v1.2.0` in bug report template - Update `appleboy/ssh-action` from version `v1.0.3` to `v1.2.0` in stable workflow Signed-off-by: appleboy --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/workflows/stable.yml | 32 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 6e2dcf4..5270fdf 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index ce98c8e..29ea7fa 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -86,7 +86,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -105,7 +105,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -115,7 +115,7 @@ jobs: script: whoami - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -174,7 +174,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -186,7 +186,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -199,7 +199,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -277,7 +277,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -331,7 +331,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -384,7 +384,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -395,7 +395,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: FOO: "BAR" with: @@ -409,7 +409,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: FOO: "BAR" BAR: "FOO" @@ -428,7 +428,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: FOO: "BAR" AAA: "BBB" @@ -446,7 +446,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -463,7 +463,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io From a8952ebe2a1428de1644645b937cea45ed655b67 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:51:42 +0800 Subject: [PATCH 128/167] docs(readme): update documentation for GitHub Actions and Docker support - Update README badges to reflect the new GitHub Actions workflow - Remove outdated information about Linux Docker container support in README files Signed-off-by: appleboy --- README.md | 4 +--- README.zh-cn.md | 4 +--- README.zh-tw.md | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index d769662..58e9738 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,7 @@ ![ssh workflow](./images/ssh-workflow.png) -[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) - -**Important**: Only support **Linux** [docker](https://www.docker.com/) container. +[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 diff --git a/README.zh-cn.md b/README.zh-cn.md index 3a52957..98505f4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -4,9 +4,7 @@ ![ssh workflow](./images/ssh-workflow.png) -[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) - -**注意**: 只支持在 **Linux** [docker](https://www.docker.com/) 容器上执行。 +[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) ## 输入变量 diff --git a/README.zh-tw.md b/README.zh-tw.md index 3b4246b..fe9e71f 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -4,9 +4,7 @@ ![ssh workflow](./images/ssh-workflow.png) -[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) - -**注意**: 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。 +[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) ## 輸入變數 From cec69ef2315fa7868468f4283007628aa37a6b7e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:53:54 +0800 Subject: [PATCH 129/167] docs(readme): standardize terminology and capitalization across project - Capitalize "SSH" in multiple instances for consistency - Change "This thing" to "This project" for clarity and professionalism - Capitalize "Pass" in the description of the `allenvs` option Signed-off-by: appleboy --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 58e9738..0a204a3 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,13 @@ [繁體中文](./README.zh-tw.md) [简体中文](./README.zh-cn.md) -[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. +[GitHub Action](https://github.com/features/actions) for executing remote SSH commands. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 +This project is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 ## Input variables @@ -49,12 +49,12 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | +| allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | ## Usage -Executing remote ssh commands. +Executing remote SSH commands. ```yaml name: remote ssh command From a9e2fdf08d46817c815611f3989f7757048795bd Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 16:00:24 +0800 Subject: [PATCH 130/167] docs(readme): improve README structure and add new input variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update title to remove redundant "用於" - Add links to English and Simplified Chinese versions of the README - Add a note about the project using Golang and drone-ssh - Replace detailed input variable descriptions with a table format - Add new input variables `protocol`, `proxy_protocol`, `envs_format`, `allenvs`, and `request_pty` - Update usage section to refer to `action.yml` for detailed information Signed-off-by: appleboy --- README.zh-tw.md | 81 +++++++++++++++++++++++++++---------------------- 1 file changed, 45 insertions(+), 36 deletions(-) diff --git a/README.zh-tw.md b/README.zh-tw.md index fe9e71f..324cba8 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -1,49 +1,58 @@ -# 🚀 用於 GitHub Actions 的 SSH +# 🚀 GitHub Actions 的 SSH -[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. +[English](./README.md) +[简体中文](./README.zh-cn.md) + +[GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) +此專案使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。🚀 + ## 輸入變數 -更詳細的資訊,請參閱 [action.yml](./action.yml)。 +請參閱 [action.yml](./action.yml) 以獲取更詳細的信息。 -* `host` - SSH 主機 -* `port` - SSH 連接埠,預設為 `22` -* `username` - SSH 使用者名稱 -* `password` - SSH 密碼 -* `passphrase` - 通常用於加密私鑰的 passphrase -* `sync` - 同步執行多個主機上的命令,預設為 false -* `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s` -* `command_timeout` - SSH 命令超時時間,預設為 10m -* `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行 -* `key_path` - SSH 私鑰的路徑 -* `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 -* `script` - 執行命令 -* `script_file` - 執行命令的文件 -* `script_stop` - 當出現第一個錯誤時停止執行命令 -* `envs` - 傳遞環境變數到 shell script -* `debug` - 啟用偵錯模式 -* `use_insecure_cipher` - 使用不安全的密碼(ciphers)進行加密,參見 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `cipher` - 允許使用的密碼(ciphers)演算法。如果未指定,則使用適當的演算法 +| 輸入參數 | 描述 | 預設值 | +| ------------------------- | ----------------------------------------------------- | ------ | +| host | SSH 主機地址 | | +| port | SSH 埠號 | 22 | +| passphrase | SSH 金鑰密碼 | | +| username | SSH 使用者名稱 | | +| password | SSH 密碼 | | +| protocol | SSH 協議版本 (tcp, tcp4, tcp6) | tcp | +| sync | 如果有多個主機,啟用同步執行 | false | +| use_insecure_cipher | 包含更多不安全的加密算法 | false | +| cipher | 允許的加密算法。如果未指定,則使用合理的預設值 | | +| timeout | SSH 連接主機的超時時間 | 30s | +| command_timeout | SSH 命令的超時時間 | 10m | +| key | SSH 私鑰的內容。例如,~/.ssh/id_rsa 的原始內容 | | +| key_path | SSH 私鑰的路徑 | | +| fingerprint | 主機公鑰的 SHA256 指紋 | | +| proxy_host | SSH 代理主機 | | +| proxy_port | SSH 代理埠號 | 22 | +| proxy_protocol | SSH 代理協議版本 (tcp, tcp4, tcp6) | tcp | +| proxy_username | SSH 代理使用者名稱 | | +| proxy_password | SSH 代理密碼 | | +| proxy_passphrase | SSH 代理金鑰密碼 | | +| proxy_timeout | SSH 連接代理主機的超時時間 | 30s | +| proxy_key | SSH 代理私鑰的內容 | | +| proxy_key_path | SSH 代理私鑰的路徑 | | +| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | +| proxy_cipher | 代理允許的加密算法 | | +| proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | +| script | 執行命令 | | +| script_file | 從文件中執行命令 | | +| script_stop | 在第一次失敗後停止腳本 | false | +| envs | 將環境變數傳遞給 shell 腳本 | | +| envs_format | 環境值傳遞的靈活配置 | | +| debug | 啟用調試模式 | false | +| allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | +| request_pty | 從伺服器請求偽終端 | false | -SSH 代理設置: - -* `proxy_host` - 代理主機 -* `proxy_port` - 代理端口,預設為 `22` -* `proxy_username` - 代理使用者名稱 -* `proxy_password` - 代理密碼 -* `proxy_passphrase` - 密碼通常用於加密私有金鑰 -* `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s` -* `proxy_key` - SSH 代理私有金鑰內容 -* `proxy_key_path` - SSH 代理私有金鑰路徑 -* `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 -* `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 - -## 使用方式 +## 用法 執行遠端 SSH 命令 From 43d4ebbb72699ed0e9e8aeead91adfc4eac75ed6 Mon Sep 17 00:00:00 2001 From: Kyle Leonhard Date: Sun, 17 Nov 2024 16:57:32 -0800 Subject: [PATCH 131/167] chore: Add test to stable workflow for script_path (#347) --- .github/workflows/stable.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 29ea7fa..9209737 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -42,6 +42,15 @@ jobs: set -e whoami + - name: ssh commands from a file + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script_path: testdata/test.sh + check-ssh-key: runs-on: ubuntu-latest steps: From 6137f733fb6aad9941aaf990e4df5af3aef72d1c Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 23 Nov 2024 23:30:53 +0800 Subject: [PATCH 132/167] docs: improve project documentation and organization - Add a project description mentioning the use of Golang and drone-ssh - Replace the list of input variables with a table format for better readability and organization Signed-off-by: appleboy --- README.zh-cn.md | 70 +++++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 32 deletions(-) diff --git a/README.zh-cn.md b/README.zh-cn.md index 98505f4..4dc12b1 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -6,42 +6,48 @@ [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) +该项目使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。🚀 + ## 输入变量 更详细的信息,请参考 [action.yml](./action.yml)。 -* `host` - SSH 主机 -* `port` - SSH 连接端口,默认为 `22` -* `username` - SSH 用户名称 -* `password` - SSH 密码 -* `passphrase` - 通常用于加密私钥的 passphrase -* `sync` - 同步执行多个主机上的命令,默认为 false -* `timeout` - SSH 连接到远程主机的超时时间,默认为 `30s` -* `command_timeout` - SSH 命令超时时间,默认为 10m -* `key` - SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容,请记得包含 BEGIN 和 END 行 -* `key_path` - SSH 私钥的路径 -* `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 -* `script` - 执行命令 -* `script_file` - 執行命令的文件 -* `script_stop` - 当出现第一个错误时停止执行命令 -* `envs` - 传递环境变量到 shell script -* `debug` - 启用调试模式 -* `use_insecure_cipher` - 使用不安全的密码(ciphers)进行加密,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `cipher` - 允许使用的密码(ciphers)算法。如果未指定,则使用适当的算法 - -SSH 代理设置: - -* `proxy_host` - 代理主机 -* `proxy_port` - 代理端口,默认为 `22` -* `proxy_username` - 代理用户名 -* `proxy_password` - 代理密码 -* `proxy_passphrase` - 密码通常用于加密私有密钥 -* `proxy_timeout` - SSH 连接至代理主机的超时时间,默认为 `30s` -* `proxy_key` - SSH 代理私有密钥内容 -* `proxy_key_path` - SSH 代理私有密钥路径 -* `proxy_fingerprint` - 代理主机公钥的 SHA256 指纹,默认为跳过验证 -* `proxy_use_insecure_cipher` - 使用不安全的加密方式,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `proxy_cipher` - 允许的加密算法。如果未指定,则使用合理的算法 +| 输入参数 | 描述 | 默认值 | +| ------------------------- | ----------------------------------------------------- | ------ | +| host | SSH 主机地址 | | +| port | SSH 端口号 | 22 | +| passphrase | SSH 密钥密码短语 | | +| username | SSH 用户名 | | +| password | SSH 密码 | | +| protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp | +| sync | 如果有多个主机,启用同步执行 | false | +| use_insecure_cipher | 使用不安全的密码算法 | false | +| cipher | 允许的密码算法。如果未指定,则使用适当的算法 | | +| timeout | SSH 连接到主机的超时时间 | 30s | +| command_timeout | SSH 命令的超时时间 | 10m | +| key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | | +| key_path | SSH 私钥的路径 | | +| fingerprint | 主机公钥的 SHA256 指纹 | | +| proxy_host | SSH 代理主机 | | +| proxy_port | SSH 代理端口 | 22 | +| proxy_protocol | SSH 代理协议版本(tcp, tcp4, tcp6) | tcp | +| proxy_username | SSH 代理用户名 | | +| proxy_password | SSH 代理密码 | | +| proxy_passphrase | SSH 代理密钥密码短语 | | +| proxy_timeout | SSH 连接到代理主机的超时时间 | 30s | +| proxy_key | SSH 代理私钥的内容 | | +| proxy_key_path | SSH 代理私钥的路径 | | +| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | +| proxy_cipher | 代理允许的密码算法 | | +| proxy_use_insecure_cipher | 使用不安全的密码算法 | false | +| script | 执行命令 | | +| script_file | 从文件执行命令 | | +| script_stop | 在第一次失败后停止脚本 | false | +| envs | 传递环境变量到 shell 脚本 | | +| envs_format | 环境变量传递的灵活配置 | | +| debug | 启用调试模式 | false | +| allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | +| request_pty | 请求伪终端 | false | ## 使用方法 From b76e6173e8c2787083cd8d94b715e6a01844d137 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 1 Dec 2024 10:10:43 +0800 Subject: [PATCH 133/167] docs(readme): standardize and format README files across languages - Remove an empty line in `README.md` - Replace underscores with bold formatting for default key types in `README.zh-cn.md` and `README.zh-tw.md` - Standardize list formatting in `README.md`, `README.zh-cn.md`, and `README.zh-tw.md` Signed-off-by: appleboy --- README.md | 25 ++++++++++++------------- README.zh-cn.md | 27 +++++++++++++-------------- README.zh-tw.md | 27 +++++++++++++-------------- 3 files changed, 38 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 0a204a3..fd5229d 100644 --- a/README.md +++ b/README.md @@ -60,19 +60,18 @@ Executing remote SSH commands. name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: linuxserver.io - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: linuxserver.io + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` output: @@ -152,9 +151,9 @@ See the detail information about [SSH login without password](http://www.linuxpr **A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: -* Put the public key in `.ssh/authorized_keys2` -* Change the permissions of `.ssh` to 700 -* Change the permissions of `.ssh/authorized_keys2` to 640 +- Put the public key in `.ssh/authorized_keys2` +- Change the permissions of `.ssh` to 700 +- Change the permissions of `.ssh/authorized_keys2` to 640 ### If you are using OpenSSH @@ -231,7 +230,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - script_path: scripts/script.sh + script_path: scripts/script.sh ``` #### Multiple Hosts diff --git a/README.zh-cn.md b/README.zh-cn.md index 4dc12b1..4ab55e9 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -57,19 +57,18 @@ name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` 画面输出 @@ -132,9 +131,9 @@ clip < ~/.ssh/id_ed25519 **来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改: -* 将公钥放在 `.ssh/authorized_keys2` 中 -* 将 `.ssh` 的权限更改为700 -* 将 `.ssh/authorized_keys2` 的权限更改为640 +- 将公钥放在 `.ssh/authorized_keys2` 中 +- 将 `.ssh` 的权限更改为 700 +- 将 `.ssh/authorized_keys2` 的权限更改为 640 ### 如果你使用的是 OpenSSH @@ -227,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - script_path: scripts/script.sh + script_path: scripts/script.sh ``` #### 多个不同端口的主机 @@ -380,7 +379,7 @@ Host FooServer 设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 -现代 OpenSSH 版本中,需要提取的_默认密钥_类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 +现代 OpenSSH 版本中,需要提取的**默认密钥**类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2 diff --git a/README.zh-tw.md b/README.zh-tw.md index 324cba8..4c5d04b 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -60,19 +60,18 @@ name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` 畫面輸出 @@ -135,9 +134,9 @@ clip < ~/.ssh/id_ed25519 **來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: -* 將公鑰放在 `.ssh/authorized_keys2` 中 -* 將 `.ssh` 的權限更改為700 -* 將 `.ssh/authorized_keys2` 的權限更改為640 +- 將公鑰放在 `.ssh/authorized_keys2` 中 +- 將 `.ssh` 的權限更改為 700 +- 將 `.ssh/authorized_keys2` 的權限更改為 640 ### 如果你使用的是 OpenSSH @@ -214,7 +213,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - script_path: scripts/script.sh + script_path: scripts/script.sh ``` #### 多台主機 @@ -383,7 +382,7 @@ Host FooServer 設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 -現代 OpenSSH 版本中,需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 +現代 OpenSSH 版本中,需要提取的**默認金鑰**類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 From 48531853a70097fbb21625def44933e73f9b3ec1 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 1 Dec 2024 10:12:22 +0800 Subject: [PATCH 134/167] docs(readme): refactor README files to improve language link structure - Combine language links into a single line in `README.md` - Add links to English and Traditional Chinese README in `README.zh-cn.md` - Combine language links into a single line in `README.zh-tw.md` Signed-off-by: appleboy --- README.md | 3 +-- README.zh-cn.md | 2 ++ README.zh-tw.md | 3 +-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fd5229d..d4bbd1a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # 🚀 SSH for GitHub Actions -[繁體中文](./README.zh-tw.md) -[简体中文](./README.zh-cn.md) +[繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. diff --git a/README.zh-cn.md b/README.zh-cn.md index 4ab55e9..fc1d5d8 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -1,5 +1,7 @@ # 🚀 用于 GitHub Actions 的 SSH +[English](./README.md) | [繁體中文](./README.zh-tw.md) + [GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-tw.md b/README.zh-tw.md index 4c5d04b..72cc09a 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -1,7 +1,6 @@ # 🚀 GitHub Actions 的 SSH -[English](./README.md) -[简体中文](./README.zh-cn.md) +[English](./README.md) | [简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 From 1c1ad10f6da46db2f81a68133f45b6a29317b741 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 2 Dec 2024 21:25:26 +0800 Subject: [PATCH 135/167] ci(action): remove script stop functionality from project (#350) - Remove the `stop script if command error` step from GitHub workflows - Remove the `script_stop` option from the README and its translations - Remove the `script_stop` input from `action.yml` Signed-off-by: appleboy --- .github/workflows/main.yml | 19 ------------------- .github/workflows/stable.yml | 19 ------------------- README.md | 32 -------------------------------- README.zh-cn.md | 32 -------------------------------- README.zh-tw.md | 32 -------------------------------- action.yml | 3 --- 6 files changed, 137 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6c35463..37f16c2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -123,22 +123,6 @@ jobs: port: 2222 script: whoami - - name: stop script if command error - uses: ./ - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - key: password - port: 2222 - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al - support-key-passphrase: runs-on: ubuntu-latest steps: @@ -215,7 +199,6 @@ jobs: key: ${{ env.PRIVATE_KEY }} port: 2222 passphrase: 1234 - script_stop: true script: | ls \ -lah @@ -292,7 +275,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} passphrase: 1234 - script_stop: true script: | whoami @@ -488,7 +470,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} port: 2222 - script_stop: true request_pty: true command_timeout: 30s script: | diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 9209737..82f4764 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -123,22 +123,6 @@ jobs: port: 2222 script: whoami - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - key: password - port: 2222 - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al - support-key-passphrase: runs-on: ubuntu-latest steps: @@ -215,7 +199,6 @@ jobs: key: ${{ env.PRIVATE_KEY }} port: 2222 passphrase: 1234 - script_stop: true script: | ls \ -lah @@ -292,7 +275,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} passphrase: 1234 - script_stop: true script: | whoami @@ -478,7 +460,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} port: 2222 - script_stop: true request_pty: true command_timeout: 30s script: | diff --git a/README.md b/README.md index d4bbd1a..273ffc4 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ See [action.yml](./action.yml) for more detailed information. | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | | script_file | Execute commands from a file | | -| script_stop | Stop script after first failure | false | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | @@ -304,37 +303,6 @@ The default value of `port` is `22`. _Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ -#### Stop script after first failure - -> ex: missing `abc` folder - -```diff - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ script_stop: true - script: | - mkdir abc/def - ls -al -``` - -output: - -```sh -======CMD====== -mkdir abc/def -ls -al - -======END====== -2019/11/21 01:16:21 Process exited with status 1 -err: mkdir: cannot create directory ‘abc/def’: No such file or directory -##[error]Docker run failed with exit code 1 -``` - #### How to connect remote server using `ProxyCommand`? ```bash diff --git a/README.zh-cn.md b/README.zh-cn.md index fc1d5d8..564a057 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -44,7 +44,6 @@ | proxy_use_insecure_cipher | 使用不安全的密码算法 | false | | script | 执行命令 | | | script_file | 从文件执行命令 | | -| script_stop | 在第一次失败后停止脚本 | false | | envs | 传递环境变量到 shell 脚本 | | | envs_format | 环境变量传递的灵活配置 | | | debug | 启用调试模式 | false | @@ -285,37 +284,6 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ -#### 在第一次失败后停止脚本 - -> ex: missing `abc` folder - -```diff - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ script_stop: true - script: | - mkdir abc/def - ls -al -``` - -画面输出: - -```sh -======CMD====== -mkdir abc/def -ls -al - -======END====== -2019/11/21 01:16:21 Process exited with status 1 -err: mkdir: cannot create directory ‘abc/def’: No such file or directory -##[error]Docker run failed with exit code 1 -``` - #### 如何使用 `ProxyCommand` 连接远程服务器? ```bash diff --git a/README.zh-tw.md b/README.zh-tw.md index 72cc09a..885e661 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -44,7 +44,6 @@ | proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | | script | 執行命令 | | | script_file | 從文件中執行命令 | | -| script_stop | 在第一次失敗後停止腳本 | false | | envs | 將環境變數傳遞給 shell 腳本 | | | envs_format | 環境值傳遞的靈活配置 | | | debug | 啟用調試模式 | false | @@ -285,37 +284,6 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ -#### 在第一次失敗後停止腳本 - -> ex: missing `abc` folder - -```diff - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ script_stop: true - script: | - mkdir abc/def - ls -al -``` - -畫面輸出: - -```sh -======CMD====== -mkdir abc/def -ls -al - -======END====== -2019/11/21 01:16:21 Process exited with status 1 -err: mkdir: cannot create directory ‘abc/def’: No such file or directory -##[error]Docker run failed with exit code 1 -``` - #### 如何使用 `ProxyCommand` 連接遠程服務器? ```bash diff --git a/action.yml b/action.yml index 19668ab..ef72096 100644 --- a/action.yml +++ b/action.yml @@ -65,8 +65,6 @@ inputs: description: "Commands to be executed." script_path: description: "Path to the file containing commands to be executed." - script_stop: - description: "Stop the script after the first failure." envs: description: "Environment variables to be passed to the shell script." envs_format: @@ -113,7 +111,6 @@ runs: INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} INPUT_SCRIPT: ${{ inputs.script }} INPUT_SCRIPT_FILE: ${{ inputs.script_path }} - INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} INPUT_ENVS: ${{ inputs.envs }} INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} INPUT_DEBUG: ${{ inputs.debug }} From e13c387332e012cca188219684f51e6ac401aa32 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 2 Dec 2024 23:19:33 +0800 Subject: [PATCH 136/167] ci(action): display an environment variable with special characters (#351) - Add a new job `testing07` with steps to set environment variables and create an SSH server container - Set a special character password in environment variables - Run a Docker container for an OpenSSH server and capture its IP address - Add steps to SSH into the server using username and password authentication Signed-off-by: appleboy --- .github/workflows/main.yml | 45 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 37f16c2..6b2df98 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -504,3 +504,48 @@ jobs: command_timeout: 30s script: | whoami + + testing07: + name: some special character + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: Set Environment Variables + run: | + PASS='3HUS$?8kLu)}' + printf "PASS=${PASS}" >> $GITHUB_ENV + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD='${{ env.PASS }}' \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by username and password + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: ${{ env.PASS }} + port: 2222 + script: | + #!/usr/bin/env bash + set -e + whoami From 102c0d2e5f9f4ec3afb6392f674a1ae9e970dea9 Mon Sep 17 00:00:00 2001 From: Jesse <7832163+GammaGames@users.noreply.github.com> Date: Tue, 3 Dec 2024 18:49:35 -0700 Subject: [PATCH 137/167] feat: capture stdout and store as output (#287) --- .github/workflows/main.yml | 45 ++++++++++++++++++++++++++++++++++++++ action.yml | 12 +++++++++- entrypoint.sh | 9 +++++++- 3 files changed, 64 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6b2df98..4d8a6a4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -549,3 +549,48 @@ jobs: #!/usr/bin/env bash set -e whoami + + testing-capturing-output: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - id: stdout + name: ssh command with stdout + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + whoami + + - name: check stdout + run: | + echo "stdout: ${{ steps.stdout.outputs.stdout }}" diff --git a/action.yml b/action.yml index ef72096..9aa8ce0 100644 --- a/action.yml +++ b/action.yml @@ -75,6 +75,14 @@ inputs: description: "pass all environment variable to shell script." request_pty: description: "Request a pseudo-terminal from the server." + capture_stdout: + description: "Capture the stdout of the commands." + default: "false" + +outputs: + stdout: + description: 'Standard output of the executed commands.' + value: ${{ steps.entrypoint.outputs.stdout }} runs: using: "composite" @@ -84,7 +92,8 @@ runs: shell: bash env: GITHUB_ACTION_PATH: ${{ github.action_path }} - - name: Run entrypoint.sh + - id: entrypoint + name: Run entrypoint.sh run: entrypoint.sh shell: bash env: @@ -121,6 +130,7 @@ runs: INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} INPUT_SYNC: ${{ inputs.sync }} + INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }} branding: icon: "terminal" diff --git a/entrypoint.sh b/entrypoint.sh index abd5809..1c0edb8 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -64,7 +64,14 @@ TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} + echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version echo "===========================" -sh -c "${TARGET} $*" # run the command +if [[ "$INPUT_CAPTURE_STDOUT" == 'true' ]]; then + echo 'stdout<> $GITHUB_OUTPUT # use heredoc for multiline output + sh -c "${TARGET} $*" | tee -a $GITHUB_OUTPUT # run the command + echo 'EOF' >> $GITHUB_OUTPUT +else + sh -c "${TARGET} $*" # run the command +fi From 66aa4d343bf909ac4fa0ac52f4e62a9adc354c95 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 5 Dec 2024 16:23:32 +0800 Subject: [PATCH 138/167] ci: add SSH testing job to GitHub Actions workflow (#355) * ci: add SSH testing job to GitHub Actions workflow https://github.com/appleboy/ssh-action/issues/335#issuecomment-2372414496 - Add a new job `testing-script-stop` to the GitHub Actions workflow - Set up an SSH server using a Docker container within the new job - Capture the container's IP address and store it in the GitHub environment - Add a step to run an SSH command with stdout capture - Include a script to test conditional logic within the SSH command - Add a step to check and print the captured stdout from the SSH command Signed-off-by: Bo-Yi Wu * ci: improve GitHub Actions workflow with conditional checks - Add conditional checks in GitHub Actions workflow to handle 'True' and 'False' outputs Signed-off-by: Bo-Yi Wu * ci: standardize naming and validation of stdout steps - Rename `stdout` step to `stdout01` in the GitHub Actions workflow - Rename `check stdout` step to `check stdout 01` - Update references to `stdout` to `stdout01` in echo and grep commands - Add a new step `stdout02` for SSH command execution with stdout capture - Add a new step `check stdout 02` to validate the output of `stdout02` step Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/main.yml | 87 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4d8a6a4..3d51589 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -594,3 +594,90 @@ jobs: - name: check stdout run: | echo "stdout: ${{ steps.stdout.outputs.stdout }}" + + testing-script-stop: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - id: stdout01 + name: ssh command with stdout 01 + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + echo "TMP TESTING IF" + if [[ "2" == "1" ]]; then + echo "True" + else + echo "False" + fi + + - name: check stdout 01 + run: | + echo "stdout: ${{ steps.stdout01.outputs.stdout }}" + if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "True"; then + echo "Output contains 'True'" + exit 1 + fi + if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "False"; then + echo "Output contains 'False'" + fi + + - id: stdout02 + name: ssh command with stdout 01 + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + echo "TMP TESTING IF" + if [[ "1" == "1" ]]; then + echo "True" + else + echo "False" + fi + + - name: check stdout 02 + run: | + echo "stdout: ${{ steps.stdout02.outputs.stdout }}" + if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "False"; then + echo "Output contains 'False'" + exit 1 + fi + if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "True"; then + echo "Output contains 'True'" + fi From 86aa40ddb7d085faad449ea3e1726b81949ef86b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Jan 2025 09:31:39 +0800 Subject: [PATCH 139/167] ci: add SSH server testing to GitHub Actions workflow - Add a new job `testing-script-error` to the GitHub Actions workflow - Use `actions/checkout@v4` to check out the code - Create and run a new SSH server container using `lscr.io/linuxserver/openssh-server:latest` - Capture the container's IP address and set it as an environment variable - Add a step to test script errors with `continue-on-error: true` - Configure the test script to connect to the SSH server and run a command that will fail (`ls /nonexistent`) Signed-off-by: Bo-Yi Wu --- .github/workflows/main.yml | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3d51589..7737940 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -681,3 +681,44 @@ jobs: if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "True"; then echo "Output contains 'True'" fi + + testing-script-error: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: test script error + uses: ./ + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + ls /nonexistent From 49751ff51697f88206b6c7a0f60f83d1a880b26d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Jan 2025 10:17:01 +0800 Subject: [PATCH 140/167] docs: standardize `script_file` naming to `script_path` in documentation (#360) - Rename `script_file` to `script_path` in README.md - Rename `script_file` to `script_path` in README.zh-cn.md - Rename `script_file` to `script_path` in README.zh-tw.md Signed-off-by: Bo-Yi Wu --- README.md | 2 +- README.zh-cn.md | 2 +- README.zh-tw.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 273ffc4..d2d81cb 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ See [action.yml](./action.yml) for more detailed information. | proxy_cipher | Allowed cipher algorithms for the proxy | | | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | -| script_file | Execute commands from a file | | +| script_path | Execute commands from a file | | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | diff --git a/README.zh-cn.md b/README.zh-cn.md index 564a057..832b2f4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -43,7 +43,7 @@ | proxy_cipher | 代理允许的密码算法 | | | proxy_use_insecure_cipher | 使用不安全的密码算法 | false | | script | 执行命令 | | -| script_file | 从文件执行命令 | | +| script_path | 从文件执行命令 | | | envs | 传递环境变量到 shell 脚本 | | | envs_format | 环境变量传递的灵活配置 | | | debug | 启用调试模式 | false | diff --git a/README.zh-tw.md b/README.zh-tw.md index 885e661..42e1c58 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -43,7 +43,7 @@ | proxy_cipher | 代理允許的加密算法 | | | proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | | script | 執行命令 | | -| script_file | 從文件中執行命令 | | +| script_path | 從文件中執行命令 | | | envs | 將環境變數傳遞給 shell 腳本 | | | envs_format | 環境值傳遞的靈活配置 | | | debug | 啟用調試模式 | false | From 8faa84277b88b6cd1455986f459aa66cf72bc8a3 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 19 Feb 2025 17:50:00 +0800 Subject: [PATCH 141/167] chore: standardize formatting and update dependencies in workflows - Change the title format in the bug report template from single quotes to double quotes - Update `appleboy/ssh-action` version from `v1.2.0` to `v1.2.1` in multiple workflow files - Remove unnecessary blank lines in the bug report template Signed-off-by: Bo-Yi Wu --- .github/ISSUE_TEMPLATE/bug_report.md | 20 ++++++++--------- .github/workflows/stable.yml | 32 ++++++++++++++-------------- README.md | 24 ++++++++++----------- README.zh-cn.md | 24 ++++++++++----------- README.zh-tw.md | 24 ++++++++++----------- 5 files changed, 61 insertions(+), 63 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 5270fdf..08635d5 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,10 +1,9 @@ --- name: Bug report about: Create a report to help us improve -title: '' +title: "" labels: bug assignees: appleboy - --- ## Describe the bug @@ -19,19 +18,18 @@ Please post your Yaml configuration file along with the output results. name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.1 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` ## Related environment diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 82f4764..f58c693 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -43,7 +43,7 @@ jobs: whoami - name: ssh commands from a file - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -104,7 +104,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -114,7 +114,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -167,7 +167,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -192,7 +192,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -269,7 +269,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -322,7 +322,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -375,7 +375,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -386,7 +386,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: FOO: "BAR" with: @@ -400,7 +400,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: FOO: "BAR" BAR: "FOO" @@ -419,7 +419,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: FOO: "BAR" AAA: "BBB" @@ -437,7 +437,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -454,7 +454,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io diff --git a/README.md b/README.md index d2d81cb..ccc9a28 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -192,7 +192,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -205,7 +205,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -222,7 +222,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -235,7 +235,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -253,7 +253,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -268,7 +268,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: "foo.com,bar.com" + sync: true @@ -284,7 +284,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -331,7 +331,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -354,7 +354,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -380,7 +380,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 832b2f4..f676ba2 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -162,7 +162,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -175,7 +175,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -188,7 +188,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -205,7 +205,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: ”foo.com“ + host: ”foo.com,bar.com“ @@ -221,7 +221,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -234,7 +234,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: ”foo.com“ + host: ”foo.com:1234,bar.com:5678“ @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ”foo.com,bar.com“ + sync: true @@ -265,7 +265,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 + env: + FOO: ”BAR“ + BAR: ”FOO“ @@ -312,7 +312,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -333,7 +333,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -359,7 +359,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 42e1c58..f84bc2d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -162,7 +162,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -175,7 +175,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -188,7 +188,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -205,7 +205,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -218,7 +218,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -234,7 +234,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: "foo.com,bar.com" + sync: true @@ -265,7 +265,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -312,7 +312,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -333,7 +333,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -359,7 +359,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 9817ef4a1793d4009d854d26cfb0ba4b615d5791 Mon Sep 17 00:00:00 2001 From: Seth Landry Date: Mon, 24 Feb 2025 06:31:51 -0600 Subject: [PATCH 142/167] docs(readme): set -e for script_stop functionality (#368) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #367 Add a note in the "Input variables" section of `README.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. Add a note in the "输入变量" section of `README.zh-cn.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. Add a note in the "輸入變數" section of `README.zh-tw.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/appleboy/ssh-action/issues/367?shareId=XXXX-XXXX-XXXX-XXXX). --- README.md | 2 ++ README.zh-cn.md | 2 ++ README.zh-tw.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index ccc9a28..90a2275 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,8 @@ See [action.yml](./action.yml) for more detailed information. | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | +**Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. + ## Usage Executing remote SSH commands. diff --git a/README.zh-cn.md b/README.zh-cn.md index f676ba2..367844b 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -50,6 +50,8 @@ | allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | | request_pty | 请求伪终端 | false | +**注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 + ## 使用方法 执行远程 SSH 命令 diff --git a/README.zh-tw.md b/README.zh-tw.md index f84bc2d..5953350 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -50,6 +50,8 @@ | allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | | request_pty | 從伺服器請求偽終端 | false | +**注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 + ## 用法 執行遠端 SSH 命令 From 92737056c0040ce12606ea20e76e4bcb9824d517 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 7 Mar 2025 08:10:39 +0800 Subject: [PATCH 143/167] docs: improve documentation and defaults for execution and security - Clarify that synchronous execution is enabled if multiple hosts are specified - Specify that sensible defaults are used for allowed cipher algorithms if unspecified - Clarify that environment variables are passed to the shell script Signed-off-by: Bo-Yi Wu --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 90a2275..740dd59 100644 --- a/README.md +++ b/README.md @@ -22,9 +22,9 @@ See [action.yml](./action.yml) for more detailed information. | username | SSH username | | | password | SSH password | | | protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | -| sync | Enable synchronous execution if multiple hosts | false | +| sync | Enable synchronous execution if multiple hosts are specified | false | | use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | -| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| cipher | Allowed cipher algorithms. If unspecified, sensible defaults are used | | | timeout | Timeout duration for SSH to host | 30s | | command_timeout | Timeout duration for SSH command | 10m | | key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | @@ -44,7 +44,7 @@ See [action.yml](./action.yml) for more detailed information. | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | | script_path | Execute commands from a file | | -| envs | Pass environment variables to shell script | | +| envs | Pass environment variables to the shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | From d99ccf8c09d72749f8eed879283eceea73f4ca6e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:42:40 +0800 Subject: [PATCH 144/167] docs: improve documentation clarity and consistency - Change "GitHub Action" to "A GitHub Action" for clarity. - Update phrasing from "built using" to "built with" for consistency. - Revise "Make sure to follow the below steps" to "Follow the steps below" for improved readability. - Modify "best practice is create" to "It is best practice to create" for grammatical correctness. - Change "Add newly generated key into Authorized keys" to "Add the newly generated key to the Authorized keys" for clarity. - Update "Copy Private Key content and paste in Github Secrets" to "Copy the Private Key content and paste it into GitHub Secrets" for consistency. - Change "install `clip` command" to "install the `clip` command" for grammatical correctness. - Revise "See the detail information about" to "See detailed information about" for improved readability. - Update "A note from one of our readers" to "Note: Depending on your version of SSH" for clarity. - Change "Make sure that your key algorithm of choice is supported" to "Ensure that your chosen key algorithm is supported" for conciseness. - Revise "Alternatively, `ed25519` keys are accepted by default" to "Alternatively, `ed25519` keys are accepted by default in OpenSSH" for clarity. - Update "if you are running a command in a non interactive shell" to "If you are running a command in a non-interactive shell" for grammatical correctness. Signed-off-by: appleboy --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 740dd59..36d38cd 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,17 @@ [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) -[GitHub Action](https://github.com/features/actions) for executing remote SSH commands. +A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This project is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 +This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 ## Input variables -See [action.yml](./action.yml) for more detailed information. +Refer to [action.yml](./action.yml) for more detailed information. | Input Parameter | Description | Default Value | | ------------------------- | ---------------------------------------------------------------------------------------- | ------------- | @@ -88,9 +88,9 @@ linuxserver.io ### Setting up a SSH Key -Make sure to follow the below steps while creating SSH Keys and using them. -The best practice is create the SSH Keys on local machine not remote machine. -Login with username specified in Github Secrets. Generate a RSA Key-Pair: +Follow the steps below to create and use SSH Keys. +It is best practice to create SSH Keys on your local machine, not on a remote machine. +Log in with the username specified in GitHub Secrets and generate an RSA Key-Pair: ### Generate rsa key @@ -104,7 +104,7 @@ ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). +Add the newly generated key to the Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). ### Add rsa key into Authorized keys @@ -118,18 +118,18 @@ cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -Copy Private Key content and paste in Github Secrets. +Copy the Private Key content and paste it into GitHub Secrets. ### Copy rsa Private key -Before copying the private key, install `clip` command as shown below: +Before copying the private key, install the `clip` command as shown below: ```bash # Ubuntu sudo apt-get install xclip ``` -copy the private key: +Copy the private key: ```bash # macOS @@ -147,9 +147,9 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). +See detailed information about [SSH login without a password](http://www.linuxproblem.org/art_9.html). -**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: +**Note**: Depending on your version of SSH, you might also need to make the following changes: - Put the public key in `.ssh/authorized_keys2` - Change the permissions of `.ssh` to 700 @@ -163,13 +163,13 @@ If you are currently using OpenSSH and are getting the following error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): +Ensure that your chosen key algorithm is supported. On Ubuntu 20.04 or later, you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): ```bash CASignatureAlgorithms +ssh-rsa ``` -Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: +Alternatively, `ed25519` keys are accepted by default in OpenSSH. You can use this instead of rsa if needed: ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -400,7 +400,7 @@ Now you can adjust you config: See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. -Basically, if you are running a command in a non interactive shell, like ssh-action, on many linux distros, +If you are running a command in a non-interactive shell, like ssh-action, on many Linux distros, `/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, @@ -415,7 +415,7 @@ Basically, if you are running a command in a non interactive shell, like ssh-act [ -z "$PS1" ] && return` ``` -just comment out the line that returns early and everything should work fine, or you can use the real paths of the commands that you would like to use. +comment out the line that returns early, and everything should work fine. Alternatively, you can use the real paths of the commands you want to use. ## Contributing From 01a53594ebd450be519b0d93972a7efca79d50ee Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:47:51 +0800 Subject: [PATCH 145/167] docs: enhance language support and improve documentation clarity - Add Simplified Chinese as an option in the language selection - Improve the phrasing of sentences for clarity in the GitHub Action description - Update instructions for enabling synchronous execution for multiple hosts - Clarify the default behavior for the cipher option - Change the wording for SSH command execution to enhance readability - Update the username in the example to a specific value - Revise instructions for copying SSH keys to include installation steps for the `clip` command - Adjust the phrasing for security practices regarding private key protection - Update the license statement to specify the MIT license more clearly - Change section titles for better consistency and clarity across languages Signed-off-by: appleboy --- README.zh-cn.md | 133 +++++++++++++++++++++++++++--------------------- README.zh-tw.md | 29 ++++++++--- 2 files changed, 98 insertions(+), 64 deletions(-) diff --git a/README.zh-cn.md b/README.zh-cn.md index 367844b..d609ba6 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -1,8 +1,8 @@ # 🚀 用于 GitHub Actions 的 SSH -[English](./README.md) | [繁體中文](./README.zh-tw.md) +[English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 -[GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 +一个用于执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) @@ -12,7 +12,7 @@ ## 输入变量 -更详细的信息,请参考 [action.yml](./action.yml)。 +有关更详细的信息,请参阅 [action.yml](./action.yml)。 | 输入参数 | 描述 | 默认值 | | ------------------------- | ----------------------------------------------------- | ------ | @@ -22,9 +22,9 @@ | username | SSH 用户名 | | | password | SSH 密码 | | | protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp | -| sync | 如果有多个主机,启用同步执行 | false | +| sync | 如果指定了多个主机,则启用同步执行 | false | | use_insecure_cipher | 使用不安全的密码算法 | false | -| cipher | 允许的密码算法。如果未指定,则使用适当的算法 | | +| cipher | 允许的密码算法。如果未指定,则使用适当的默认值 | | | timeout | SSH 连接到主机的超时时间 | 30s | | command_timeout | SSH 命令的超时时间 | 10m | | key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | | @@ -54,7 +54,7 @@ ## 使用方法 -执行远程 SSH 命令 +执行远程 SSH 命令。 ```yaml name: remote ssh command @@ -68,19 +68,19 @@ jobs: uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + username: linuxserver.io password: ${{ secrets.PASSWORD }} port: ${{ secrets.PORT }} script: whoami ``` -画面输出 +输出: ```sh ======CMD====== whoami ======END====== -out: *** +linuxserver.io =============================================== ✅ Successfully executed commands to all hosts. =============================================== @@ -88,18 +88,20 @@ out: *** ### 设置 SSH 密钥 -请在创建 SSH 密钥并使用 SSH 密钥时遵循以下步骤。最佳做法是在本地机器上创建 SSH 密钥而不是远程机器上。请使用 Github Secrets 中指定的用户名登录。生成 RSA 密钥: +请按照以下步骤创建和使用 SSH 密钥。 +最佳做法是在本地机器上创建 SSH 密钥,而不是在远程机器上。 +使用 GitHub Secrets 中指定的用户名登录并生成 RSA 密钥对: ### 生成 RSA 密钥 ```bash -ssh-keygen -t rsa -b 4096 -C ”your_email@example.com“ +ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` ### 生成 ed25519 密钥 ```bash -ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` 将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 @@ -107,32 +109,47 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ### 将 RSA 密钥添加到已授权密钥中 ```bash -cat .ssh/id_rsa.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` ### 将 ed25519 密钥添加到已授权密钥中 ```bash -cat .ssh/id_ed25519.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -复制私钥内容,然后将其粘贴到 Github Secrets 中。 +复制私钥内容,然后将其粘贴到 GitHub Secrets 中。 -### 复制 rsa 私钥内容 +### 复制 RSA 私钥内容 + +在复制私钥之前,按照以下步骤安装 `clip` 命令: ```bash -clip < ~/.ssh/id_rsa +# Ubuntu +sudo apt-get install xclip +``` + +复制私钥: + +```bash +# macOS +pbcopy < ~/.ssh/id_rsa +# Ubuntu +xclip < ~/.ssh/id_rsa ``` ### 复制 ed25519 私钥内容 ```bash -clip < ~/.ssh/id_ed25519 +# macOS +pbcopy < ~/.ssh/id_ed25519 +# Ubuntu +xclip < ~/.ssh/id_ed25519 ``` 有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 -**来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改: +**注意**:根据您的 SSH 版本,您可能还需要进行以下更改: - 将公钥放在 `.ssh/authorized_keys2` 中 - 将 `.ssh` 的权限更改为 700 @@ -146,19 +163,19 @@ clip < ~/.ssh/id_ed25519 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 SSH-RSA 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): +请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 ssh-rsa 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): ```bash CASignatureAlgorithms +ssh-rsa ``` -或者,`Ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA。 +或者,`ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA: ```bash -ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### Example +### 示例 #### 使用密码执行远程 SSH 命令 @@ -203,23 +220,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ![result](./images/output-result.png) -#### 多台主机 - -```diff - - name: multiple host - uses: appleboy/ssh-action@v1.2.1 - with: -- host: ”foo.com“ -+ host: ”foo.com,bar.com“ - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al -``` - -#### Commands from a file +#### 从文件执行命令 ```yaml - name: file commands @@ -232,14 +233,32 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ script_path: scripts/script.sh ``` +#### 多台主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.2.1 + with: +- host: "foo.com" ++ host: "foo.com,bar.com" + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +默认的 `port` 值是 `22`。 + #### 多个不同端口的主机 ```diff - name: multiple host uses: appleboy/ssh-action@v1.2.1 with: -- host: ”foo.com“ -+ host: ”foo.com:1234,bar.com:5678“ +- host: "foo.com" ++ host: "foo.com:1234,bar.com:5678" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} script: | @@ -253,7 +272,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ - name: multiple host uses: appleboy/ssh-action@v1.2.1 with: - host: ”foo.com,bar.com“ + host: "foo.com,bar.com" + sync: true username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} @@ -263,14 +282,14 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ls -al ``` -#### 将环境变量传递到 Shell 脚本 +#### 将环境变量传递到 shell 脚本 ```diff - name: pass environment uses: appleboy/ssh-action@v1.2.1 + env: -+ FOO: ”BAR“ -+ BAR: ”FOO“ ++ FOO: "BAR" ++ BAR: "FOO" + SHA: ${{ github.sha }} with: host: ${{ secrets.HOST }} @@ -279,9 +298,9 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA script: | - echo ”I am $FOO“ - echo ”I am $BAR“ - echo ”sha: $SHA“ + echo "I am $FOO" + echo "I am $BAR" + echo "sha: $SHA" ``` _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ @@ -289,9 +308,9 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 #### 如何使用 `ProxyCommand` 连接远程服务器? ```bash -+———+ +-———+ +————+ -| Laptop | <—> | Jumphost | <—> | FooServer | -+———+ +-———+ +————+ ++--------+ +----------+ +-----------+ +| Laptop | <--> | Jumphost | <--> | FooServer | ++--------+ +----------+ +-----------+ ``` 在您的 `~/.ssh/config` 文件中,您会看到以下内容。 @@ -329,9 +348,9 @@ Host FooServer ls -al ``` -#### 如何保护私钥? +#### 保护私钥 -密码短语通常用于加密私钥。这使得攻击者无法单独使用密钥文件。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。因此,保护私钥非常重要。 +密码短语通常用于加密私钥。这使得密钥文件本身对攻击者无用。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。 ```diff - name: ssh key passphrase @@ -351,10 +370,10 @@ Host FooServer 设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 -现代 OpenSSH 版本中,需要提取的**默认密钥**类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 +在现代 OpenSSH 版本中,默认提取的密钥类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 ```sh -ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2 +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` 现在您可以调整您的配置: @@ -379,4 +398,4 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ## 授权方式 -本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 +本项目中的脚本和文档采用 [MIT 许可证](LICENSE) 发布。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 5953350..21b497d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -1,6 +1,6 @@ # 🚀 GitHub Actions 的 SSH -[English](./README.md) | [简体中文](./README.zh-cn.md) +[English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 @@ -68,7 +68,7 @@ jobs: uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + username: linuxserver.io password: ${{ secrets.PASSWORD }} port: ${{ secrets.PORT }} script: whoami @@ -80,7 +80,7 @@ jobs: ======CMD====== whoami ======END====== -out: *** +linuxserver.io =============================================== ✅ Successfully executed commands to all hosts. =============================================== @@ -120,19 +120,34 @@ cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ### 複製 rsa 私鑰內容 +在複製私鑰之前,請按照以下說明安裝 `clip` 命令: + ```bash -clip < ~/.ssh/id_rsa +# Ubuntu +sudo apt-get install xclip +``` + +複製私鑰: + +```bash +# macOS +pbcopy < ~/.ssh/id_rsa +# Ubuntu +xclip < ~/.ssh/id_rsa ``` ### 複製 ed25519 私鑰內容 ```bash -clip < ~/.ssh/id_ed25519 +# macOS +pbcopy < ~/.ssh/id_ed25519 +# Ubuntu +xclip < ~/.ssh/id_ed25519 ``` 有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 -**來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: +**注意**:根據您的 SSH 版本,您可能還需要進行以下更改: - 將公鑰放在 `.ssh/authorized_keys2` 中 - 將 `.ssh` 的權限更改為 700 @@ -203,7 +218,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### Commands from a file +#### 從文件中執行命令 ```yaml - name: file commands From 48992f2e2c17668bdf29d9b0159c70758d39cd02 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:50:53 +0800 Subject: [PATCH 146/167] docs: prioritize English in language selection options - Change the language options to include English as the first option. Signed-off-by: appleboy --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 36d38cd..ca442fd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # 🚀 SSH for GitHub Actions -[繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) +English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. From 039c9e07bb37b35054415f27cdbfd7645237832d Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:55:34 +0800 Subject: [PATCH 147/167] docs: update README with private key instructions in multiple languages - Add instructions for copying the private key to GitHub Secrets in English, Chinese (Simplified), and Chinese (Traditional) versions of the README. ref: https://github.com/appleboy/ssh-action/issues/6#issuecomment-922368411 Signed-off-by: appleboy --- README.md | 2 ++ README.zh-cn.md | 2 ++ README.zh-tw.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index ca442fd..d537645 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,8 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` +Starting from and including the comment section `-----BEGIN OPENSSH PRIVATE KEY-----` and ending at and including the comment section `-----END OPENSSH PRIVATE KEY-----`, copy the private key and paste it into GitHub Secrets. + ### Copy ed25519 Private key ```bash diff --git a/README.zh-cn.md b/README.zh-cn.md index d609ba6..c9c058e 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -138,6 +138,8 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` +从包含注释部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 开始,到包含注释部分 `-----END OPENSSH PRIVATE KEY-----` 结束,复制私钥并将其粘贴到 GitHub Secrets 中。 + ### 复制 ed25519 私钥内容 ```bash diff --git a/README.zh-tw.md b/README.zh-tw.md index 21b497d..c44ae7e 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -136,6 +136,8 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` +從包含註釋部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 開始,到包含註釋部分 `-----END OPENSSH PRIVATE KEY-----` 結束,複製私鑰並將其粘貼到 GitHub Secrets 中。 + ### 複製 ed25519 私鑰內容 ```bash From b0a8f324e192469585a608d1f586061cf28a6571 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 9 Mar 2025 21:54:21 +0800 Subject: [PATCH 148/167] chore: bump DRONE_SSH version to 1.8.1 - Update the default version of DRONE_SSH from 1.8.0 to 1.8.1 Signed-off-by: appleboy --- entrypoint.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 1c0edb8..17dbeda 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ export GITHUB="true" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.0}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.1}" function detect_client_info() { if [ -n "${SSH_CLIENT_OS-}" ]; then @@ -69,9 +69,9 @@ echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version echo "===========================" if [[ "$INPUT_CAPTURE_STDOUT" == 'true' ]]; then - echo 'stdout<> $GITHUB_OUTPUT # use heredoc for multiline output + echo 'stdout<>$GITHUB_OUTPUT # use heredoc for multiline output sh -c "${TARGET} $*" | tee -a $GITHUB_OUTPUT # run the command - echo 'EOF' >> $GITHUB_OUTPUT + echo 'EOF' >>$GITHUB_OUTPUT else sh -c "${TARGET} $*" # run the command fi From a0a032693916dbcde4f0dd3e881dc58c97e35180 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 9 Mar 2025 22:02:08 +0800 Subject: [PATCH 149/167] docs: clarify parameter descriptions for improved documentation - Update descriptions for various input parameters to provide clearer guidance on their usage. - Enhance the description for the `capture_stdout` parameter to specify its effect on action output. - Modify the description for the `stdout` output to clarify its relation to the `capture_stdout` setting. Signed-off-by: appleboy --- action.yml | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/action.yml b/action.yml index 9aa8ce0..c3af2a4 100644 --- a/action.yml +++ b/action.yml @@ -3,85 +3,85 @@ description: "Executing remote ssh commands" author: "Bo-Yi Wu" inputs: host: - description: "SSH host address." + description: "SSH host address or IP to connect to." port: - description: "SSH port number." + description: "SSH port number for the connection." default: "22" passphrase: - description: "Passphrase for the SSH key." + description: "Passphrase to decrypt the SSH private key if protected." username: - description: "SSH username." + description: "SSH username for authentication on the remote server." password: - description: "SSH password." + description: "SSH password for authentication (use secrets for sensitive data)." protocol: - description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).' default: "tcp" sync: - description: "Enable synchronous execution if multiple hosts are involved." + description: "When true, executes commands synchronously across multiple hosts (one after another)." use_insecure_cipher: - description: "Include more ciphers by using insecure ciphers." + description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems." cipher: - description: "Allowed cipher algorithms. If unspecified, a sensible default is used." + description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults." timeout: - description: "Timeout duration for establishing SSH connection to the host." + description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'." default: "30s" command_timeout: - description: "Timeout duration for SSH commands execution." + description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'." default: "10m" key: - description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa." + description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)." key_path: - description: "Path to the SSH private key file." + description: "Path to the SSH private key file on the runner." fingerprint: - description: "SHA256 fingerprint of the host public key." + description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks." proxy_host: - description: "SSH proxy host address." + description: "Proxy server hostname or IP if connecting through an SSH jump host." proxy_port: - description: "SSH proxy port number." + description: "SSH port number for the proxy connection." default: "22" proxy_username: - description: "SSH proxy username." + description: "Username for authentication on the proxy server." proxy_password: - description: "SSH proxy password." + description: "Password for authentication on the proxy server (use secrets for sensitive data)." proxy_protocol: - description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).' default: "tcp" proxy_passphrase: - description: "SSH proxy key passphrase." + description: "Passphrase to decrypt the proxy SSH private key if protected." proxy_timeout: - description: "Timeout duration for establishing SSH connection to the proxy host." + description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'." default: "30s" proxy_key: - description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa." + description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)." proxy_key_path: - description: "Path to the SSH proxy private key file." + description: "Path to the SSH proxy private key file on the runner." proxy_fingerprint: - description: "SHA256 fingerprint of the proxy host public key." + description: "SHA256 fingerprint of the proxy host public key for verification." proxy_cipher: - description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used." + description: "Specify custom cipher algorithms for proxy connection encryption." proxy_use_insecure_cipher: - description: "Include more ciphers for the proxy by using insecure ciphers." + description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)." script: - description: "Commands to be executed." + description: "Commands to execute on the remote server (inline script string)." script_path: - description: "Path to the file containing commands to be executed." + description: "Path to a local file containing commands to execute on the remote server." envs: - description: "Environment variables to be passed to the shell script." + description: "Environment variables to expose to the remote script, format: key=value,key2=value2." envs_format: - description: "Flexible configuration for environment value transfer." + description: "Format specification for environment variable transfer (for advanced usage)." debug: - description: "Enable debug mode." + description: "Set to true to enable verbose logging for troubleshooting connection issues." allenvs: - description: "pass all environment variable to shell script." + description: "When true, passes all GitHub Actions environment variables to the remote script." request_pty: - description: "Request a pseudo-terminal from the server." + description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)." capture_stdout: - description: "Capture the stdout of the commands." + description: "When true, captures and returns standard output from the commands as action output." default: "false" outputs: stdout: - description: 'Standard output of the executed commands.' + description: "Standard output of the executed commands when capture_stdout is enabled." value: ${{ steps.entrypoint.outputs.stdout }} runs: From 2ead5e36573f08b82fbfce1504f1a4b05a647c6f Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 9 Mar 2025 22:08:40 +0800 Subject: [PATCH 150/167] chore: update action version across workflows and documentation - Update the version of `appleboy/ssh-action` from `v1.2.1` to `v1.2.2` in multiple files - Modify the bug report template to reflect the updated action version - Change the action version in the stable workflow file - Adjust the action version in the README files for consistency across documentation - Ensure the action version is updated in both Chinese language README files Signed-off-by: appleboy --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/workflows/stable.yml | 32 ++++++++++++++-------------- README.md | 24 ++++++++++----------- README.zh-cn.md | 24 ++++++++++----------- README.zh-tw.md | 24 ++++++++++----------- 5 files changed, 53 insertions(+), 53 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 08635d5..74cf8b2 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index f58c693..e373457 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -43,7 +43,7 @@ jobs: whoami - name: ssh commands from a file - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -104,7 +104,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -114,7 +114,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -167,7 +167,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -192,7 +192,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -269,7 +269,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -322,7 +322,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -375,7 +375,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -386,7 +386,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: FOO: "BAR" with: @@ -400,7 +400,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: FOO: "BAR" BAR: "FOO" @@ -419,7 +419,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: FOO: "BAR" AAA: "BBB" @@ -437,7 +437,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -454,7 +454,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io diff --git a/README.md b/README.md index d537645..aea5988 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -384,7 +384,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index c9c058e..034837e 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -356,7 +356,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -382,7 +382,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index c44ae7e..b2a86e9 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -181,7 +181,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -194,7 +194,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -224,7 +224,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -237,7 +237,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -253,7 +253,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -268,7 +268,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "foo.com,bar.com" + sync: true @@ -284,7 +284,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -331,7 +331,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -378,7 +378,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 2b3c6504b3e1405c32b38787b6d20b223a1ecebc Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 15 Mar 2025 14:57:10 +0800 Subject: [PATCH 151/167] ci: unify and enhance GitHub workflow configurations - Update appleboy/ssh-action to use the generic v1 version instead of v1.2.2 for multiple steps within the workflow Signed-off-by: appleboy --- .github/workflows/stable.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index e373457..7bffc93 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -43,7 +43,7 @@ jobs: whoami - name: ssh commands from a file - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -104,7 +104,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -114,7 +114,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -167,7 +167,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -192,7 +192,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -269,7 +269,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -322,7 +322,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -375,7 +375,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -386,7 +386,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: FOO: "BAR" with: @@ -400,7 +400,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: FOO: "BAR" BAR: "FOO" @@ -419,7 +419,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: FOO: "BAR" AAA: "BBB" @@ -437,7 +437,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -454,7 +454,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io From 52a1840ca6cafe7e0e1e15e8649b935ba4e33077 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 15 Mar 2025 15:01:18 +0800 Subject: [PATCH 152/167] docs: update SSH action version to v1 in all README files (#372) - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in the README.md file - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-cn.md - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-tw.md Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ README.zh-cn.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index aea5988..bd43d9a 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -384,7 +384,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 034837e..455b8bf 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -356,7 +356,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -382,7 +382,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index b2a86e9..7ce7036 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -181,7 +181,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -194,7 +194,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -224,7 +224,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -237,7 +237,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -253,7 +253,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -268,7 +268,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" + sync: true @@ -284,7 +284,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" + BAR: "FOO" @@ -331,7 +331,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -378,7 +378,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From b6690ee817812c18c1bcc05cd08d0011e6aabc63 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 29 Mar 2025 00:25:15 +0800 Subject: [PATCH 153/167] refactor: improve error handling and code readability across scripts (#374) - Add `log_error` function for error handling - Simplify the detection of client platform and architecture - Use `log_error` for unsupported platform or architecture handling - Use consistent quoting for variable expansions - Improve readability for `curl` and `chmod` commands - Simplify the commands for running and capturing stdout Signed-off-by: appleboy --- entrypoint.sh | 80 ++++++++++++++++++--------------------------------- 1 file changed, 28 insertions(+), 52 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 17dbeda..58bc1bd 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -10,51 +10,25 @@ GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.1}" -function detect_client_info() { - if [ -n "${SSH_CLIENT_OS-}" ]; then - CLIENT_PLATFORM="${SSH_CLIENT_OS}" - else - local kernel - kernel="$(uname -s)" - case "${kernel}" in - Darwin) - CLIENT_PLATFORM="darwin" - ;; - Linux) - CLIENT_PLATFORM="linux" - ;; - Windows) - CLIENT_PLATFORM="windows" - ;; - *) - echo "Unknown, unsupported platform: ${kernel}." >&2 - echo "Supported platforms: Linux, Darwin and Windows." >&2 - echo "Bailing out." >&2 - exit 2 - ;; - esac - fi +function log_error() { + echo "$1" >&2 + exit "$2" +} - if [ -n "${SSH_CLIENT_ARCH-}" ]; then - CLIENT_ARCH="${SSH_CLIENT_ARCH}" - else - local machine - machine="$(uname -m)" - case "${machine}" in - x86_64* | i?86_64* | amd64*) - CLIENT_ARCH="amd64" - ;; - aarch64* | arm64*) - CLIENT_ARCH="arm64" - ;; - *) - echo "Unknown, unsupported architecture (${machine})." >&2 - echo "Supported architectures x86_64, i686, arm64." >&2 - echo "Bailing out." >&2 - exit 3 - ;; - esac - fi +function detect_client_info() { + CLIENT_PLATFORM="${SSH_CLIENT_OS:-$(uname -s | tr '[:upper:]' '[:lower:]')}" + CLIENT_ARCH="${SSH_CLIENT_ARCH:-$(uname -m)}" + + case "${CLIENT_PLATFORM}" in + darwin | linux | windows) ;; + *) log_error "Unknown, unsupported platform: ${CLIENT_PLATFORM}. Supported platforms: Linux, Darwin, and Windows." 2 ;; + esac + + case "${CLIENT_ARCH}" in + x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;; + aarch64* | arm64*) CLIENT_ARCH="arm64" ;; + *) log_error "Unknown, unsupported architecture: ${CLIENT_ARCH}. Supported architectures: x86_64, i686, arm64." 3 ;; + esac } detect_client_info @@ -62,16 +36,18 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} -chmod +x ${TARGET} +curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" +chmod +x "${TARGET}" echo "======= CLI Version =======" -sh -c "${TARGET} --version" # print version +"${TARGET}" --version echo "===========================" -if [[ "$INPUT_CAPTURE_STDOUT" == 'true' ]]; then - echo 'stdout<>$GITHUB_OUTPUT # use heredoc for multiline output - sh -c "${TARGET} $*" | tee -a $GITHUB_OUTPUT # run the command - echo 'EOF' >>$GITHUB_OUTPUT +if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then + { + echo 'stdout<>"${GITHUB_OUTPUT}" else - sh -c "${TARGET} $*" # run the command + "${TARGET}" "$@" fi From 689de3cf649b7be1e792eeea9fc0571dcc0c3e4f Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 29 Mar 2025 00:27:23 +0800 Subject: [PATCH 154/167] docs: improve CLI messaging and error clarity for users - Clarify error message for unsupported platforms - Clarify error message for unsupported architectures - Change download message to indicate ongoing action - Expand CLI version header for clarity Signed-off-by: appleboy --- entrypoint.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 58bc1bd..7a2cd52 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -21,13 +21,13 @@ function detect_client_info() { case "${CLIENT_PLATFORM}" in darwin | linux | windows) ;; - *) log_error "Unknown, unsupported platform: ${CLIENT_PLATFORM}. Supported platforms: Linux, Darwin, and Windows." 2 ;; + *) log_error "Unknown or unsupported platform: ${CLIENT_PLATFORM}. Supported platforms are Linux, Darwin, and Windows." 2 ;; esac case "${CLIENT_ARCH}" in x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;; aarch64* | arm64*) CLIENT_ARCH="arm64" ;; - *) log_error "Unknown, unsupported architecture: ${CLIENT_ARCH}. Supported architectures: x86_64, i686, arm64." 3 ;; + *) log_error "Unknown or unsupported architecture: ${CLIENT_ARCH}. Supported architectures are x86_64, i686, and arm64." 3 ;; esac } @@ -35,13 +35,13 @@ detect_client_info DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" -echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" +echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" chmod +x "${TARGET}" -echo "======= CLI Version =======" +echo "======= CLI Version Information =======" "${TARGET}" --version -echo "===========================" +echo "=======================================" if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then { echo 'stdout< Date: Sat, 29 Mar 2025 00:29:34 +0800 Subject: [PATCH 155/167] chore: refactor system to improve efficiency and update API usage - Update changelog order value from `4` to `5` Signed-off-by: appleboy --- .goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 01b1081..fcd5b97 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -24,5 +24,5 @@ changelog: order: 4 - title: "Documentation updates" regexp: ^.*?docs?(\(.+\))??!?:.+$ - order: 4 + order: 5 - title: Others From 20d5c5bbc91841863c09aaa3a6797061bbf148a4 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 29 Mar 2025 12:43:09 +0800 Subject: [PATCH 156/167] feat: add configurable curl insecure flag to GitHub action - Add input parameter `curl_insecure` to `action.yml` with a default value of false - Pass `curl_insecure` input to the action's environment in `action.yml` - Modify `entrypoint.sh` to conditionally add the `--insecure` option to curl if `INPUT_CURL_INSECURE` is true Signed-off-by: appleboy --- action.yml | 4 ++++ entrypoint.sh | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index c3af2a4..e9ab5f9 100644 --- a/action.yml +++ b/action.yml @@ -75,6 +75,9 @@ inputs: description: "When true, passes all GitHub Actions environment variables to the remote script." request_pty: description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)." + curl_insecure: + description: "When true, uses the --insecure option with curl for insecure downloads." + default: "false" capture_stdout: description: "When true, captures and returns standard output from the commands as action output." default: "false" @@ -131,6 +134,7 @@ runs: INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} INPUT_SYNC: ${{ inputs.sync }} INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }} + INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }} branding: icon: "terminal" diff --git a/entrypoint.sh b/entrypoint.sh index 7a2cd52..495bf5b 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -36,7 +36,12 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" +INSECURE_OPTION="" +if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then + INSECURE_OPTION="--insecure" +fi + +curl -fsSL --retry 5 --keepalive-time 2 ${INSECURE_OPTION} "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" chmod +x "${TARGET}" echo "======= CLI Version Information =======" From 9ca1cd21746f53919166547633817ce20c8b5394 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 29 Mar 2025 12:46:43 +0800 Subject: [PATCH 157/167] docs: document the new `curl_insecure` configuration option - Add `curl_insecure` option to README.md - Add `curl_insecure` option to README.zh-cn.md - Add `curl_insecure` option to README.zh-tw.md Signed-off-by: appleboy --- README.md | 1 + README.zh-cn.md | 1 + README.zh-tw.md | 1 + 3 files changed, 3 insertions(+) diff --git a/README.md b/README.md index bd43d9a..09bcfe4 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ Refer to [action.yml](./action.yml) for more detailed information. | debug | Enable debug mode | false | | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | +| curl_insecure | Allow curl to connect to SSL sites without certificates | false | **Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. diff --git a/README.zh-cn.md b/README.zh-cn.md index 455b8bf..0c5a1d4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -49,6 +49,7 @@ | debug | 启用调试模式 | false | | allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | | request_pty | 请求伪终端 | false | +| curl_insecure | 在 curl 中使用不安全的证书验证 | false | **注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 7ce7036..b877c3d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -49,6 +49,7 @@ | debug | 啟用調試模式 | false | | allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | | request_pty | 從伺服器請求偽終端 | false | +| curl_insecure | 在 curl 命令中使用不安全的 SSL 證書驗證 | false | **注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 From bd83ba7e2b3b59ec4007ddc30c72ef12e5d2fff7 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 10 Apr 2025 14:47:33 +0800 Subject: [PATCH 158/167] docs: document and configure drone-ssh version usage (#381) - Add `version` entry to README.md specifying drone-ssh binary version usage - Add `version` entry to README.zh-cn.md specifying drone-ssh version usage in Chinese - Add `version` entry to README.zh-tw.md specifying drone-ssh version usage in Traditional Chinese - Add `version` input to action.yml with description for drone-ssh version - Set DRONE_SSH_VERSION environment variable in action.yml to use specified version input Signed-off-by: Bo-Yi Wu --- README.md | 1 + README.zh-cn.md | 1 + README.zh-tw.md | 1 + action.yml | 4 ++++ 4 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 09bcfe4..755c3a5 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ Refer to [action.yml](./action.yml) for more detailed information. | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | | curl_insecure | Allow curl to connect to SSL sites without certificates | false | +| version | drone-ssh binary version. If not specified, the latest version will be used. | | **Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. diff --git a/README.zh-cn.md b/README.zh-cn.md index 0c5a1d4..dfc9a1c 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -50,6 +50,7 @@ | allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | | request_pty | 请求伪终端 | false | | curl_insecure | 在 curl 中使用不安全的证书验证 | false | +| version | drone-ssh 版本号。若未指定,将使用最新版本。 | | **注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 diff --git a/README.zh-tw.md b/README.zh-tw.md index b877c3d..7d0240b 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -50,6 +50,7 @@ | allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | | request_pty | 從伺服器請求偽終端 | false | | curl_insecure | 在 curl 命令中使用不安全的 SSL 證書驗證 | false | +| version | drone-ssh 版本號。若未指定,將使用最新版本。 | | **注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 diff --git a/action.yml b/action.yml index e9ab5f9..7027751 100644 --- a/action.yml +++ b/action.yml @@ -81,6 +81,9 @@ inputs: capture_stdout: description: "When true, captures and returns standard output from the commands as action output." default: "false" + version: + description: | + The version of drone-ssh to use. outputs: stdout: @@ -135,6 +138,7 @@ runs: INPUT_SYNC: ${{ inputs.sync }} INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }} INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }} + DRONE_SSH_VERSION: ${{ inputs.version }} branding: icon: "terminal" From 0e19dd962da42eb2f2b775d6e133dc9dfd424aa6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 10 Apr 2025 16:56:18 +0800 Subject: [PATCH 159/167] chore: improve robustness and consistency across multiple scripts - Combine `errexit`, `nounset`, and `pipefail` options into a single `set -euo pipefail` command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 495bf5b..1eb7733 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,8 +1,6 @@ #!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail +set -euo pipefail export GITHUB="true" From b80f638dc49d3b3a0321d26532f97c8eecb7276b Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 09:47:26 +0800 Subject: [PATCH 160/167] docs: rewrite and unify documentation across all supported languages - Rewrite and reorganize documentation for clarity and readability, including reworded introductions and consistent headings. - Improve input parameter tables: clarify descriptions, unify formatting, and better explain parameter purposes across all three languages. - Expand and update step-by-step SSH key setup guides, streamline copy instructions, and add practical notes and tips. - Enhance usage examples with clearer titles, better labels, and updated YAML examples for different authentication methods and scenarios. - Add new sections and tips on OpenSSH compatibility and troubleshooting "command not found" issues, with improved cross-platform guidance. - Refine explanations for host fingerprint verification, proxy setup, and command environment management. - Update and polish contributing and license sections for greater encouragement and style consistency. - Apply the above documentation improvements to both Simplified and Traditional Chinese versions for parity. Signed-off-by: appleboy --- README.md | 265 +++++++++++++++++++++++------------------------- README.zh-cn.md | 232 +++++++++++++++++++++++------------------- README.zh-tw.md | 238 +++++++++++++++++++++++-------------------- 3 files changed, 384 insertions(+), 351 deletions(-) diff --git a/README.md b/README.md index 755c3a5..4bf35fe 100644 --- a/README.md +++ b/README.md @@ -2,71 +2,75 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) -A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. +A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 +This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). -## Input variables +--- -Refer to [action.yml](./action.yml) for more detailed information. +## 📥 Input Parameters -| Input Parameter | Description | Default Value | -| ------------------------- | ---------------------------------------------------------------------------------------- | ------------- | -| host | SSH host address | | -| port | SSH port number | 22 | -| passphrase | SSH key passphrase | | -| username | SSH username | | -| password | SSH password | | -| protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | -| sync | Enable synchronous execution if multiple hosts are specified | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | -| cipher | Allowed cipher algorithms. If unspecified, sensible defaults are used | | -| timeout | Timeout duration for SSH to host | 30s | -| command_timeout | Timeout duration for SSH command | 10m | -| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | -| key_path | Path of SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_protocol | SSH proxy protocol version (tcp, tcp4, tcp6) | tcp | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | -| script | Execute commands | | -| script_path | Execute commands from a file | | -| envs | Pass environment variables to the shell script | | -| envs_format | Flexible configuration of environment value transfer | | -| debug | Enable debug mode | false | -| allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | -| request_pty | Request a pseudo-terminal from the server | false | -| curl_insecure | Allow curl to connect to SSL sites without certificates | false | -| version | drone-ssh binary version. If not specified, the latest version will be used. | | +For full details, see [action.yml](./action.yml). -**Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. +| Parameter | Description | Default | +| ------------------------- | --------------------------------------------------------------------------------- | ------- | +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | Passphrase for the SSH private key | | +| username | SSH username | | +| password | SSH password | | +| protocol | SSH protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | +| sync | Run synchronously if multiple hosts are specified | false | +| use_insecure_cipher | Allow additional (less secure) ciphers | false | +| cipher | Allowed cipher algorithms. Uses sensible defaults if unspecified | | +| timeout | Timeout for SSH connection to host | 30s | +| command_timeout | Timeout for SSH command execution | 10m | +| key | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) | | +| key_path | Path to SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_protocol | SSH proxy protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH connection to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path to SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Allow additional (less secure) ciphers for the proxy | false | +| script | Commands to execute remotely | | +| script_path | Path to a file containing commands to execute | | +| envs | Environment variables to pass to the shell script | | +| envs_format | Flexible configuration for environment variable transfer | | +| debug | Enable debug mode | false | +| allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | +| curl_insecure | Allow curl to connect to SSL sites without certificates | false | +| version | drone-ssh binary version. If not specified, the latest version will be used. | | -## Usage +> **Note:** To mimic the removed `script_stop` option, add `set -e` at the top of your shell script. -Executing remote SSH commands. +--- + +## 🚦 Usage Example + +Run remote SSH commands in your workflow: ```yaml -name: remote ssh command +name: Remote SSH Command on: [push] jobs: build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password + - name: Execute remote SSH commands using password uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -76,7 +80,7 @@ jobs: script: whoami ``` -output: +**Output:** ```sh ======CMD====== @@ -88,50 +92,35 @@ linuxserver.io =============================================== ``` -### Setting up a SSH Key +--- -Follow the steps below to create and use SSH Keys. -It is best practice to create SSH Keys on your local machine, not on a remote machine. -Log in with the username specified in GitHub Secrets and generate an RSA Key-Pair: +## 🔑 Setting Up SSH Keys -### Generate rsa key +It is best practice to create SSH keys on your local machine (not on a remote server). Log in with the username specified in GitHub Secrets and generate a key pair: + +### Generate RSA key ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### Generate ed25519 key +### Generate ED25519 key ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -Add the newly generated key to the Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). - -### Add rsa key into Authorized keys +Add the new public key to the authorized keys on your server. [Learn more about authorized keys.](https://www.ssh.com/ssh/authorized_keys/) ```bash -cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +# Add RSA key +cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' + +# Add ED25519 key +cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' ``` -### Add ed25519 key into Authorized keys - -```bash -cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' -``` - -Copy the Private Key content and paste it into GitHub Secrets. - -### Copy rsa Private key - -Before copying the private key, install the `clip` command as shown below: - -```bash -# Ubuntu -sudo apt-get install xclip -``` - -Copy the private key: +Copy the private key content and paste it into GitHub Secrets. ```bash # macOS @@ -140,9 +129,9 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` -Starting from and including the comment section `-----BEGIN OPENSSH PRIVATE KEY-----` and ending at and including the comment section `-----END OPENSSH PRIVATE KEY-----`, copy the private key and paste it into GitHub Secrets. +> **Tip:** Copy from `-----BEGIN OPENSSH PRIVATE KEY-----` to `-----END OPENSSH PRIVATE KEY-----` (inclusive). -### Copy ed25519 Private key +For ED25519: ```bash # macOS @@ -151,40 +140,44 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -See detailed information about [SSH login without a password](http://www.linuxproblem.org/art_9.html). +See more: [SSH login without a password](http://www.linuxproblem.org/art_9.html). -**Note**: Depending on your version of SSH, you might also need to make the following changes: +> **Note:** Depending on your SSH version, you may also need to: +> +> - Place the public key in `.ssh/authorized_keys2` +> - Set `.ssh` permissions to 700 +> - Set `.ssh/authorized_keys2` permissions to 640 -- Put the public key in `.ssh/authorized_keys2` -- Change the permissions of `.ssh` to 700 -- Change the permissions of `.ssh/authorized_keys2` to 640 +--- -### If you are using OpenSSH +## 🛡️ OpenSSH Compatibility -If you are currently using OpenSSH and are getting the following error: +If you see this error: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Ensure that your chosen key algorithm is supported. On Ubuntu 20.04 or later, you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): +On Ubuntu 20.04+ you may need to explicitly allow the `ssh-rsa` algorithm. Add this to your OpenSSH daemon config (`/etc/ssh/sshd_config` or a drop-in under `/etc/ssh/sshd_config.d/`): ```bash CASignatureAlgorithms +ssh-rsa ``` -Alternatively, `ed25519` keys are accepted by default in OpenSSH. You can use this instead of rsa if needed: +Alternatively, use ED25519 keys (supported by default): ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### Example +--- -#### Executing remote ssh commands using password +## 🧑‍💻 More Usage Examples + +### Using password authentication ```yaml -- name: executing remote ssh commands using password +- name: Execute remote SSH commands using password uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -194,10 +187,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### Using private key +### Using private key authentication ```yaml -- name: executing remote ssh commands using ssh key +- name: Execute remote SSH commands using SSH key uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -207,10 +200,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### Multiple Commands +### Multiple commands ```yaml -- name: multiple command +- name: Multiple commands uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -224,10 +217,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### Commands from a file +### Run commands from a file ```yaml -- name: file commands +- name: File commands uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -237,10 +230,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script_path: scripts/script.sh ``` -#### Multiple Hosts +### Multiple hosts ```diff - - name: multiple host + - name: Multiple hosts uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -253,12 +246,12 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -The default value of `port` is `22`. +Default `port` is `22`. -#### Multiple hosts with different port +### Multiple hosts with different ports ```diff - - name: multiple host + - name: Multiple hosts uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -270,10 +263,10 @@ The default value of `port` is `22`. ls -al ``` -#### Synchronous execution on multiple hosts +### Synchronous execution on multiple hosts ```diff - - name: multiple host + - name: Multiple hosts uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" @@ -286,10 +279,10 @@ The default value of `port` is `22`. ls -al ``` -#### Pass environment variable to shell script +### Pass environment variables to shell script ```diff - - name: pass environment + - name: Pass environment uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" @@ -307,9 +300,11 @@ The default value of `port` is `22`. echo "sha: $SHA" ``` -_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ +> _All environment variables in the `env` object must be strings. Using integers or other types may cause unexpected results._ -#### How to connect remote server using `ProxyCommand`? +--- + +## 🌐 Using ProxyCommand (Jump Host) ```bash +--------+ +----------+ +-----------+ @@ -317,7 +312,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p +--------+ +----------+ +-----------+ ``` -in your `~/.ssh/config`, you will see the following. +Example `~/.ssh/config`: ```bash Host Jumphost @@ -333,10 +328,10 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -#### How to convert to YAML format of GitHubActions +**GitHub Actions YAML:** ```diff - - name: ssh proxy command + - name: SSH proxy command uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -352,14 +347,14 @@ Host FooServer ls -al ``` -#### Protecting a Private Key +--- -The purpose of the passphrase is usually to encrypt the private key. -This makes the key file by itself useless to an attacker. -It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. +## 🔒 Protecting Your Private Key + +A passphrase encrypts your private key, making it useless to attackers if leaked. Always store your private key securely. ```diff - - name: ssh key passphrase + - name: SSH key passphrase uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -372,20 +367,20 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ls -al ``` -#### Using host fingerprint verification +--- -Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host. +## 🖐️ Host Fingerprint Verification -In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7). +Verifying the SSH host fingerprint helps prevent man-in-the-middle attacks. To get your host's fingerprint (replace `ed25519` with your key type and `example.com` with your host): ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -Now you can adjust you config: +Update your config: ```diff - - name: ssh key passphrase + - name: SSH key passphrase uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -398,33 +393,31 @@ Now you can adjust you config: ls -al ``` -## Q&A +--- + +## ❓ Q&A ### Command not found (npm or other command) -See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. +If you encounter "command not found" errors, see [this issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non-interactive shells. -If you are running a command in a non-interactive shell, like ssh-action, on many Linux distros, - -`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, +On many Linux distros, `/etc/bash.bashrc` contains: ```sh -# /etc/bash.bashrc -# System-wide .bashrc file for interactive bash(1) shells. - -# To enable the settings / commands in this file for login shells as well, -# this file has to be sourced in /etc/profile. - # If not running interactively, don't do anything -[ -z "$PS1" ] && return` +[ -z "$PS1" ] && return ``` -comment out the line that returns early, and everything should work fine. Alternatively, you can use the real paths of the commands you want to use. +Comment out this line or use absolute paths for your commands. -## Contributing +--- -We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! +## 🤝 Contributing -## License +Contributions are welcome! Please submit a pull request to help improve `appleboy/ssh-action`. -The scripts and documentation in this project are released under the [MIT License](LICENSE) +--- + +## 📝 License + +This project is licensed under the [MIT License](LICENSE). diff --git a/README.zh-cn.md b/README.zh-cn.md index dfc9a1c..609229a 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,71 +2,75 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 -一个用于执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 +一个让你轻松安全地执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -该项目使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。🚀 +本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。 -## 输入变量 +--- -有关更详细的信息,请参阅 [action.yml](./action.yml)。 +## 📥 输入参数 -| 输入参数 | 描述 | 默认值 | +详细参数请参阅 [action.yml](./action.yml)。 + +| 参数 | 描述 | 默认值 | | ------------------------- | ----------------------------------------------------- | ------ | | host | SSH 主机地址 | | | port | SSH 端口号 | 22 | -| passphrase | SSH 密钥密码短语 | | +| passphrase | SSH 私钥密码短语 | | | username | SSH 用户名 | | | password | SSH 密码 | | -| protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp | -| sync | 如果指定了多个主机,则启用同步执行 | false | -| use_insecure_cipher | 使用不安全的密码算法 | false | -| cipher | 允许的密码算法。如果未指定,则使用适当的默认值 | | -| timeout | SSH 连接到主机的超时时间 | 30s | -| command_timeout | SSH 命令的超时时间 | 10m | -| key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | | -| key_path | SSH 私钥的路径 | | +| protocol | SSH 协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多个主机时同步执行 | false | +| use_insecure_cipher | 允许额外(不安全)的加密算法 | false | +| cipher | 允许的加密算法,未指定时使用默认值 | | +| timeout | SSH 连接主机的超时时间 | 30s | +| command_timeout | SSH 命令执行超时时间 | 10m | +| key | SSH 私钥内容(如 `~/.ssh/id_rsa` 的原始内容) | | +| key_path | SSH 私钥路径 | | | fingerprint | 主机公钥的 SHA256 指纹 | | | proxy_host | SSH 代理主机 | | | proxy_port | SSH 代理端口 | 22 | -| proxy_protocol | SSH 代理协议版本(tcp, tcp4, tcp6) | tcp | +| proxy_protocol | SSH 代理协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | | proxy_username | SSH 代理用户名 | | | proxy_password | SSH 代理密码 | | -| proxy_passphrase | SSH 代理密钥密码短语 | | -| proxy_timeout | SSH 连接到代理主机的超时时间 | 30s | -| proxy_key | SSH 代理私钥的内容 | | -| proxy_key_path | SSH 代理私钥的路径 | | +| proxy_passphrase | SSH 代理私钥密码短语 | | +| proxy_timeout | SSH 连接代理主机的超时时间 | 30s | +| proxy_key | SSH 代理私钥内容 | | +| proxy_key_path | SSH 代理私钥路径 | | | proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | -| proxy_cipher | 代理允许的密码算法 | | -| proxy_use_insecure_cipher | 使用不安全的密码算法 | false | -| script | 执行命令 | | -| script_path | 从文件执行命令 | | -| envs | 传递环境变量到 shell 脚本 | | +| proxy_cipher | 代理允许的加密算法 | | +| proxy_use_insecure_cipher | 代理允许额外(不安全)的加密算法 | false | +| script | 远程执行的命令 | | +| script_path | 包含要执行命令的文件路径 | | +| envs | 传递给 shell 脚本的环境变量 | | | envs_format | 环境变量传递的灵活配置 | | | debug | 启用调试模式 | false | -| allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | -| request_pty | 请求伪终端 | false | -| curl_insecure | 在 curl 中使用不安全的证书验证 | false | -| version | drone-ssh 版本号。若未指定,将使用最新版本。 | | +| allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | +| request_pty | 向服务器请求伪终端 | false | +| curl_insecure | 允许 curl 连接无证书的 SSL 站点 | false | +| version | drone-ssh 二进制版本,未指定时使用最新版本 | | -**注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 +> **注意:** 如需实现已移除的 `script_stop` 功能,请在 shell 脚本顶部添加 `set -e`。 -## 使用方法 +--- -执行远程 SSH 命令。 +## 🚦 使用示例 + +在工作流中执行远程 SSH 命令: ```yaml -name: remote ssh command +name: Remote SSH Command on: [push] jobs: build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password + - name: 执行远程 SSH 命令(密码认证) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -76,7 +80,7 @@ jobs: script: whoami ``` -输出: +**输出:** ```sh ======CMD====== @@ -88,11 +92,11 @@ linuxserver.io =============================================== ``` -### 设置 SSH 密钥 +--- -请按照以下步骤创建和使用 SSH 密钥。 -最佳做法是在本地机器上创建 SSH 密钥,而不是在远程机器上。 -使用 GitHub Secrets 中指定的用户名登录并生成 RSA 密钥对: +## 🔑 配置 SSH 密钥 + +建议在本地机器(而非远程服务器)上创建 SSH 密钥。请使用 GitHub Secrets 中指定的用户名登录并生成密钥对: ### 生成 RSA 密钥 @@ -100,38 +104,23 @@ linuxserver.io ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 生成 ed25519 密钥 +### 生成 ED25519 密钥 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 - -### 将 RSA 密钥添加到已授权密钥中 +将新生成的公钥添加到服务器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/) ```bash -cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +# 添加 RSA 公钥 +cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' + +# 添加 ED25519 公钥 +cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' ``` -### 将 ed25519 密钥添加到已授权密钥中 - -```bash -cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' -``` - -复制私钥内容,然后将其粘贴到 GitHub Secrets 中。 - -### 复制 RSA 私钥内容 - -在复制私钥之前,按照以下步骤安装 `clip` 命令: - -```bash -# Ubuntu -sudo apt-get install xclip -``` - -复制私钥: +复制私钥内容并粘贴到 GitHub Secrets。 ```bash # macOS @@ -140,9 +129,9 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` -从包含注释部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 开始,到包含注释部分 `-----END OPENSSH PRIVATE KEY-----` 结束,复制私钥并将其粘贴到 GitHub Secrets 中。 +> **提示:** 复制内容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`(含)。 -### 复制 ed25519 私钥内容 +ED25519 同理: ```bash # macOS @@ -151,40 +140,44 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 +更多信息:[SSH 无密码登录](http://www.linuxproblem.org/art_9.html)。 -**注意**:根据您的 SSH 版本,您可能还需要进行以下更改: +> **注意:** 根据 SSH 版本,可能还需: +> +> - 将公钥放入 `.ssh/authorized_keys2` +> - 设置 `.ssh` 权限为 700 +> - 设置 `.ssh/authorized_keys2` 权限为 640 -- 将公钥放在 `.ssh/authorized_keys2` 中 -- 将 `.ssh` 的权限更改为 700 -- 将 `.ssh/authorized_keys2` 的权限更改为 640 +--- -### 如果你使用的是 OpenSSH +## 🛡️ OpenSSH 兼容性 -如果您正在使用 OpenSSH,并出现以下错误: +如果出现如下错误: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 ssh-rsa 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): +在 Ubuntu 20.04+,你可能需要显式允许 `ssh-rsa` 算法。请在 OpenSSH 配置文件(`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 文件)中添加: ```bash CASignatureAlgorithms +ssh-rsa ``` -或者,`ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA: +或者,直接使用默认支持的 ED25519 密钥: ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### 示例 +--- -#### 使用密码执行远程 SSH 命令 +## 🧑‍💻 更多用法示例 + +### 使用密码认证 ```yaml -- name: executing remote ssh commands using password +- name: 执行远程 SSH 命令(密码认证) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -194,10 +187,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 使用私钥 +### 使用私钥认证 ```yaml -- name: executing remote ssh commands using ssh key +- name: 执行远程 SSH 命令(密钥认证) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -207,10 +200,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 多个命令 +### 多条命令 ```yaml -- name: multiple command +- name: 多条命令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -224,10 +217,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### 从文件执行命令 +### 从文件执行命令 ```yaml -- name: file commands +- name: 文件命令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -237,10 +230,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script_path: scripts/script.sh ``` -#### 多台主机 +### 多主机 ```diff - - name: multiple host + - name: 多主机 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -253,12 +246,12 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -默认的 `port` 值是 `22`。 +默认 `port` 为 `22`。 -#### 多个不同端口的主机 +### 多主机不同端口 ```diff - - name: multiple host + - name: 多主机 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -270,10 +263,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 在多台主机上同步执行 +### 多主机同步执行 ```diff - - name: multiple host + - name: 多主机 uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" @@ -286,10 +279,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 将环境变量传递到 shell 脚本 +### 传递环境变量到 shell 脚本 ```diff - - name: pass environment + - name: 传递环境变量 uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" @@ -307,9 +300,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" echo "sha: $SHA" ``` -_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ +> _`env` 对象中的所有环境变量必须为字符串。传递整数或其他类型可能导致意外结果。_ -#### 如何使用 `ProxyCommand` 连接远程服务器? +--- + +## 🌐 使用 ProxyCommand(跳板机) ```bash +--------+ +----------+ +-----------+ @@ -317,7 +312,7 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 +--------+ +----------+ +-----------+ ``` -在您的 `~/.ssh/config` 文件中,您会看到以下内容。 +示例 `~/.ssh/config`: ```bash Host Jumphost @@ -333,10 +328,10 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -#### 如何将其转换为 GitHubActions 的 YAML 格式? +**GitHub Actions YAML:** ```diff - - name: ssh proxy command + - name: SSH 代理命令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -352,12 +347,14 @@ Host FooServer ls -al ``` -#### 保护私钥 +--- -密码短语通常用于加密私钥。这使得密钥文件本身对攻击者无用。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。 +## 🔒 保护你的私钥 + +密码短语会加密你的私钥,即使泄露也无法被攻击者直接利用。请务必妥善保管私钥。 ```diff - - name: ssh key passphrase + - name: SSH 密钥密码短语 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -370,20 +367,20 @@ Host FooServer ls -al ``` -#### 使用主机指纹验证 +--- -设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 +## 🖐️ 主机指纹验证 -在现代 OpenSSH 版本中,默认提取的密钥类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 +验证 SSH 主机指纹有助于防止中间人攻击。获取主机指纹(将 `ed25519` 替换为你的密钥类型,`example.com` 替换为你的主机): ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -现在您可以调整您的配置: +更新配置: ```diff - - name: ssh key passphrase + - name: SSH 密钥密码短语 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -396,10 +393,31 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ls -al ``` -## 贡献 +--- -我们非常希望您为 `appleboy/ssh-action` 做出贡献,欢迎提交请求! +## ❓ 常见问题 -## 授权方式 +### 命令未找到(npm 或其他命令) -本项目中的脚本和文档采用 [MIT 许可证](LICENSE) 发布。 +如果遇到 "command not found" 错误,请参考 [此评论](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解交互式与非交互式 shell 的区别。 + +许多 Linux 发行版的 `/etc/bash.bashrc` 包含如下内容: + +```sh +# If not running interactively, don't do anything +[ -z "$PS1" ] && return +``` + +注释掉该行或使用命令的绝对路径。 + +--- + +## 🤝 贡献 + +欢迎贡献!请提交 Pull Request 改进 `appleboy/ssh-action`。 + +--- + +## 📝 许可证 + +本项目采用 [MIT License](LICENSE) 授权。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 7d0240b..f93a310 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,71 +2,75 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) -[GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 +一個讓你輕鬆安全執行遠端 SSH 指令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -此專案使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。🚀 +本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。 -## 輸入變數 +--- -請參閱 [action.yml](./action.yml) 以獲取更詳細的信息。 +## 📥 輸入參數 -| 輸入參數 | 描述 | 預設值 | +完整參數請參閱 [action.yml](./action.yml)。 + +| 參數 | 說明 | 預設值 | | ------------------------- | ----------------------------------------------------- | ------ | -| host | SSH 主機地址 | | +| host | SSH 主機位址 | | | port | SSH 埠號 | 22 | -| passphrase | SSH 金鑰密碼 | | +| passphrase | SSH 私鑰密碼 | | | username | SSH 使用者名稱 | | | password | SSH 密碼 | | -| protocol | SSH 協議版本 (tcp, tcp4, tcp6) | tcp | -| sync | 如果有多個主機,啟用同步執行 | false | -| use_insecure_cipher | 包含更多不安全的加密算法 | false | -| cipher | 允許的加密算法。如果未指定,則使用合理的預設值 | | -| timeout | SSH 連接主機的超時時間 | 30s | -| command_timeout | SSH 命令的超時時間 | 10m | -| key | SSH 私鑰的內容。例如,~/.ssh/id_rsa 的原始內容 | | -| key_path | SSH 私鑰的路徑 | | +| protocol | SSH 協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多個主機時同步執行 | false | +| use_insecure_cipher | 允許額外(不安全)的加密演算法 | false | +| cipher | 允許的加密演算法,未指定時使用預設值 | | +| timeout | SSH 連線主機的逾時時間 | 30s | +| command_timeout | SSH 指令執行逾時時間 | 10m | +| key | SSH 私鑰內容(如 `~/.ssh/id_rsa` 的原始內容) | | +| key_path | SSH 私鑰路徑 | | | fingerprint | 主機公鑰的 SHA256 指紋 | | | proxy_host | SSH 代理主機 | | | proxy_port | SSH 代理埠號 | 22 | -| proxy_protocol | SSH 代理協議版本 (tcp, tcp4, tcp6) | tcp | +| proxy_protocol | SSH 代理協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | | proxy_username | SSH 代理使用者名稱 | | | proxy_password | SSH 代理密碼 | | -| proxy_passphrase | SSH 代理金鑰密碼 | | -| proxy_timeout | SSH 連接代理主機的超時時間 | 30s | -| proxy_key | SSH 代理私鑰的內容 | | -| proxy_key_path | SSH 代理私鑰的路徑 | | +| proxy_passphrase | SSH 代理私鑰密碼 | | +| proxy_timeout | SSH 連線代理主機的逾時時間 | 30s | +| proxy_key | SSH 代理私鑰內容 | | +| proxy_key_path | SSH 代理私鑰路徑 | | | proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | -| proxy_cipher | 代理允許的加密算法 | | -| proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | -| script | 執行命令 | | -| script_path | 從文件中執行命令 | | -| envs | 將環境變數傳遞給 shell 腳本 | | -| envs_format | 環境值傳遞的靈活配置 | | -| debug | 啟用調試模式 | false | -| allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | -| request_pty | 從伺服器請求偽終端 | false | -| curl_insecure | 在 curl 命令中使用不安全的 SSL 證書驗證 | false | -| version | drone-ssh 版本號。若未指定,將使用最新版本。 | | +| proxy_cipher | 代理允許的加密演算法 | | +| proxy_use_insecure_cipher | 代理允許額外(不安全)的加密演算法 | false | +| script | 遠端執行的指令 | | +| script_path | 包含要執行指令的檔案路徑 | | +| envs | 傳遞給 shell 腳本的環境變數 | | +| envs_format | 環境變數傳遞的彈性設定 | | +| debug | 啟用除錯模式 | false | +| allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false | +| request_pty | 向伺服器請求偽終端 | false | +| curl_insecure | 允許 curl 連線無憑證的 SSL 網站 | false | +| version | drone-ssh 執行檔版本,未指定時使用最新版本 | | -**注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 +> **注意:** 如需實現已移除的 `script_stop` 功能,請在 shell 腳本最上方加上 `set -e`。 -## 用法 +--- -執行遠端 SSH 命令 +## 🚦 使用範例 + +在工作流程中執行遠端 SSH 指令: ```yaml -name: remote ssh command +name: Remote SSH Command on: [push] jobs: build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password + - name: 執行遠端 SSH 指令(密碼認證) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -76,7 +80,7 @@ jobs: script: whoami ``` -畫面輸出 +**輸出:** ```sh ======CMD====== @@ -88,48 +92,35 @@ linuxserver.io =============================================== ``` -### 設置 SSH 金鑰 +--- -請在創建 SSH 金鑰並使用 SSH 金鑰時遵循以下步驟。最佳做法是在本地機器上創建 SSH 金鑰而不是遠端機器上。請使用 Github Secrets 中指定的用戶名登錄。生成 RSA 金鑰: +## 🔑 設定 SSH 金鑰 -### 生成 RSA 金鑰 +建議於本地端(非遠端伺服器)產生 SSH 金鑰。請以 GitHub Secrets 指定的使用者名稱登入並產生金鑰對: + +### 產生 RSA 金鑰 ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 生成 ed25519 金鑰 +### 產生 ED25519 金鑰 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -將新生成的金鑰添加到已授權的金鑰中。詳細了解已授權的金鑰請點擊[此處](https://www.ssh.com/ssh/authorized_keys/). - -### 將 RSA 金鑰添加到已授權金鑰中 +將新產生的公鑰加入伺服器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/) ```bash -cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +# 加入 RSA 公鑰 +cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' + +# 加入 ED25519 公鑰 +cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' ``` -### 將 ed25519 金鑰添加到已授權金鑰中 - -```bash -cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' -``` - -複製私鑰內容,然後將其粘貼到 Github Secrets 中。 - -### 複製 rsa 私鑰內容 - -在複製私鑰之前,請按照以下說明安裝 `clip` 命令: - -```bash -# Ubuntu -sudo apt-get install xclip -``` - -複製私鑰: +複製私鑰內容並貼到 GitHub Secrets。 ```bash # macOS @@ -138,9 +129,9 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` -從包含註釋部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 開始,到包含註釋部分 `-----END OPENSSH PRIVATE KEY-----` 結束,複製私鑰並將其粘貼到 GitHub Secrets 中。 +> **提示:** 複製內容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`(含)。 -### 複製 ed25519 私鑰內容 +ED25519 同理: ```bash # macOS @@ -149,40 +140,44 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 +更多資訊:[SSH 免密碼登入](http://www.linuxproblem.org/art_9.html)。 -**注意**:根據您的 SSH 版本,您可能還需要進行以下更改: +> **注意:** 根據 SSH 版本,可能還需: +> +> - 將公鑰放入 `.ssh/authorized_keys2` +> - 設定 `.ssh` 權限為 700 +> - 設定 `.ssh/authorized_keys2` 權限為 640 -- 將公鑰放在 `.ssh/authorized_keys2` 中 -- 將 `.ssh` 的權限更改為 700 -- 將 `.ssh/authorized_keys2` 的權限更改為 640 +--- -### 如果你使用的是 OpenSSH +## 🛡️ OpenSSH 相容性 -如果您正在使用 OpenSSH,並出現以下錯誤: +若出現以下錯誤: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -請確保您所選擇的密鑰演算法得到支援。在 Ubuntu 20.04 或更高版本上,您必須明確允許使用 SSH-RSA 演算法。請在 OpenSSH 守護進程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一個附著文件): +在 Ubuntu 20.04+,你可能需明確允許 `ssh-rsa` 演算法。請於 OpenSSH 設定檔(`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 檔案)加入: ```bash CASignatureAlgorithms +ssh-rsa ``` -或者,`Ed25519` 密鑰在 OpenSSH 中默認被接受。如果需要,您可以使用它來替代 RSA。 +或直接使用預設支援的 ED25519 金鑰: ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### Example +--- -#### 使用密碼執行遠端 SSH 命令 +## 🧑‍💻 更多用法範例 + +### 使用密碼認證 ```yaml -- name: executing remote ssh commands using password +- name: 執行遠端 SSH 指令(密碼認證) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -192,10 +187,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 使用私鑰 +### 使用私鑰認證 ```yaml -- name: executing remote ssh commands using ssh key +- name: 執行遠端 SSH 指令(私鑰認證) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -205,10 +200,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 多個命令 +### 多條指令 ```yaml -- name: multiple command +- name: 多條指令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -222,10 +217,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### 從文件中執行命令 +### 從檔案執行指令 ```yaml -- name: file commands +- name: 檔案指令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -235,10 +230,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script_path: scripts/script.sh ``` -#### 多台主機 +### 多主機 ```diff - - name: multiple host + - name: 多主機 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -251,10 +246,12 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 多個不同端口的主機 +預設 `port` 為 `22`。 + +### 多主機不同埠號 ```diff - - name: multiple host + - name: 多主機 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -266,10 +263,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 在多個主機上同步執行 +### 多主機同步執行 ```diff - - name: multiple host + - name: 多主機 uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" @@ -282,10 +279,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 將環境變量傳遞到 Shell 腳本 +### 傳遞環境變數到 shell 腳本 ```diff - - name: pass environment + - name: 傳遞環境變數 uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" @@ -303,9 +300,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" echo "sha: $SHA" ``` -_在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ +> _`env` 物件中的所有環境變數必須為字串。傳遞整數或其他型別可能導致非預期結果。_ -#### 如何使用 `ProxyCommand` 連接遠程服務器? +--- + +## 🌐 使用 ProxyCommand(跳板機) ```bash +--------+ +----------+ +-----------+ @@ -313,7 +312,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 +--------+ +----------+ +-----------+ ``` -在您的 `~/.ssh/config` 文件中,您會看到以下內容。 +範例 `~/.ssh/config`: ```bash Host Jumphost @@ -329,10 +328,10 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -#### 如何將其轉換為 GitHubActions 的 YAML 格式? +**GitHub Actions YAML:** ```diff - - name: ssh proxy command + - name: SSH 代理指令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -348,12 +347,14 @@ Host FooServer ls -al ``` -#### 如何保護私鑰? +--- -密碼短語通常用於加密私鑰。這使得攻擊者無法單獨使用密鑰文件。文件泄露可能來自備份或停用的硬件,黑客通常可以從受攻擊系統中洩露文件。因此,保護私鑰非常重要。 +## 🔒 保護你的私鑰 + +密碼短語會加密你的私鑰,即使外洩也無法被攻擊者直接利用。請務必妥善保管私鑰。 ```diff - - name: ssh key passphrase + - name: SSH 私鑰密碼 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -366,20 +367,20 @@ Host FooServer ls -al ``` -#### 使用主機指紋驗證 +--- -設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 +## 🖐️ 主機指紋驗證 -現代 OpenSSH 版本中,需要提取的**默認金鑰**類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 +驗證 SSH 主機指紋有助於防止中間人攻擊。取得主機指紋(將 `ed25519` 換成你的金鑰型別,`example.com` 換成你的主機): ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -現在您可以調整您的配置: +更新設定: ```diff - - name: ssh key passphrase + - name: SSH 私鑰密碼 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -392,10 +393,31 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ls -al ``` -## 貢獻 +--- -我們非常希望您為 `appleboy/ssh-action` 做出貢獻,歡迎提交請求! +## ❓ 常見問題 -## 授權方式 +### 指令找不到(npm 或其他指令) -本項目中的腳本和文檔采用 [MIT](LICENSE) 許可證 發布。 +若遇到 "command not found" 錯誤,請參考 [此討論](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解互動式與非互動式 shell 差異。 + +許多 Linux 發行版的 `/etc/bash.bashrc` 包含如下內容: + +```sh +# If not running interactively, don't do anything +[ -z "$PS1" ] && return +``` + +請將該行註解掉或使用指令的絕對路徑。 + +--- + +## 🤝 貢獻 + +歡迎貢獻!請提交 Pull Request 改善 `appleboy/ssh-action`。 + +--- + +## 📝 授權 + +本專案採用 [MIT License](LICENSE) 授權。 From c7fbbc9208e4020c3b78e5db9e7042248c991866 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 09:53:26 +0800 Subject: [PATCH 161/167] docs: add table of contents to multilingual README files - Add a table of contents section to the English, Simplified Chinese, and Traditional Chinese readme files Signed-off-by: appleboy --- README.md | 27 +++++++++++++++++++++++++++ README.zh-cn.md | 27 +++++++++++++++++++++++++++ README.zh-tw.md | 27 +++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/README.md b/README.md index 4bf35fe..feb0e6b 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,33 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) +## Table of Contents + +- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions) + - [Table of Contents](#table-of-contents) + - [📥 Input Parameters](#-input-parameters) + - [🚦 Usage Example](#-usage-example) + - [🔑 Setting Up SSH Keys](#-setting-up-ssh-keys) + - [Generate RSA key](#generate-rsa-key) + - [Generate ED25519 key](#generate-ed25519-key) + - [🛡️ OpenSSH Compatibility](#️-openssh-compatibility) + - [🧑‍💻 More Usage Examples](#-more-usage-examples) + - [Using password authentication](#using-password-authentication) + - [Using private key authentication](#using-private-key-authentication) + - [Multiple commands](#multiple-commands) + - [Run commands from a file](#run-commands-from-a-file) + - [Multiple hosts](#multiple-hosts) + - [Multiple hosts with different ports](#multiple-hosts-with-different-ports) + - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts) + - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script) + - [🌐 Using ProxyCommand (Jump Host)](#-using-proxycommand-jump-host) + - [🔒 Protecting Your Private Key](#-protecting-your-private-key) + - [🖐️ Host Fingerprint Verification](#️-host-fingerprint-verification) + - [❓ Q\&A](#-qa) + - [Command not found (npm or other command)](#command-not-found-npm-or-other-command) + - [🤝 Contributing](#-contributing) + - [📝 License](#-license) + A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely. ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-cn.md b/README.zh-cn.md index 609229a..9ac80e6 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,6 +2,33 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 +## 目录 + +- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh) + - [目录](#目录) + - [📥 输入参数](#-输入参数) + - [🚦 使用示例](#-使用示例) + - [🔑 配置 SSH 密钥](#-配置-ssh-密钥) + - [生成 RSA 密钥](#生成-rsa-密钥) + - [生成 ED25519 密钥](#生成-ed25519-密钥) + - [🛡️ OpenSSH 兼容性](#️-openssh-兼容性) + - [🧑‍💻 更多用法示例](#-更多用法示例) + - [使用密码认证](#使用密码认证) + - [使用私钥认证](#使用私钥认证) + - [多条命令](#多条命令) + - [从文件执行命令](#从文件执行命令) + - [多主机](#多主机) + - [多主机不同端口](#多主机不同端口) + - [多主机同步执行](#多主机同步执行) + - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本) + - [🌐 使用 ProxyCommand(跳板机)](#-使用-proxycommand跳板机) + - [🔒 保护你的私钥](#-保护你的私钥) + - [🖐️ 主机指纹验证](#️-主机指纹验证) + - [❓ 常见问题](#-常见问题) + - [命令未找到(npm 或其他命令)](#命令未找到npm-或其他命令) + - [🤝 贡献](#-贡献) + - [📝 许可证](#-许可证) + 一个让你轻松安全地执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-tw.md b/README.zh-tw.md index f93a310..cfb9303 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,6 +2,33 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) +## 目錄 + +- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh) + - [目錄](#目錄) + - [📥 輸入參數](#-輸入參數) + - [🚦 使用範例](#-使用範例) + - [🔑 設定 SSH 金鑰](#-設定-ssh-金鑰) + - [產生 RSA 金鑰](#產生-rsa-金鑰) + - [產生 ED25519 金鑰](#產生-ed25519-金鑰) + - [🛡️ OpenSSH 相容性](#️-openssh-相容性) + - [🧑‍💻 更多用法範例](#-更多用法範例) + - [使用密碼認證](#使用密碼認證) + - [使用私鑰認證](#使用私鑰認證) + - [多條指令](#多條指令) + - [從檔案執行指令](#從檔案執行指令) + - [多主機](#多主機) + - [多主機不同埠號](#多主機不同埠號) + - [多主機同步執行](#多主機同步執行) + - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本) + - [🌐 使用 ProxyCommand(跳板機)](#-使用-proxycommand跳板機) + - [🔒 保護你的私鑰](#-保護你的私鑰) + - [🖐️ 主機指紋驗證](#️-主機指紋驗證) + - [❓ 常見問題](#-常見問題) + - [指令找不到(npm 或其他指令)](#指令找不到npm-或其他指令) + - [🤝 貢獻](#-貢獻) + - [📝 授權](#-授權) + 一個讓你輕鬆安全執行遠端 SSH 指令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) From 4d84f0522a5d50416e14452c3285361e7fdff665 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 11:52:09 +0800 Subject: [PATCH 162/167] docs: revamp and unify multi-language readme documentation - Remove the Table of Contents section to simplify documentation. - Add and reorganize introduction sections for a clearer project overview. - Rename and clarify section titles for improved structure and navigation. - Consolidate and expand explanatory text around SSH key setup, OpenSSH compatibility, security, and troubleshooting. - Provide richer descriptions for core concepts and advanced SSH usage scenarios. - Apply the same documentation improvements and structural changes across English, Simplified Chinese, and Traditional Chinese readme files for consistency. Signed-off-by: appleboy --- README.md | 74 +++++++++++++++++++------------------------------ README.zh-cn.md | 74 +++++++++++++++++++------------------------------ README.zh-tw.md | 74 +++++++++++++++++++------------------------------ 3 files changed, 87 insertions(+), 135 deletions(-) diff --git a/README.md b/README.md index feb0e6b..9a1ad06 100644 --- a/README.md +++ b/README.md @@ -2,44 +2,22 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) -## Table of Contents +--- -- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions) - - [Table of Contents](#table-of-contents) - - [📥 Input Parameters](#-input-parameters) - - [🚦 Usage Example](#-usage-example) - - [🔑 Setting Up SSH Keys](#-setting-up-ssh-keys) - - [Generate RSA key](#generate-rsa-key) - - [Generate ED25519 key](#generate-ed25519-key) - - [🛡️ OpenSSH Compatibility](#️-openssh-compatibility) - - [🧑‍💻 More Usage Examples](#-more-usage-examples) - - [Using password authentication](#using-password-authentication) - - [Using private key authentication](#using-private-key-authentication) - - [Multiple commands](#multiple-commands) - - [Run commands from a file](#run-commands-from-a-file) - - [Multiple hosts](#multiple-hosts) - - [Multiple hosts with different ports](#multiple-hosts-with-different-ports) - - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts) - - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script) - - [🌐 Using ProxyCommand (Jump Host)](#-using-proxycommand-jump-host) - - [🔒 Protecting Your Private Key](#-protecting-your-private-key) - - [🖐️ Host Fingerprint Verification](#️-host-fingerprint-verification) - - [❓ Q\&A](#-qa) - - [Command not found (npm or other command)](#command-not-found-npm-or-other-command) - - [🤝 Contributing](#-contributing) - - [📝 License](#-license) +## 📖 Introduction -A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely. +**SSH for GitHub Actions** is a powerful [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely in your CI/CD workflows. +Built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh), it supports a wide range of SSH scenarios, including multi-host, proxy, and advanced authentication. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). - --- -## 📥 Input Parameters +## 🧩 Core Concepts & Input Parameters + +This action provides flexible SSH command execution with a rich set of configuration options. For full details, see [action.yml](./action.yml). @@ -85,9 +63,9 @@ For full details, see [action.yml](./action.yml). --- -## 🚦 Usage Example +## ⚡ Quick Start -Run remote SSH commands in your workflow: +Run remote SSH commands in your workflow with minimal configuration: ```yaml name: Remote SSH Command @@ -121,17 +99,19 @@ linuxserver.io --- -## 🔑 Setting Up SSH Keys +## 🔑 SSH Key Setup & OpenSSH Compatibility + +### Setting Up SSH Keys It is best practice to create SSH keys on your local machine (not on a remote server). Log in with the username specified in GitHub Secrets and generate a key pair: -### Generate RSA key +#### Generate RSA key ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### Generate ED25519 key +#### Generate ED25519 key ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -175,9 +155,7 @@ See more: [SSH login without a password](http://www.linuxproblem.org/art_9.html) > - Set `.ssh` permissions to 700 > - Set `.ssh/authorized_keys2` permissions to 640 ---- - -## 🛡️ OpenSSH Compatibility +### OpenSSH Compatibility If you see this error: @@ -199,7 +177,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🧑‍💻 More Usage Examples +## 🛠️ Usage Scenarios & Advanced Examples + +This section covers common and advanced usage patterns, including multi-host, proxy, and environment variable passing. ### Using password authentication @@ -331,7 +311,9 @@ Default `port` is `22`. --- -## 🌐 Using ProxyCommand (Jump Host) +## 🌐 Proxy & Jump Host Usage + +You can connect to remote hosts via a proxy (jump host) for advanced network topologies. ```bash +--------+ +----------+ +-----------+ @@ -376,7 +358,9 @@ Host FooServer --- -## 🔒 Protecting Your Private Key +## 🛡️ Security Best Practices + +### Protecting Your Private Key A passphrase encrypts your private key, making it useless to attackers if leaked. Always store your private key securely. @@ -394,9 +378,7 @@ A passphrase encrypts your private key, making it useless to attackers if leaked ls -al ``` ---- - -## 🖐️ Host Fingerprint Verification +### Host Fingerprint Verification Verifying the SSH host fingerprint helps prevent man-in-the-middle attacks. To get your host's fingerprint (replace `ed25519` with your key type and `example.com` with your host): @@ -422,9 +404,11 @@ Update your config: --- -## ❓ Q&A +## 🚨 Error Handling & Troubleshooting -### Command not found (npm or other command) +### Q&A + +#### Command not found (npm or other command) If you encounter "command not found" errors, see [this issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non-interactive shells. diff --git a/README.zh-cn.md b/README.zh-cn.md index 9ac80e6..3d773ca 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,44 +2,22 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 -## 目录 +--- -- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh) - - [目录](#目录) - - [📥 输入参数](#-输入参数) - - [🚦 使用示例](#-使用示例) - - [🔑 配置 SSH 密钥](#-配置-ssh-密钥) - - [生成 RSA 密钥](#生成-rsa-密钥) - - [生成 ED25519 密钥](#生成-ed25519-密钥) - - [🛡️ OpenSSH 兼容性](#️-openssh-兼容性) - - [🧑‍💻 更多用法示例](#-更多用法示例) - - [使用密码认证](#使用密码认证) - - [使用私钥认证](#使用私钥认证) - - [多条命令](#多条命令) - - [从文件执行命令](#从文件执行命令) - - [多主机](#多主机) - - [多主机不同端口](#多主机不同端口) - - [多主机同步执行](#多主机同步执行) - - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本) - - [🌐 使用 ProxyCommand(跳板机)](#-使用-proxycommand跳板机) - - [🔒 保护你的私钥](#-保护你的私钥) - - [🖐️ 主机指纹验证](#️-主机指纹验证) - - [❓ 常见问题](#-常见问题) - - [命令未找到(npm 或其他命令)](#命令未找到npm-或其他命令) - - [🤝 贡献](#-贡献) - - [📝 许可证](#-许可证) +## 📖 简介 -一个让你轻松安全地执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 +**SSH for GitHub Actions** 是一个强大的 [GitHub Action](https://github.com/features/actions),可让你在 CI/CD 工作流中轻松且安全地执行远程 SSH 命令。 +本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建,支持多主机、代理、高级认证等多种 SSH 场景。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。 - --- -## 📥 输入参数 +## 🧩 核心概念与输入参数 + +本 Action 提供灵活的 SSH 命令执行能力,并具备丰富的配置选项。 详细参数请参阅 [action.yml](./action.yml)。 @@ -85,9 +63,9 @@ --- -## 🚦 使用示例 +## ⚡ 快速开始 -在工作流中执行远程 SSH 命令: +只需简单配置,即可在工作流中执行远程 SSH 命令: ```yaml name: Remote SSH Command @@ -121,17 +99,19 @@ linuxserver.io --- -## 🔑 配置 SSH 密钥 +## 🔑 SSH 密钥配置与 OpenSSH 兼容性 + +### 配置 SSH 密钥 建议在本地机器(而非远程服务器)上创建 SSH 密钥。请使用 GitHub Secrets 中指定的用户名登录并生成密钥对: -### 生成 RSA 密钥 +#### 生成 RSA 密钥 ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 生成 ED25519 密钥 +#### 生成 ED25519 密钥 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -175,9 +155,7 @@ xclip < ~/.ssh/id_ed25519 > - 设置 `.ssh` 权限为 700 > - 设置 `.ssh/authorized_keys2` 权限为 640 ---- - -## 🛡️ OpenSSH 兼容性 +### OpenSSH 兼容性 如果出现如下错误: @@ -199,7 +177,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🧑‍💻 更多用法示例 +## 🛠️ 用法场景与进阶示例 + +本节涵盖常见与进阶用法,包括多主机、代理、环境变量传递等。 ### 使用密码认证 @@ -331,7 +311,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🌐 使用 ProxyCommand(跳板机) +## 🌐 代理与跳板机用法 + +你可以通过代理(跳板机)连接到远程主机,适用于进阶网络拓扑。 ```bash +--------+ +----------+ +-----------+ @@ -376,7 +358,9 @@ Host FooServer --- -## 🔒 保护你的私钥 +## 🛡️ 安全最佳实践 + +### 保护你的私钥 密码短语会加密你的私钥,即使泄露也无法被攻击者直接利用。请务必妥善保管私钥。 @@ -394,9 +378,7 @@ Host FooServer ls -al ``` ---- - -## 🖐️ 主机指纹验证 +### 主机指纹验证 验证 SSH 主机指纹有助于防止中间人攻击。获取主机指纹(将 `ed25519` 替换为你的密钥类型,`example.com` 替换为你的主机): @@ -422,9 +404,11 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' --- -## ❓ 常见问题 +## 🚨 错误处理与疑难解答 -### 命令未找到(npm 或其他命令) +### 常见问题 + +#### 命令未找到(npm 或其他命令) 如果遇到 "command not found" 错误,请参考 [此评论](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解交互式与非交互式 shell 的区别。 diff --git a/README.zh-tw.md b/README.zh-tw.md index cfb9303..657df02 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,44 +2,22 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) -## 目錄 +--- -- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh) - - [目錄](#目錄) - - [📥 輸入參數](#-輸入參數) - - [🚦 使用範例](#-使用範例) - - [🔑 設定 SSH 金鑰](#-設定-ssh-金鑰) - - [產生 RSA 金鑰](#產生-rsa-金鑰) - - [產生 ED25519 金鑰](#產生-ed25519-金鑰) - - [🛡️ OpenSSH 相容性](#️-openssh-相容性) - - [🧑‍💻 更多用法範例](#-更多用法範例) - - [使用密碼認證](#使用密碼認證) - - [使用私鑰認證](#使用私鑰認證) - - [多條指令](#多條指令) - - [從檔案執行指令](#從檔案執行指令) - - [多主機](#多主機) - - [多主機不同埠號](#多主機不同埠號) - - [多主機同步執行](#多主機同步執行) - - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本) - - [🌐 使用 ProxyCommand(跳板機)](#-使用-proxycommand跳板機) - - [🔒 保護你的私鑰](#-保護你的私鑰) - - [🖐️ 主機指紋驗證](#️-主機指紋驗證) - - [❓ 常見問題](#-常見問題) - - [指令找不到(npm 或其他指令)](#指令找不到npm-或其他指令) - - [🤝 貢獻](#-貢獻) - - [📝 授權](#-授權) +## 📖 簡介 -一個讓你輕鬆安全執行遠端 SSH 指令的 [GitHub Action](https://github.com/features/actions)。 +**SSH for GitHub Actions** 是一個強大的 [GitHub Action](https://github.com/features/actions),可讓你在 CI/CD 工作流程中輕鬆且安全地執行遠端 SSH 指令。 +本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立,支援多主機、代理、進階認證等多種 SSH 場景。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。 - --- -## 📥 輸入參數 +## 🧩 核心概念與輸入參數 + +本 Action 提供彈性的 SSH 指令執行能力,並具備豐富的設定選項。 完整參數請參閱 [action.yml](./action.yml)。 @@ -85,9 +63,9 @@ --- -## 🚦 使用範例 +## ⚡ 快速開始 -在工作流程中執行遠端 SSH 指令: +只需簡單設定,即可在工作流程中執行遠端 SSH 指令: ```yaml name: Remote SSH Command @@ -121,17 +99,19 @@ linuxserver.io --- -## 🔑 設定 SSH 金鑰 +## 🔑 SSH 金鑰設定與 OpenSSH 相容性 + +### 設定 SSH 金鑰 建議於本地端(非遠端伺服器)產生 SSH 金鑰。請以 GitHub Secrets 指定的使用者名稱登入並產生金鑰對: -### 產生 RSA 金鑰 +#### 產生 RSA 金鑰 ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 產生 ED25519 金鑰 +#### 產生 ED25519 金鑰 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -175,9 +155,7 @@ xclip < ~/.ssh/id_ed25519 > - 設定 `.ssh` 權限為 700 > - 設定 `.ssh/authorized_keys2` 權限為 640 ---- - -## 🛡️ OpenSSH 相容性 +### OpenSSH 相容性 若出現以下錯誤: @@ -199,7 +177,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🧑‍💻 更多用法範例 +## 🛠️ 用法場景與進階範例 + +本節涵蓋常見與進階用法,包括多主機、代理、環境變數傳遞等。 ### 使用密碼認證 @@ -331,7 +311,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🌐 使用 ProxyCommand(跳板機) +## 🌐 代理與跳板機用法 + +你可以透過代理(跳板機)連線到遠端主機,適用於進階網路拓撲。 ```bash +--------+ +----------+ +-----------+ @@ -376,7 +358,9 @@ Host FooServer --- -## 🔒 保護你的私鑰 +## 🛡️ 安全最佳實踐 + +### 保護你的私鑰 密碼短語會加密你的私鑰,即使外洩也無法被攻擊者直接利用。請務必妥善保管私鑰。 @@ -394,9 +378,7 @@ Host FooServer ls -al ``` ---- - -## 🖐️ 主機指紋驗證 +### 主機指紋驗證 驗證 SSH 主機指紋有助於防止中間人攻擊。取得主機指紋(將 `ed25519` 換成你的金鑰型別,`example.com` 換成你的主機): @@ -422,9 +404,11 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' --- -## ❓ 常見問題 +## 🚨 錯誤處理與疑難排解 -### 指令找不到(npm 或其他指令) +### 常見問題 + +#### 指令找不到(npm 或其他指令) 若遇到 "command not found" 錯誤,請參考 [此討論](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解互動式與非互動式 shell 差異。 From 8f3cc07719a6ef0a247c6a0b146041bf14ea6211 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 11:58:18 +0800 Subject: [PATCH 163/167] docs: add comprehensive tables of contents to all README files - Add a detailed table of contents to all three README files in English, Simplified Chinese, and Traditional Chinese for easier navigation. Signed-off-by: appleboy --- README.md | 31 +++++++++++++++++++++++++++++++ README.zh-cn.md | 31 +++++++++++++++++++++++++++++++ README.zh-tw.md | 31 +++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/README.md b/README.md index 9a1ad06..86067f8 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,37 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) +## Table of Contents + +- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions) + - [Table of Contents](#table-of-contents) + - [📖 Introduction](#-introduction) + - [🧩 Core Concepts \& Input Parameters](#-core-concepts--input-parameters) + - [⚡ Quick Start](#-quick-start) + - [🔑 SSH Key Setup \& OpenSSH Compatibility](#-ssh-key-setup--openssh-compatibility) + - [Setting Up SSH Keys](#setting-up-ssh-keys) + - [Generate RSA key](#generate-rsa-key) + - [Generate ED25519 key](#generate-ed25519-key) + - [OpenSSH Compatibility](#openssh-compatibility) + - [🛠️ Usage Scenarios \& Advanced Examples](#️-usage-scenarios--advanced-examples) + - [Using password authentication](#using-password-authentication) + - [Using private key authentication](#using-private-key-authentication) + - [Multiple commands](#multiple-commands) + - [Run commands from a file](#run-commands-from-a-file) + - [Multiple hosts](#multiple-hosts) + - [Multiple hosts with different ports](#multiple-hosts-with-different-ports) + - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts) + - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script) + - [🌐 Proxy \& Jump Host Usage](#-proxy--jump-host-usage) + - [🛡️ Security Best Practices](#️-security-best-practices) + - [Protecting Your Private Key](#protecting-your-private-key) + - [Host Fingerprint Verification](#host-fingerprint-verification) + - [🚨 Error Handling \& Troubleshooting](#-error-handling--troubleshooting) + - [Q\&A](#qa) + - [Command not found (npm or other command)](#command-not-found-npm-or-other-command) + - [🤝 Contributing](#-contributing) + - [📝 License](#-license) + --- ## 📖 Introduction diff --git a/README.zh-cn.md b/README.zh-cn.md index 3d773ca..d4fa4d4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,6 +2,37 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 +## 目录 + +- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh) + - [目录](#目录) + - [📖 简介](#-简介) + - [🧩 核心概念与输入参数](#-核心概念与输入参数) + - [⚡ 快速开始](#-快速开始) + - [🔑 SSH 密钥配置与 OpenSSH 兼容性](#-ssh-密钥配置与-openssh-兼容性) + - [配置 SSH 密钥](#配置-ssh-密钥) + - [生成 RSA 密钥](#生成-rsa-密钥) + - [生成 ED25519 密钥](#生成-ed25519-密钥) + - [OpenSSH 兼容性](#openssh-兼容性) + - [🛠️ 用法场景与进阶示例](#️-用法场景与进阶示例) + - [使用密码认证](#使用密码认证) + - [使用私钥认证](#使用私钥认证) + - [多条命令](#多条命令) + - [从文件执行命令](#从文件执行命令) + - [多主机](#多主机) + - [多主机不同端口](#多主机不同端口) + - [多主机同步执行](#多主机同步执行) + - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本) + - [🌐 代理与跳板机用法](#-代理与跳板机用法) + - [🛡️ 安全最佳实践](#️-安全最佳实践) + - [保护你的私钥](#保护你的私钥) + - [主机指纹验证](#主机指纹验证) + - [🚨 错误处理与疑难解答](#-错误处理与疑难解答) + - [常见问题](#常见问题) + - [命令未找到(npm 或其他命令)](#命令未找到npm-或其他命令) + - [🤝 贡献](#-贡献) + - [📝 许可证](#-许可证) + --- ## 📖 简介 diff --git a/README.zh-tw.md b/README.zh-tw.md index 657df02..f417f66 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,6 +2,37 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) +## 目錄 + +- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh) + - [目錄](#目錄) + - [📖 簡介](#-簡介) + - [🧩 核心概念與輸入參數](#-核心概念與輸入參數) + - [⚡ 快速開始](#-快速開始) + - [🔑 SSH 金鑰設定與 OpenSSH 相容性](#-ssh-金鑰設定與-openssh-相容性) + - [設定 SSH 金鑰](#設定-ssh-金鑰) + - [產生 RSA 金鑰](#產生-rsa-金鑰) + - [產生 ED25519 金鑰](#產生-ed25519-金鑰) + - [OpenSSH 相容性](#openssh-相容性) + - [🛠️ 用法場景與進階範例](#️-用法場景與進階範例) + - [使用密碼認證](#使用密碼認證) + - [使用私鑰認證](#使用私鑰認證) + - [多條指令](#多條指令) + - [從檔案執行指令](#從檔案執行指令) + - [多主機](#多主機) + - [多主機不同埠號](#多主機不同埠號) + - [多主機同步執行](#多主機同步執行) + - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本) + - [🌐 代理與跳板機用法](#-代理與跳板機用法) + - [🛡️ 安全最佳實踐](#️-安全最佳實踐) + - [保護你的私鑰](#保護你的私鑰) + - [主機指紋驗證](#主機指紋驗證) + - [🚨 錯誤處理與疑難排解](#-錯誤處理與疑難排解) + - [常見問題](#常見問題) + - [指令找不到(npm 或其他指令)](#指令找不到npm-或其他指令) + - [🤝 貢獻](#-貢獻) + - [📝 授權](#-授權) + --- ## 📖 簡介 From 8745f9583c033551b991c73d76d23dd610c9f26e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 12:35:14 +0800 Subject: [PATCH 164/167] docs: restructure and clarify parameter documentation across all readmes - Restructure input parameter documentation by splitting into distinct sections: Connection Settings, SSH Command Settings, and Proxy Settings for better clarity - Move parameters related to command execution out of proxy section and into the new SSH Command Settings section - Add/clarify descriptions for individual sections and parameters in all three language readmes - Update and correct parameter ordering, grouping, and formatting for consistency across all documentation - Add missing SSH Command Settings parameters and improve readability of parameter tables Signed-off-by: appleboy --- README.md | 99 +++++++++++++++++++++++++++++++------------------ README.zh-cn.md | 99 +++++++++++++++++++++++++++++++------------------ README.zh-tw.md | 99 +++++++++++++++++++++++++++++++------------------ 3 files changed, 186 insertions(+), 111 deletions(-) diff --git a/README.md b/README.md index 86067f8..0a89eed 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,9 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) - [Table of Contents](#table-of-contents) - [📖 Introduction](#-introduction) - [🧩 Core Concepts \& Input Parameters](#-core-concepts--input-parameters) + - [🔌 Connection Settings](#-connection-settings) + - [🛠️ SSH Command Settings](#️-ssh-command-settings) + - [🌐 Proxy Settings](#-proxy-settings) - [⚡ Quick Start](#-quick-start) - [🔑 SSH Key Setup \& OpenSSH Compatibility](#-ssh-key-setup--openssh-compatibility) - [Setting Up SSH Keys](#setting-up-ssh-keys) @@ -52,43 +55,65 @@ This action provides flexible SSH command execution with a rich set of configura For full details, see [action.yml](./action.yml). -| Parameter | Description | Default | -| ------------------------- | --------------------------------------------------------------------------------- | ------- | -| host | SSH host address | | -| port | SSH port number | 22 | -| passphrase | Passphrase for the SSH private key | | -| username | SSH username | | -| password | SSH password | | -| protocol | SSH protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | -| sync | Run synchronously if multiple hosts are specified | false | -| use_insecure_cipher | Allow additional (less secure) ciphers | false | -| cipher | Allowed cipher algorithms. Uses sensible defaults if unspecified | | -| timeout | Timeout for SSH connection to host | 30s | -| command_timeout | Timeout for SSH command execution | 10m | -| key | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) | | -| key_path | Path to SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_protocol | SSH proxy protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH connection to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path to SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Allow additional (less secure) ciphers for the proxy | false | -| script | Commands to execute remotely | | -| script_path | Path to a file containing commands to execute | | -| envs | Environment variables to pass to the shell script | | -| envs_format | Flexible configuration for environment variable transfer | | -| debug | Enable debug mode | false | -| allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | -| request_pty | Request a pseudo-terminal from the server | false | -| curl_insecure | Allow curl to connect to SSL sites without certificates | false | -| version | drone-ssh binary version. If not specified, the latest version will be used. | | +### 🔌 Connection Settings + +These parameters control how the action connects to your remote host. + +| Parameter | Description | Default | +| ------------------- | ----------------------------------------------------------------- | ------- | +| host | SSH host address | | +| port | SSH port number | 22 | +| username | SSH username | | +| password | SSH password | | +| protocol | SSH protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | +| sync | Run synchronously if multiple hosts are specified | false | +| timeout | Timeout for SSH connection to host | 30s | +| key | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) | | +| key_path | Path to SSH private key | | +| passphrase | Passphrase for the SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| use_insecure_cipher | Allow additional (less secure) ciphers | false | +| cipher | Allowed cipher algorithms. Uses sensible defaults if unspecified | | + +--- + +### 🛠️ SSH Command Settings + +These parameters control the commands executed on the remote host and related behaviors. + +| Parameter | Description | Default | +| --------------- | --------------------------------------------------------------------------------- | ------- | +| script | Commands to execute remotely | | +| script_path | Path to a file containing commands to execute | | +| envs | Environment variables to pass to the shell script | | +| envs_format | Flexible configuration for environment variable transfer | | +| allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | +| command_timeout | Timeout for SSH command execution | 10m | +| debug | Enable debug mode | false | +| request_pty | Request a pseudo-terminal from the server | false | +| curl_insecure | Allow curl to connect to SSL sites without certificates | false | +| version | drone-ssh binary version. If not specified, the latest version will be used. | | + +--- + +### 🌐 Proxy Settings + +These parameters control the use of a proxy (jump host) for connecting to your target host. + +| Parameter | Description | Default | +| ------------------------- | ----------------------------------------------- | ------- | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_protocol | SSH proxy protocol version | tcp | +| proxy_timeout | Timeout for SSH connection to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path to SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Allow insecure ciphers for the proxy | false | > **Note:** To mimic the removed `script_stop` option, add `set -e` at the top of your shell script. diff --git a/README.zh-cn.md b/README.zh-cn.md index d4fa4d4..6886c25 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -8,6 +8,9 @@ - [目录](#目录) - [📖 简介](#-简介) - [🧩 核心概念与输入参数](#-核心概念与输入参数) + - [🔌 连接设置](#-连接设置) + - [🛠️ 指令设置](#️-指令设置) + - [🌐 代理设置](#-代理设置) - [⚡ 快速开始](#-快速开始) - [🔑 SSH 密钥配置与 OpenSSH 兼容性](#-ssh-密钥配置与-openssh-兼容性) - [配置 SSH 密钥](#配置-ssh-密钥) @@ -52,43 +55,65 @@ 详细参数请参阅 [action.yml](./action.yml)。 -| 参数 | 描述 | 默认值 | -| ------------------------- | ----------------------------------------------------- | ------ | -| host | SSH 主机地址 | | -| port | SSH 端口号 | 22 | -| passphrase | SSH 私钥密码短语 | | -| username | SSH 用户名 | | -| password | SSH 密码 | | -| protocol | SSH 协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| sync | 指定多个主机时同步执行 | false | -| use_insecure_cipher | 允许额外(不安全)的加密算法 | false | -| cipher | 允许的加密算法,未指定时使用默认值 | | -| timeout | SSH 连接主机的超时时间 | 30s | -| command_timeout | SSH 命令执行超时时间 | 10m | -| key | SSH 私钥内容(如 `~/.ssh/id_rsa` 的原始内容) | | -| key_path | SSH 私钥路径 | | -| fingerprint | 主机公钥的 SHA256 指纹 | | -| proxy_host | SSH 代理主机 | | -| proxy_port | SSH 代理端口 | 22 | -| proxy_protocol | SSH 代理协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| proxy_username | SSH 代理用户名 | | -| proxy_password | SSH 代理密码 | | -| proxy_passphrase | SSH 代理私钥密码短语 | | -| proxy_timeout | SSH 连接代理主机的超时时间 | 30s | -| proxy_key | SSH 代理私钥内容 | | -| proxy_key_path | SSH 代理私钥路径 | | -| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | -| proxy_cipher | 代理允许的加密算法 | | -| proxy_use_insecure_cipher | 代理允许额外(不安全)的加密算法 | false | -| script | 远程执行的命令 | | -| script_path | 包含要执行命令的文件路径 | | -| envs | 传递给 shell 脚本的环境变量 | | -| envs_format | 环境变量传递的灵活配置 | | -| debug | 启用调试模式 | false | -| allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | -| request_pty | 向服务器请求伪终端 | false | -| curl_insecure | 允许 curl 连接无证书的 SSL 站点 | false | -| version | drone-ssh 二进制版本,未指定时使用最新版本 | | +### 🔌 连接设置 + +这些参数用于控制如何连接到远程主机。 + +| 参数 | 描述 | 默认值 | +| ------------------- | --------------------------------------------- | ------ | +| host | SSH 主机地址 | | +| port | SSH 端口号 | 22 | +| username | SSH 用户名 | | +| password | SSH 密码 | | +| protocol | SSH 协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多个主机时同步执行 | false | +| timeout | SSH 连接主机的超时时间 | 30s | +| key | SSH 私钥内容(如 `~/.ssh/id_rsa` 的原始内容) | | +| key_path | SSH 私钥路径 | | +| passphrase | SSH 私钥密码短语 | | +| fingerprint | 主机公钥的 SHA256 指纹 | | +| use_insecure_cipher | 允许额外(不安全)的加密算法 | false | +| cipher | 允许的加密算法,未指定时使用默认值 | | + +--- + +### 🛠️ 指令设置 + +这些参数用于控制在远程主机上执行的命令及相关行为。 + +| 参数 | 描述 | 默认值 | +| --------------- | ----------------------------------------------------- | ------ | +| script | 远程执行的命令 | | +| script_path | 包含要执行命令的文件路径 | | +| envs | 传递给 shell 脚本的环境变量 | | +| envs_format | 环境变量传递的灵活配置 | | +| allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | +| command_timeout | SSH 命令执行超时时间 | 10m | +| debug | 启用调试模式 | false | +| request_pty | 向服务器请求伪终端 | false | +| curl_insecure | 允许 curl 连接无证书的 SSL 站点 | false | +| version | drone-ssh 二进制版本,未指定时使用最新版本 | | + +--- + +### 🌐 代理设置 + +这些参数用于通过代理(跳板机)连接到目标主机。 + +| 参数 | 描述 | 默认值 | +| ------------------------- | ----------------------------------------- | ------ | +| proxy_host | SSH 代理主机 | | +| proxy_port | SSH 代理端口 | 22 | +| proxy_username | SSH 代理用户名 | | +| proxy_password | SSH 代理密码 | | +| proxy_passphrase | SSH 代理私钥密码短语 | | +| proxy_protocol | SSH 代理协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| proxy_timeout | SSH 连接代理主机的超时时间 | 30s | +| proxy_key | SSH 代理私钥内容 | | +| proxy_key_path | SSH 代理私钥路径 | | +| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | +| proxy_cipher | 代理允许的加密算法 | | +| proxy_use_insecure_cipher | 代理允许额外(不安全)的加密算法 | false | > **注意:** 如需实现已移除的 `script_stop` 功能,请在 shell 脚本顶部添加 `set -e`。 diff --git a/README.zh-tw.md b/README.zh-tw.md index f417f66..4634ff5 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -8,6 +8,9 @@ - [目錄](#目錄) - [📖 簡介](#-簡介) - [🧩 核心概念與輸入參數](#-核心概念與輸入參數) + - [🔌 連線設定](#-連線設定) + - [🛠️ 指令設定](#️-指令設定) + - [🌐 代理設定](#-代理設定) - [⚡ 快速開始](#-快速開始) - [🔑 SSH 金鑰設定與 OpenSSH 相容性](#-ssh-金鑰設定與-openssh-相容性) - [設定 SSH 金鑰](#設定-ssh-金鑰) @@ -52,43 +55,65 @@ 完整參數請參閱 [action.yml](./action.yml)。 -| 參數 | 說明 | 預設值 | -| ------------------------- | ----------------------------------------------------- | ------ | -| host | SSH 主機位址 | | -| port | SSH 埠號 | 22 | -| passphrase | SSH 私鑰密碼 | | -| username | SSH 使用者名稱 | | -| password | SSH 密碼 | | -| protocol | SSH 協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| sync | 指定多個主機時同步執行 | false | -| use_insecure_cipher | 允許額外(不安全)的加密演算法 | false | -| cipher | 允許的加密演算法,未指定時使用預設值 | | -| timeout | SSH 連線主機的逾時時間 | 30s | -| command_timeout | SSH 指令執行逾時時間 | 10m | -| key | SSH 私鑰內容(如 `~/.ssh/id_rsa` 的原始內容) | | -| key_path | SSH 私鑰路徑 | | -| fingerprint | 主機公鑰的 SHA256 指紋 | | -| proxy_host | SSH 代理主機 | | -| proxy_port | SSH 代理埠號 | 22 | -| proxy_protocol | SSH 代理協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| proxy_username | SSH 代理使用者名稱 | | -| proxy_password | SSH 代理密碼 | | -| proxy_passphrase | SSH 代理私鑰密碼 | | -| proxy_timeout | SSH 連線代理主機的逾時時間 | 30s | -| proxy_key | SSH 代理私鑰內容 | | -| proxy_key_path | SSH 代理私鑰路徑 | | -| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | -| proxy_cipher | 代理允許的加密演算法 | | -| proxy_use_insecure_cipher | 代理允許額外(不安全)的加密演算法 | false | -| script | 遠端執行的指令 | | -| script_path | 包含要執行指令的檔案路徑 | | -| envs | 傳遞給 shell 腳本的環境變數 | | -| envs_format | 環境變數傳遞的彈性設定 | | -| debug | 啟用除錯模式 | false | -| allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false | -| request_pty | 向伺服器請求偽終端 | false | -| curl_insecure | 允許 curl 連線無憑證的 SSL 網站 | false | -| version | drone-ssh 執行檔版本,未指定時使用最新版本 | | +### 🔌 連線設定 + +這些參數用於控制如何連線到遠端主機。 + +| 參數 | 說明 | 預設值 | +| ------------------- | --------------------------------------------- | ------ | +| host | SSH 主機位址 | | +| port | SSH 埠號 | 22 | +| username | SSH 使用者名稱 | | +| password | SSH 密碼 | | +| protocol | SSH 協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多個主機時同步執行 | false | +| timeout | SSH 連線主機的逾時時間 | 30s | +| key | SSH 私鑰內容(如 `~/.ssh/id_rsa` 的原始內容) | | +| key_path | SSH 私鑰路徑 | | +| passphrase | SSH 私鑰密碼 | | +| fingerprint | 主機公鑰的 SHA256 指紋 | | +| use_insecure_cipher | 允許額外(不安全)的加密演算法 | false | +| cipher | 允許的加密演算法,未指定時使用預設值 | | + +--- + +### 🛠️ 指令設定 + +這些參數用於控制在遠端主機上執行的指令及相關行為。 + +| 參數 | 說明 | 預設值 | +| --------------- | ----------------------------------------------------- | ------ | +| script | 遠端執行的指令 | | +| script_path | 包含要執行指令的檔案路徑 | | +| envs | 傳遞給 shell 腳本的環境變數 | | +| envs_format | 環境變數傳遞的彈性設定 | | +| allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false | +| command_timeout | SSH 指令執行逾時時間 | 10m | +| debug | 啟用除錯模式 | false | +| request_pty | 向伺服器請求偽終端 | false | +| curl_insecure | 允許 curl 連線無憑證的 SSL 網站 | false | +| version | drone-ssh 執行檔版本,未指定時使用最新版本 | | + +--- + +### 🌐 代理設定 + +這些參數用於透過代理(跳板機)連線到目標主機。 + +| 參數 | 說明 | 預設值 | +| ------------------------- | ----------------------------------------- | ------ | +| proxy_host | SSH 代理主機 | | +| proxy_port | SSH 代理埠號 | 22 | +| proxy_username | SSH 代理使用者名稱 | | +| proxy_password | SSH 代理密碼 | | +| proxy_passphrase | SSH 代理私鑰密碼 | | +| proxy_protocol | SSH 代理協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| proxy_timeout | SSH 連線代理主機的逾時時間 | 30s | +| proxy_key | SSH 代理私鑰內容 | | +| proxy_key_path | SSH 代理私鑰路徑 | | +| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | +| proxy_cipher | 代理允許的加密演算法 | | +| proxy_use_insecure_cipher | 代理允許額外(不安全)的加密演算法 | false | > **注意:** 如需實現已移除的 `script_stop` 功能,請在 shell 腳本最上方加上 `set -e`。 From ffd1eec36471c1bfbebcf1941411db862c9b0e38 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 18 May 2025 11:26:30 +0800 Subject: [PATCH 165/167] ci: add workflow step for multi-command SSH testing (#386) - Add a workflow step to run multiple SSH commands for testing, including creating a directory, writing a file, listing files, and displaying file contents Signed-off-by: appleboy --- .github/workflows/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7737940..aa01707 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -51,6 +51,21 @@ jobs: port: 2222 script_path: testdata/test.sh + # https://github.com/appleboy/ssh-action/issues/377 + - name: multiple commands + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script: | + mkdir -p /tmp/test + echo "hello world" > /tmp/test/hello.txt + cd /tmp/test + ls -al + cat /tmp/test/hello.txt + check-ssh-key: runs-on: ubuntu-latest steps: From 57f6f3556d4a3e900b37a8dcf9e06ec7da87d6e7 Mon Sep 17 00:00:00 2001 From: Johannes Neumeier Date: Wed, 18 Jun 2025 17:20:23 +0300 Subject: [PATCH 166/167] docs(readme): better wording for script_path property (#387) Better wording for `script_path` property. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a89eed..f3f79a3 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ These parameters control the commands executed on the remote host and related be | Parameter | Description | Default | | --------------- | --------------------------------------------------------------------------------- | ------- | | script | Commands to execute remotely | | -| script_path | Path to a file containing commands to execute | | +| script_path | Path to a file in the repository containing commands to execute remotely | | | envs | Environment variables to pass to the shell script | | | envs_format | Flexible configuration for environment variable transfer | | | allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | From 3ca8a7c5359ac6ad91aa47f1946ece1c3b025004 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 18 Jun 2025 22:26:31 +0800 Subject: [PATCH 167/167] docs: clarify script_path usage in Chinese remote execution docs - Clarify that the script_path parameter refers to a file path within the repository for remote command execution in both Simplified and Traditional Chinese documentation Signed-off-by: appleboy --- README.zh-cn.md | 2 +- README.zh-tw.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.zh-cn.md b/README.zh-cn.md index 6886c25..40d6400 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -84,7 +84,7 @@ | 参数 | 描述 | 默认值 | | --------------- | ----------------------------------------------------- | ------ | | script | 远程执行的命令 | | -| script_path | 包含要执行命令的文件路径 | | +| script_path | 仓库中包含要远程执行命令的文件路径 | | | envs | 传递给 shell 脚本的环境变量 | | | envs_format | 环境变量传递的灵活配置 | | | allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | diff --git a/README.zh-tw.md b/README.zh-tw.md index 4634ff5..cb590aa 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -84,7 +84,7 @@ | 參數 | 說明 | 預設值 | | --------------- | ----------------------------------------------------- | ------ | | script | 遠端執行的指令 | | -| script_path | 包含要執行指令的檔案路徑 | | +| script_path | 儲存庫中包含要遠端執行指令的檔案路徑 | | | envs | 傳遞給 shell 腳本的環境變數 | | | envs_format | 環境變數傳遞的彈性設定 | | | allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false |