From 6268c80dd6526b1531eedc69f6c315e9d3848673 Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 4 Apr 2023 17:56:49 +0800 Subject: [PATCH 001/114] docs: add external resources to README file - Add a line linking to Golang and drone-ssh in the README file Signed-off-by: Bo-Yi.Wu --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0bf9bb8..783d892 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ **Important**: Only support **Linux** [docker](https://www.docker.com/) container. +This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 + ## Input variables See [action.yml](./action.yml) for more detailed information. From 334f9259f2f8eb3376d33fa4c684fff373f2c2a6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 11:15:42 +0800 Subject: [PATCH 002/114] chore: update action configuration for greater flexibility (#240) - Update base image version from `1.6.12` to `1.6.13` in Dockerfile - Add `envs_format` input with flexible configuration in action.yml - Add a line to README.md pointing to action.yml for more information fix https://github.com/appleboy/ssh-action/issues/213 --- .github/workflows/ci.yml | 97 +++++++++++++++++++++++++--------------- Dockerfile | 2 +- README.md | 1 + action.yml | 2 + 4 files changed, 65 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8494f9c..58d418c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,8 +7,8 @@ env: jobs: - build: - name: Build + testing01: + name: default flag testing runs-on: ubuntu-latest steps: - name: checkout @@ -78,40 +78,6 @@ jobs: mkdir abc/def ls -al - - name: pass environment - uses: ./ - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: ./ - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh - - name: ssh key passphrase uses: ./ with: @@ -172,3 +138,62 @@ jobs: # key: ${{ secrets.ID_ED25519 }} # port: ${{ secrets.TUNNEL_PORT }} # script: whoami + + testing02: + name: testing with envs + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: pass environment + uses: ./ + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: ./ + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: ./ + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" diff --git a/Dockerfile b/Dockerfile index 6cd936d..ffdb73d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.12 +FROM ghcr.io/appleboy/drone-ssh:1.6.13 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/README.md b/README.md index 783d892..425658d 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ See [action.yml](./action.yml) for more detailed information. * `debug` - enable debug mode * `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) * `cipher` - the allowed cipher algorithms. If unspecified then a sensible +* `envs_format` - flexible configuration of environment value transfer. default is `export {NAME}={VALUE}` SSH Proxy Setting: diff --git a/action.yml b/action.yml index 65891e8..3cdc797 100644 --- a/action.yml +++ b/action.yml @@ -65,6 +65,8 @@ inputs: default: false envs: description: 'pass environment variable to shell script' + envs_format: + description: 'flexible configuration of environment value transfer' debug: description: 'enable debug mode' default: false From 2b7de38eedf6e1cd145f62cad6c0b85f5c757757 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 12:18:50 +0800 Subject: [PATCH 003/114] chore: update `appleboy/ssh-action` to latest version - Update the version of `appleboy/ssh-action` from `v0.1.9` to `v0.1.10` in multiple files. Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 425658d..181fd18 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index e81326c..700a2bb 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 3130c7a2bcc2189118f51bfacd60c0974a89f031 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 14:38:24 +0800 Subject: [PATCH 004/114] ci: improve CI workflow for private repository cloning (#241) - Add a new job for git clone and pull in CI - Clone a private repository in CI with secrets - Remove a directory in the cloned repository ref: https://github.com/appleboy/ssh-action/issues/65 --- .github/workflows/ci.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 58d418c..9da0438 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -197,3 +197,22 @@ jobs: echo "I am $TEST_BAR, thanks" echo "I am $BAR, thanks" echo "I am $TEST_AAA, thanks" + + testing03: + name: git clone and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: clone private repository + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository From d87d276960fd7693a6c0d13631bf6e92196a62b9 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 18 Apr 2023 09:31:39 +0800 Subject: [PATCH 005/114] ci: add Docker login and pull job to CI pipeline (#244) - Add a new job named "testing04" for docker login and pull in ci.yml file. ref: https://github.com/appleboy/ssh-action/issues/230 --- .github/workflows/ci.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9da0438..d1b576f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -216,3 +216,32 @@ jobs: script: | git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository rm -rf test_repository + + testing04: + name: docker login and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: login GitHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + + - name: login DockerHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin From f579d71942bc5b32150f75471c095aa438c5689d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 11:06:25 +0800 Subject: [PATCH 006/114] chore: improve action.yml clarity and update default values - Update descriptions for input fields in action.yml for better clarity - Change default values for SSH port and SSH proxy port to string format Signed-off-by: Bo-Yi Wu --- action.yml | 67 +++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/action.yml b/action.yml index 3cdc797..2e04181 100644 --- a/action.yml +++ b/action.yml @@ -3,73 +3,68 @@ description: 'Executing remote ssh commands' author: 'Bo-Yi Wu' inputs: host: - description: 'ssh host' + description: 'SSH host address.' port: - description: 'ssh port' - default: 22 + description: 'SSH port number.' + default: "22" passphrase: - description: 'ssh key passphrase' + description: 'Passphrase for the SSH key.' username: - description: 'ssh username' + description: 'SSH username.' password: - description: 'ssh password' + description: 'SSH password.' sync: - description: 'synchronous execution if multiple hosts' - default: false + description: 'Enable synchronous execution if multiple hosts are involved.' use_insecure_cipher: - description: 'include more ciphers with use_insecure_cipher' - default: false + description: 'Include more ciphers by using insecure ciphers.' cipher: - description: 'the allowed cipher algorithms. If unspecified then a sensible' + description: 'Allowed cipher algorithms. If unspecified, a sensible default is used.' timeout: - description: 'timeout for ssh to host' + description: 'Timeout duration for establishing SSH connection to the host.' default: "30s" command_timeout: - description: 'timeout for ssh command' + description: 'Timeout duration for SSH commands execution.' default: "10m" key: - description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa' + description: 'Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa.' key_path: - description: 'path of ssh private key' + description: 'Path to the SSH private key file.' fingerprint: - description: 'sha256 fingerprint of the host public key' + description: 'SHA256 fingerprint of the host public key.' proxy_host: - description: 'ssh proxy host' + description: 'SSH proxy host address.' proxy_port: - description: 'ssh proxy port' - default: 22 + description: 'SSH proxy port number.' + default: "22" proxy_username: - description: 'ssh proxy username' + description: 'SSH proxy username.' proxy_password: - description: 'ssh proxy password' + description: 'SSH proxy password.' proxy_passphrase: - description: 'ssh proxy key passphrase' + description: 'SSH proxy key passphrase.' proxy_timeout: - description: 'timeout for ssh to proxy host' + description: 'Timeout duration for establishing SSH connection to the proxy host.' default: "30s" proxy_key: - description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa' + description: 'Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa.' proxy_key_path: - description: 'path of ssh proxy private key' + description: 'Path to the SSH proxy private key file.' proxy_fingerprint: - description: 'sha256 fingerprint of the proxy host public key' + description: 'SHA256 fingerprint of the proxy host public key.' proxy_cipher: - description: 'the allowed cipher algorithms. If unspecified then a sensible' + description: 'Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used.' proxy_use_insecure_cipher: - description: 'include more ciphers with use_insecure_cipher' - default: false + description: 'Include more ciphers for the proxy by using insecure ciphers.' script: - description: 'execute commands' + description: 'Commands to be executed.' script_stop: - description: 'stop script after first failure' - default: false + description: 'Stop the script after the first failure.' envs: - description: 'pass environment variable to shell script' + description: 'Environment variables to be passed to the shell script.' envs_format: - description: 'flexible configuration of environment value transfer' + description: 'Flexible configuration for environment value transfer.' debug: - description: 'enable debug mode' - default: false + description: 'Enable debug mode.' runs: using: 'docker' image: 'Dockerfile' From c7d850f6cdde249c4ca63d8651271f7a24959b4f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 11:08:59 +0800 Subject: [PATCH 007/114] docs: improve readability and functionality across project - Reformat input parameters in README.md as a table for better readability Signed-off-by: Bo-Yi Wu --- README.md | 63 +++++++++++++++++++++++++++---------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 181fd18..974c7de 100644 --- a/README.md +++ b/README.md @@ -16,38 +16,37 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. -* `host` - ssh host -* `port` - ssh port, default is `22` -* `username` - ssh username -* `password` - ssh password -* `passphrase` - the passphrase is usually to encrypt the private key -* `sync` - synchronous execution if multiple hosts, default is false -* `timeout` - timeout for ssh to remote host, default is `30s` -* `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines -* `key_path` - path of ssh private key -* `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification -* `script` - execute commands -* `script_stop` - stop script after first failure -* `envs` - pass environment variable to shell script -* `debug` - enable debug mode -* `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* `cipher` - the allowed cipher algorithms. If unspecified then a sensible -* `envs_format` - flexible configuration of environment value transfer. default is `export {NAME}={VALUE}` - -SSH Proxy Setting: - -* `proxy_host` - proxy host -* `proxy_port` - proxy port, default is `22` -* `proxy_username` - proxy username -* `proxy_password` - proxy password -* `proxy_passphrase` - the passphrase is usually to encrypt the private key -* `proxy_timeout` - timeout for ssh to proxy host, default is `30s` -* `proxy_key` - content of ssh proxy private key. -* `proxy_key_path` - path of ssh proxy private key -* `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification -* `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible +| Input Parameter | Description | Default Value | +|-------------------------|-----------------------------------------------------------------|---------------| +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | SSH key passphrase | | +| username | SSH username | | +| password | SSH password | | +| sync | Enable synchronous execution if multiple hosts | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| timeout | Timeout duration for SSH to host | 30s | +| command_timeout | Timeout duration for SSH command | 10m | +| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | +| key_path | Path of SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| script | Execute commands | | +| script_stop | Stop script after first failure | false | +| envs | Pass environment variables to shell script | | +| envs_format | Flexible configuration of environment value transfer | | +| debug | Enable debug mode | false | ## Usage From a01d3ea1dfcdbed994ab6c85fb3d7daf5e785f85 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 16:30:25 +0800 Subject: [PATCH 008/114] chore: improve performance and test coverage across OSs - Update the Dockerfile to use drone-ssh version 1.6.14 Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ffdb73d..533f0f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.13 +FROM ghcr.io/appleboy/drone-ssh:1.6.14 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 5ac43dd7628ddabb9fc5fae29368b663142fcc8f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 23 Jul 2023 09:53:20 +0800 Subject: [PATCH 009/114] chore(ssh): pass all ENV variables to script (#259) --- .github/workflows/ci.yml | 18 ++++++++++++++++++ Dockerfile | 2 +- action.yml | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d1b576f..8e8e5dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -198,6 +198,23 @@ jobs: echo "I am $BAR, thanks" echo "I am $TEST_AAA, thanks" + - name: pass all ENV variables to script + uses: ./ + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" + testing03: name: git clone and pull runs-on: ubuntu-latest @@ -245,3 +262,4 @@ jobs: script_stop: true script: | echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + diff --git a/Dockerfile b/Dockerfile index 533f0f9..cb97f5b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.14 +FROM ghcr.io/appleboy/drone-ssh:1.7.0 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/action.yml b/action.yml index 2e04181..405b14a 100644 --- a/action.yml +++ b/action.yml @@ -65,6 +65,8 @@ inputs: description: 'Flexible configuration for environment value transfer.' debug: description: 'Enable debug mode.' + allenvs: + description: 'pass all environment variable to shell script.' runs: using: 'docker' image: 'Dockerfile' From 8d9094f3b161ae3721150b835be0dfa3a3f65f4a Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 09:57:59 +0800 Subject: [PATCH 010/114] docs: "Introduce `allenvs` option for shell script execution" - Add a new option `allenvs` in the README to pass all environment variables to the shell script. Signed-off-by: appleboy --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 974c7de..7ac1189 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | +| allenvs | Pass all environment variables to shell script | false | ## Usage From 55dabf81b49d4120609345970c91507e2d734799 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 10:01:08 +0800 Subject: [PATCH 011/114] docs: update appleboy/ssh-action version in README - Update the version of `appleboy/ssh-action` from `v0.1.10` to `v0.2.0` in multiple places in the README file. Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 7ac1189..ed77ce2 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 4330a1ea489ced98a6778fb35bb6bfed8b61fca5 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 10:05:56 +0800 Subject: [PATCH 012/114] docs: update appleboy/ssh-action version in README - Update the version of `appleboy/ssh-action` from `v0.2.0` to `v1.0.0` in multiple places in the README. Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index ed77ce2..77f71dd 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From b9f6bf6223b169d55fdc9d4317424830474585e6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:07:39 +0800 Subject: [PATCH 013/114] style: refine CI Workflow and Test Configurations - Remove empty lines from the GitHub Actions CI workflow file Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 410 +++++++++++++++++++-------------------- 1 file changed, 204 insertions(+), 206 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e8e5dd..e9f2b7c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,129 +6,128 @@ env: BAR: "FOO" jobs: - testing01: name: default flag testing runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: correct password but wrong key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami + - name: correct password but wrong key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami - - name: wrong password but correct key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami + - name: wrong password but correct key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami - - name: executing remote ssh commands using password - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami - - name: executing remote ssh commands using ssh key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using ssh key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami - - name: multiple command - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al + - name: multiple command + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al - - name: stop script if command error - uses: ./ - continue-on-error: true - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al + - name: stop script if command error + uses: ./ + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al - - name: ssh key passphrase - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} - script: | - whoami - ls -al + - name: ssh key passphrase + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH2 }} + port: ${{ secrets.PORT }} + passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al - - name: use insecure cipher - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | + - name: use insecure cipher + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script_stop: true - script: | + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: ./ - with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 - script_stop: true - script: | + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: ./ + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true # - name: SSH ED25519 Private Key # uses: ./ @@ -143,123 +142,122 @@ jobs: name: testing with envs runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: pass environment - uses: ./ - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" + - name: pass environment + uses: ./ + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" - - name: pass multiple environment - uses: ./ - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh + - name: pass multiple environment + uses: ./ + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh - - name: custom envs format - uses: ./ - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" + - name: custom envs format + uses: ./ + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" - - name: pass all ENV variables to script - uses: ./ - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" + - name: pass all ENV variables to script + uses: ./ + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" testing03: name: git clone and pull runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: clone private repository - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository + - name: clone private repository + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository testing04: name: docker login and pull runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: login GitHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + - name: login GitHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + - name: login DockerHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin From 2344d975738ad85c2c0bc848a78cef0d4ce17ec0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:11:53 +0800 Subject: [PATCH 014/114] chore(security): update drone-ssh to v1.7.1 (#286) - Update the base image in Dockerfile from `1.7.0` to `1.7.1` - Change the location of `entrypoint.sh` from root to `/bin/` directory in Dockerfile - Remove the explicit `chmod +x` command for `entrypoint.sh` in Dockerfile Signed-off-by: Bo-Yi Wu --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index cb97f5b..bc4c6cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.0 +FROM ghcr.io/appleboy/drone-ssh:1.7.1 -COPY entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] +COPY entrypoint.sh /bin/entrypoint.sh + +ENTRYPOINT ["/bin/entrypoint.sh"] From 8f949198563a347a01c65ffc60399aef2b59d4ab Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:13:15 +0800 Subject: [PATCH 015/114] chore: update appleboy/ssh-action to v1.0.1 in documentation - Update appleboy/ssh-action from v1.0.0 to v1.0.1 in README.md - Update appleboy/ssh-action from v0.1.10 to v1.0.1 in README.zh-tw.md Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 77f71dd..1ffd1ce 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 700a2bb..081c8ca 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 1f3c33893694c04aef214bb7cf82793046ec9ca1 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 1 Jan 2024 14:22:41 +0800 Subject: [PATCH 016/114] chore: update base image to 1.7.2 in Dockerfile - Update the base image from `1.7.1` to `1.7.2` in the Dockerfile Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bc4c6cf..d065a87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.1 +FROM ghcr.io/appleboy/drone-ssh:1.7.2 COPY entrypoint.sh /bin/entrypoint.sh From 2451745138b602d3e100a6def50c8e4e39591d4c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 1 Jan 2024 14:23:27 +0800 Subject: [PATCH 017/114] chore: update SSH action version in README files - Update the version of the `appleboy/ssh-action` to `v1.0.2` in the `README.md` and `README.zh-tw.md` files. Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 1ffd1ce..84aaaf4 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 081c8ca..94b7e9c 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From d134a26a1f62a1eb6f470f543cb0a988f888573d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:39:23 +0800 Subject: [PATCH 018/114] fix(sudo): support request_pty to execute sudo command (#288) - Add a new job called `testing05` to the CI workflow - Update the base image in the Dockerfile from `1.7.2` to `1.7.3` - Update the action name, description, and author in the action.yml file - Update the descriptions for various inputs in the action.yml file - Add a new input `request_pty` with a description in the action.yml file - Update the `using` and `image` fields in the action.yml file - Update the `using` and `image` fields in the runs section of the action.yml file - Update the `icon` and `color` fields in the branding section of the action.yml file Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 21 +++++++++++ Dockerfile | 2 +- action.yml | 76 +++++++++++++++++++++------------------- 3 files changed, 61 insertions(+), 38 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9f2b7c..b676e5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -261,3 +261,24 @@ jobs: script_stop: true script: | echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + + testing05: + name: switch user + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: switch to root user + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami diff --git a/Dockerfile b/Dockerfile index d065a87..dd5119d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.2 +FROM ghcr.io/appleboy/drone-ssh:1.7.3 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/action.yml b/action.yml index 405b14a..2d1067e 100644 --- a/action.yml +++ b/action.yml @@ -1,76 +1,78 @@ -name: 'SSH Remote Commands' -description: 'Executing remote ssh commands' -author: 'Bo-Yi Wu' +name: "SSH Remote Commands" +description: "Executing remote ssh commands" +author: "Bo-Yi Wu" inputs: host: - description: 'SSH host address.' + description: "SSH host address." port: - description: 'SSH port number.' + description: "SSH port number." default: "22" passphrase: - description: 'Passphrase for the SSH key.' + description: "Passphrase for the SSH key." username: - description: 'SSH username.' + description: "SSH username." password: - description: 'SSH password.' + description: "SSH password." sync: - description: 'Enable synchronous execution if multiple hosts are involved.' + description: "Enable synchronous execution if multiple hosts are involved." use_insecure_cipher: - description: 'Include more ciphers by using insecure ciphers.' + description: "Include more ciphers by using insecure ciphers." cipher: - description: 'Allowed cipher algorithms. If unspecified, a sensible default is used.' + description: "Allowed cipher algorithms. If unspecified, a sensible default is used." timeout: - description: 'Timeout duration for establishing SSH connection to the host.' + description: "Timeout duration for establishing SSH connection to the host." default: "30s" command_timeout: - description: 'Timeout duration for SSH commands execution.' + description: "Timeout duration for SSH commands execution." default: "10m" key: - description: 'Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa.' + description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa." key_path: - description: 'Path to the SSH private key file.' + description: "Path to the SSH private key file." fingerprint: - description: 'SHA256 fingerprint of the host public key.' + description: "SHA256 fingerprint of the host public key." proxy_host: - description: 'SSH proxy host address.' + description: "SSH proxy host address." proxy_port: - description: 'SSH proxy port number.' + description: "SSH proxy port number." default: "22" proxy_username: - description: 'SSH proxy username.' + description: "SSH proxy username." proxy_password: - description: 'SSH proxy password.' + description: "SSH proxy password." proxy_passphrase: - description: 'SSH proxy key passphrase.' + description: "SSH proxy key passphrase." proxy_timeout: - description: 'Timeout duration for establishing SSH connection to the proxy host.' + description: "Timeout duration for establishing SSH connection to the proxy host." default: "30s" proxy_key: - description: 'Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa.' + description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa." proxy_key_path: - description: 'Path to the SSH proxy private key file.' + description: "Path to the SSH proxy private key file." proxy_fingerprint: - description: 'SHA256 fingerprint of the proxy host public key.' + description: "SHA256 fingerprint of the proxy host public key." proxy_cipher: - description: 'Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used.' + description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used." proxy_use_insecure_cipher: - description: 'Include more ciphers for the proxy by using insecure ciphers.' + description: "Include more ciphers for the proxy by using insecure ciphers." script: - description: 'Commands to be executed.' + description: "Commands to be executed." script_stop: - description: 'Stop the script after the first failure.' + description: "Stop the script after the first failure." envs: - description: 'Environment variables to be passed to the shell script.' + description: "Environment variables to be passed to the shell script." envs_format: - description: 'Flexible configuration for environment value transfer.' + description: "Flexible configuration for environment value transfer." debug: - description: 'Enable debug mode.' + description: "Enable debug mode." allenvs: - description: 'pass all environment variable to shell script.' + description: "pass all environment variable to shell script." + request_pty: + description: "Request a pseudo-terminal from the server." runs: - using: 'docker' - image: 'Dockerfile' + using: "docker" + image: "Dockerfile" branding: - icon: 'terminal' - color: 'gray-dark' + icon: "terminal" + color: "gray-dark" From 029f5b4aeeeb58fdfe1410a5d17f967dacf36262 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:40:43 +0800 Subject: [PATCH 019/114] docs: update README.md and improve code documentation - Add a new entry for `request_pty` in the README.md file Signed-off-by: Bo-Yi Wu --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 84aaaf4..c21143f 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ See [action.yml](./action.yml) for more detailed information. | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | | allenvs | Pass all environment variables to shell script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From 9b978f09f2587beff9c80449f57cb0f0612d3039 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:48:12 +0800 Subject: [PATCH 020/114] chore: update SSH action version in README files - Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.md file - Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.zh-tw.md file Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index c21143f..37265d6 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -165,7 +165,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -178,7 +178,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -191,7 +191,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -208,7 +208,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -224,7 +224,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: "foo.com,bar.com" + sync: true @@ -255,7 +255,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" @@ -280,7 +280,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -333,7 +333,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -356,7 +356,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -382,7 +382,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 94b7e9c..9c37b34 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 8a779a5b1a8a79465e63ce4724624b4755fed49b Mon Sep 17 00:00:00 2001 From: Kushal Dhakal <55182298+hussu010@users.noreply.github.com> Date: Sat, 16 Mar 2024 07:28:37 +0545 Subject: [PATCH 021/114] docs: describe true usage of allenvs parameter (#301) --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 37265d6..7fc55db 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ See [action.yml](./action.yml) for more detailed information. | username | SSH username | | | password | SSH password | | | sync | Enable synchronous execution if multiple hosts | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | | cipher | Allowed cipher algorithms. If unspecified, a sensible default | | | timeout | Timeout duration for SSH to host | 30s | | command_timeout | Timeout duration for SSH command | 10m | @@ -36,19 +36,19 @@ See [action.yml](./action.yml) for more detailed information. | proxy_username | SSH proxy username | | | proxy_password | SSH proxy password | | | proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | -| script_stop | Stop script after first failure | false | +| script_stop | Stop script after first failure | false | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | Pass all environment variables to shell script | false | -| request_pty | Request a pseudo-terminal from the server | false | +| allenvs | pass the environment variables with prefix value of GITHUB_ and INPUT_ to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From c78141851a6d716353b2ce13c978924e0300775e Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 15:45:28 +0800 Subject: [PATCH 022/114] ci: enhance GitHub Actions for IPv6 and flexibility (#303) * ci: enhance GitHub Actions for IPv6 and flexibility - Add a new CI job for testing IPv6 in GitHub Actions workflow - Update the Docker image version from `1.7.3` to `1.7.4` - Add a new `protocol` input parameter to the GitHub action with a default value of `tcp` - Change the GitHub action to use a composite run steps action instead of a Docker container - Update the `entrypoint.sh` script to use `bash` instead of `sh`, set stricter error handling, and add a function to detect client platform and architecture - Modify the `entrypoint.sh` script to download a specific version of `drone-ssh` based on the detected client info and execute it Signed-off-by: Bo-Yi Wu * ci: refactor CI workflow and Docker setup - Remove IPv6 ping command from CI workflow - Uncomment Docker run configuration in action.yml Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 28 +++++++++++++++++ Dockerfile | 2 +- action.yml | 50 +++++++++++++++++++++++++++++-- entrypoint.sh | 65 ++++++++++++++++++++++++++++++++++++++-- 4 files changed, 139 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b676e5f..e188bf9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -282,3 +282,31 @@ jobs: script: | whoami && echo 'hello world' && touch todo.txt sudo whoami + + testing06: + name: testing ipv6 + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: Set up WARP + uses: fscarmen/warp-on-actions@v1.1 + with: + stack: dual + + - name: testing ipv6 for command + run: | + curl -m 9 --ipv6 --verbose https://google.com + + - name: testing ipv6 + uses: ./ + with: + host: 2402:1f00:8000:800::2628 + username: ubuntu + password: ${{ secrets.OVH_PASSWORD }} + protocol: tcp6 + port: 22 + command_timeout: 30s + script: | + whoami diff --git a/Dockerfile b/Dockerfile index dd5119d..d84c375 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.3 +FROM ghcr.io/appleboy/drone-ssh:1.7.4 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/action.yml b/action.yml index 2d1067e..4a16472 100644 --- a/action.yml +++ b/action.yml @@ -13,6 +13,9 @@ inputs: description: "SSH username." password: description: "SSH password." + protocol: + description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + default: "tcp" sync: description: "Enable synchronous execution if multiple hosts are involved." use_insecure_cipher: @@ -69,9 +72,52 @@ inputs: description: "pass all environment variable to shell script." request_pty: description: "Request a pseudo-terminal from the server." + runs: - using: "docker" - image: "Dockerfile" + using: "composite" + steps: + - name: Set GitHub Path + run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH + shell: bash + env: + GITHUB_ACTION_PATH: ${{ github.action_path }} + - name: Run entrypoint.sh + run: entrypoint.sh + shell: bash + env: + GITHUB_ACTION_PATH: ${{ github.action_path }} + INPUT_HOST: ${{ inputs.host }} + INPUT_PORT: ${{ inputs.port }} + INPUT_PROTOCOL: ${{ inputs.protocol }} + INPUT_USERNAME: ${{ inputs.username }} + INPUT_PASSWORD: ${{ inputs.password }} + INPUT_PASSPHRASE: ${{ inputs.passphrase }} + INPUT_KEY: ${{ inputs.key }} + INPUT_KEY_PATH: ${{ inputs.key_path }} + INPUT_FINGERPRINT: ${{ inputs.fingerprint }} + INPUT_PROXY_HOST: ${{ inputs.proxy_host }} + INPUT_PROXY_PORT: ${{ inputs.proxy_port }} + INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }} + INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }} + INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }} + INPUT_PROXY_KEY: ${{ inputs.proxy_key }} + INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }} + INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }} + INPUT_TIMEOUT: ${{ inputs.timeout }} + INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} + INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} + INPUT_SCRIPT: ${{ inputs.script }} + INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} + INPUT_ENVS: ${{ inputs.envs }} + INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} + INPUT_DEBUG: ${{ inputs.debug }} + INPUT_ALL_ENVS: ${{ inputs.allenvs }} + INPUT_REQUEST_PTY: ${{ inputs.request_pty }} + INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }} + INPUT_CIPHER: ${{ inputs.cipher }} + INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} + INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} + INPUT_SYNC: ${{ inputs.sync }} branding: icon: "terminal" diff --git a/entrypoint.sh b/entrypoint.sh index f880594..e4e661c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,7 +1,66 @@ -#!/bin/sh +#!/usr/bin/env bash -set -eu +set -o errexit +set -o nounset +set -o pipefail export GITHUB="true" -sh -c "/bin/drone-ssh $*" +DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" + +function detect_client_info() { + if [ -n "${SSH_CLIENT_OS-}" ]; then + CLIENT_PLATFORM="${SSH_CLIENT_OS}" + else + local kernel + kernel="$(uname -s)" + case "${kernel}" in + Darwin) + CLIENT_PLATFORM="darwin" + ;; + Linux) + CLIENT_PLATFORM="linux" + ;; + Windows) + CLIENT_PLATFORM="windows" + ;; + *) + echo "Unknown, unsupported platform: ${kernel}." >&2 + echo "Supported platforms: Linux, Darwin and Windows." >&2 + echo "Bailing out." >&2 + exit 2 + esac + fi + + if [ -n "${SSH_CLIENT_ARCH-}" ]; then + CLIENT_ARCH="${SSH_CLIENT_ARCH}" + else + # TODO: migrate the kube::util::host_platform function out of hack/lib and + # use it here. + local machine + machine="$(uname -m)" + case "${machine}" in + x86_64*|i?86_64*|amd64*) + CLIENT_ARCH="amd64" + ;; + aarch64*|arm64*) + CLIENT_ARCH="arm64" + ;; + *) + echo "Unknown, unsupported architecture (${machine})." >&2 + echo "Supported architectures x86_64, i686, arm64." >&2 + echo "Bailing out." >&2 + exit 3 + ;; + esac + fi +} + +detect_client_info +DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" +CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" +echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" +curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${GITHUB_ACTION_PATH}/drone-ssh +chmod +x ${GITHUB_ACTION_PATH}drone-ssh +sh -c "${GITHUB_ACTION_PATH}/drone-ssh $*" From fe44be0b96e09ca219322f172bc338fd0718a55b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 15:47:10 +0800 Subject: [PATCH 023/114] docs: improve documentation and CI robustness - Add backticks around `GITHUB_` and `INPUT_` in the README for clarity Signed-off-by: Bo-Yi Wu --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7fc55db..8e850a1 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of GITHUB_ and INPUT_ to the script | false | +| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | ## Usage From 1991c553ec29aeb9fe1cbffabfabe0c2f0ea891e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 16 Mar 2024 15:59:42 +0800 Subject: [PATCH 024/114] chore(file): update target file Signed-off-by: appleboy --- entrypoint.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index e4e661c..f50d56e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,6 +6,7 @@ set -o pipefail export GITHUB="true" +GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" @@ -36,8 +37,6 @@ function detect_client_info() { if [ -n "${SSH_CLIENT_ARCH-}" ]; then CLIENT_ARCH="${SSH_CLIENT_ARCH}" else - # TODO: migrate the kube::util::host_platform function out of hack/lib and - # use it here. local machine machine="$(uname -m)" case "${machine}" in @@ -60,7 +59,8 @@ function detect_client_info() { detect_client_info DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" +TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${GITHUB_ACTION_PATH}/drone-ssh -chmod +x ${GITHUB_ACTION_PATH}drone-ssh -sh -c "${GITHUB_ACTION_PATH}/drone-ssh $*" +curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +chmod +x ${TARGET} +sh -c "${TARGET} $*" From dd0f09ca072e60babe3cc58ed83c66a86176300c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 16:04:59 +0800 Subject: [PATCH 025/114] docs: improve README clarity and completeness - Update the README table formatting to include an additional column separator - Add documentation for the SSH protocol version option in the README table Signed-off-by: Bo-Yi Wu --- README.md | 67 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 8e850a1..186602a 100644 --- a/README.md +++ b/README.md @@ -16,39 +16,40 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. -| Input Parameter | Description | Default Value | -|-------------------------|-----------------------------------------------------------------|---------------| -| host | SSH host address | | -| port | SSH port number | 22 | -| passphrase | SSH key passphrase | | -| username | SSH username | | -| password | SSH password | | -| sync | Enable synchronous execution if multiple hosts | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | -| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | -| timeout | Timeout duration for SSH to host | 30s | -| command_timeout | Timeout duration for SSH command | 10m | -| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | -| key_path | Path of SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | -| script | Execute commands | | -| script_stop | Stop script after first failure | false | -| envs | Pass environment variables to shell script | | -| envs_format | Flexible configuration of environment value transfer | | -| debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | -| request_pty | Request a pseudo-terminal from the server | false | +| Input Parameter | Description | Default Value | +|---------------------------|------------------------------------------------------------------------------------------|---------------| +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | SSH key passphrase | | +| username | SSH username | | +| password | SSH password | | +| protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | +| sync | Enable synchronous execution if multiple hosts | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| timeout | Timeout duration for SSH to host | 30s | +| command_timeout | Timeout duration for SSH command | 10m | +| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | +| key_path | Path of SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| script | Execute commands | | +| script_stop | Stop script after first failure | false | +| envs | Pass environment variables to shell script | | +| envs_format | Flexible configuration of environment value transfer | | +| debug | Enable debug mode | false | +| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From d2d68588591b705c406168accae85968a2f75c0d Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 21 Mar 2024 21:38:55 +0800 Subject: [PATCH 026/114] ci: enhance GitHub workflow for SSH actions and deployments - Add a new GitHub workflow file `version.yml` - Define environment variables `FOO` and `BAR` - Add multiple jobs for testing different scenarios - Include steps for SSH actions using different authentication methods - Implement scripts for executing remote SSH commands - Configure SSH key passphrase authentication - Add a job for using insecure cipher - Include a job for executing multiline SSH commands - Implement a job for deployment to multiple hosts with different ports - Add jobs for passing environment variables to scripts - Configure custom environment variables format - Implement a job for passing all ENV variables to a script - Include jobs for cloning private repositories and logging into container registries - Implement a job for switching users and testing IPv6 connectivity Signed-off-by: appleboy --- .github/workflows/version.yml | 312 ++++++++++++++++++++++++++++++++++ 1 file changed, 312 insertions(+) create mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml new file mode 100644 index 0000000..0d2b264 --- /dev/null +++ b/.github/workflows/version.yml @@ -0,0 +1,312 @@ +name: the stable version of ssh-action +on: [push] + +env: + FOO: "BAR" + BAR: "FOO" + +jobs: + testing01: + name: default flag testing + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: correct password but wrong key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami + + - name: wrong password but correct key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: multiple command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al + + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al + + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH2 }} + port: ${{ secrets.PORT }} + passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al + + - name: use insecure cipher + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: appleboy/ssh-action@v1.0.3 + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # - name: SSH ED25519 Private Key + # uses: appleboy/ssh-action@v1.0.3 + # with: + # host: ${{ secrets.TUNNEL_HOST }} + # username: ${{ secrets.TUNNEL_USERNAME }} + # key: ${{ secrets.ID_ED25519 }} + # port: ${{ secrets.TUNNEL_PORT }} + # script: whoami + + testing02: + name: testing with envs + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" + + - name: pass all ENV variables to script + uses: appleboy/ssh-action@v1.0.3 + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" + + testing03: + name: git clone and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: clone private repository + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository + + testing04: + name: docker login and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: login GitHub Container Registry + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + + - name: login DockerHub Container Registry + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + + testing05: + name: switch user + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: switch to root user + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami + + testing06: + name: testing ipv6 + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: Set up WARP + uses: fscarmen/warp-on-actions@v1.1 + with: + stack: dual + + - name: testing ipv6 for command + run: | + curl -m 9 --ipv6 --verbose https://google.com + + - name: testing ipv6 + uses: appleboy/ssh-action@v1.0.3 + with: + host: 2402:1f00:8000:800::2628 + username: ubuntu + password: ${{ secrets.OVH_PASSWORD }} + protocol: tcp6 + port: 22 + command_timeout: 30s + script: | + whoami From 551964ebda1034f0b5449d74db25c42e371ca1f7 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 22 Mar 2024 13:21:33 +0800 Subject: [PATCH 027/114] ci: optimize GitHub Actions workflow configuration - Remove the `testing06` job related to testing IPv6 from the GitHub Actions workflow. Signed-off-by: Bo-Yi Wu --- .github/workflows/version.yml | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 0d2b264..a15c0af 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -282,31 +282,3 @@ jobs: script: | whoami && echo 'hello world' && touch todo.txt sudo whoami - - testing06: - name: testing ipv6 - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: Set up WARP - uses: fscarmen/warp-on-actions@v1.1 - with: - stack: dual - - - name: testing ipv6 for command - run: | - curl -m 9 --ipv6 --verbose https://google.com - - - name: testing ipv6 - uses: appleboy/ssh-action@v1.0.3 - with: - host: 2402:1f00:8000:800::2628 - username: ubuntu - password: ${{ secrets.OVH_PASSWORD }} - protocol: tcp6 - port: 22 - command_timeout: 30s - script: | - whoami From f9163462563f649b27272d32e585525a5fe68d76 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 4 May 2024 19:52:33 +0800 Subject: [PATCH 028/114] ci: refactor CI workflow and improve robustness (#320) * ci: refactor CI workflow and improve robustness - Update GitHub Actions checkout step from version 1 to version 4 in multiple jobs within the CI workflow Signed-off-by: Bo-Yi Wu * docs: improve non-interactive shell command handling - Add a Q&A section to the README with information on resolving 'command not found' errors for non-interactive shells - Provide a solution involving editing `/etc/bash.bashrc` to ensure commands are added to the path in non-interactive shells Signed-off-by: Bo-Yi Wu * docs: improve documentation and CI robustness - Update acknowledgment for the interactive shell solution in the README.md file Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 12 ++++++------ README.md | 23 +++++++++++++++++++++++ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e188bf9..a62c774 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: correct password but wrong key uses: ./ @@ -143,7 +143,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: pass environment uses: ./ @@ -219,7 +219,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: clone private repository uses: ./ @@ -238,7 +238,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: login GitHub Container Registry uses: ./ @@ -267,7 +267,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: switch to root user uses: ./ @@ -288,7 +288,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: Set up WARP uses: fscarmen/warp-on-actions@v1.1 diff --git a/README.md b/README.md index 186602a..0e11a25 100644 --- a/README.md +++ b/README.md @@ -395,6 +395,29 @@ Now you can adjust you config: ls -al ``` +## Q&A + +### Command not found (npm or other command) + +See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. + +Basically, if you are running a command in a non interactive shell, like ssh-action, on many linux distros, + +`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, + +```sh +# /etc/bash.bashrc +# System-wide .bashrc file for interactive bash(1) shells. + +# To enable the settings / commands in this file for login shells as well, +# this file has to be sourced in /etc/profile. + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return` +``` + +just comment out the line that returns early and everything should work fine, or you can use the real paths of the commands that you would like to use. + ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From aabaf1254d78efafd55cd5880a874e9715b4c6e8 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 1 Jun 2024 14:20:58 +0800 Subject: [PATCH 029/114] ci: add bug report template --- .github/ISSUE_TEMPLATE/bug_report.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..75125d9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,24 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: bug +assignees: appleboy + +--- + +## Describe the bug + +A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem. + +## Yaml Config + +Please post your Yaml configuration file along with the output results. + +## Related environment + +Please provide the following information: + +1. Your hosting provider information, such as DigitalOcean, Linode, AWS, or GCP. +2. The version information of your host's SSH service. +3. The information from your host's SSH configuration file. From c8594ae37d5bd9a779dc12abd0236b1bcff70119 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 1 Jun 2024 14:22:37 +0800 Subject: [PATCH 030/114] ci: implement GitHub Actions for remote SSH execution - Add example GitHub Actions workflow for executing remote SSH commands using password authentication Signed-off-by: appleboy --- .github/ISSUE_TEMPLATE/bug_report.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 75125d9..6e2dcf4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -11,10 +11,29 @@ assignees: appleboy A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem. -## Yaml Config +## Yaml Config Please post your Yaml configuration file along with the output results. +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + ## Related environment Please provide the following information: From 40aad53c5a18b2676371816d258458b2ccd56c50 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 13:34:57 +0800 Subject: [PATCH 031/114] ci: add SSH authentication setup for GitHub Actions - Add a GitHub Action workflow to set up an OpenSSH server using Docker - Add RSA private key for SSH authentication in test data - Add RSA public key for SSH authentication in test data - Add OpenSSH private key for SSH authentication in test data - Add OpenSSH public key for SSH authentication in test data Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 40 +++++++++++++++++++++++++ testdata/.ssh/id_rsa | 27 +++++++++++++++++ testdata/.ssh/id_rsa.pub | 1 + testdata/.ssh/test | 50 ++++++++++++++++++++++++++++++++ testdata/.ssh/test.pub | 1 + 5 files changed, 119 insertions(+) create mode 100644 .github/workflows/ssh-server.yml create mode 100644 testdata/.ssh/id_rsa create mode 100644 testdata/.ssh/id_rsa.pub create mode 100644 testdata/.ssh/test create mode 100644 testdata/.ssh/test.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml new file mode 100644 index 0000000..3d3b0a7 --- /dev/null +++ b/.github/workflows/ssh-server.yml @@ -0,0 +1,40 @@ +name: openssh-server + +on: [push] + +jobs: + default-user-name-password: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + + - name: executing remote ssh commands using password (1.0.3) + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script: whoami diff --git a/testdata/.ssh/id_rsa b/testdata/.ssh/id_rsa new file mode 100644 index 0000000..6270f55 --- /dev/null +++ b/testdata/.ssh/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4e2D/qPN08pzTac+a8ZmlP1ziJOXk45CynMPtva0rtK/RB26 +VbfAF0hIJji7ltvnYnqCU9oFfvEM33cTn7T96+od8ib/Vz25YU8ZbstqtIskPuwC +bv3K0mAHgsviJyRD7yM+QKTbBQEgbGuW6gtbMKhiYfiIB4Dyj7AdS/fk3v26wDgz +7SHI5OBqu9bv1KhxQYdFEnU3PAtAqeccgzNpbH3eYLyGzuUxEIJlhpZ/uU2G9ppj +/cSrONVPiI8Ahi4RrlZjmP5l57/sq1ClGulyLpFcMw68kP5FikyqHpHJHRBNgU57 +1y0Ph33SjBbs0haCIAcmreWEhGe+/OXnJe6VUQIDAQABAoIBAH97emORIm9DaVSD +7mD6DqA7c5m5Tmpgd6eszU08YC/Vkz9oVuBPUwDQNIX8tT0m0KVs42VVPIyoj874 +bgZMJoucC1G8V5Bur9AMxhkShx9g9A7dNXJTmsKilRpk2TOk7wBdLp9jZoKoZBdJ +jlp6FfaazQjjKD6zsCsMATwAoRCBpBNsmT6QDN0n0bIgY0tE6YGQaDdka0dAv68G +R0VZrcJ9voT6+f+rgJLoojn2DAu6iXaM99Gv8FK91YCymbQlXXgrk6CyS0IHexN7 +V7a3k767KnRbrkqd3o6JyNun/CrUjQwHs1IQH34tvkWScbseRaFehcAm6mLT93RP +muauvMECgYEA9AXGtfDMse0FhvDPZx4mx8x+vcfsLvDHcDLkf/lbyPpu97C27b/z +ia07bu5TAXesUZrWZtKA5KeRE5doQSdTOv1N28BEr8ZwzDJwfn0DPUYUOxsN2iIy +MheO5A45Ko7bjKJVkZ61Mb1UxtqCTF9mqu9R3PBdJGthWOd+HUvF460CgYEA7QRf +Z8+vpGA+eSuu29e0xgRKnRzed5zXYpcI4aERc3JzBgO4Z0er9G8l66OWVGdMfpe6 +CBajC5ToIiT8zqoYxXwqJgN+glir4gJe3mm8J703QfArZiQrdk0NTi5bY7+vLLG/ +knTrtpdsKih6r3kjhuPPaAsIwmMxIydFvATKjLUCgYEAh/y4EihRSk5WKC8GxeZt +oiZ58vT4z+fqnMIfyJmD5up48JuQNcokw/LADj/ODiFM7GUnWkGxBrvDA3H67WQm +49bJjs8E+BfUQFdTjYnJRlpJZ+7Zt1gbNQMf5ENw5CCchTDqEq6pN0DVf8PBnSIF +KvkXW9KvdV5J76uCAn15mDkCgYA1y8dHzbjlCz9Cy2pt1aDfTPwOew33gi7U3skS +RTerx29aDyAcuQTLfyrROBkX4TZYiWGdEl5Bc7PYhCKpWawzrsH2TNa7CRtCOh2E +R+V/84+GNNf04ALJYCXD9/ugQVKmR1XfDRCvKeFQFE38Y/dvV2etCswbKt5tRy2p +xkCe/QKBgQCkLqafD4S20YHf6WTp3jp/4H/qEy2X2a8gdVVBi1uKkGDXr0n+AoVU +ib4KbP5ovZlrjL++akMQ7V2fHzuQIFWnCkDA5c2ZAqzlM+ZN+HRG7gWur7Bt4XH1 +7XC9wlRna4b3Ln8ew3q1ZcBjXwD4ppbTlmwAfQIaZTGJUgQbdsO9YA== +-----END RSA PRIVATE KEY----- diff --git a/testdata/.ssh/id_rsa.pub b/testdata/.ssh/id_rsa.pub new file mode 100644 index 0000000..2983f04 --- /dev/null +++ b/testdata/.ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh7YP+o83TynNNpz5rxmaU/XOIk5eTjkLKcw+29rSu0r9EHbpVt8AXSEgmOLuW2+dieoJT2gV+8QzfdxOftP3r6h3yJv9XPblhTxluy2q0iyQ+7AJu/crSYAeCy+InJEPvIz5ApNsFASBsa5bqC1swqGJh+IgHgPKPsB1L9+Te/brAODPtIcjk4Gq71u/UqHFBh0USdTc8C0Cp5xyDM2lsfd5gvIbO5TEQgmWGln+5TYb2mmP9xKs41U+IjwCGLhGuVmOY/mXnv+yrUKUa6XIukVwzDryQ/kWKTKoekckdEE2BTnvXLQ+HfdKMFuzSFoIgByat5YSEZ7785ecl7pVR drone-scp@localhost diff --git a/testdata/.ssh/test b/testdata/.ssh/test new file mode 100644 index 0000000..89cc6ec --- /dev/null +++ b/testdata/.ssh/test @@ -0,0 +1,50 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZka7A7i +FscMeJBPyPteclAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2o +nnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mh +HBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+ +rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMG +vX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv +9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOr +b93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mr +D2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jI +NHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE +3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpv +jwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQAAB1CnEMQGwAKZbd3F1DJqwfPf +KWjoUJKbTRiav6h5pQr65JaqDe/7YE2ZHYo5917AC2vPLwPxAnoHFMsbObd5mWcmpATg/0 +K/qkN5Z4Ml5U3bwr51wfSPh1MiAP21Aickt09BDstIJzNNwwgcY31O3k/d6VBjqyM6Ezop +66LI4s/IIni1BI+cALyEfzE4Qu16GfzIeM+JVxildP4VImhvNBESmmbBL8rNmSzlQ+FTuF +JVmowUbcon1O0CppM1MRVPeG805XDwjxHXKwOp5O7MdTz7H8JeORoe8D6+4rNfJE0eQGY7 +Nm4+Wa97HzAFbT9IS433rxoGx9Qps3LAySFONso2JWSOEfo8rxnqO04DrfVHQhY3DkkwQt +FsDnMtkthJa+ZzUYc75fnS0DBPGuF9DZUCqrev5oAUHP6C4Vc4b33JJQD4FZJ+ehk3Xsci +cwJQsmgLyc5Jdh543Dm7kZoM9ku7HDNrB4H/1p45Vo6aBZMAY50x+fTdBeTgCzzhzzTbf+ +0IF8W3yW3/BYD+S2Byo3JKp6NH0Q8cgPJrGTl6GltGfpVuc6kLjMZ5zvxRbyWaqtIygM46 +W1izbA+9jwbHhitCtOk42e/ff6iEB1MVC13LqPty3gPNR8Pv0rDUDjJS4KiVwXqUY+bMr0 +C8l/hx93euHjLUJ49Ru6uy/2fBlHZEj6GmEAJhu/i6t2c1Rq0HBLis9X356oQT+YZnIai2 +ym0MknPxjeYBAItOV3zhRd1cYnk7CDcl1XALcnh0tqP712x24IJ+Ytqg7nvB2NZV8T469I +8Fp254Nr89HOMAXaZD0UcIPm7D2rfWV+YJFI3ZcJ/8DM99H3tpXe2j4oHMdmAbBd++09sx +KBRdFLcvnBfd1lqwxpA7hbxzrxi/yehYCqzh5KQGaf2UXej6TPiVzBWVYbp34cMZtsT6mF +K8SS3l5TXoNK2DNEk30o8K3q+vngQpfC9GZ/id4B7LS/3ybellxemZHXQoU4PxDkLKt7jd +AAsd5WO13dv3n/qgyu8iBRiFU+W66NX0RJGkp+lZMnta0YzukafM2n6GDn/r/Cx/y21PAi +ah8i41ByI1QLI4m1r+bRHdUxAarS/XJw4tTSFiZu3zddMYrlzeG9O3VUX9zBvBtfQbSmeJ +omml0zlr/qD7TMsORiujy7XIn7sMW+Ls/NA8TvX8oRnACjXe/MYNEZ8WDu2rkZuY/Dfc+o +NyYWO7kZ3kcejQZ1NusJSA7MG0FFGYSIaC9T9CWqYd5IcRSJW4dZnCt9z8CIJ6TSUFqMb/ +H1Y5Rmi0IIX+8qbGGXVBDIBk5y9xtS43+nz1nsdXwDmkTiXN9+ZX+GDsLxCWoHGryrWDbk +EuOAlqpvxFKzEkNsx+AC5wae6i/hBeiEce9bm4nZp+hFv1ic1Z9WS8B37YOFgJ4utGeOjB +6hnywUUJ3aH0LnCQNB3UzeFR7BmEaxmYD/phJodmjA5SD3CWpeizdXfrUjtqXGhYlr2jzq +vBAeeYEO4uaHIGxg8GqoqtaseqVcIdtouHxrVAxxXkjShV2ji7oJ/AtrLZNlkKYxMk0TpX +fFiKqL/uKfS78FfvVOhOkHZTD6ZeMgmdL/uOghEAtrf08ChyRvdp7QLjA802aio9eUVIQm +lHb1ltPEbIZNuvQ5kTIwk2eM6EAkOh0MBMoAYOxOpIb00XHNRDGJYuLewByjMQa8EoT6VM +NoiFIzJU9lLAXE6yz6JswctpTpLHK9Aq5vY7ObaOvrmpCQqsXfOuVUo2nR/FyEes97zuXG +E4aKaHK4IAW4UY/oGYk7pU/yRpudhiNRMXzmcQXfVmBEHuvDrh2chg8lDYn++07F7RWqkI +nfMAOWR8UEl4xp4zJtThDjRxNW6QLl8E1ADjndA9wVaKNSzv2i1TLXKBr5luFqY9MSJ2rm +yBR5EwairH/Qn9TUxaDD+0p6J+E9iz1l8UPTJa/cjtwiySljahY/6tHHnr9YQVnox92yfU +UXpfINGjYrpqh6EFwmyRw9fryIMvMhgZYo6ZoCRBCK2GfGAB0VTzJy2FGs4GecZK5ptXKu +sOX8BgGX/Q/nAJ7PWf9hgYlX2YyjmLjQZDMWECp05VFx9znEETNKlwF1FX5/E/37ISyz4d +I1LVSKOEccJX7jCR32LzvRW1UBX47Z+q3LVE4sa0QAV/JoISq6Qn6zAsVIV0yEPmVbd/xx +aX2uBUGHhmd99YJDh81xJIoYEMRzoGVfp0JjfYcDUc+2I6JdrOMF9/KmMA5wsZl4OKiu/F +cTRGjUkgw/cF2EFRGWknee2esYRB7tOr4y56qZ4gxqw8q9rYXhyB42jbdTvt5xcCm/ynid +sn4InokRRoIiMIPL5Ur7FZQHOP+915MWUBsrTJtkCWQuqJheYUi3mCzh/7NadAKplRpaKb +rS/DJIOOkjnGni/sDxJzPq7STDBVy4WStwQl6NI5hq+/c+JvN9GI4Vu/kz0z8qUcdShLaH +l4njcaMpg4tpQMHtCBOicGyV0= +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/test.pub b/testdata/.ssh/test.pub new file mode 100644 index 0000000..559daf2 --- /dev/null +++ b/testdata/.ssh/test.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh From 0b0e77098a4fa59703014092ddd6d2ad7267088f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 13:54:09 +0800 Subject: [PATCH 032/114] ci: optimize and enhance SSH server workflow - Add a 5-second sleep command to the SSH server workflow Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 3d3b0a7..f0e5521 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -29,6 +29,7 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" + sleep 5 - name: executing remote ssh commands using password (1.0.3) uses: appleboy/ssh-action@v1.0.3 From 977b74a12d4201105f3b851126516847ed6b80b0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 14:54:29 +0800 Subject: [PATCH 033/114] ci: enhance CI workflow with SSH job and optimizations - Remove an empty line in the jobs section - Reduce sleep duration from 5 seconds to 3 seconds - Add a new job `check-ssh-key` to the workflow - Add steps to create a new SSH server using Docker - Add steps to set environment variables for remote host and private key - Add a step to execute remote SSH commands using the `appleboy/ssh-action` GitHub Action Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 43 ++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index f0e5521..c410658 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -5,7 +5,6 @@ on: [push] jobs: default-user-name-password: runs-on: ubuntu-latest - steps: - name: Checkout code uses: actions/checkout@v4 @@ -29,7 +28,7 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 5 + sleep 3 - name: executing remote ssh commands using password (1.0.3) uses: appleboy/ssh-action@v1.0.3 @@ -39,3 +38,43 @@ jobs: password: password port: 2222 script: whoami + + check-ssh-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2223:2222 \ + -e PUBLIC_KEY=$(cat testdata/.ssh/id_rsa.pub) \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 3 + + - name: executing remote ssh commands using password (1.0.3) + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2223 + script: whoami From 2eeab5bdbadfcfd821c3f107a694803080f4b126 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:53:33 +0800 Subject: [PATCH 034/114] ci: refactor GitHub Actions key management - Add steps to set public and private keys in GitHub Actions environment - Replace inline public key assignment with environment variable reference - Remove redundant steps for setting private key in GitHub Actions environment Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index c410658..98bbd69 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -45,13 +45,28 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_rsa.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_rsa + echo "============================" + - name: create new ssh server run: | docker run -d \ --name=openssh-server \ --hostname=openssh-server \ -p 2223:2222 \ - -e PUBLIC_KEY=$(cat testdata/.ssh/id_rsa.pub) \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=false \ -e PASSWORD_ACCESS=true \ -e USER_PASSWORD=password \ @@ -62,9 +77,6 @@ jobs: echo "REMOTE_HOST<> $GITHUB_ENV cat ip.txt >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_rsa >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV echo "======= container ip address =========" cat ip.txt echo "======================================" From da612c801589d64bea89ca943c84fe1aae7a1d06 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:54:35 +0800 Subject: [PATCH 035/114] refactor: optimize CI pipeline for faster execution - Reduce sleep duration from 3 seconds to 2 seconds - Rename SSH job steps for clarity - Change port mapping from 2223 to 2222 Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 98bbd69..0a19104 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -28,9 +28,9 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 3 + sleep 2 - - name: executing remote ssh commands using password (1.0.3) + - name: ssh by username and password uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} @@ -65,7 +65,7 @@ jobs: docker run -d \ --name=openssh-server \ --hostname=openssh-server \ - -p 2223:2222 \ + -p 2222:2222 \ -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=false \ -e PASSWORD_ACCESS=true \ @@ -80,13 +80,13 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 3 + sleep 2 - - name: executing remote ssh commands using password (1.0.3) + - name: ssh by private uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io key: ${{ env.PRIVATE_KEY }} - port: 2223 + port: 2222 script: whoami From acd41e5091e04c5db86c78f86723e9baec27f452 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:57:27 +0800 Subject: [PATCH 036/114] ci: enhance SSH job testing with varied key/password scenarios - Correct the name of the SSH job from "ssh by private" to "ssh by private key" - Add a job to test SSH with the correct key but wrong password - Add a job to test SSH with the correct password but wrong key Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 0a19104..cfe805c 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -82,7 +82,7 @@ jobs: echo "======================================" sleep 2 - - name: ssh by private + - name: ssh by private key uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} @@ -90,3 +90,23 @@ jobs: key: ${{ env.PRIVATE_KEY }} port: 2222 script: whoami + + - name: wrong password but correct key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: "abcdef" + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: whoami + + - name: correct password but wrong key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script: whoami From f05aefe3514f74f9cda4825a2a5d9905aa45ae2a Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:59:32 +0800 Subject: [PATCH 037/114] ci: enhance SSH action configuration and error handling - Add a step to stop the script if a command error occurs using `appleboy/ssh-action@v1.0.3` - Configure SSH action with host, username, password, key, port, and other parameters - Add script to create a directory and list its contents Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index cfe805c..837dd0a 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -110,3 +110,19 @@ jobs: key: password port: 2222 script: whoami + + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al From e40b597081b0c96e4f93bee63cec35d4ea3b4d3a Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 16:13:42 +0800 Subject: [PATCH 038/114] ci: add GitHub Actions job for SSH key passphrase support - Add a new job `support-key-passphrase` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add a step to the new job for running an SSH command with a passphrase - Add a new private SSH key file `id_passphrase` to the test data - Add a new public SSH key file `id_passphrase.pub` to the test data Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 55 ++++++++++++++++++++++++++++++++ testdata/.ssh/id_passphrase | 39 ++++++++++++++++++++++ testdata/.ssh/id_passphrase.pub | 1 + 3 files changed, 95 insertions(+) create mode 100644 testdata/.ssh/id_passphrase create mode 100644 testdata/.ssh/id_passphrase.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 837dd0a..1fce1b2 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -126,3 +126,58 @@ jobs: script: | mkdir abc/def ls -al + + support-key-passphrase: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 + script: | + whoami + ls -al diff --git a/testdata/.ssh/id_passphrase b/testdata/.ssh/id_passphrase new file mode 100644 index 0000000..089d425 --- /dev/null +++ b/testdata/.ssh/id_passphrase @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA5p9eRXu +BJantF5ARnBfnqAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vl +v3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE +0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fD +o08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG +3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLq +xI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ +7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98 +QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+ +vsAPSHdnEjP58AAAWQCUj9ajDO6N0sI5jzkRxiMIaeDvP7Ns+cJtE1uxzrm7Ecgf7kBL2V +9Ru0gW1+ii3U/hPLkxwBwd3xvoc1Xy+n+c7D6bQVviv1lsbY1uPzxGR3fUfRCu2M1D8OEH +vol7jvFAZmtrpgy3gY45k2lbsY368bIJ+hYIqeHRqFsD+SyM/xSnj5/bZNvNrc+kHikiA3 +uVSvXe9oWVNm3hxLDppYPEYkORERHx9EWh5sruLwoM2NW6qwE+wGw0Vx1AuA7cNszDdmMs +qJFq0n5cQ78E3q0V49e0FOBjMoSJBxdQRHRz2al9MzJlcVVs5LGwmgVH0ur0V9QR8zv2Pv +ZV6r+H9mMo2eCtUDlKUXlCnfgwDP0ghXysFKSDLzXNEPrddmvzQeWA973fcguniLLq7Gbw +gpHSuP/vqVqtQQbXEdozgUl666SXC7GdPqaA5YsfGIJ4Ank3/Vjb3hc0/hElx4O0fEn18E +TWbd9o6v70mNbu3LjeJPNDwODMGn9GC3kRtSc5bU0A8YAM+gFaeytrz2W/vCe3EST8VBcQ +UtvYqGG/zGJhV8+OYoIZZQQkyCmTt0i4nTCJAMUnZ+pgY6YJk+UdBGhLvwNBtl4Z1nQKSA +hcBBo6T08bQfe/HmVs4dcwBO956qiOX/QjHDLew81MfpvjZ2kGD5Hp/qhieUdJ3IiUEsOC +FQC01JeEJlkEqd2jqBR/9RDnK7O8gTR0AA858L+MftN4nN2h2UkGjWMWSbkmwGMqyRGfRa +TJeg5njxYJVcRlWZ/KvNPxis8wIuCaRMbPT2WpHsRr1lY3s4IzFn+EMCkybHZArQVYtl1O +iGXYjpxe+cOc02PM1aKlUfCQfsr0CrXwwGzIQ73uXVSQgP5pQdV3iN/57+5aiH8F9D7X3n +p5QJzBuLGvhUDWqqwbwWy+81k3Y8rHXNfhVSlRmtGJXAPqpw0PCyquySJNwogi4rBkg0jF +xuqvimvhNcWzF7yf+fnYa6H+N8PavH32HRM50AYyWPyKWBp3Syri0P54cnkBjKTjTKGYA6 +4KwizazsbOMY5kp0UAmgX6XyM5OSROtxUp4P6T20okjKaSzamgMBKZULP/b768l4UYRgFe +uohg2/9A1fwYB/K8I+V7Qw9079JvAG05eIOgce3Dd+bXoH6j/Ylmk5Gj7LzhEXtMz3NEpj +LCg8tx0YFpuyoCaRlqOnsZCpc1EnL0UyMguCh9ADTG9h6V3Xf2j2Q94rKvAc4ZrBtj6qXT +BIfGsBIA7vA1KnKHB9oOFQZ26iRU7oTAunAQvSKF7/7luTqONoni6U/RpvERT/KeeIDSxz +uzFQ+apy/PTESSUtutpnTug6rexwrPb6ugJipag8ebNWVdOgaNBUL8wciW4lN8YkzjhXMw +xHB0PUuSXcBuuPDQuYZk84dpXxM10fWwuCTMlH1bXatSQhtRVbjVJIDXnnYpQKtuURiwMm +j4WLEt10hvu6t4aNJzzVY80/iLMb4ZGQgHotrjFfx9nzwe3SioINPaxRIb3m2gTsi8Nr/p +Y5zNjV9NOjONktUjLznRpfY/yBxOtPe9lxnaKfniRTK5HjBbi8hmei9G8lIHV9qyhpURYM +1EdZB86uZWJOaRA8/fpwt8z2stmpKpuGFQOSgr7W5JQWSFeTAMYPoafsm0PD1zSyw7j1wE +DWlmUAzpMirSnPUQndR8IcF7fZmI8J1g30eIFTQpoTDCyoiegkOXHa9HyWwmEAwws1PCWZ +a5Viw6XLJI3tahSNhZzdY/UNFikuO8AuIDXykBM7riaqK4PADtmGY88QGWXQbw5xxWtH6r +Wwk4KzDL9UFeCMSiQo//e+kg/mPLml6Sa4THOzP3iOmx810JoMDmF/jvtpC+ew5HpPPtg4 +h55pSap77CEhEhE5FPZKuH9f7/E= +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_passphrase.pub b/testdata/.ssh/id_passphrase.pub new file mode 100644 index 0000000..1d84832 --- /dev/null +++ b/testdata/.ssh/id_passphrase.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vlv3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fDo08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLqxI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+vsAPSHdnEjP58= mtk10671@NB22040567 From 15b64dc8919f9e984dd7c4e96fdd5d74ccc03088 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 16:16:59 +0800 Subject: [PATCH 039/114] ci: enhance CI pipeline with SSH key handling improvements - Add a job to handle missing SSH key passphrase with `appleboy/ssh-action` and `continue-on-error` set to true Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1fce1b2..8f753cd 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -181,3 +181,15 @@ jobs: script: | whoami ls -al + + - name: missing ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al From a39b3cce7dbd84fb06164ac1a60a27615417de71 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 17:00:36 +0800 Subject: [PATCH 040/114] ci: enhance CI/CD pipeline with SSH command execution - Add a step to execute multiline SSH commands using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 8f753cd..f381c32 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -193,3 +193,18 @@ jobs: script: | whoami ls -al + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true From 815c5743ac3927b147e22309d57a1f5a140a2d30 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 17:01:56 +0800 Subject: [PATCH 041/114] ci: enhance deployment with multi-host SSH action - Add deployment step for multiple hosts with different ports using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index f381c32..bba8b45 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -208,3 +208,18 @@ jobs: ls \ -lah use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: appleboy/ssh-action@v1.0.3 + with: + host: "${{ env.REMOTE_HOST }}:2222" + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 1111 + passphrase: 1234 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true From 378323e4c85be1bb394f07e5a3a3c7c687499829 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 19:07:07 +0800 Subject: [PATCH 042/114] ci: add multi-server support to CI workflow - Add a new job `multiple-server` to the GitHub Actions workflow - Configure the job to run on `ubuntu-latest` - Add steps to checkout code, add public and private keys to environment variables, and create two new SSH servers using Docker - Update the `host` configuration to include both new SSH servers - Remove the `port` configuration - Replace the command `ls -lah` with `whoami` - Remove the `use_insecure_cipher` configuration Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 70 +++++++++++++++++++++++++++++--- 1 file changed, 65 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index bba8b45..6d987a2 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -209,17 +209,77 @@ jobs: -lah use_insecure_cipher: true + multiple-server: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server-01 \ + --hostname=openssh-server-01 \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt + echo "REMOTE_HOST_01<> $GITHUB_ENV + cat ip01.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip01.txt + echo "======================================" + + docker run -d \ + --name=openssh-server-02 \ + --hostname=openssh-server-02 \ + -p 2223:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt + echo "REMOTE_HOST_02<> $GITHUB_ENV + cat ip02.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip02.txt + echo "======================================" + + sleep 2 + # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports uses: appleboy/ssh-action@v1.0.3 with: - host: "${{ env.REMOTE_HOST }}:2222" + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2223" username: linuxserver.io key: ${{ env.PRIVATE_KEY }} - port: 1111 passphrase: 1234 script_stop: true script: | - ls \ - -lah - use_insecure_cipher: true + whoami From aa293c24bb8b49499c238d2260b26a5ab2ee10e0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 19:22:24 +0800 Subject: [PATCH 043/114] chore: optimize system configuration and API integration - Change port for REMOTE_HOST_02 from `2223` to `2222` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 6d987a2..b7ecec1 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -276,7 +276,7 @@ jobs: - name: Deployment to multiple hosts with different ports uses: appleboy/ssh-action@v1.0.3 with: - host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2223" + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io key: ${{ env.PRIVATE_KEY }} passphrase: 1234 From fc1c1fce5140b0530a36d88286de8a29df8518bb Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:01:23 +0800 Subject: [PATCH 044/114] ci: add GitHub Actions job for ed25519 key support - Add a new job `support-ed25519-key` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add steps to the new job for testing the `id_ed25519` key using `appleboy/ssh-action` - Add a new private SSH key file `testdata/.ssh/id_ed25519` - Add a new public SSH key file `testdata/.ssh/id_ed25519.pub` Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 54 ++++++++++++++++++++++++++++++++ testdata/.ssh/id_ed25519 | 7 +++++ testdata/.ssh/id_ed25519.pub | 1 + 3 files changed, 62 insertions(+) create mode 100644 testdata/.ssh/id_ed25519 create mode 100644 testdata/.ssh/id_ed25519.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index b7ecec1..576207c 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -283,3 +283,57 @@ jobs: script_stop: true script: | whoami + + support-ed25519-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al diff --git a/testdata/.ssh/id_ed25519 b/testdata/.ssh/id_ed25519 new file mode 100644 index 0000000..9dc32bb --- /dev/null +++ b/testdata/.ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2AAAAKBF5e2SReXt +kgAAAAtzc2gtZWQyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2A +AAAEBrsLG1vSg08yaQgYM46KQW93Lz2ZikS1tTMH35gfHhpOiLsWW1AKqlamisqHrWclQ8 +h5rNRh3N2y2dyh5TldLYAAAAFnlvdXJfZW1haWxAZXhhbXBsZS5jb20BAgMEBQYH +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_ed25519.pub b/testdata/.ssh/id_ed25519.pub new file mode 100644 index 0000000..14f2085 --- /dev/null +++ b/testdata/.ssh/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiLsWW1AKqlamisqHrWclQ8h5rNRh3N2y2dyh5TldLY your_email@example.com From f0e5a23d530cb42b84b01340c5fb1a6ad570d4e8 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:04:07 +0800 Subject: [PATCH 045/114] ci: add environment variable handling in GitHub Actions - Add a new job `testing-with-env` to the GitHub Actions workflow - Add steps to set up environment variables for public and private SSH keys - Add a step to create a new SSH server using Docker - Add a step to test the SSH connection using the `id_ed25519` key - Add a step to pass a single environment variable to the SSH action - Add a step to pass multiple environment variables to the SSH action - Add a step to use a custom format for environment variables - Add a step to pass all environment variables to the SSH action Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 123 +++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 576207c..1742641 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -337,3 +337,126 @@ jobs: script: | whoami ls -al + + testing-with-env: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" + + - name: pass all ENV variables to script + uses: appleboy/ssh-action@v1.0.3 + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" From 9c32aa61f8c24f38e93a3282178429b314c14e8a Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:07:39 +0800 Subject: [PATCH 046/114] ci: refactor workflows and API integrations - Remove the execution of `test.sh` from the SSH server workflow Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1742641..0dbe24a 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -424,7 +424,6 @@ jobs: echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" - sh test.sh - name: custom envs format uses: appleboy/ssh-action@v1.0.3 From 97f8d752b568999364c7296fa08e33d68367e3fd Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:18:46 +0800 Subject: [PATCH 047/114] ci: enable root access in CI pipeline - Change `SUDO_ACCESS` environment variable from `false` to `true` - Add a step to switch to root user using `appleboy/ssh-action@v1.0.3` with specified parameters and commands Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 0dbe24a..4aec5ac 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -366,7 +366,7 @@ jobs: --hostname=openssh-server \ -p 2222:2222 \ -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ + -e SUDO_ACCESS=true \ -e PASSWORD_ACCESS=true \ -e USER_PASSWORD=password \ -e USER_NAME=linuxserver.io \ @@ -459,3 +459,17 @@ jobs: echo "I am $INPUT_AAA, thanks" echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" + + - name: switch to root user + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami From 5a8776fd157405e3e88da24413b04c2aaf01e99c Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:30:47 +0800 Subject: [PATCH 048/114] ci: switch to password authentication in GitHub workflow - Replace SSH key authentication with password authentication in GitHub workflow Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 4aec5ac..1599b96 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -465,7 +465,7 @@ jobs: with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} + password: password port: 2222 script_stop: true request_pty: true From 0c7561b1a30e223b97730bb8b92671995d9fb1d0 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:35:45 +0800 Subject: [PATCH 049/114] fix: switch to SSH key authentication for security - Remove hardcoded user password from environment variables - Replace hardcoded password with a private key for SSH authentication Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1599b96..1719cf6 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -368,7 +368,6 @@ jobs: -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=true \ -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ -e USER_NAME=linuxserver.io \ --restart unless-stopped \ lscr.io/linuxserver/openssh-server:latest @@ -465,7 +464,7 @@ jobs: with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io - password: password + key: ${{ env.PRIVATE_KEY }} port: 2222 script_stop: true request_pty: true From b6941ae5d5746e351d7fede90e718688304d2b4a Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:38:35 +0800 Subject: [PATCH 050/114] ci: refactor codebase and optimize performance - Delete the GitHub Actions workflow file `version.yml` Signed-off-by: appleboy --- .github/workflows/version.yml | 284 ---------------------------------- 1 file changed, 284 deletions(-) delete mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml deleted file mode 100644 index a15c0af..0000000 --- a/.github/workflows/version.yml +++ /dev/null @@ -1,284 +0,0 @@ -name: the stable version of ssh-action -on: [push] - -env: - FOO: "BAR" - BAR: "FOO" - -jobs: - testing01: - name: default flag testing - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: correct password but wrong key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami - - - name: wrong password but correct key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami - - - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: multiple command - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al - - - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 - continue-on-error: true - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al - - - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} - script: | - whoami - ls -al - - - name: use insecure cipher - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | - ls \ - -lah - use_insecure_cipher: true - - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - ls \ - -lah - use_insecure_cipher: true - - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.0.3 - with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 - script_stop: true - script: | - ls \ - -lah - use_insecure_cipher: true - - # - name: SSH ED25519 Private Key - # uses: appleboy/ssh-action@v1.0.3 - # with: - # host: ${{ secrets.TUNNEL_HOST }} - # username: ${{ secrets.TUNNEL_USERNAME }} - # key: ${{ secrets.ID_ED25519 }} - # port: ${{ secrets.TUNNEL_PORT }} - # script: whoami - - testing02: - name: testing with envs - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: pass environment - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh - - - name: custom envs format - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" - - - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.0.3 - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" - - testing03: - name: git clone and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: clone private repository - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository - - testing04: - name: docker login and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: login GitHub Container Registry - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - testing05: - name: switch user - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: switch to root user - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - request_pty: true - command_timeout: 30s - script: | - whoami && echo 'hello world' && touch todo.txt - sudo whoami From 43895f2cd585d373b747690a3e7f9bdcdd09e1cd Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:55:28 +0800 Subject: [PATCH 051/114] ci: refactor SSH testing workflows and job configurations - Rename workflow from "remote ssh command" to "testing main branch" - Remove environment variables `FOO` and `BAR` - Rename job `testing01` to `default-user-name-password` - Rename step "checkout" to "Checkout code" - Replace step "correct password but wrong key" with "create new ssh server" using Docker - Update SSH connection details to use environment variables for host, username, password, and port - Add new job `check-ssh-key` with steps to add public key to environment and create a new SSH server - Add new job `support-key-passphrase` with steps to add public key to environment and create a new SSH server - Add new job `multiple-server` to create and manage multiple SSH servers - Add new job `support-ed25519-key` with steps to add public key to environment and create a new SSH server - Add new job `testing-with-env` with steps to add public key to environment and create a new SSH server - Remove jobs `testing02`, `testing03`, `testing04`, and `testing05` - Rename workflow in `ssh-server.yml` from "openssh-server" to "testing stable version" Signed-off-by: appleboy --- .github/workflows/ci.yml | 508 +++++++++++++++++++++---------- .github/workflows/ssh-server.yml | 2 +- 2 files changed, 350 insertions(+), 160 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a62c774..e4a92da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,75 +1,125 @@ -name: remote ssh command +name: testing main branch + on: [push] -env: - FOO: "BAR" - BAR: "FOO" - jobs: - testing01: - name: default flag testing + default-user-name-password: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 - - name: correct password but wrong key + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by username and password uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script: whoami + + check-ssh-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_rsa.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_rsa + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by private key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - name: wrong password but correct key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - - name: executing remote ssh commands using password + - name: correct password but wrong key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 script: whoami - - name: executing remote ssh commands using ssh key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: multiple command - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al - - name: stop script if command error uses: ./ continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 script_stop: true sync: true debug: true @@ -77,83 +127,279 @@ jobs: mkdir abc/def ls -al + support-key-passphrase: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + - name: ssh key passphrase uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script: | whoami ls -al - - name: use insecure cipher + - name: missing ssh key passphrase uses: ./ + continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: | - ls \ - -lah - use_insecure_cipher: true + whoami + ls -al # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script_stop: true script: | ls \ -lah use_insecure_cipher: true + multiple-server: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server-01 \ + --hostname=openssh-server-01 \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt + echo "REMOTE_HOST_01<> $GITHUB_ENV + cat ip01.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip01.txt + echo "======================================" + + docker run -d \ + --name=openssh-server-02 \ + --hostname=openssh-server-02 \ + -p 2223:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt + echo "REMOTE_HOST_02<> $GITHUB_ENV + cat ip02.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip02.txt + echo "======================================" + + sleep 2 + # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports uses: ./ with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + passphrase: 1234 script_stop: true script: | - ls \ - -lah - use_insecure_cipher: true + whoami - # - name: SSH ED25519 Private Key - # uses: ./ - # with: - # host: ${{ secrets.TUNNEL_HOST }} - # username: ${{ secrets.TUNNEL_USERNAME }} - # key: ${{ secrets.ID_ED25519 }} - # port: ${{ secrets.TUNNEL_PORT }} - # script: whoami - - testing02: - name: testing with envs + support-ed25519-key: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + + testing-with-env: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=true \ + -e PASSWORD_ACCESS=true \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + - name: pass environment uses: ./ env: FOO: "BAR" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO script: | echo "I am $FOO, thanks" @@ -167,17 +413,16 @@ jobs: SHA: ${{ github.sha }} PORT: ${{ secrets.PORT }} with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,SHA,PORT script: | echo "I am $FOO, thanks" echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" - sh test.sh - name: custom envs format uses: ./ @@ -185,10 +430,10 @@ jobs: FOO: "BAR" AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,AAA envs_format: export TEST_{NAME}={VALUE} script: | @@ -203,10 +448,10 @@ jobs: INPUT_FOO: "BAR" INPUT_AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 allenvs: true script: | echo "I am $INPUT_FOO, thanks" @@ -214,68 +459,13 @@ jobs: echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" - testing03: - name: git clone and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: clone private repository - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository - - testing04: - name: docker login and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: login GitHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - testing05: - name: switch user - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - name: switch to root user uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script_stop: true request_pty: true command_timeout: 30s diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1719cf6..86ab7dc 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -1,4 +1,4 @@ -name: openssh-server +name: testing stable version on: [push] From 71d43ea0f75a1f73c9b0e4608c059783968ad29c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 6 Jun 2024 08:30:06 +0800 Subject: [PATCH 052/114] docs: improve documentation and testing configurations - Add note about the default value of `port` being `22` in the README Signed-off-by: Bo-Yi Wu --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0e11a25..7055cf5 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,8 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` +The default value of `port` is `22`. + #### Multiple hosts with different port ```diff From 036cad7df774e9168d1de6c77d668c6a292d4540 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:17:12 +0800 Subject: [PATCH 053/114] chore: update drone-ssh to version 1.7.7 - Update drone-ssh Docker image version from `1.7.4` to `1.7.7` - Update DRONE_SSH_VERSION environment variable default from `1.7.4` to `1.7.7` Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d84c375..960d488 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.4 +FROM ghcr.io/appleboy/drone-ssh:1.7.7 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index f50d56e..c48f963 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ export GITHUB="true" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.7}" function detect_client_info() { if [ -n "${SSH_CLIENT_OS-}" ]; then From 8b6078208d71a6d9364c7f23d78ca9b38bed48c0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:21:41 +0800 Subject: [PATCH 054/114] chore(cli): enhance version handling and testing mechanisms - Add a command to print the version of the target before running the main command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index c48f963..a9e359d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -63,4 +63,5 @@ TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} -sh -c "${TARGET} $*" +sh -c "${TARGET} --version" # print version +sh -c "${TARGET} $*" # run the command From 5ade82648576fb5118b586573e9c607af4941b24 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:42:46 +0800 Subject: [PATCH 055/114] chore: improve CLI reliability and version visibility - Increase curl retry attempts from 3 to 5 - Add echo statements to display CLI version before and after running the version command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index a9e359d..19d6b5d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -61,7 +61,9 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +curl -fL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} +echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version +echo "===========================" sh -c "${TARGET} $*" # run the command From 28428a13f5b0283d667b1c6501d144f15b059726 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:59:55 +0800 Subject: [PATCH 056/114] docs: improve cross-platform clipboard support for key copying - Add instructions to install `xclip` on Ubuntu before copying the private key - Replace `clip` command with platform-specific commands (`pbcopy` for macOS and `xclip` for Ubuntu) for copying the private key Signed-off-by: Bo-Yi Wu --- README.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7055cf5..75fe1c4 100644 --- a/README.md +++ b/README.md @@ -122,14 +122,29 @@ Copy Private Key content and paste in Github Secrets. ### Copy rsa Private key +Before copying the private key, install `clip` command as shown below: + ```bash -clip < ~/.ssh/id_rsa +# Ubuntu +sudo apt-get install xclip +``` + +copy the private key: + +```bash +# macOS +pbcopy < ~/.ssh/id_rsa +# Ubuntu +xclip < ~/.ssh/id_rsa ``` ### Copy ed25519 Private key ```bash -clip < ~/.ssh/id_ed25519 +# macOS +pbcopy < ~/.ssh/id_ed25519 +# Ubuntu +xclip < ~/.ssh/id_ed25519 ``` See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). From 06fa62e61cac6c39015db4efcde64776f56965c4 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 17:19:13 +0800 Subject: [PATCH 057/114] ci: rename the workflow files. - Rename `ci.yml` to `main.yml` - Rename `ssh-server.yml` to `stable.yml` Signed-off-by: Bo-Yi Wu --- .github/workflows/{ci.yml => main.yml} | 0 .github/workflows/{ssh-server.yml => stable.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{ci.yml => main.yml} (100%) rename .github/workflows/{ssh-server.yml => stable.yml} (100%) diff --git a/.github/workflows/ci.yml b/.github/workflows/main.yml similarity index 100% rename from .github/workflows/ci.yml rename to .github/workflows/main.yml diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/stable.yml similarity index 100% rename from .github/workflows/ssh-server.yml rename to .github/workflows/stable.yml From eaeb06998d86f5e66259ee8dc3d0909612f0ce65 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 20:55:52 +0800 Subject: [PATCH 058/114] chore(cli): enhance curl command with silent mode and redirects - Add silent mode and follow redirects to curl command in entrypoint.sh Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 19d6b5d..67132c6 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -61,7 +61,7 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version From b4a07ca5940a7dc94925e99f8e6eab3671b0fa64 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 20 Jul 2024 13:32:11 +0800 Subject: [PATCH 059/114] ci: enhance GitHub Actions with secret variable support (#330) * ci: enhance GitHub Actions with secret variable support - Add a step to pass secret variables in the shell within the GitHub Actions workflow Signed-off-by: appleboy * ci: enhance CI workflow and API integration - Add `continue-on-error: true` to the GitHub Actions workflow Signed-off-by: appleboy * ci: improve GitHub Actions workflow reliability - Add `continue-on-error: true` to the GitHub Actions workflow Signed-off-by: appleboy --------- Signed-off-by: appleboy --- .github/workflows/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e4a92da..cfe58fb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -459,6 +459,16 @@ jobs: echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" + - name: pass secret variable in shell + uses: ./ + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: cd ${{ secrets.PORT }} + - name: switch to root user uses: ./ with: @@ -491,6 +501,7 @@ jobs: - name: testing ipv6 uses: ./ + continue-on-error: true with: host: 2402:1f00:8000:800::2628 username: ubuntu From d732991ab09097d8c8f390d91385b0386e619598 Mon Sep 17 00:00:00 2001 From: archiguru Date: Sat, 7 Sep 2024 15:36:08 +0800 Subject: [PATCH 060/114] docs(lang): README.zh-cn Document (#332) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add README.zh-cn Document * feat: add zh-cn superlink --- README.md | 1 + README.zh-cn.md | 393 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 394 insertions(+) create mode 100644 README.zh-cn.md diff --git a/README.md b/README.md index 75fe1c4..218ed33 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # 🚀 SSH for GitHub Actions [繁體中文](./README.zh-tw.md) +[简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) for executing remote ssh commands. diff --git a/README.zh-cn.md b/README.zh-cn.md new file mode 100644 index 0000000..44ac07d --- /dev/null +++ b/README.zh-cn.md @@ -0,0 +1,393 @@ +# 🚀 用于 GitHub Actions 的 SSH + +[GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 + +![ssh workflow](./images/ssh-workflow.png) + +[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) + +**注意**: 只支持在 **Linux** [docker](https://www.docker.com/) 容器上执行。 + +## 输入变量 + +更详细的信息,请参考 [action.yml](./action.yml)。 + +* `host` - SSH 主机 +* `port` - SSH 连接端口,默认为 `22` +* `username` - SSH 用户名称 +* `password` - SSH 密码 +* `passphrase` - 通常用于加密私钥的 passphrase +* `sync` - 同步执行多个主机上的命令,默认为 false +* `timeout` - SSH 连接到远程主机的超时时间,默认为 `30s` +* `command_timeout` - SSH 命令超时时间,默认为 10m +* `key` - SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容,请记得包含 BEGIN 和 END 行 +* `key_path` - SSH 私钥的路径 +* `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 +* `script` - 执行命令 +* `script_stop` - 当出现第一个错误时停止执行命令 +* `envs` - 传递环境变量到 shell script +* `debug` - 启用调试模式 +* `use_insecure_cipher` - 使用不安全的密码(ciphers)进行加密,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `cipher` - 允许使用的密码(ciphers)算法。如果未指定,则使用适当的算法 + +SSH 代理设置: + +* `proxy_host` - 代理主机 +* `proxy_port` - 代理端口,默认为 `22` +* `proxy_username` - 代理用户名 +* `proxy_password` - 代理密码 +* `proxy_passphrase` - 密码通常用于加密私有密钥 +* `proxy_timeout` - SSH 连接至代理主机的超时时间,默认为 `30s` +* `proxy_key` - SSH 代理私有密钥内容 +* `proxy_key_path` - SSH 代理私有密钥路径 +* `proxy_fingerprint` - 代理主机公钥的 SHA256 指纹,默认为跳过验证 +* `proxy_use_insecure_cipher` - 使用不安全的加密方式,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `proxy_cipher` - 允许的加密算法。如果未指定,则使用合理的算法 + +## 使用方法 + +执行远程 SSH 命令 + +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +画面输出 + +```sh +======CMD====== +whoami +======END====== +out: *** +============================================== +✅ Successfully executed commands to all host. +============================================== +``` + +### 设置 SSH 密钥 + +请在创建 SSH 密钥并使用 SSH 密钥时遵循以下步骤。最佳做法是在本地机器上创建 SSH 密钥而不是远程机器上。请使用 Github Secrets 中指定的用户名登录。生成 RSA 密钥: + +### 生成 RSA 密钥 + +```bash +ssh-keygen -t rsa -b 4096 -C ”your_email@example.com“ +``` + +### 生成 ed25519 密钥 + +```bash +ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +``` + +将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 + +### 将 RSA 密钥添加到已授权密钥中 + +```bash +cat .ssh/id_rsa.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +``` + +### 将 ed25519 密钥添加到已授权密钥中 + +```bash +cat .ssh/id_ed25519.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +``` + +复制私钥内容,然后将其粘贴到 Github Secrets 中。 + +### 复制 rsa 私钥内容 + +```bash +clip < ~/.ssh/id_rsa +``` + +### 复制 ed25519 私钥内容 + +```bash +clip < ~/.ssh/id_ed25519 +``` + +有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 + +**来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改: + +* 将公钥放在 `.ssh/authorized_keys2` 中 +* 将 `.ssh` 的权限更改为700 +* 将 `.ssh/authorized_keys2` 的权限更改为640 + +### 如果你使用的是 OpenSSH + +如果您正在使用 OpenSSH,并出现以下错误: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 SSH-RSA 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): + +```bash +CASignatureAlgorithms +ssh-rsa +``` + +或者,`Ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA。 + +```bash +ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +``` + +### Example + +#### 使用密码执行远程 SSH 命令 + +```yaml +- name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 使用私钥 + +```yaml +- name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 多个命令 + +```yaml +- name: multiple command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +![result](./images/output-result.png) + +#### 多台主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: +- host: ”foo.com“ ++ host: ”foo.com,bar.com“ + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 多个不同端口的主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: +- host: ”foo.com“ ++ host: ”foo.com:1234,bar.com:5678“ + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + script: | + whoami + ls -al +``` + +#### 在多台主机上同步执行 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: + host: ”foo.com,bar.com“ ++ sync: true + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 将环境变量传递到 Shell 脚本 + +```diff + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 ++ env: ++ FOO: ”BAR“ ++ BAR: ”FOO“ ++ SHA: ${{ github.sha }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ envs: FOO,BAR,SHA + script: | + echo ”I am $FOO“ + echo ”I am $BAR“ + echo ”sha: $SHA“ +``` + +_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ + +#### 在第一次失败后停止脚本 + +> ex: missing `abc` folder + +```diff + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ script_stop: true + script: | + mkdir abc/def + ls -al +``` + +画面输出: + +```sh +======CMD====== +mkdir abc/def +ls -al + +======END====== +2019/11/21 01:16:21 Process exited with status 1 +err: mkdir: cannot create directory ‘abc/def’: No such file or directory +##[error]Docker run failed with exit code 1 +``` + +#### 如何使用 `ProxyCommand` 连接远程服务器? + +```bash ++———+ +-———+ +————+ +| Laptop | <—> | Jumphost | <—> | FooServer | ++———+ +-———+ +————+ +``` + +在您的 `~/.ssh/config` 文件中,您会看到以下内容。 + +```bash +Host Jumphost + HostName Jumphost + User ubuntu + Port 22 + IdentityFile ~/.ssh/keys/jump_host.pem + +Host FooServer + HostName FooServer + User ubuntu + Port 22 + ProxyCommand ssh -q -W %h:%p Jumphost +``` + +#### 如何将其转换为 GitHubActions 的 YAML 格式? + +```diff + - name: ssh proxy command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ proxy_host: ${{ secrets.PROXY_HOST }} ++ proxy_username: ${{ secrets.PROXY_USERNAME }} ++ proxy_key: ${{ secrets.PROXY_KEY }} ++ proxy_port: ${{ secrets.PROXY_PORT }} + script: | + mkdir abc/def + ls -al +``` + +#### 如何保护私钥? + +密码短语通常用于加密私钥。这使得攻击者无法单独使用密钥文件。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。因此,保护私钥非常重要。 + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al +``` + +#### 使用主机指纹验证 + +设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 + +现代 OpenSSH 版本中,需要提取的_默认密钥_类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 + +```sh +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2 +``` + +现在您可以调整您的配置: + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ fingerprint: ${{ secrets.FINGERPRINT }} + script: | + whoami + ls -al +``` + +## 贡献 + +我们非常希望您为 `appleboy/ssh-action` 做出贡献,欢迎提交请求! + +## 授权方式 + +本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 \ No newline at end of file From 58164d0dc2b76ba5c47e110152e94bfbd13ea235 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 22 Sep 2024 08:12:49 +0800 Subject: [PATCH 061/114] chore: remove Dockerfile and related configurations - Remove Dockerfile and its associated configurations Signed-off-by: appleboy --- Dockerfile | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 960d488..0000000 --- a/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.7 - -COPY entrypoint.sh /bin/entrypoint.sh - -ENTRYPOINT ["/bin/entrypoint.sh"] From 25ce8cbbcb08177468c7ff7ec5cbfa236f9341e1 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 6 Oct 2024 21:15:22 +0800 Subject: [PATCH 062/114] ci: implement automated release workflow with GoReleaser - Add GitHub Actions workflow for GoReleaser - Configure GoReleaser to skip builds - Set up changelog groups for features, bug fixes, enhancements, refactors, build process updates, and documentation updates Signed-off-by: appleboy --- .github/workflows/goreleaser.yml | 33 ++++++++++++++++++++++++++++++++ .goreleaser.yaml | 28 +++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 .github/workflows/goreleaser.yml create mode 100644 .goreleaser.yaml diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml new file mode 100644 index 0000000..7f1ae24 --- /dev/null +++ b/.github/workflows/goreleaser.yml @@ -0,0 +1,33 @@ +name: Goreleaser + +on: + push: + tags: + - "*" + +permissions: + contents: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup go + uses: actions/setup-go@v5 + with: + go-version: "^1" + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v6 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..01b1081 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,28 @@ +builds: + - # If true, skip the build. + # Useful for library projects. + # Default is false + skip: true + +changelog: + use: github + groups: + - title: Features + regexp: "^.*feat[(\\w)]*:+.*$" + order: 0 + - title: "Bug fixes" + regexp: "^.*fix[(\\w)]*:+.*$" + order: 1 + - title: "Enhancements" + regexp: "^.*chore[(\\w)]*:+.*$" + order: 2 + - title: "Refactor" + regexp: "^.*refactor[(\\w)]*:+.*$" + order: 3 + - title: "Build process updates" + regexp: ^.*?(build|ci)(\(.+\))??!?:.+$ + order: 4 + - title: "Documentation updates" + regexp: ^.*?docs?(\(.+\))??!?:.+$ + order: 4 + - title: Others From bb32884d53eb81279b477ae19ecf3d319978c768 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 6 Oct 2024 21:19:31 +0800 Subject: [PATCH 063/114] chore: enhance CI/CD workflows and documentation formatting - Update `appleboy/ssh-action` from version `v1.0.3` to `v1.1.0` in multiple instances - Fix table formatting in `README.md` Signed-off-by: appleboy --- README.md | 26 +++++++++++++------------- README.zh-cn.md | 26 +++++++++++++------------- README.zh-tw.md | 24 ++++++++++++------------ 3 files changed, 38 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 218ed33..c6dbe2c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. | Input Parameter | Description | Default Value | -|---------------------------|------------------------------------------------------------------------------------------|---------------| +| ------------------------- | ---------------------------------------------------------------------------------------- | ------------- | | host | SSH host address | | | port | SSH port number | 22 | | passphrase | SSH key passphrase | | @@ -66,7 +66,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -182,7 +182,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -195,7 +195,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -208,7 +208,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -225,7 +225,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -243,7 +243,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -258,7 +258,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: "foo.com,bar.com" + sync: true @@ -274,7 +274,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -299,7 +299,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -375,7 +375,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -401,7 +401,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 44ac07d..8afa230 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: ”foo.com“ + host: ”foo.com,bar.com“ @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: ”foo.com“ + host: ”foo.com:1234,bar.com:5678“ @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ”foo.com,bar.com“ + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: ”BAR“ + BAR: ”FOO“ @@ -272,7 +272,7 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -390,4 +390,4 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ## 授权方式 -本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 \ No newline at end of file +本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 9c37b34..b5d64cb 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 3f1416813d34f7167832a87fe9607a99b05622a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Tesa=C5=99?= Date: Sun, 13 Oct 2024 03:00:02 +0200 Subject: [PATCH 064/114] fix: typo in success message (#340) Reflects changes made by [drone-ssh#283](https://github.com/appleboy/drone-ssh/pull/283) --- README.md | 6 +++--- README.zh-cn.md | 6 +++--- README.zh-tw.md | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c6dbe2c..347f512 100644 --- a/README.md +++ b/README.md @@ -82,9 +82,9 @@ output: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### Setting up a SSH Key diff --git a/README.zh-cn.md b/README.zh-cn.md index 8afa230..6e7e69d 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -74,9 +74,9 @@ jobs: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### 设置 SSH 密钥 diff --git a/README.zh-tw.md b/README.zh-tw.md index b5d64cb..b5674f3 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -74,9 +74,9 @@ jobs: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### 設置 SSH 金鑰 From 2763143a97c8f9c4e85766b7458183ec99341e81 Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 24 Oct 2024 01:25:39 +0800 Subject: [PATCH 065/114] ci(script): enhance CI workflows and API integration - Change script execution to a multi-line bash script with error handling in GitHub workflow Signed-off-by: appleboy --- .github/workflows/stable.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 86ab7dc..ce98c8e 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -37,7 +37,10 @@ jobs: username: linuxserver.io password: password port: 2222 - script: whoami + script: | + #!/usr/bin/env bash + set -e + whoami check-ssh-key: runs-on: ubuntu-latest From 8b84eaec3a216f1a0a6f56e15a7ab08f9975236a Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 24 Oct 2024 01:27:03 +0800 Subject: [PATCH 066/114] ci(script): improve CI robustness and coverage across environments - Change single-line script to multi-line bash script with error handling in GitHub Actions workflow Signed-off-by: appleboy --- .github/workflows/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cfe58fb..e248967 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,10 @@ jobs: username: linuxserver.io password: password port: 2222 - script: whoami + script: | + #!/usr/bin/env bash + set -e + whoami check-ssh-key: runs-on: ubuntu-latest From 703ffa3c1ee959aa3694ac64b3a8a9bfa38c2c20 Mon Sep 17 00:00:00 2001 From: appleboy Date: Mon, 28 Oct 2024 22:36:36 +0800 Subject: [PATCH 067/114] feat(actions): enhance system performance and API integration - Add `proxy_protocol` input with description and default value "tcp" Signed-off-by: appleboy --- action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/action.yml b/action.yml index 4a16472..bf15e25 100644 --- a/action.yml +++ b/action.yml @@ -43,6 +43,9 @@ inputs: description: "SSH proxy username." proxy_password: description: "SSH proxy password." + proxy_protocol: + description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + default: "tcp" proxy_passphrase: description: "SSH proxy key passphrase." proxy_timeout: From ab698e59d82afb1b65ffe8f70a0d482d744d6239 Mon Sep 17 00:00:00 2001 From: appleboy Date: Mon, 28 Oct 2024 22:37:55 +0800 Subject: [PATCH 068/114] docs(readme): enhance network protocol support and testing - Add `proxy_protocol` option to the README with possible values `tcp`, `tcp4`, `tcp6` and default `tcp` Signed-off-by: appleboy --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 347f512..da31541 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ See [action.yml](./action.yml) for more detailed information. | fingerprint | SHA256 fingerprint of the host public key | | | proxy_host | SSH proxy host | | | proxy_port | SSH proxy port | 22 | +| proxy_protocol | SSH proxy protocol version (tcp, tcp4, tcp6) | tcp | | proxy_username | SSH proxy username | | | proxy_password | SSH proxy password | | | proxy_passphrase | SSH proxy key passphrase | | From 362a7f1677aa40aaec6bb1d6fd119b2e080fd7f3 Mon Sep 17 00:00:00 2001 From: Kyle Leonhard Date: Sat, 16 Nov 2024 22:57:46 -0800 Subject: [PATCH 069/114] chore: support running commands from a file (#341) --- .github/workflows/main.yml | 9 +++++++++ README.md | 14 ++++++++++++++ action.yml | 3 +++ testdata/test.sh | 3 +++ 4 files changed, 29 insertions(+) create mode 100644 testdata/test.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e248967..6c35463 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,6 +42,15 @@ jobs: set -e whoami + - name: ssh commands from a file + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script_path: testdata/test.sh + check-ssh-key: runs-on: ubuntu-latest steps: diff --git a/README.md b/README.md index da31541..56c6cec 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ See [action.yml](./action.yml) for more detailed information. | proxy_cipher | Allowed cipher algorithms for the proxy | | | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | +| script_file | Execute commands from a file | | | script_stop | Stop script after first failure | false | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | @@ -222,6 +223,19 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) +#### Commands from a file + +```yaml +- name: file commands + uses: appleboy/ssh-action@v1.1.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_path: scripts/script.sh +``` + #### Multiple Hosts ```diff diff --git a/action.yml b/action.yml index bf15e25..19668ab 100644 --- a/action.yml +++ b/action.yml @@ -63,6 +63,8 @@ inputs: description: "Include more ciphers for the proxy by using insecure ciphers." script: description: "Commands to be executed." + script_path: + description: "Path to the file containing commands to be executed." script_stop: description: "Stop the script after the first failure." envs: @@ -110,6 +112,7 @@ runs: INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} INPUT_SCRIPT: ${{ inputs.script }} + INPUT_SCRIPT_FILE: ${{ inputs.script_path }} INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} INPUT_ENVS: ${{ inputs.envs }} INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} diff --git a/testdata/test.sh b/testdata/test.sh new file mode 100644 index 0000000..3574ebc --- /dev/null +++ b/testdata/test.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +set -e +whoami \ No newline at end of file From bf84378588277d5361a4cb8b7b3b42912fc3fcab Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:00:26 +0800 Subject: [PATCH 070/114] refactor: refactor codebase and improve API performance - Signed-off-by: appleboy --- testdata/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testdata/test.sh b/testdata/test.sh index 3574ebc..a229cae 100644 --- a/testdata/test.sh +++ b/testdata/test.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash set -e -whoami \ No newline at end of file +whoami From 25259c3d5059bb20c4b45bf5089d58098b0a5b93 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:02:20 +0800 Subject: [PATCH 071/114] fix: refactor and enhance API and testing infrastructure - Update DRONE_SSH_VERSION from 1.7.7 to 1.8.0 - Add missing case statement terminator in detect_client_info function Signed-off-by: appleboy --- entrypoint.sh | 55 ++++++++++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 67132c6..abd5809 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ export GITHUB="true" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.7}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.0}" function detect_client_info() { if [ -n "${SSH_CLIENT_OS-}" ]; then @@ -17,20 +17,21 @@ function detect_client_info() { local kernel kernel="$(uname -s)" case "${kernel}" in - Darwin) - CLIENT_PLATFORM="darwin" - ;; - Linux) - CLIENT_PLATFORM="linux" - ;; - Windows) - CLIENT_PLATFORM="windows" - ;; - *) - echo "Unknown, unsupported platform: ${kernel}." >&2 - echo "Supported platforms: Linux, Darwin and Windows." >&2 - echo "Bailing out." >&2 - exit 2 + Darwin) + CLIENT_PLATFORM="darwin" + ;; + Linux) + CLIENT_PLATFORM="linux" + ;; + Windows) + CLIENT_PLATFORM="windows" + ;; + *) + echo "Unknown, unsupported platform: ${kernel}." >&2 + echo "Supported platforms: Linux, Darwin and Windows." >&2 + echo "Bailing out." >&2 + exit 2 + ;; esac fi @@ -40,18 +41,18 @@ function detect_client_info() { local machine machine="$(uname -m)" case "${machine}" in - x86_64*|i?86_64*|amd64*) - CLIENT_ARCH="amd64" - ;; - aarch64*|arm64*) - CLIENT_ARCH="arm64" - ;; - *) - echo "Unknown, unsupported architecture (${machine})." >&2 - echo "Supported architectures x86_64, i686, arm64." >&2 - echo "Bailing out." >&2 - exit 3 - ;; + x86_64* | i?86_64* | amd64*) + CLIENT_ARCH="amd64" + ;; + aarch64* | arm64*) + CLIENT_ARCH="arm64" + ;; + *) + echo "Unknown, unsupported architecture (${machine})." >&2 + echo "Supported architectures x86_64, i686, arm64." >&2 + echo "Bailing out." >&2 + exit 3 + ;; esac fi } From 176437b5488c703fa41f14a89a8458192086f8f3 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:05:56 +0800 Subject: [PATCH 072/114] chore: refactor codebase for improved consistency and performance - Change the username from `${{ secrets.USERNAME }}` to `linuxserver.io` - Update the output from `***` to `linuxserver.io` Signed-off-by: appleboy --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 56c6cec..71e8bb7 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ jobs: uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + username: linuxserver.io password: ${{ secrets.PASSWORD }} port: ${{ secrets.PORT }} script: whoami @@ -83,7 +83,7 @@ output: ======CMD====== whoami ======END====== -out: *** +linuxserver.io =============================================== ✅ Successfully executed commands to all hosts. =============================================== From 7eaf76671a0d7eec5d98ee897acda4f968735a17 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:08:23 +0800 Subject: [PATCH 073/114] docs(readme): update SSH action and enhance Chinese README files - Update `appleboy/ssh-action` from version `v1.1.0` to `v1.2.0` in multiple instances - Add `script_file` option to the Chinese (Simplified) and Chinese (Traditional) README files - Add example for executing commands from a file in the Chinese (Simplified) and Chinese (Traditional) README files Signed-off-by: appleboy --- README.md | 26 +++++++++++++------------- README.zh-cn.md | 38 ++++++++++++++++++++++++++------------ README.zh-tw.md | 38 ++++++++++++++++++++++++++------------ 3 files changed, 65 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 71e8bb7..d769662 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -184,7 +184,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -197,7 +197,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -210,7 +210,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -227,7 +227,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -240,7 +240,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -258,7 +258,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -273,7 +273,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: "foo.com,bar.com" + sync: true @@ -289,7 +289,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -314,7 +314,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -367,7 +367,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -390,7 +390,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -416,7 +416,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 6e7e69d..3a52957 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -24,6 +24,7 @@ * `key_path` - SSH 私钥的路径 * `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 * `script` - 执行命令 +* `script_file` - 執行命令的文件 * `script_stop` - 当出现第一个错误时停止执行命令 * `envs` - 传递环境变量到 shell script * `debug` - 启用调试模式 @@ -58,7 +59,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +158,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +171,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +184,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +201,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: ”foo.com“ + host: ”foo.com,bar.com“ @@ -212,11 +213,24 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ls -al ``` +#### Commands from a file + +```yaml +- name: file commands + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_path: scripts/script.sh +``` + #### 多个不同端口的主机 ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: ”foo.com“ + host: ”foo.com:1234,bar.com:5678“ @@ -231,7 +245,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ”foo.com,bar.com“ + sync: true @@ -247,7 +261,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: pass environment - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 + env: + FOO: ”BAR“ + BAR: ”FOO“ @@ -272,7 +286,7 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +339,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +360,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +386,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index b5674f3..3b4246b 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -24,6 +24,7 @@ * `key_path` - SSH 私鑰的路徑 * `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 * `script` - 執行命令 +* `script_file` - 執行命令的文件 * `script_stop` - 當出現第一個錯誤時停止執行命令 * `envs` - 傳遞環境變數到 shell script * `debug` - 啟用偵錯模式 @@ -58,7 +59,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +158,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +171,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +184,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,11 +197,24 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) +#### Commands from a file + +```yaml +- name: file commands + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_path: scripts/script.sh +``` + #### 多台主機 ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +230,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +245,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +261,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +286,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +339,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +360,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +386,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.1.0 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 8fdfeb034ef6e9033a8a4407975aedbc12a08737 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:17:02 +0800 Subject: [PATCH 074/114] chore(github): update `appleboy/ssh-action` to version `v1.2.0` across workflows - Update `appleboy/ssh-action` from version `v1.0.3` to `v1.2.0` in bug report template - Update `appleboy/ssh-action` from version `v1.0.3` to `v1.2.0` in stable workflow Signed-off-by: appleboy --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/workflows/stable.yml | 32 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 6e2dcf4..5270fdf 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index ce98c8e..29ea7fa 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -86,7 +86,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -105,7 +105,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -115,7 +115,7 @@ jobs: script: whoami - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -174,7 +174,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -186,7 +186,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -199,7 +199,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -277,7 +277,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -331,7 +331,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -384,7 +384,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -395,7 +395,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: FOO: "BAR" with: @@ -409,7 +409,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: FOO: "BAR" BAR: "FOO" @@ -428,7 +428,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: FOO: "BAR" AAA: "BBB" @@ -446,7 +446,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -463,7 +463,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.2.0 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io From a8952ebe2a1428de1644645b937cea45ed655b67 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:51:42 +0800 Subject: [PATCH 075/114] docs(readme): update documentation for GitHub Actions and Docker support - Update README badges to reflect the new GitHub Actions workflow - Remove outdated information about Linux Docker container support in README files Signed-off-by: appleboy --- README.md | 4 +--- README.zh-cn.md | 4 +--- README.zh-tw.md | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index d769662..58e9738 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,7 @@ ![ssh workflow](./images/ssh-workflow.png) -[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) - -**Important**: Only support **Linux** [docker](https://www.docker.com/) container. +[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 diff --git a/README.zh-cn.md b/README.zh-cn.md index 3a52957..98505f4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -4,9 +4,7 @@ ![ssh workflow](./images/ssh-workflow.png) -[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) - -**注意**: 只支持在 **Linux** [docker](https://www.docker.com/) 容器上执行。 +[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) ## 输入变量 diff --git a/README.zh-tw.md b/README.zh-tw.md index 3b4246b..fe9e71f 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -4,9 +4,7 @@ ![ssh workflow](./images/ssh-workflow.png) -[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) - -**注意**: 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。 +[![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) ## 輸入變數 From cec69ef2315fa7868468f4283007628aa37a6b7e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 15:53:54 +0800 Subject: [PATCH 076/114] docs(readme): standardize terminology and capitalization across project - Capitalize "SSH" in multiple instances for consistency - Change "This thing" to "This project" for clarity and professionalism - Capitalize "Pass" in the description of the `allenvs` option Signed-off-by: appleboy --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 58e9738..0a204a3 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,13 @@ [繁體中文](./README.zh-tw.md) [简体中文](./README.zh-cn.md) -[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. +[GitHub Action](https://github.com/features/actions) for executing remote SSH commands. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 +This project is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 ## Input variables @@ -49,12 +49,12 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | +| allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | ## Usage -Executing remote ssh commands. +Executing remote SSH commands. ```yaml name: remote ssh command From a9e2fdf08d46817c815611f3989f7757048795bd Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 17 Nov 2024 16:00:24 +0800 Subject: [PATCH 077/114] docs(readme): improve README structure and add new input variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update title to remove redundant "用於" - Add links to English and Simplified Chinese versions of the README - Add a note about the project using Golang and drone-ssh - Replace detailed input variable descriptions with a table format - Add new input variables `protocol`, `proxy_protocol`, `envs_format`, `allenvs`, and `request_pty` - Update usage section to refer to `action.yml` for detailed information Signed-off-by: appleboy --- README.zh-tw.md | 81 +++++++++++++++++++++++++++---------------------- 1 file changed, 45 insertions(+), 36 deletions(-) diff --git a/README.zh-tw.md b/README.zh-tw.md index fe9e71f..324cba8 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -1,49 +1,58 @@ -# 🚀 用於 GitHub Actions 的 SSH +# 🚀 GitHub Actions 的 SSH -[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. +[English](./README.md) +[简体中文](./README.zh-cn.md) + +[GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) +此專案使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。🚀 + ## 輸入變數 -更詳細的資訊,請參閱 [action.yml](./action.yml)。 +請參閱 [action.yml](./action.yml) 以獲取更詳細的信息。 -* `host` - SSH 主機 -* `port` - SSH 連接埠,預設為 `22` -* `username` - SSH 使用者名稱 -* `password` - SSH 密碼 -* `passphrase` - 通常用於加密私鑰的 passphrase -* `sync` - 同步執行多個主機上的命令,預設為 false -* `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s` -* `command_timeout` - SSH 命令超時時間,預設為 10m -* `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行 -* `key_path` - SSH 私鑰的路徑 -* `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 -* `script` - 執行命令 -* `script_file` - 執行命令的文件 -* `script_stop` - 當出現第一個錯誤時停止執行命令 -* `envs` - 傳遞環境變數到 shell script -* `debug` - 啟用偵錯模式 -* `use_insecure_cipher` - 使用不安全的密碼(ciphers)進行加密,參見 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `cipher` - 允許使用的密碼(ciphers)演算法。如果未指定,則使用適當的演算法 +| 輸入參數 | 描述 | 預設值 | +| ------------------------- | ----------------------------------------------------- | ------ | +| host | SSH 主機地址 | | +| port | SSH 埠號 | 22 | +| passphrase | SSH 金鑰密碼 | | +| username | SSH 使用者名稱 | | +| password | SSH 密碼 | | +| protocol | SSH 協議版本 (tcp, tcp4, tcp6) | tcp | +| sync | 如果有多個主機,啟用同步執行 | false | +| use_insecure_cipher | 包含更多不安全的加密算法 | false | +| cipher | 允許的加密算法。如果未指定,則使用合理的預設值 | | +| timeout | SSH 連接主機的超時時間 | 30s | +| command_timeout | SSH 命令的超時時間 | 10m | +| key | SSH 私鑰的內容。例如,~/.ssh/id_rsa 的原始內容 | | +| key_path | SSH 私鑰的路徑 | | +| fingerprint | 主機公鑰的 SHA256 指紋 | | +| proxy_host | SSH 代理主機 | | +| proxy_port | SSH 代理埠號 | 22 | +| proxy_protocol | SSH 代理協議版本 (tcp, tcp4, tcp6) | tcp | +| proxy_username | SSH 代理使用者名稱 | | +| proxy_password | SSH 代理密碼 | | +| proxy_passphrase | SSH 代理金鑰密碼 | | +| proxy_timeout | SSH 連接代理主機的超時時間 | 30s | +| proxy_key | SSH 代理私鑰的內容 | | +| proxy_key_path | SSH 代理私鑰的路徑 | | +| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | +| proxy_cipher | 代理允許的加密算法 | | +| proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | +| script | 執行命令 | | +| script_file | 從文件中執行命令 | | +| script_stop | 在第一次失敗後停止腳本 | false | +| envs | 將環境變數傳遞給 shell 腳本 | | +| envs_format | 環境值傳遞的靈活配置 | | +| debug | 啟用調試模式 | false | +| allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | +| request_pty | 從伺服器請求偽終端 | false | -SSH 代理設置: - -* `proxy_host` - 代理主機 -* `proxy_port` - 代理端口,預設為 `22` -* `proxy_username` - 代理使用者名稱 -* `proxy_password` - 代理密碼 -* `proxy_passphrase` - 密碼通常用於加密私有金鑰 -* `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s` -* `proxy_key` - SSH 代理私有金鑰內容 -* `proxy_key_path` - SSH 代理私有金鑰路徑 -* `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 -* `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 - -## 使用方式 +## 用法 執行遠端 SSH 命令 From 43d4ebbb72699ed0e9e8aeead91adfc4eac75ed6 Mon Sep 17 00:00:00 2001 From: Kyle Leonhard Date: Sun, 17 Nov 2024 16:57:32 -0800 Subject: [PATCH 078/114] chore: Add test to stable workflow for script_path (#347) --- .github/workflows/stable.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 29ea7fa..9209737 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -42,6 +42,15 @@ jobs: set -e whoami + - name: ssh commands from a file + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script_path: testdata/test.sh + check-ssh-key: runs-on: ubuntu-latest steps: From 6137f733fb6aad9941aaf990e4df5af3aef72d1c Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 23 Nov 2024 23:30:53 +0800 Subject: [PATCH 079/114] docs: improve project documentation and organization - Add a project description mentioning the use of Golang and drone-ssh - Replace the list of input variables with a table format for better readability and organization Signed-off-by: appleboy --- README.zh-cn.md | 70 +++++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 32 deletions(-) diff --git a/README.zh-cn.md b/README.zh-cn.md index 98505f4..4dc12b1 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -6,42 +6,48 @@ [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) +该项目使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。🚀 + ## 输入变量 更详细的信息,请参考 [action.yml](./action.yml)。 -* `host` - SSH 主机 -* `port` - SSH 连接端口,默认为 `22` -* `username` - SSH 用户名称 -* `password` - SSH 密码 -* `passphrase` - 通常用于加密私钥的 passphrase -* `sync` - 同步执行多个主机上的命令,默认为 false -* `timeout` - SSH 连接到远程主机的超时时间,默认为 `30s` -* `command_timeout` - SSH 命令超时时间,默认为 10m -* `key` - SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容,请记得包含 BEGIN 和 END 行 -* `key_path` - SSH 私钥的路径 -* `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 -* `script` - 执行命令 -* `script_file` - 執行命令的文件 -* `script_stop` - 当出现第一个错误时停止执行命令 -* `envs` - 传递环境变量到 shell script -* `debug` - 启用调试模式 -* `use_insecure_cipher` - 使用不安全的密码(ciphers)进行加密,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `cipher` - 允许使用的密码(ciphers)算法。如果未指定,则使用适当的算法 - -SSH 代理设置: - -* `proxy_host` - 代理主机 -* `proxy_port` - 代理端口,默认为 `22` -* `proxy_username` - 代理用户名 -* `proxy_password` - 代理密码 -* `proxy_passphrase` - 密码通常用于加密私有密钥 -* `proxy_timeout` - SSH 连接至代理主机的超时时间,默认为 `30s` -* `proxy_key` - SSH 代理私有密钥内容 -* `proxy_key_path` - SSH 代理私有密钥路径 -* `proxy_fingerprint` - 代理主机公钥的 SHA256 指纹,默认为跳过验证 -* `proxy_use_insecure_cipher` - 使用不安全的加密方式,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) -* `proxy_cipher` - 允许的加密算法。如果未指定,则使用合理的算法 +| 输入参数 | 描述 | 默认值 | +| ------------------------- | ----------------------------------------------------- | ------ | +| host | SSH 主机地址 | | +| port | SSH 端口号 | 22 | +| passphrase | SSH 密钥密码短语 | | +| username | SSH 用户名 | | +| password | SSH 密码 | | +| protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp | +| sync | 如果有多个主机,启用同步执行 | false | +| use_insecure_cipher | 使用不安全的密码算法 | false | +| cipher | 允许的密码算法。如果未指定,则使用适当的算法 | | +| timeout | SSH 连接到主机的超时时间 | 30s | +| command_timeout | SSH 命令的超时时间 | 10m | +| key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | | +| key_path | SSH 私钥的路径 | | +| fingerprint | 主机公钥的 SHA256 指纹 | | +| proxy_host | SSH 代理主机 | | +| proxy_port | SSH 代理端口 | 22 | +| proxy_protocol | SSH 代理协议版本(tcp, tcp4, tcp6) | tcp | +| proxy_username | SSH 代理用户名 | | +| proxy_password | SSH 代理密码 | | +| proxy_passphrase | SSH 代理密钥密码短语 | | +| proxy_timeout | SSH 连接到代理主机的超时时间 | 30s | +| proxy_key | SSH 代理私钥的内容 | | +| proxy_key_path | SSH 代理私钥的路径 | | +| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | +| proxy_cipher | 代理允许的密码算法 | | +| proxy_use_insecure_cipher | 使用不安全的密码算法 | false | +| script | 执行命令 | | +| script_file | 从文件执行命令 | | +| script_stop | 在第一次失败后停止脚本 | false | +| envs | 传递环境变量到 shell 脚本 | | +| envs_format | 环境变量传递的灵活配置 | | +| debug | 启用调试模式 | false | +| allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | +| request_pty | 请求伪终端 | false | ## 使用方法 From b76e6173e8c2787083cd8d94b715e6a01844d137 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 1 Dec 2024 10:10:43 +0800 Subject: [PATCH 080/114] docs(readme): standardize and format README files across languages - Remove an empty line in `README.md` - Replace underscores with bold formatting for default key types in `README.zh-cn.md` and `README.zh-tw.md` - Standardize list formatting in `README.md`, `README.zh-cn.md`, and `README.zh-tw.md` Signed-off-by: appleboy --- README.md | 25 ++++++++++++------------- README.zh-cn.md | 27 +++++++++++++-------------- README.zh-tw.md | 27 +++++++++++++-------------- 3 files changed, 38 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 0a204a3..fd5229d 100644 --- a/README.md +++ b/README.md @@ -60,19 +60,18 @@ Executing remote SSH commands. name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: linuxserver.io - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: linuxserver.io + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` output: @@ -152,9 +151,9 @@ See the detail information about [SSH login without password](http://www.linuxpr **A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: -* Put the public key in `.ssh/authorized_keys2` -* Change the permissions of `.ssh` to 700 -* Change the permissions of `.ssh/authorized_keys2` to 640 +- Put the public key in `.ssh/authorized_keys2` +- Change the permissions of `.ssh` to 700 +- Change the permissions of `.ssh/authorized_keys2` to 640 ### If you are using OpenSSH @@ -231,7 +230,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - script_path: scripts/script.sh + script_path: scripts/script.sh ``` #### Multiple Hosts diff --git a/README.zh-cn.md b/README.zh-cn.md index 4dc12b1..4ab55e9 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -57,19 +57,18 @@ name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` 画面输出 @@ -132,9 +131,9 @@ clip < ~/.ssh/id_ed25519 **来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改: -* 将公钥放在 `.ssh/authorized_keys2` 中 -* 将 `.ssh` 的权限更改为700 -* 将 `.ssh/authorized_keys2` 的权限更改为640 +- 将公钥放在 `.ssh/authorized_keys2` 中 +- 将 `.ssh` 的权限更改为 700 +- 将 `.ssh/authorized_keys2` 的权限更改为 640 ### 如果你使用的是 OpenSSH @@ -227,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - script_path: scripts/script.sh + script_path: scripts/script.sh ``` #### 多个不同端口的主机 @@ -380,7 +379,7 @@ Host FooServer 设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 -现代 OpenSSH 版本中,需要提取的_默认密钥_类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 +现代 OpenSSH 版本中,需要提取的**默认密钥**类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2 diff --git a/README.zh-tw.md b/README.zh-tw.md index 324cba8..4c5d04b 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -60,19 +60,18 @@ name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.0 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` 畫面輸出 @@ -135,9 +134,9 @@ clip < ~/.ssh/id_ed25519 **來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: -* 將公鑰放在 `.ssh/authorized_keys2` 中 -* 將 `.ssh` 的權限更改為700 -* 將 `.ssh/authorized_keys2` 的權限更改為640 +- 將公鑰放在 `.ssh/authorized_keys2` 中 +- 將 `.ssh` 的權限更改為 700 +- 將 `.ssh/authorized_keys2` 的權限更改為 640 ### 如果你使用的是 OpenSSH @@ -214,7 +213,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - script_path: scripts/script.sh + script_path: scripts/script.sh ``` #### 多台主機 @@ -383,7 +382,7 @@ Host FooServer 設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 -現代 OpenSSH 版本中,需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 +現代 OpenSSH 版本中,需要提取的**默認金鑰**類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 From 48531853a70097fbb21625def44933e73f9b3ec1 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 1 Dec 2024 10:12:22 +0800 Subject: [PATCH 081/114] docs(readme): refactor README files to improve language link structure - Combine language links into a single line in `README.md` - Add links to English and Traditional Chinese README in `README.zh-cn.md` - Combine language links into a single line in `README.zh-tw.md` Signed-off-by: appleboy --- README.md | 3 +-- README.zh-cn.md | 2 ++ README.zh-tw.md | 3 +-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fd5229d..d4bbd1a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # 🚀 SSH for GitHub Actions -[繁體中文](./README.zh-tw.md) -[简体中文](./README.zh-cn.md) +[繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. diff --git a/README.zh-cn.md b/README.zh-cn.md index 4ab55e9..fc1d5d8 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -1,5 +1,7 @@ # 🚀 用于 GitHub Actions 的 SSH +[English](./README.md) | [繁體中文](./README.zh-tw.md) + [GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-tw.md b/README.zh-tw.md index 4c5d04b..72cc09a 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -1,7 +1,6 @@ # 🚀 GitHub Actions 的 SSH -[English](./README.md) -[简体中文](./README.zh-cn.md) +[English](./README.md) | [简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 From 1c1ad10f6da46db2f81a68133f45b6a29317b741 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 2 Dec 2024 21:25:26 +0800 Subject: [PATCH 082/114] ci(action): remove script stop functionality from project (#350) - Remove the `stop script if command error` step from GitHub workflows - Remove the `script_stop` option from the README and its translations - Remove the `script_stop` input from `action.yml` Signed-off-by: appleboy --- .github/workflows/main.yml | 19 ------------------- .github/workflows/stable.yml | 19 ------------------- README.md | 32 -------------------------------- README.zh-cn.md | 32 -------------------------------- README.zh-tw.md | 32 -------------------------------- action.yml | 3 --- 6 files changed, 137 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6c35463..37f16c2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -123,22 +123,6 @@ jobs: port: 2222 script: whoami - - name: stop script if command error - uses: ./ - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - key: password - port: 2222 - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al - support-key-passphrase: runs-on: ubuntu-latest steps: @@ -215,7 +199,6 @@ jobs: key: ${{ env.PRIVATE_KEY }} port: 2222 passphrase: 1234 - script_stop: true script: | ls \ -lah @@ -292,7 +275,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} passphrase: 1234 - script_stop: true script: | whoami @@ -488,7 +470,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} port: 2222 - script_stop: true request_pty: true command_timeout: 30s script: | diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 9209737..82f4764 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -123,22 +123,6 @@ jobs: port: 2222 script: whoami - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - continue-on-error: true - with: - host: ${{ env.REMOTE_HOST }} - username: linuxserver.io - password: password - key: password - port: 2222 - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al - support-key-passphrase: runs-on: ubuntu-latest steps: @@ -215,7 +199,6 @@ jobs: key: ${{ env.PRIVATE_KEY }} port: 2222 passphrase: 1234 - script_stop: true script: | ls \ -lah @@ -292,7 +275,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} passphrase: 1234 - script_stop: true script: | whoami @@ -478,7 +460,6 @@ jobs: username: linuxserver.io key: ${{ env.PRIVATE_KEY }} port: 2222 - script_stop: true request_pty: true command_timeout: 30s script: | diff --git a/README.md b/README.md index d4bbd1a..273ffc4 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ See [action.yml](./action.yml) for more detailed information. | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | | script_file | Execute commands from a file | | -| script_stop | Stop script after first failure | false | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | @@ -304,37 +303,6 @@ The default value of `port` is `22`. _Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ -#### Stop script after first failure - -> ex: missing `abc` folder - -```diff - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ script_stop: true - script: | - mkdir abc/def - ls -al -``` - -output: - -```sh -======CMD====== -mkdir abc/def -ls -al - -======END====== -2019/11/21 01:16:21 Process exited with status 1 -err: mkdir: cannot create directory ‘abc/def’: No such file or directory -##[error]Docker run failed with exit code 1 -``` - #### How to connect remote server using `ProxyCommand`? ```bash diff --git a/README.zh-cn.md b/README.zh-cn.md index fc1d5d8..564a057 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -44,7 +44,6 @@ | proxy_use_insecure_cipher | 使用不安全的密码算法 | false | | script | 执行命令 | | | script_file | 从文件执行命令 | | -| script_stop | 在第一次失败后停止脚本 | false | | envs | 传递环境变量到 shell 脚本 | | | envs_format | 环境变量传递的灵活配置 | | | debug | 启用调试模式 | false | @@ -285,37 +284,6 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ -#### 在第一次失败后停止脚本 - -> ex: missing `abc` folder - -```diff - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ script_stop: true - script: | - mkdir abc/def - ls -al -``` - -画面输出: - -```sh -======CMD====== -mkdir abc/def -ls -al - -======END====== -2019/11/21 01:16:21 Process exited with status 1 -err: mkdir: cannot create directory ‘abc/def’: No such file or directory -##[error]Docker run failed with exit code 1 -``` - #### 如何使用 `ProxyCommand` 连接远程服务器? ```bash diff --git a/README.zh-tw.md b/README.zh-tw.md index 72cc09a..885e661 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -44,7 +44,6 @@ | proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | | script | 執行命令 | | | script_file | 從文件中執行命令 | | -| script_stop | 在第一次失敗後停止腳本 | false | | envs | 將環境變數傳遞給 shell 腳本 | | | envs_format | 環境值傳遞的靈活配置 | | | debug | 啟用調試模式 | false | @@ -285,37 +284,6 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ -#### 在第一次失敗後停止腳本 - -> ex: missing `abc` folder - -```diff - - name: stop script if command error - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} -+ script_stop: true - script: | - mkdir abc/def - ls -al -``` - -畫面輸出: - -```sh -======CMD====== -mkdir abc/def -ls -al - -======END====== -2019/11/21 01:16:21 Process exited with status 1 -err: mkdir: cannot create directory ‘abc/def’: No such file or directory -##[error]Docker run failed with exit code 1 -``` - #### 如何使用 `ProxyCommand` 連接遠程服務器? ```bash diff --git a/action.yml b/action.yml index 19668ab..ef72096 100644 --- a/action.yml +++ b/action.yml @@ -65,8 +65,6 @@ inputs: description: "Commands to be executed." script_path: description: "Path to the file containing commands to be executed." - script_stop: - description: "Stop the script after the first failure." envs: description: "Environment variables to be passed to the shell script." envs_format: @@ -113,7 +111,6 @@ runs: INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} INPUT_SCRIPT: ${{ inputs.script }} INPUT_SCRIPT_FILE: ${{ inputs.script_path }} - INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} INPUT_ENVS: ${{ inputs.envs }} INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} INPUT_DEBUG: ${{ inputs.debug }} From e13c387332e012cca188219684f51e6ac401aa32 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 2 Dec 2024 23:19:33 +0800 Subject: [PATCH 083/114] ci(action): display an environment variable with special characters (#351) - Add a new job `testing07` with steps to set environment variables and create an SSH server container - Set a special character password in environment variables - Run a Docker container for an OpenSSH server and capture its IP address - Add steps to SSH into the server using username and password authentication Signed-off-by: appleboy --- .github/workflows/main.yml | 45 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 37f16c2..6b2df98 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -504,3 +504,48 @@ jobs: command_timeout: 30s script: | whoami + + testing07: + name: some special character + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: Set Environment Variables + run: | + PASS='3HUS$?8kLu)}' + printf "PASS=${PASS}" >> $GITHUB_ENV + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD='${{ env.PASS }}' \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by username and password + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: ${{ env.PASS }} + port: 2222 + script: | + #!/usr/bin/env bash + set -e + whoami From 102c0d2e5f9f4ec3afb6392f674a1ae9e970dea9 Mon Sep 17 00:00:00 2001 From: Jesse <7832163+GammaGames@users.noreply.github.com> Date: Tue, 3 Dec 2024 18:49:35 -0700 Subject: [PATCH 084/114] feat: capture stdout and store as output (#287) --- .github/workflows/main.yml | 45 ++++++++++++++++++++++++++++++++++++++ action.yml | 12 +++++++++- entrypoint.sh | 9 +++++++- 3 files changed, 64 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6b2df98..4d8a6a4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -549,3 +549,48 @@ jobs: #!/usr/bin/env bash set -e whoami + + testing-capturing-output: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - id: stdout + name: ssh command with stdout + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + whoami + + - name: check stdout + run: | + echo "stdout: ${{ steps.stdout.outputs.stdout }}" diff --git a/action.yml b/action.yml index ef72096..9aa8ce0 100644 --- a/action.yml +++ b/action.yml @@ -75,6 +75,14 @@ inputs: description: "pass all environment variable to shell script." request_pty: description: "Request a pseudo-terminal from the server." + capture_stdout: + description: "Capture the stdout of the commands." + default: "false" + +outputs: + stdout: + description: 'Standard output of the executed commands.' + value: ${{ steps.entrypoint.outputs.stdout }} runs: using: "composite" @@ -84,7 +92,8 @@ runs: shell: bash env: GITHUB_ACTION_PATH: ${{ github.action_path }} - - name: Run entrypoint.sh + - id: entrypoint + name: Run entrypoint.sh run: entrypoint.sh shell: bash env: @@ -121,6 +130,7 @@ runs: INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} INPUT_SYNC: ${{ inputs.sync }} + INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }} branding: icon: "terminal" diff --git a/entrypoint.sh b/entrypoint.sh index abd5809..1c0edb8 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -64,7 +64,14 @@ TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} + echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version echo "===========================" -sh -c "${TARGET} $*" # run the command +if [[ "$INPUT_CAPTURE_STDOUT" == 'true' ]]; then + echo 'stdout<> $GITHUB_OUTPUT # use heredoc for multiline output + sh -c "${TARGET} $*" | tee -a $GITHUB_OUTPUT # run the command + echo 'EOF' >> $GITHUB_OUTPUT +else + sh -c "${TARGET} $*" # run the command +fi From 66aa4d343bf909ac4fa0ac52f4e62a9adc354c95 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 5 Dec 2024 16:23:32 +0800 Subject: [PATCH 085/114] ci: add SSH testing job to GitHub Actions workflow (#355) * ci: add SSH testing job to GitHub Actions workflow https://github.com/appleboy/ssh-action/issues/335#issuecomment-2372414496 - Add a new job `testing-script-stop` to the GitHub Actions workflow - Set up an SSH server using a Docker container within the new job - Capture the container's IP address and store it in the GitHub environment - Add a step to run an SSH command with stdout capture - Include a script to test conditional logic within the SSH command - Add a step to check and print the captured stdout from the SSH command Signed-off-by: Bo-Yi Wu * ci: improve GitHub Actions workflow with conditional checks - Add conditional checks in GitHub Actions workflow to handle 'True' and 'False' outputs Signed-off-by: Bo-Yi Wu * ci: standardize naming and validation of stdout steps - Rename `stdout` step to `stdout01` in the GitHub Actions workflow - Rename `check stdout` step to `check stdout 01` - Update references to `stdout` to `stdout01` in echo and grep commands - Add a new step `stdout02` for SSH command execution with stdout capture - Add a new step `check stdout 02` to validate the output of `stdout02` step Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/main.yml | 87 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4d8a6a4..3d51589 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -594,3 +594,90 @@ jobs: - name: check stdout run: | echo "stdout: ${{ steps.stdout.outputs.stdout }}" + + testing-script-stop: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - id: stdout01 + name: ssh command with stdout 01 + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + echo "TMP TESTING IF" + if [[ "2" == "1" ]]; then + echo "True" + else + echo "False" + fi + + - name: check stdout 01 + run: | + echo "stdout: ${{ steps.stdout01.outputs.stdout }}" + if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "True"; then + echo "Output contains 'True'" + exit 1 + fi + if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "False"; then + echo "Output contains 'False'" + fi + + - id: stdout02 + name: ssh command with stdout 01 + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + echo "TMP TESTING IF" + if [[ "1" == "1" ]]; then + echo "True" + else + echo "False" + fi + + - name: check stdout 02 + run: | + echo "stdout: ${{ steps.stdout02.outputs.stdout }}" + if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "False"; then + echo "Output contains 'False'" + exit 1 + fi + if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "True"; then + echo "Output contains 'True'" + fi From 86aa40ddb7d085faad449ea3e1726b81949ef86b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Jan 2025 09:31:39 +0800 Subject: [PATCH 086/114] ci: add SSH server testing to GitHub Actions workflow - Add a new job `testing-script-error` to the GitHub Actions workflow - Use `actions/checkout@v4` to check out the code - Create and run a new SSH server container using `lscr.io/linuxserver/openssh-server:latest` - Capture the container's IP address and set it as an environment variable - Add a step to test script errors with `continue-on-error: true` - Configure the test script to connect to the SSH server and run a command that will fail (`ls /nonexistent`) Signed-off-by: Bo-Yi Wu --- .github/workflows/main.yml | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3d51589..7737940 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -681,3 +681,44 @@ jobs: if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "True"; then echo "Output contains 'True'" fi + + testing-script-error: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: test script error + uses: ./ + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + capture_stdout: true + script: | + #!/usr/bin/env bash + set -e + ls /nonexistent From 49751ff51697f88206b6c7a0f60f83d1a880b26d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Jan 2025 10:17:01 +0800 Subject: [PATCH 087/114] docs: standardize `script_file` naming to `script_path` in documentation (#360) - Rename `script_file` to `script_path` in README.md - Rename `script_file` to `script_path` in README.zh-cn.md - Rename `script_file` to `script_path` in README.zh-tw.md Signed-off-by: Bo-Yi Wu --- README.md | 2 +- README.zh-cn.md | 2 +- README.zh-tw.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 273ffc4..d2d81cb 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ See [action.yml](./action.yml) for more detailed information. | proxy_cipher | Allowed cipher algorithms for the proxy | | | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | -| script_file | Execute commands from a file | | +| script_path | Execute commands from a file | | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | diff --git a/README.zh-cn.md b/README.zh-cn.md index 564a057..832b2f4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -43,7 +43,7 @@ | proxy_cipher | 代理允许的密码算法 | | | proxy_use_insecure_cipher | 使用不安全的密码算法 | false | | script | 执行命令 | | -| script_file | 从文件执行命令 | | +| script_path | 从文件执行命令 | | | envs | 传递环境变量到 shell 脚本 | | | envs_format | 环境变量传递的灵活配置 | | | debug | 启用调试模式 | false | diff --git a/README.zh-tw.md b/README.zh-tw.md index 885e661..42e1c58 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -43,7 +43,7 @@ | proxy_cipher | 代理允許的加密算法 | | | proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | | script | 執行命令 | | -| script_file | 從文件中執行命令 | | +| script_path | 從文件中執行命令 | | | envs | 將環境變數傳遞給 shell 腳本 | | | envs_format | 環境值傳遞的靈活配置 | | | debug | 啟用調試模式 | false | From 8faa84277b88b6cd1455986f459aa66cf72bc8a3 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 19 Feb 2025 17:50:00 +0800 Subject: [PATCH 088/114] chore: standardize formatting and update dependencies in workflows - Change the title format in the bug report template from single quotes to double quotes - Update `appleboy/ssh-action` version from `v1.2.0` to `v1.2.1` in multiple workflow files - Remove unnecessary blank lines in the bug report template Signed-off-by: Bo-Yi Wu --- .github/ISSUE_TEMPLATE/bug_report.md | 20 ++++++++--------- .github/workflows/stable.yml | 32 ++++++++++++++-------------- README.md | 24 ++++++++++----------- README.zh-cn.md | 24 ++++++++++----------- README.zh-tw.md | 24 ++++++++++----------- 5 files changed, 61 insertions(+), 63 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 5270fdf..08635d5 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,10 +1,9 @@ --- name: Bug report about: Create a report to help us improve -title: '' +title: "" labels: bug assignees: appleboy - --- ## Describe the bug @@ -19,19 +18,18 @@ Please post your Yaml configuration file along with the output results. name: remote ssh command on: [push] jobs: - build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.2.1 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami ``` ## Related environment diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 82f4764..f58c693 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -43,7 +43,7 @@ jobs: whoami - name: ssh commands from a file - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -104,7 +104,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -114,7 +114,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -167,7 +167,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -192,7 +192,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -269,7 +269,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -322,7 +322,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -375,7 +375,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -386,7 +386,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: FOO: "BAR" with: @@ -400,7 +400,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: FOO: "BAR" BAR: "FOO" @@ -419,7 +419,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: FOO: "BAR" AAA: "BBB" @@ -437,7 +437,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -454,7 +454,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io diff --git a/README.md b/README.md index d2d81cb..ccc9a28 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -192,7 +192,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -205,7 +205,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -222,7 +222,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -235,7 +235,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -253,7 +253,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -268,7 +268,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: "foo.com,bar.com" + sync: true @@ -284,7 +284,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -331,7 +331,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -354,7 +354,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -380,7 +380,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 832b2f4..f676ba2 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -162,7 +162,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -175,7 +175,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -188,7 +188,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -205,7 +205,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: ”foo.com“ + host: ”foo.com,bar.com“ @@ -221,7 +221,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -234,7 +234,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: ”foo.com“ + host: ”foo.com:1234,bar.com:5678“ @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ”foo.com,bar.com“ + sync: true @@ -265,7 +265,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 + env: + FOO: ”BAR“ + BAR: ”FOO“ @@ -312,7 +312,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -333,7 +333,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -359,7 +359,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 42e1c58..f84bc2d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -162,7 +162,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -175,7 +175,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -188,7 +188,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -205,7 +205,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -218,7 +218,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -234,7 +234,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: "foo.com,bar.com" + sync: true @@ -265,7 +265,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -312,7 +312,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -333,7 +333,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -359,7 +359,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.0 + uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 9817ef4a1793d4009d854d26cfb0ba4b615d5791 Mon Sep 17 00:00:00 2001 From: Seth Landry Date: Mon, 24 Feb 2025 06:31:51 -0600 Subject: [PATCH 089/114] docs(readme): set -e for script_stop functionality (#368) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #367 Add a note in the "Input variables" section of `README.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. Add a note in the "输入变量" section of `README.zh-cn.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. Add a note in the "輸入變數" section of `README.zh-tw.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/appleboy/ssh-action/issues/367?shareId=XXXX-XXXX-XXXX-XXXX). --- README.md | 2 ++ README.zh-cn.md | 2 ++ README.zh-tw.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index ccc9a28..90a2275 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,8 @@ See [action.yml](./action.yml) for more detailed information. | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | +**Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. + ## Usage Executing remote SSH commands. diff --git a/README.zh-cn.md b/README.zh-cn.md index f676ba2..367844b 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -50,6 +50,8 @@ | allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | | request_pty | 请求伪终端 | false | +**注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 + ## 使用方法 执行远程 SSH 命令 diff --git a/README.zh-tw.md b/README.zh-tw.md index f84bc2d..5953350 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -50,6 +50,8 @@ | allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | | request_pty | 從伺服器請求偽終端 | false | +**注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 + ## 用法 執行遠端 SSH 命令 From 92737056c0040ce12606ea20e76e4bcb9824d517 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 7 Mar 2025 08:10:39 +0800 Subject: [PATCH 090/114] docs: improve documentation and defaults for execution and security - Clarify that synchronous execution is enabled if multiple hosts are specified - Specify that sensible defaults are used for allowed cipher algorithms if unspecified - Clarify that environment variables are passed to the shell script Signed-off-by: Bo-Yi Wu --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 90a2275..740dd59 100644 --- a/README.md +++ b/README.md @@ -22,9 +22,9 @@ See [action.yml](./action.yml) for more detailed information. | username | SSH username | | | password | SSH password | | | protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | -| sync | Enable synchronous execution if multiple hosts | false | +| sync | Enable synchronous execution if multiple hosts are specified | false | | use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | -| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| cipher | Allowed cipher algorithms. If unspecified, sensible defaults are used | | | timeout | Timeout duration for SSH to host | 30s | | command_timeout | Timeout duration for SSH command | 10m | | key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | @@ -44,7 +44,7 @@ See [action.yml](./action.yml) for more detailed information. | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | | script_path | Execute commands from a file | | -| envs | Pass environment variables to shell script | | +| envs | Pass environment variables to the shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | From d99ccf8c09d72749f8eed879283eceea73f4ca6e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:42:40 +0800 Subject: [PATCH 091/114] docs: improve documentation clarity and consistency - Change "GitHub Action" to "A GitHub Action" for clarity. - Update phrasing from "built using" to "built with" for consistency. - Revise "Make sure to follow the below steps" to "Follow the steps below" for improved readability. - Modify "best practice is create" to "It is best practice to create" for grammatical correctness. - Change "Add newly generated key into Authorized keys" to "Add the newly generated key to the Authorized keys" for clarity. - Update "Copy Private Key content and paste in Github Secrets" to "Copy the Private Key content and paste it into GitHub Secrets" for consistency. - Change "install `clip` command" to "install the `clip` command" for grammatical correctness. - Revise "See the detail information about" to "See detailed information about" for improved readability. - Update "A note from one of our readers" to "Note: Depending on your version of SSH" for clarity. - Change "Make sure that your key algorithm of choice is supported" to "Ensure that your chosen key algorithm is supported" for conciseness. - Revise "Alternatively, `ed25519` keys are accepted by default" to "Alternatively, `ed25519` keys are accepted by default in OpenSSH" for clarity. - Update "if you are running a command in a non interactive shell" to "If you are running a command in a non-interactive shell" for grammatical correctness. Signed-off-by: appleboy --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 740dd59..36d38cd 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,17 @@ [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) -[GitHub Action](https://github.com/features/actions) for executing remote SSH commands. +A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This project is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 +This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 ## Input variables -See [action.yml](./action.yml) for more detailed information. +Refer to [action.yml](./action.yml) for more detailed information. | Input Parameter | Description | Default Value | | ------------------------- | ---------------------------------------------------------------------------------------- | ------------- | @@ -88,9 +88,9 @@ linuxserver.io ### Setting up a SSH Key -Make sure to follow the below steps while creating SSH Keys and using them. -The best practice is create the SSH Keys on local machine not remote machine. -Login with username specified in Github Secrets. Generate a RSA Key-Pair: +Follow the steps below to create and use SSH Keys. +It is best practice to create SSH Keys on your local machine, not on a remote machine. +Log in with the username specified in GitHub Secrets and generate an RSA Key-Pair: ### Generate rsa key @@ -104,7 +104,7 @@ ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). +Add the newly generated key to the Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). ### Add rsa key into Authorized keys @@ -118,18 +118,18 @@ cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -Copy Private Key content and paste in Github Secrets. +Copy the Private Key content and paste it into GitHub Secrets. ### Copy rsa Private key -Before copying the private key, install `clip` command as shown below: +Before copying the private key, install the `clip` command as shown below: ```bash # Ubuntu sudo apt-get install xclip ``` -copy the private key: +Copy the private key: ```bash # macOS @@ -147,9 +147,9 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). +See detailed information about [SSH login without a password](http://www.linuxproblem.org/art_9.html). -**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: +**Note**: Depending on your version of SSH, you might also need to make the following changes: - Put the public key in `.ssh/authorized_keys2` - Change the permissions of `.ssh` to 700 @@ -163,13 +163,13 @@ If you are currently using OpenSSH and are getting the following error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): +Ensure that your chosen key algorithm is supported. On Ubuntu 20.04 or later, you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): ```bash CASignatureAlgorithms +ssh-rsa ``` -Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: +Alternatively, `ed25519` keys are accepted by default in OpenSSH. You can use this instead of rsa if needed: ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -400,7 +400,7 @@ Now you can adjust you config: See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. -Basically, if you are running a command in a non interactive shell, like ssh-action, on many linux distros, +If you are running a command in a non-interactive shell, like ssh-action, on many Linux distros, `/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, @@ -415,7 +415,7 @@ Basically, if you are running a command in a non interactive shell, like ssh-act [ -z "$PS1" ] && return` ``` -just comment out the line that returns early and everything should work fine, or you can use the real paths of the commands that you would like to use. +comment out the line that returns early, and everything should work fine. Alternatively, you can use the real paths of the commands you want to use. ## Contributing From 01a53594ebd450be519b0d93972a7efca79d50ee Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:47:51 +0800 Subject: [PATCH 092/114] docs: enhance language support and improve documentation clarity - Add Simplified Chinese as an option in the language selection - Improve the phrasing of sentences for clarity in the GitHub Action description - Update instructions for enabling synchronous execution for multiple hosts - Clarify the default behavior for the cipher option - Change the wording for SSH command execution to enhance readability - Update the username in the example to a specific value - Revise instructions for copying SSH keys to include installation steps for the `clip` command - Adjust the phrasing for security practices regarding private key protection - Update the license statement to specify the MIT license more clearly - Change section titles for better consistency and clarity across languages Signed-off-by: appleboy --- README.zh-cn.md | 133 +++++++++++++++++++++++++++--------------------- README.zh-tw.md | 29 ++++++++--- 2 files changed, 98 insertions(+), 64 deletions(-) diff --git a/README.zh-cn.md b/README.zh-cn.md index 367844b..d609ba6 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -1,8 +1,8 @@ # 🚀 用于 GitHub Actions 的 SSH -[English](./README.md) | [繁體中文](./README.zh-tw.md) +[English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 -[GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 +一个用于执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) @@ -12,7 +12,7 @@ ## 输入变量 -更详细的信息,请参考 [action.yml](./action.yml)。 +有关更详细的信息,请参阅 [action.yml](./action.yml)。 | 输入参数 | 描述 | 默认值 | | ------------------------- | ----------------------------------------------------- | ------ | @@ -22,9 +22,9 @@ | username | SSH 用户名 | | | password | SSH 密码 | | | protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp | -| sync | 如果有多个主机,启用同步执行 | false | +| sync | 如果指定了多个主机,则启用同步执行 | false | | use_insecure_cipher | 使用不安全的密码算法 | false | -| cipher | 允许的密码算法。如果未指定,则使用适当的算法 | | +| cipher | 允许的密码算法。如果未指定,则使用适当的默认值 | | | timeout | SSH 连接到主机的超时时间 | 30s | | command_timeout | SSH 命令的超时时间 | 10m | | key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | | @@ -54,7 +54,7 @@ ## 使用方法 -执行远程 SSH 命令 +执行远程 SSH 命令。 ```yaml name: remote ssh command @@ -68,19 +68,19 @@ jobs: uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + username: linuxserver.io password: ${{ secrets.PASSWORD }} port: ${{ secrets.PORT }} script: whoami ``` -画面输出 +输出: ```sh ======CMD====== whoami ======END====== -out: *** +linuxserver.io =============================================== ✅ Successfully executed commands to all hosts. =============================================== @@ -88,18 +88,20 @@ out: *** ### 设置 SSH 密钥 -请在创建 SSH 密钥并使用 SSH 密钥时遵循以下步骤。最佳做法是在本地机器上创建 SSH 密钥而不是远程机器上。请使用 Github Secrets 中指定的用户名登录。生成 RSA 密钥: +请按照以下步骤创建和使用 SSH 密钥。 +最佳做法是在本地机器上创建 SSH 密钥,而不是在远程机器上。 +使用 GitHub Secrets 中指定的用户名登录并生成 RSA 密钥对: ### 生成 RSA 密钥 ```bash -ssh-keygen -t rsa -b 4096 -C ”your_email@example.com“ +ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` ### 生成 ed25519 密钥 ```bash -ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` 将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 @@ -107,32 +109,47 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ### 将 RSA 密钥添加到已授权密钥中 ```bash -cat .ssh/id_rsa.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` ### 将 ed25519 密钥添加到已授权密钥中 ```bash -cat .ssh/id_ed25519.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -复制私钥内容,然后将其粘贴到 Github Secrets 中。 +复制私钥内容,然后将其粘贴到 GitHub Secrets 中。 -### 复制 rsa 私钥内容 +### 复制 RSA 私钥内容 + +在复制私钥之前,按照以下步骤安装 `clip` 命令: ```bash -clip < ~/.ssh/id_rsa +# Ubuntu +sudo apt-get install xclip +``` + +复制私钥: + +```bash +# macOS +pbcopy < ~/.ssh/id_rsa +# Ubuntu +xclip < ~/.ssh/id_rsa ``` ### 复制 ed25519 私钥内容 ```bash -clip < ~/.ssh/id_ed25519 +# macOS +pbcopy < ~/.ssh/id_ed25519 +# Ubuntu +xclip < ~/.ssh/id_ed25519 ``` 有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 -**来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改: +**注意**:根据您的 SSH 版本,您可能还需要进行以下更改: - 将公钥放在 `.ssh/authorized_keys2` 中 - 将 `.ssh` 的权限更改为 700 @@ -146,19 +163,19 @@ clip < ~/.ssh/id_ed25519 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 SSH-RSA 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): +请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 ssh-rsa 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): ```bash CASignatureAlgorithms +ssh-rsa ``` -或者,`Ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA。 +或者,`ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA: ```bash -ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### Example +### 示例 #### 使用密码执行远程 SSH 命令 @@ -203,23 +220,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ![result](./images/output-result.png) -#### 多台主机 - -```diff - - name: multiple host - uses: appleboy/ssh-action@v1.2.1 - with: -- host: ”foo.com“ -+ host: ”foo.com,bar.com“ - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al -``` - -#### Commands from a file +#### 从文件执行命令 ```yaml - name: file commands @@ -232,14 +233,32 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ script_path: scripts/script.sh ``` +#### 多台主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.2.1 + with: +- host: "foo.com" ++ host: "foo.com,bar.com" + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +默认的 `port` 值是 `22`。 + #### 多个不同端口的主机 ```diff - name: multiple host uses: appleboy/ssh-action@v1.2.1 with: -- host: ”foo.com“ -+ host: ”foo.com:1234,bar.com:5678“ +- host: "foo.com" ++ host: "foo.com:1234,bar.com:5678" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} script: | @@ -253,7 +272,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ - name: multiple host uses: appleboy/ssh-action@v1.2.1 with: - host: ”foo.com,bar.com“ + host: "foo.com,bar.com" + sync: true username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} @@ -263,14 +282,14 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ls -al ``` -#### 将环境变量传递到 Shell 脚本 +#### 将环境变量传递到 shell 脚本 ```diff - name: pass environment uses: appleboy/ssh-action@v1.2.1 + env: -+ FOO: ”BAR“ -+ BAR: ”FOO“ ++ FOO: "BAR" ++ BAR: "FOO" + SHA: ${{ github.sha }} with: host: ${{ secrets.HOST }} @@ -279,9 +298,9 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA script: | - echo ”I am $FOO“ - echo ”I am $BAR“ - echo ”sha: $SHA“ + echo "I am $FOO" + echo "I am $BAR" + echo "sha: $SHA" ``` _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ @@ -289,9 +308,9 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 #### 如何使用 `ProxyCommand` 连接远程服务器? ```bash -+———+ +-———+ +————+ -| Laptop | <—> | Jumphost | <—> | FooServer | -+———+ +-———+ +————+ ++--------+ +----------+ +-----------+ +| Laptop | <--> | Jumphost | <--> | FooServer | ++--------+ +----------+ +-----------+ ``` 在您的 `~/.ssh/config` 文件中,您会看到以下内容。 @@ -329,9 +348,9 @@ Host FooServer ls -al ``` -#### 如何保护私钥? +#### 保护私钥 -密码短语通常用于加密私钥。这使得攻击者无法单独使用密钥文件。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。因此,保护私钥非常重要。 +密码短语通常用于加密私钥。这使得密钥文件本身对攻击者无用。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。 ```diff - name: ssh key passphrase @@ -351,10 +370,10 @@ Host FooServer 设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 -现代 OpenSSH 版本中,需要提取的**默认密钥**类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 +在现代 OpenSSH 版本中,默认提取的密钥类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 ```sh -ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2 +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` 现在您可以调整您的配置: @@ -379,4 +398,4 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ## 授权方式 -本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 +本项目中的脚本和文档采用 [MIT 许可证](LICENSE) 发布。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 5953350..21b497d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -1,6 +1,6 @@ # 🚀 GitHub Actions 的 SSH -[English](./README.md) | [简体中文](./README.zh-cn.md) +[English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 @@ -68,7 +68,7 @@ jobs: uses: appleboy/ssh-action@v1.2.1 with: host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} + username: linuxserver.io password: ${{ secrets.PASSWORD }} port: ${{ secrets.PORT }} script: whoami @@ -80,7 +80,7 @@ jobs: ======CMD====== whoami ======END====== -out: *** +linuxserver.io =============================================== ✅ Successfully executed commands to all hosts. =============================================== @@ -120,19 +120,34 @@ cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ### 複製 rsa 私鑰內容 +在複製私鑰之前,請按照以下說明安裝 `clip` 命令: + ```bash -clip < ~/.ssh/id_rsa +# Ubuntu +sudo apt-get install xclip +``` + +複製私鑰: + +```bash +# macOS +pbcopy < ~/.ssh/id_rsa +# Ubuntu +xclip < ~/.ssh/id_rsa ``` ### 複製 ed25519 私鑰內容 ```bash -clip < ~/.ssh/id_ed25519 +# macOS +pbcopy < ~/.ssh/id_ed25519 +# Ubuntu +xclip < ~/.ssh/id_ed25519 ``` 有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 -**來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: +**注意**:根據您的 SSH 版本,您可能還需要進行以下更改: - 將公鑰放在 `.ssh/authorized_keys2` 中 - 將 `.ssh` 的權限更改為 700 @@ -203,7 +218,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### Commands from a file +#### 從文件中執行命令 ```yaml - name: file commands From 48992f2e2c17668bdf29d9b0159c70758d39cd02 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:50:53 +0800 Subject: [PATCH 093/114] docs: prioritize English in language selection options - Change the language options to include English as the first option. Signed-off-by: appleboy --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 36d38cd..ca442fd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # 🚀 SSH for GitHub Actions -[繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) +English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. From 039c9e07bb37b35054415f27cdbfd7645237832d Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 8 Mar 2025 15:55:34 +0800 Subject: [PATCH 094/114] docs: update README with private key instructions in multiple languages - Add instructions for copying the private key to GitHub Secrets in English, Chinese (Simplified), and Chinese (Traditional) versions of the README. ref: https://github.com/appleboy/ssh-action/issues/6#issuecomment-922368411 Signed-off-by: appleboy --- README.md | 2 ++ README.zh-cn.md | 2 ++ README.zh-tw.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index ca442fd..d537645 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,8 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` +Starting from and including the comment section `-----BEGIN OPENSSH PRIVATE KEY-----` and ending at and including the comment section `-----END OPENSSH PRIVATE KEY-----`, copy the private key and paste it into GitHub Secrets. + ### Copy ed25519 Private key ```bash diff --git a/README.zh-cn.md b/README.zh-cn.md index d609ba6..c9c058e 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -138,6 +138,8 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` +从包含注释部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 开始,到包含注释部分 `-----END OPENSSH PRIVATE KEY-----` 结束,复制私钥并将其粘贴到 GitHub Secrets 中。 + ### 复制 ed25519 私钥内容 ```bash diff --git a/README.zh-tw.md b/README.zh-tw.md index 21b497d..c44ae7e 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -136,6 +136,8 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` +從包含註釋部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 開始,到包含註釋部分 `-----END OPENSSH PRIVATE KEY-----` 結束,複製私鑰並將其粘貼到 GitHub Secrets 中。 + ### 複製 ed25519 私鑰內容 ```bash From b0a8f324e192469585a608d1f586061cf28a6571 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 9 Mar 2025 21:54:21 +0800 Subject: [PATCH 095/114] chore: bump DRONE_SSH version to 1.8.1 - Update the default version of DRONE_SSH from 1.8.0 to 1.8.1 Signed-off-by: appleboy --- entrypoint.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 1c0edb8..17dbeda 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ export GITHUB="true" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.0}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.1}" function detect_client_info() { if [ -n "${SSH_CLIENT_OS-}" ]; then @@ -69,9 +69,9 @@ echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version echo "===========================" if [[ "$INPUT_CAPTURE_STDOUT" == 'true' ]]; then - echo 'stdout<> $GITHUB_OUTPUT # use heredoc for multiline output + echo 'stdout<>$GITHUB_OUTPUT # use heredoc for multiline output sh -c "${TARGET} $*" | tee -a $GITHUB_OUTPUT # run the command - echo 'EOF' >> $GITHUB_OUTPUT + echo 'EOF' >>$GITHUB_OUTPUT else sh -c "${TARGET} $*" # run the command fi From a0a032693916dbcde4f0dd3e881dc58c97e35180 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 9 Mar 2025 22:02:08 +0800 Subject: [PATCH 096/114] docs: clarify parameter descriptions for improved documentation - Update descriptions for various input parameters to provide clearer guidance on their usage. - Enhance the description for the `capture_stdout` parameter to specify its effect on action output. - Modify the description for the `stdout` output to clarify its relation to the `capture_stdout` setting. Signed-off-by: appleboy --- action.yml | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/action.yml b/action.yml index 9aa8ce0..c3af2a4 100644 --- a/action.yml +++ b/action.yml @@ -3,85 +3,85 @@ description: "Executing remote ssh commands" author: "Bo-Yi Wu" inputs: host: - description: "SSH host address." + description: "SSH host address or IP to connect to." port: - description: "SSH port number." + description: "SSH port number for the connection." default: "22" passphrase: - description: "Passphrase for the SSH key." + description: "Passphrase to decrypt the SSH private key if protected." username: - description: "SSH username." + description: "SSH username for authentication on the remote server." password: - description: "SSH password." + description: "SSH password for authentication (use secrets for sensitive data)." protocol: - description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).' default: "tcp" sync: - description: "Enable synchronous execution if multiple hosts are involved." + description: "When true, executes commands synchronously across multiple hosts (one after another)." use_insecure_cipher: - description: "Include more ciphers by using insecure ciphers." + description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems." cipher: - description: "Allowed cipher algorithms. If unspecified, a sensible default is used." + description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults." timeout: - description: "Timeout duration for establishing SSH connection to the host." + description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'." default: "30s" command_timeout: - description: "Timeout duration for SSH commands execution." + description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'." default: "10m" key: - description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa." + description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)." key_path: - description: "Path to the SSH private key file." + description: "Path to the SSH private key file on the runner." fingerprint: - description: "SHA256 fingerprint of the host public key." + description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks." proxy_host: - description: "SSH proxy host address." + description: "Proxy server hostname or IP if connecting through an SSH jump host." proxy_port: - description: "SSH proxy port number." + description: "SSH port number for the proxy connection." default: "22" proxy_username: - description: "SSH proxy username." + description: "Username for authentication on the proxy server." proxy_password: - description: "SSH proxy password." + description: "Password for authentication on the proxy server (use secrets for sensitive data)." proxy_protocol: - description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).' default: "tcp" proxy_passphrase: - description: "SSH proxy key passphrase." + description: "Passphrase to decrypt the proxy SSH private key if protected." proxy_timeout: - description: "Timeout duration for establishing SSH connection to the proxy host." + description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'." default: "30s" proxy_key: - description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa." + description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)." proxy_key_path: - description: "Path to the SSH proxy private key file." + description: "Path to the SSH proxy private key file on the runner." proxy_fingerprint: - description: "SHA256 fingerprint of the proxy host public key." + description: "SHA256 fingerprint of the proxy host public key for verification." proxy_cipher: - description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used." + description: "Specify custom cipher algorithms for proxy connection encryption." proxy_use_insecure_cipher: - description: "Include more ciphers for the proxy by using insecure ciphers." + description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)." script: - description: "Commands to be executed." + description: "Commands to execute on the remote server (inline script string)." script_path: - description: "Path to the file containing commands to be executed." + description: "Path to a local file containing commands to execute on the remote server." envs: - description: "Environment variables to be passed to the shell script." + description: "Environment variables to expose to the remote script, format: key=value,key2=value2." envs_format: - description: "Flexible configuration for environment value transfer." + description: "Format specification for environment variable transfer (for advanced usage)." debug: - description: "Enable debug mode." + description: "Set to true to enable verbose logging for troubleshooting connection issues." allenvs: - description: "pass all environment variable to shell script." + description: "When true, passes all GitHub Actions environment variables to the remote script." request_pty: - description: "Request a pseudo-terminal from the server." + description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)." capture_stdout: - description: "Capture the stdout of the commands." + description: "When true, captures and returns standard output from the commands as action output." default: "false" outputs: stdout: - description: 'Standard output of the executed commands.' + description: "Standard output of the executed commands when capture_stdout is enabled." value: ${{ steps.entrypoint.outputs.stdout }} runs: From 2ead5e36573f08b82fbfce1504f1a4b05a647c6f Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 9 Mar 2025 22:08:40 +0800 Subject: [PATCH 097/114] chore: update action version across workflows and documentation - Update the version of `appleboy/ssh-action` from `v1.2.1` to `v1.2.2` in multiple files - Modify the bug report template to reflect the updated action version - Change the action version in the stable workflow file - Adjust the action version in the README files for consistency across documentation - Ensure the action version is updated in both Chinese language README files Signed-off-by: appleboy --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/workflows/stable.yml | 32 ++++++++++++++-------------- README.md | 24 ++++++++++----------- README.zh-cn.md | 24 ++++++++++----------- README.zh-tw.md | 24 ++++++++++----------- 5 files changed, 53 insertions(+), 53 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 08635d5..74cf8b2 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index f58c693..e373457 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -43,7 +43,7 @@ jobs: whoami - name: ssh commands from a file - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -104,7 +104,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -114,7 +114,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -167,7 +167,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -192,7 +192,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -269,7 +269,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -322,7 +322,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -375,7 +375,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -386,7 +386,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: FOO: "BAR" with: @@ -400,7 +400,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: FOO: "BAR" BAR: "FOO" @@ -419,7 +419,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: FOO: "BAR" AAA: "BBB" @@ -437,7 +437,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -454,7 +454,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io diff --git a/README.md b/README.md index d537645..aea5988 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -384,7 +384,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index c9c058e..034837e 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -356,7 +356,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -382,7 +382,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index c44ae7e..b2a86e9 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -181,7 +181,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -194,7 +194,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -224,7 +224,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -237,7 +237,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -253,7 +253,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -268,7 +268,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: "foo.com,bar.com" + sync: true @@ -284,7 +284,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -331,7 +331,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -378,7 +378,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.1 + uses: appleboy/ssh-action@v1.2.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 2b3c6504b3e1405c32b38787b6d20b223a1ecebc Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 15 Mar 2025 14:57:10 +0800 Subject: [PATCH 098/114] ci: unify and enhance GitHub workflow configurations - Update appleboy/ssh-action to use the generic v1 version instead of v1.2.2 for multiple steps within the workflow Signed-off-by: appleboy --- .github/workflows/stable.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index e373457..7bffc93 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -31,7 +31,7 @@ jobs: sleep 2 - name: ssh by username and password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -43,7 +43,7 @@ jobs: whoami - name: ssh commands from a file - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -95,7 +95,7 @@ jobs: sleep 2 - name: ssh by private key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -104,7 +104,7 @@ jobs: script: whoami - name: wrong password but correct key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -114,7 +114,7 @@ jobs: script: whoami - name: correct password but wrong key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -167,7 +167,7 @@ jobs: sleep 2 - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -179,7 +179,7 @@ jobs: ls -al - name: missing ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 continue-on-error: true with: host: ${{ env.REMOTE_HOST }} @@ -192,7 +192,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -269,7 +269,7 @@ jobs: # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io @@ -322,7 +322,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -375,7 +375,7 @@ jobs: sleep 2 - name: testing id_ed25519 key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io @@ -386,7 +386,7 @@ jobs: ls -al - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: FOO: "BAR" with: @@ -400,7 +400,7 @@ jobs: echo "I am $BAR, thanks" - name: pass multiple environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: FOO: "BAR" BAR: "FOO" @@ -419,7 +419,7 @@ jobs: echo "port: $PORT" - name: custom envs format - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: FOO: "BAR" AAA: "BBB" @@ -437,7 +437,7 @@ jobs: echo "I am $TEST_AAA, thanks" - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 env: INPUT_FOO: "BAR" INPUT_AAA: "BBB" @@ -454,7 +454,7 @@ jobs: echo "$GITHUB_REF" - name: switch to root user - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io From 52a1840ca6cafe7e0e1e15e8649b935ba4e33077 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 15 Mar 2025 15:01:18 +0800 Subject: [PATCH 099/114] docs: update SSH action version to v1 in all README files (#372) - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in the README.md file - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-cn.md - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-tw.md Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ README.zh-cn.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index aea5988..bd43d9a 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -384,7 +384,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 034837e..455b8bf 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -196,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -209,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -226,7 +226,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -257,7 +257,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -272,7 +272,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" + sync: true @@ -288,7 +288,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" + BAR: "FOO" @@ -335,7 +335,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -356,7 +356,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -382,7 +382,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index b2a86e9..7ce7036 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: linuxserver.io @@ -181,7 +181,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -194,7 +194,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -224,7 +224,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: file commands - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -237,7 +237,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -253,7 +253,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -268,7 +268,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" + sync: true @@ -284,7 +284,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" + BAR: "FOO" @@ -331,7 +331,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -378,7 +378,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From b6690ee817812c18c1bcc05cd08d0011e6aabc63 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 29 Mar 2025 00:25:15 +0800 Subject: [PATCH 100/114] refactor: improve error handling and code readability across scripts (#374) - Add `log_error` function for error handling - Simplify the detection of client platform and architecture - Use `log_error` for unsupported platform or architecture handling - Use consistent quoting for variable expansions - Improve readability for `curl` and `chmod` commands - Simplify the commands for running and capturing stdout Signed-off-by: appleboy --- entrypoint.sh | 80 ++++++++++++++++++--------------------------------- 1 file changed, 28 insertions(+), 52 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 17dbeda..58bc1bd 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -10,51 +10,25 @@ GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.1}" -function detect_client_info() { - if [ -n "${SSH_CLIENT_OS-}" ]; then - CLIENT_PLATFORM="${SSH_CLIENT_OS}" - else - local kernel - kernel="$(uname -s)" - case "${kernel}" in - Darwin) - CLIENT_PLATFORM="darwin" - ;; - Linux) - CLIENT_PLATFORM="linux" - ;; - Windows) - CLIENT_PLATFORM="windows" - ;; - *) - echo "Unknown, unsupported platform: ${kernel}." >&2 - echo "Supported platforms: Linux, Darwin and Windows." >&2 - echo "Bailing out." >&2 - exit 2 - ;; - esac - fi +function log_error() { + echo "$1" >&2 + exit "$2" +} - if [ -n "${SSH_CLIENT_ARCH-}" ]; then - CLIENT_ARCH="${SSH_CLIENT_ARCH}" - else - local machine - machine="$(uname -m)" - case "${machine}" in - x86_64* | i?86_64* | amd64*) - CLIENT_ARCH="amd64" - ;; - aarch64* | arm64*) - CLIENT_ARCH="arm64" - ;; - *) - echo "Unknown, unsupported architecture (${machine})." >&2 - echo "Supported architectures x86_64, i686, arm64." >&2 - echo "Bailing out." >&2 - exit 3 - ;; - esac - fi +function detect_client_info() { + CLIENT_PLATFORM="${SSH_CLIENT_OS:-$(uname -s | tr '[:upper:]' '[:lower:]')}" + CLIENT_ARCH="${SSH_CLIENT_ARCH:-$(uname -m)}" + + case "${CLIENT_PLATFORM}" in + darwin | linux | windows) ;; + *) log_error "Unknown, unsupported platform: ${CLIENT_PLATFORM}. Supported platforms: Linux, Darwin, and Windows." 2 ;; + esac + + case "${CLIENT_ARCH}" in + x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;; + aarch64* | arm64*) CLIENT_ARCH="arm64" ;; + *) log_error "Unknown, unsupported architecture: ${CLIENT_ARCH}. Supported architectures: x86_64, i686, arm64." 3 ;; + esac } detect_client_info @@ -62,16 +36,18 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} -chmod +x ${TARGET} +curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" +chmod +x "${TARGET}" echo "======= CLI Version =======" -sh -c "${TARGET} --version" # print version +"${TARGET}" --version echo "===========================" -if [[ "$INPUT_CAPTURE_STDOUT" == 'true' ]]; then - echo 'stdout<>$GITHUB_OUTPUT # use heredoc for multiline output - sh -c "${TARGET} $*" | tee -a $GITHUB_OUTPUT # run the command - echo 'EOF' >>$GITHUB_OUTPUT +if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then + { + echo 'stdout<>"${GITHUB_OUTPUT}" else - sh -c "${TARGET} $*" # run the command + "${TARGET}" "$@" fi From 689de3cf649b7be1e792eeea9fc0571dcc0c3e4f Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 29 Mar 2025 00:27:23 +0800 Subject: [PATCH 101/114] docs: improve CLI messaging and error clarity for users - Clarify error message for unsupported platforms - Clarify error message for unsupported architectures - Change download message to indicate ongoing action - Expand CLI version header for clarity Signed-off-by: appleboy --- entrypoint.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 58bc1bd..7a2cd52 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -21,13 +21,13 @@ function detect_client_info() { case "${CLIENT_PLATFORM}" in darwin | linux | windows) ;; - *) log_error "Unknown, unsupported platform: ${CLIENT_PLATFORM}. Supported platforms: Linux, Darwin, and Windows." 2 ;; + *) log_error "Unknown or unsupported platform: ${CLIENT_PLATFORM}. Supported platforms are Linux, Darwin, and Windows." 2 ;; esac case "${CLIENT_ARCH}" in x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;; aarch64* | arm64*) CLIENT_ARCH="arm64" ;; - *) log_error "Unknown, unsupported architecture: ${CLIENT_ARCH}. Supported architectures: x86_64, i686, arm64." 3 ;; + *) log_error "Unknown or unsupported architecture: ${CLIENT_ARCH}. Supported architectures are x86_64, i686, and arm64." 3 ;; esac } @@ -35,13 +35,13 @@ detect_client_info DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" -echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" +echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" chmod +x "${TARGET}" -echo "======= CLI Version =======" +echo "======= CLI Version Information =======" "${TARGET}" --version -echo "===========================" +echo "=======================================" if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then { echo 'stdout< Date: Sat, 29 Mar 2025 00:29:34 +0800 Subject: [PATCH 102/114] chore: refactor system to improve efficiency and update API usage - Update changelog order value from `4` to `5` Signed-off-by: appleboy --- .goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 01b1081..fcd5b97 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -24,5 +24,5 @@ changelog: order: 4 - title: "Documentation updates" regexp: ^.*?docs?(\(.+\))??!?:.+$ - order: 4 + order: 5 - title: Others From 20d5c5bbc91841863c09aaa3a6797061bbf148a4 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 29 Mar 2025 12:43:09 +0800 Subject: [PATCH 103/114] feat: add configurable curl insecure flag to GitHub action - Add input parameter `curl_insecure` to `action.yml` with a default value of false - Pass `curl_insecure` input to the action's environment in `action.yml` - Modify `entrypoint.sh` to conditionally add the `--insecure` option to curl if `INPUT_CURL_INSECURE` is true Signed-off-by: appleboy --- action.yml | 4 ++++ entrypoint.sh | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index c3af2a4..e9ab5f9 100644 --- a/action.yml +++ b/action.yml @@ -75,6 +75,9 @@ inputs: description: "When true, passes all GitHub Actions environment variables to the remote script." request_pty: description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)." + curl_insecure: + description: "When true, uses the --insecure option with curl for insecure downloads." + default: "false" capture_stdout: description: "When true, captures and returns standard output from the commands as action output." default: "false" @@ -131,6 +134,7 @@ runs: INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} INPUT_SYNC: ${{ inputs.sync }} INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }} + INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }} branding: icon: "terminal" diff --git a/entrypoint.sh b/entrypoint.sh index 7a2cd52..495bf5b 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -36,7 +36,12 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" +INSECURE_OPTION="" +if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then + INSECURE_OPTION="--insecure" +fi + +curl -fsSL --retry 5 --keepalive-time 2 ${INSECURE_OPTION} "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}" chmod +x "${TARGET}" echo "======= CLI Version Information =======" From 9ca1cd21746f53919166547633817ce20c8b5394 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 29 Mar 2025 12:46:43 +0800 Subject: [PATCH 104/114] docs: document the new `curl_insecure` configuration option - Add `curl_insecure` option to README.md - Add `curl_insecure` option to README.zh-cn.md - Add `curl_insecure` option to README.zh-tw.md Signed-off-by: appleboy --- README.md | 1 + README.zh-cn.md | 1 + README.zh-tw.md | 1 + 3 files changed, 3 insertions(+) diff --git a/README.md b/README.md index bd43d9a..09bcfe4 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ Refer to [action.yml](./action.yml) for more detailed information. | debug | Enable debug mode | false | | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | +| curl_insecure | Allow curl to connect to SSL sites without certificates | false | **Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. diff --git a/README.zh-cn.md b/README.zh-cn.md index 455b8bf..0c5a1d4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -49,6 +49,7 @@ | debug | 启用调试模式 | false | | allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | | request_pty | 请求伪终端 | false | +| curl_insecure | 在 curl 中使用不安全的证书验证 | false | **注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 7ce7036..b877c3d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -49,6 +49,7 @@ | debug | 啟用調試模式 | false | | allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | | request_pty | 從伺服器請求偽終端 | false | +| curl_insecure | 在 curl 命令中使用不安全的 SSL 證書驗證 | false | **注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 From bd83ba7e2b3b59ec4007ddc30c72ef12e5d2fff7 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 10 Apr 2025 14:47:33 +0800 Subject: [PATCH 105/114] docs: document and configure drone-ssh version usage (#381) - Add `version` entry to README.md specifying drone-ssh binary version usage - Add `version` entry to README.zh-cn.md specifying drone-ssh version usage in Chinese - Add `version` entry to README.zh-tw.md specifying drone-ssh version usage in Traditional Chinese - Add `version` input to action.yml with description for drone-ssh version - Set DRONE_SSH_VERSION environment variable in action.yml to use specified version input Signed-off-by: Bo-Yi Wu --- README.md | 1 + README.zh-cn.md | 1 + README.zh-tw.md | 1 + action.yml | 4 ++++ 4 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 09bcfe4..755c3a5 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ Refer to [action.yml](./action.yml) for more detailed information. | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | | curl_insecure | Allow curl to connect to SSL sites without certificates | false | +| version | drone-ssh binary version. If not specified, the latest version will be used. | | **Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. diff --git a/README.zh-cn.md b/README.zh-cn.md index 0c5a1d4..dfc9a1c 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -50,6 +50,7 @@ | allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | | request_pty | 请求伪终端 | false | | curl_insecure | 在 curl 中使用不安全的证书验证 | false | +| version | drone-ssh 版本号。若未指定,将使用最新版本。 | | **注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 diff --git a/README.zh-tw.md b/README.zh-tw.md index b877c3d..7d0240b 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -50,6 +50,7 @@ | allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | | request_pty | 從伺服器請求偽終端 | false | | curl_insecure | 在 curl 命令中使用不安全的 SSL 證書驗證 | false | +| version | drone-ssh 版本號。若未指定,將使用最新版本。 | | **注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 diff --git a/action.yml b/action.yml index e9ab5f9..7027751 100644 --- a/action.yml +++ b/action.yml @@ -81,6 +81,9 @@ inputs: capture_stdout: description: "When true, captures and returns standard output from the commands as action output." default: "false" + version: + description: | + The version of drone-ssh to use. outputs: stdout: @@ -135,6 +138,7 @@ runs: INPUT_SYNC: ${{ inputs.sync }} INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }} INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }} + DRONE_SSH_VERSION: ${{ inputs.version }} branding: icon: "terminal" From 0e19dd962da42eb2f2b775d6e133dc9dfd424aa6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 10 Apr 2025 16:56:18 +0800 Subject: [PATCH 106/114] chore: improve robustness and consistency across multiple scripts - Combine `errexit`, `nounset`, and `pipefail` options into a single `set -euo pipefail` command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 495bf5b..1eb7733 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,8 +1,6 @@ #!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail +set -euo pipefail export GITHUB="true" From b80f638dc49d3b3a0321d26532f97c8eecb7276b Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 09:47:26 +0800 Subject: [PATCH 107/114] docs: rewrite and unify documentation across all supported languages - Rewrite and reorganize documentation for clarity and readability, including reworded introductions and consistent headings. - Improve input parameter tables: clarify descriptions, unify formatting, and better explain parameter purposes across all three languages. - Expand and update step-by-step SSH key setup guides, streamline copy instructions, and add practical notes and tips. - Enhance usage examples with clearer titles, better labels, and updated YAML examples for different authentication methods and scenarios. - Add new sections and tips on OpenSSH compatibility and troubleshooting "command not found" issues, with improved cross-platform guidance. - Refine explanations for host fingerprint verification, proxy setup, and command environment management. - Update and polish contributing and license sections for greater encouragement and style consistency. - Apply the above documentation improvements to both Simplified and Traditional Chinese versions for parity. Signed-off-by: appleboy --- README.md | 265 +++++++++++++++++++++++------------------------- README.zh-cn.md | 232 +++++++++++++++++++++++------------------- README.zh-tw.md | 238 +++++++++++++++++++++++-------------------- 3 files changed, 384 insertions(+), 351 deletions(-) diff --git a/README.md b/README.md index 755c3a5..4bf35fe 100644 --- a/README.md +++ b/README.md @@ -2,71 +2,75 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) -A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands. +A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 +This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). -## Input variables +--- -Refer to [action.yml](./action.yml) for more detailed information. +## 📥 Input Parameters -| Input Parameter | Description | Default Value | -| ------------------------- | ---------------------------------------------------------------------------------------- | ------------- | -| host | SSH host address | | -| port | SSH port number | 22 | -| passphrase | SSH key passphrase | | -| username | SSH username | | -| password | SSH password | | -| protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | -| sync | Enable synchronous execution if multiple hosts are specified | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | -| cipher | Allowed cipher algorithms. If unspecified, sensible defaults are used | | -| timeout | Timeout duration for SSH to host | 30s | -| command_timeout | Timeout duration for SSH command | 10m | -| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | -| key_path | Path of SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_protocol | SSH proxy protocol version (tcp, tcp4, tcp6) | tcp | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | -| script | Execute commands | | -| script_path | Execute commands from a file | | -| envs | Pass environment variables to the shell script | | -| envs_format | Flexible configuration of environment value transfer | | -| debug | Enable debug mode | false | -| allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | -| request_pty | Request a pseudo-terminal from the server | false | -| curl_insecure | Allow curl to connect to SSL sites without certificates | false | -| version | drone-ssh binary version. If not specified, the latest version will be used. | | +For full details, see [action.yml](./action.yml). -**Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. +| Parameter | Description | Default | +| ------------------------- | --------------------------------------------------------------------------------- | ------- | +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | Passphrase for the SSH private key | | +| username | SSH username | | +| password | SSH password | | +| protocol | SSH protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | +| sync | Run synchronously if multiple hosts are specified | false | +| use_insecure_cipher | Allow additional (less secure) ciphers | false | +| cipher | Allowed cipher algorithms. Uses sensible defaults if unspecified | | +| timeout | Timeout for SSH connection to host | 30s | +| command_timeout | Timeout for SSH command execution | 10m | +| key | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) | | +| key_path | Path to SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_protocol | SSH proxy protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH connection to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path to SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Allow additional (less secure) ciphers for the proxy | false | +| script | Commands to execute remotely | | +| script_path | Path to a file containing commands to execute | | +| envs | Environment variables to pass to the shell script | | +| envs_format | Flexible configuration for environment variable transfer | | +| debug | Enable debug mode | false | +| allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | +| curl_insecure | Allow curl to connect to SSL sites without certificates | false | +| version | drone-ssh binary version. If not specified, the latest version will be used. | | -## Usage +> **Note:** To mimic the removed `script_stop` option, add `set -e` at the top of your shell script. -Executing remote SSH commands. +--- + +## 🚦 Usage Example + +Run remote SSH commands in your workflow: ```yaml -name: remote ssh command +name: Remote SSH Command on: [push] jobs: build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password + - name: Execute remote SSH commands using password uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -76,7 +80,7 @@ jobs: script: whoami ``` -output: +**Output:** ```sh ======CMD====== @@ -88,50 +92,35 @@ linuxserver.io =============================================== ``` -### Setting up a SSH Key +--- -Follow the steps below to create and use SSH Keys. -It is best practice to create SSH Keys on your local machine, not on a remote machine. -Log in with the username specified in GitHub Secrets and generate an RSA Key-Pair: +## 🔑 Setting Up SSH Keys -### Generate rsa key +It is best practice to create SSH keys on your local machine (not on a remote server). Log in with the username specified in GitHub Secrets and generate a key pair: + +### Generate RSA key ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### Generate ed25519 key +### Generate ED25519 key ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -Add the newly generated key to the Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). - -### Add rsa key into Authorized keys +Add the new public key to the authorized keys on your server. [Learn more about authorized keys.](https://www.ssh.com/ssh/authorized_keys/) ```bash -cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +# Add RSA key +cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' + +# Add ED25519 key +cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' ``` -### Add ed25519 key into Authorized keys - -```bash -cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' -``` - -Copy the Private Key content and paste it into GitHub Secrets. - -### Copy rsa Private key - -Before copying the private key, install the `clip` command as shown below: - -```bash -# Ubuntu -sudo apt-get install xclip -``` - -Copy the private key: +Copy the private key content and paste it into GitHub Secrets. ```bash # macOS @@ -140,9 +129,9 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` -Starting from and including the comment section `-----BEGIN OPENSSH PRIVATE KEY-----` and ending at and including the comment section `-----END OPENSSH PRIVATE KEY-----`, copy the private key and paste it into GitHub Secrets. +> **Tip:** Copy from `-----BEGIN OPENSSH PRIVATE KEY-----` to `-----END OPENSSH PRIVATE KEY-----` (inclusive). -### Copy ed25519 Private key +For ED25519: ```bash # macOS @@ -151,40 +140,44 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -See detailed information about [SSH login without a password](http://www.linuxproblem.org/art_9.html). +See more: [SSH login without a password](http://www.linuxproblem.org/art_9.html). -**Note**: Depending on your version of SSH, you might also need to make the following changes: +> **Note:** Depending on your SSH version, you may also need to: +> +> - Place the public key in `.ssh/authorized_keys2` +> - Set `.ssh` permissions to 700 +> - Set `.ssh/authorized_keys2` permissions to 640 -- Put the public key in `.ssh/authorized_keys2` -- Change the permissions of `.ssh` to 700 -- Change the permissions of `.ssh/authorized_keys2` to 640 +--- -### If you are using OpenSSH +## 🛡️ OpenSSH Compatibility -If you are currently using OpenSSH and are getting the following error: +If you see this error: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Ensure that your chosen key algorithm is supported. On Ubuntu 20.04 or later, you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): +On Ubuntu 20.04+ you may need to explicitly allow the `ssh-rsa` algorithm. Add this to your OpenSSH daemon config (`/etc/ssh/sshd_config` or a drop-in under `/etc/ssh/sshd_config.d/`): ```bash CASignatureAlgorithms +ssh-rsa ``` -Alternatively, `ed25519` keys are accepted by default in OpenSSH. You can use this instead of rsa if needed: +Alternatively, use ED25519 keys (supported by default): ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### Example +--- -#### Executing remote ssh commands using password +## 🧑‍💻 More Usage Examples + +### Using password authentication ```yaml -- name: executing remote ssh commands using password +- name: Execute remote SSH commands using password uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -194,10 +187,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### Using private key +### Using private key authentication ```yaml -- name: executing remote ssh commands using ssh key +- name: Execute remote SSH commands using SSH key uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -207,10 +200,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### Multiple Commands +### Multiple commands ```yaml -- name: multiple command +- name: Multiple commands uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -224,10 +217,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### Commands from a file +### Run commands from a file ```yaml -- name: file commands +- name: File commands uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -237,10 +230,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script_path: scripts/script.sh ``` -#### Multiple Hosts +### Multiple hosts ```diff - - name: multiple host + - name: Multiple hosts uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -253,12 +246,12 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -The default value of `port` is `22`. +Default `port` is `22`. -#### Multiple hosts with different port +### Multiple hosts with different ports ```diff - - name: multiple host + - name: Multiple hosts uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -270,10 +263,10 @@ The default value of `port` is `22`. ls -al ``` -#### Synchronous execution on multiple hosts +### Synchronous execution on multiple hosts ```diff - - name: multiple host + - name: Multiple hosts uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" @@ -286,10 +279,10 @@ The default value of `port` is `22`. ls -al ``` -#### Pass environment variable to shell script +### Pass environment variables to shell script ```diff - - name: pass environment + - name: Pass environment uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" @@ -307,9 +300,11 @@ The default value of `port` is `22`. echo "sha: $SHA" ``` -_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ +> _All environment variables in the `env` object must be strings. Using integers or other types may cause unexpected results._ -#### How to connect remote server using `ProxyCommand`? +--- + +## 🌐 Using ProxyCommand (Jump Host) ```bash +--------+ +----------+ +-----------+ @@ -317,7 +312,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p +--------+ +----------+ +-----------+ ``` -in your `~/.ssh/config`, you will see the following. +Example `~/.ssh/config`: ```bash Host Jumphost @@ -333,10 +328,10 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -#### How to convert to YAML format of GitHubActions +**GitHub Actions YAML:** ```diff - - name: ssh proxy command + - name: SSH proxy command uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -352,14 +347,14 @@ Host FooServer ls -al ``` -#### Protecting a Private Key +--- -The purpose of the passphrase is usually to encrypt the private key. -This makes the key file by itself useless to an attacker. -It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. +## 🔒 Protecting Your Private Key + +A passphrase encrypts your private key, making it useless to attackers if leaked. Always store your private key securely. ```diff - - name: ssh key passphrase + - name: SSH key passphrase uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -372,20 +367,20 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ls -al ``` -#### Using host fingerprint verification +--- -Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host. +## 🖐️ Host Fingerprint Verification -In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7). +Verifying the SSH host fingerprint helps prevent man-in-the-middle attacks. To get your host's fingerprint (replace `ed25519` with your key type and `example.com` with your host): ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -Now you can adjust you config: +Update your config: ```diff - - name: ssh key passphrase + - name: SSH key passphrase uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -398,33 +393,31 @@ Now you can adjust you config: ls -al ``` -## Q&A +--- + +## ❓ Q&A ### Command not found (npm or other command) -See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. +If you encounter "command not found" errors, see [this issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non-interactive shells. -If you are running a command in a non-interactive shell, like ssh-action, on many Linux distros, - -`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, +On many Linux distros, `/etc/bash.bashrc` contains: ```sh -# /etc/bash.bashrc -# System-wide .bashrc file for interactive bash(1) shells. - -# To enable the settings / commands in this file for login shells as well, -# this file has to be sourced in /etc/profile. - # If not running interactively, don't do anything -[ -z "$PS1" ] && return` +[ -z "$PS1" ] && return ``` -comment out the line that returns early, and everything should work fine. Alternatively, you can use the real paths of the commands you want to use. +Comment out this line or use absolute paths for your commands. -## Contributing +--- -We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! +## 🤝 Contributing -## License +Contributions are welcome! Please submit a pull request to help improve `appleboy/ssh-action`. -The scripts and documentation in this project are released under the [MIT License](LICENSE) +--- + +## 📝 License + +This project is licensed under the [MIT License](LICENSE). diff --git a/README.zh-cn.md b/README.zh-cn.md index dfc9a1c..609229a 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,71 +2,75 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 -一个用于执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 +一个让你轻松安全地执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -该项目使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。🚀 +本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。 -## 输入变量 +--- -有关更详细的信息,请参阅 [action.yml](./action.yml)。 +## 📥 输入参数 -| 输入参数 | 描述 | 默认值 | +详细参数请参阅 [action.yml](./action.yml)。 + +| 参数 | 描述 | 默认值 | | ------------------------- | ----------------------------------------------------- | ------ | | host | SSH 主机地址 | | | port | SSH 端口号 | 22 | -| passphrase | SSH 密钥密码短语 | | +| passphrase | SSH 私钥密码短语 | | | username | SSH 用户名 | | | password | SSH 密码 | | -| protocol | SSH 协议版本(tcp, tcp4, tcp6) | tcp | -| sync | 如果指定了多个主机,则启用同步执行 | false | -| use_insecure_cipher | 使用不安全的密码算法 | false | -| cipher | 允许的密码算法。如果未指定,则使用适当的默认值 | | -| timeout | SSH 连接到主机的超时时间 | 30s | -| command_timeout | SSH 命令的超时时间 | 10m | -| key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | | -| key_path | SSH 私钥的路径 | | +| protocol | SSH 协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多个主机时同步执行 | false | +| use_insecure_cipher | 允许额外(不安全)的加密算法 | false | +| cipher | 允许的加密算法,未指定时使用默认值 | | +| timeout | SSH 连接主机的超时时间 | 30s | +| command_timeout | SSH 命令执行超时时间 | 10m | +| key | SSH 私钥内容(如 `~/.ssh/id_rsa` 的原始内容) | | +| key_path | SSH 私钥路径 | | | fingerprint | 主机公钥的 SHA256 指纹 | | | proxy_host | SSH 代理主机 | | | proxy_port | SSH 代理端口 | 22 | -| proxy_protocol | SSH 代理协议版本(tcp, tcp4, tcp6) | tcp | +| proxy_protocol | SSH 代理协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | | proxy_username | SSH 代理用户名 | | | proxy_password | SSH 代理密码 | | -| proxy_passphrase | SSH 代理密钥密码短语 | | -| proxy_timeout | SSH 连接到代理主机的超时时间 | 30s | -| proxy_key | SSH 代理私钥的内容 | | -| proxy_key_path | SSH 代理私钥的路径 | | +| proxy_passphrase | SSH 代理私钥密码短语 | | +| proxy_timeout | SSH 连接代理主机的超时时间 | 30s | +| proxy_key | SSH 代理私钥内容 | | +| proxy_key_path | SSH 代理私钥路径 | | | proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | -| proxy_cipher | 代理允许的密码算法 | | -| proxy_use_insecure_cipher | 使用不安全的密码算法 | false | -| script | 执行命令 | | -| script_path | 从文件执行命令 | | -| envs | 传递环境变量到 shell 脚本 | | +| proxy_cipher | 代理允许的加密算法 | | +| proxy_use_insecure_cipher | 代理允许额外(不安全)的加密算法 | false | +| script | 远程执行的命令 | | +| script_path | 包含要执行命令的文件路径 | | +| envs | 传递给 shell 脚本的环境变量 | | | envs_format | 环境变量传递的灵活配置 | | | debug | 启用调试模式 | false | -| allenvs | 将带有 `GITHUB_` 和 `INPUT_` 前缀的环境变量传递给脚本 | false | -| request_pty | 请求伪终端 | false | -| curl_insecure | 在 curl 中使用不安全的证书验证 | false | -| version | drone-ssh 版本号。若未指定,将使用最新版本。 | | +| allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | +| request_pty | 向服务器请求伪终端 | false | +| curl_insecure | 允许 curl 连接无证书的 SSL 站点 | false | +| version | drone-ssh 二进制版本,未指定时使用最新版本 | | -**注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。 +> **注意:** 如需实现已移除的 `script_stop` 功能,请在 shell 脚本顶部添加 `set -e`。 -## 使用方法 +--- -执行远程 SSH 命令。 +## 🚦 使用示例 + +在工作流中执行远程 SSH 命令: ```yaml -name: remote ssh command +name: Remote SSH Command on: [push] jobs: build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password + - name: 执行远程 SSH 命令(密码认证) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -76,7 +80,7 @@ jobs: script: whoami ``` -输出: +**输出:** ```sh ======CMD====== @@ -88,11 +92,11 @@ linuxserver.io =============================================== ``` -### 设置 SSH 密钥 +--- -请按照以下步骤创建和使用 SSH 密钥。 -最佳做法是在本地机器上创建 SSH 密钥,而不是在远程机器上。 -使用 GitHub Secrets 中指定的用户名登录并生成 RSA 密钥对: +## 🔑 配置 SSH 密钥 + +建议在本地机器(而非远程服务器)上创建 SSH 密钥。请使用 GitHub Secrets 中指定的用户名登录并生成密钥对: ### 生成 RSA 密钥 @@ -100,38 +104,23 @@ linuxserver.io ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 生成 ed25519 密钥 +### 生成 ED25519 密钥 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 - -### 将 RSA 密钥添加到已授权密钥中 +将新生成的公钥添加到服务器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/) ```bash -cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +# 添加 RSA 公钥 +cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' + +# 添加 ED25519 公钥 +cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' ``` -### 将 ed25519 密钥添加到已授权密钥中 - -```bash -cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' -``` - -复制私钥内容,然后将其粘贴到 GitHub Secrets 中。 - -### 复制 RSA 私钥内容 - -在复制私钥之前,按照以下步骤安装 `clip` 命令: - -```bash -# Ubuntu -sudo apt-get install xclip -``` - -复制私钥: +复制私钥内容并粘贴到 GitHub Secrets。 ```bash # macOS @@ -140,9 +129,9 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` -从包含注释部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 开始,到包含注释部分 `-----END OPENSSH PRIVATE KEY-----` 结束,复制私钥并将其粘贴到 GitHub Secrets 中。 +> **提示:** 复制内容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`(含)。 -### 复制 ed25519 私钥内容 +ED25519 同理: ```bash # macOS @@ -151,40 +140,44 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 +更多信息:[SSH 无密码登录](http://www.linuxproblem.org/art_9.html)。 -**注意**:根据您的 SSH 版本,您可能还需要进行以下更改: +> **注意:** 根据 SSH 版本,可能还需: +> +> - 将公钥放入 `.ssh/authorized_keys2` +> - 设置 `.ssh` 权限为 700 +> - 设置 `.ssh/authorized_keys2` 权限为 640 -- 将公钥放在 `.ssh/authorized_keys2` 中 -- 将 `.ssh` 的权限更改为 700 -- 将 `.ssh/authorized_keys2` 的权限更改为 640 +--- -### 如果你使用的是 OpenSSH +## 🛡️ OpenSSH 兼容性 -如果您正在使用 OpenSSH,并出现以下错误: +如果出现如下错误: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 ssh-rsa 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): +在 Ubuntu 20.04+,你可能需要显式允许 `ssh-rsa` 算法。请在 OpenSSH 配置文件(`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 文件)中添加: ```bash CASignatureAlgorithms +ssh-rsa ``` -或者,`ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA: +或者,直接使用默认支持的 ED25519 密钥: ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### 示例 +--- -#### 使用密码执行远程 SSH 命令 +## 🧑‍💻 更多用法示例 + +### 使用密码认证 ```yaml -- name: executing remote ssh commands using password +- name: 执行远程 SSH 命令(密码认证) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -194,10 +187,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 使用私钥 +### 使用私钥认证 ```yaml -- name: executing remote ssh commands using ssh key +- name: 执行远程 SSH 命令(密钥认证) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -207,10 +200,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 多个命令 +### 多条命令 ```yaml -- name: multiple command +- name: 多条命令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -224,10 +217,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### 从文件执行命令 +### 从文件执行命令 ```yaml -- name: file commands +- name: 文件命令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -237,10 +230,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script_path: scripts/script.sh ``` -#### 多台主机 +### 多主机 ```diff - - name: multiple host + - name: 多主机 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -253,12 +246,12 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -默认的 `port` 值是 `22`。 +默认 `port` 为 `22`。 -#### 多个不同端口的主机 +### 多主机不同端口 ```diff - - name: multiple host + - name: 多主机 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -270,10 +263,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 在多台主机上同步执行 +### 多主机同步执行 ```diff - - name: multiple host + - name: 多主机 uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" @@ -286,10 +279,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 将环境变量传递到 shell 脚本 +### 传递环境变量到 shell 脚本 ```diff - - name: pass environment + - name: 传递环境变量 uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" @@ -307,9 +300,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" echo "sha: $SHA" ``` -_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ +> _`env` 对象中的所有环境变量必须为字符串。传递整数或其他类型可能导致意外结果。_ -#### 如何使用 `ProxyCommand` 连接远程服务器? +--- + +## 🌐 使用 ProxyCommand(跳板机) ```bash +--------+ +----------+ +-----------+ @@ -317,7 +312,7 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 +--------+ +----------+ +-----------+ ``` -在您的 `~/.ssh/config` 文件中,您会看到以下内容。 +示例 `~/.ssh/config`: ```bash Host Jumphost @@ -333,10 +328,10 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -#### 如何将其转换为 GitHubActions 的 YAML 格式? +**GitHub Actions YAML:** ```diff - - name: ssh proxy command + - name: SSH 代理命令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -352,12 +347,14 @@ Host FooServer ls -al ``` -#### 保护私钥 +--- -密码短语通常用于加密私钥。这使得密钥文件本身对攻击者无用。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。 +## 🔒 保护你的私钥 + +密码短语会加密你的私钥,即使泄露也无法被攻击者直接利用。请务必妥善保管私钥。 ```diff - - name: ssh key passphrase + - name: SSH 密钥密码短语 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -370,20 +367,20 @@ Host FooServer ls -al ``` -#### 使用主机指纹验证 +--- -设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 +## 🖐️ 主机指纹验证 -在现代 OpenSSH 版本中,默认提取的密钥类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 +验证 SSH 主机指纹有助于防止中间人攻击。获取主机指纹(将 `ed25519` 替换为你的密钥类型,`example.com` 替换为你的主机): ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -现在您可以调整您的配置: +更新配置: ```diff - - name: ssh key passphrase + - name: SSH 密钥密码短语 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -396,10 +393,31 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ls -al ``` -## 贡献 +--- -我们非常希望您为 `appleboy/ssh-action` 做出贡献,欢迎提交请求! +## ❓ 常见问题 -## 授权方式 +### 命令未找到(npm 或其他命令) -本项目中的脚本和文档采用 [MIT 许可证](LICENSE) 发布。 +如果遇到 "command not found" 错误,请参考 [此评论](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解交互式与非交互式 shell 的区别。 + +许多 Linux 发行版的 `/etc/bash.bashrc` 包含如下内容: + +```sh +# If not running interactively, don't do anything +[ -z "$PS1" ] && return +``` + +注释掉该行或使用命令的绝对路径。 + +--- + +## 🤝 贡献 + +欢迎贡献!请提交 Pull Request 改进 `appleboy/ssh-action`。 + +--- + +## 📝 许可证 + +本项目采用 [MIT License](LICENSE) 授权。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 7d0240b..f93a310 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,71 +2,75 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) -[GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。 +一個讓你輕鬆安全執行遠端 SSH 指令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -此專案使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。🚀 +本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。 -## 輸入變數 +--- -請參閱 [action.yml](./action.yml) 以獲取更詳細的信息。 +## 📥 輸入參數 -| 輸入參數 | 描述 | 預設值 | +完整參數請參閱 [action.yml](./action.yml)。 + +| 參數 | 說明 | 預設值 | | ------------------------- | ----------------------------------------------------- | ------ | -| host | SSH 主機地址 | | +| host | SSH 主機位址 | | | port | SSH 埠號 | 22 | -| passphrase | SSH 金鑰密碼 | | +| passphrase | SSH 私鑰密碼 | | | username | SSH 使用者名稱 | | | password | SSH 密碼 | | -| protocol | SSH 協議版本 (tcp, tcp4, tcp6) | tcp | -| sync | 如果有多個主機,啟用同步執行 | false | -| use_insecure_cipher | 包含更多不安全的加密算法 | false | -| cipher | 允許的加密算法。如果未指定,則使用合理的預設值 | | -| timeout | SSH 連接主機的超時時間 | 30s | -| command_timeout | SSH 命令的超時時間 | 10m | -| key | SSH 私鑰的內容。例如,~/.ssh/id_rsa 的原始內容 | | -| key_path | SSH 私鑰的路徑 | | +| protocol | SSH 協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多個主機時同步執行 | false | +| use_insecure_cipher | 允許額外(不安全)的加密演算法 | false | +| cipher | 允許的加密演算法,未指定時使用預設值 | | +| timeout | SSH 連線主機的逾時時間 | 30s | +| command_timeout | SSH 指令執行逾時時間 | 10m | +| key | SSH 私鑰內容(如 `~/.ssh/id_rsa` 的原始內容) | | +| key_path | SSH 私鑰路徑 | | | fingerprint | 主機公鑰的 SHA256 指紋 | | | proxy_host | SSH 代理主機 | | | proxy_port | SSH 代理埠號 | 22 | -| proxy_protocol | SSH 代理協議版本 (tcp, tcp4, tcp6) | tcp | +| proxy_protocol | SSH 代理協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | | proxy_username | SSH 代理使用者名稱 | | | proxy_password | SSH 代理密碼 | | -| proxy_passphrase | SSH 代理金鑰密碼 | | -| proxy_timeout | SSH 連接代理主機的超時時間 | 30s | -| proxy_key | SSH 代理私鑰的內容 | | -| proxy_key_path | SSH 代理私鑰的路徑 | | +| proxy_passphrase | SSH 代理私鑰密碼 | | +| proxy_timeout | SSH 連線代理主機的逾時時間 | 30s | +| proxy_key | SSH 代理私鑰內容 | | +| proxy_key_path | SSH 代理私鑰路徑 | | | proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | -| proxy_cipher | 代理允許的加密算法 | | -| proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false | -| script | 執行命令 | | -| script_path | 從文件中執行命令 | | -| envs | 將環境變數傳遞給 shell 腳本 | | -| envs_format | 環境值傳遞的靈活配置 | | -| debug | 啟用調試模式 | false | -| allenvs | 將帶有 `GITHUB_` 和 `INPUT_` 前綴的環境變數傳遞給腳本 | false | -| request_pty | 從伺服器請求偽終端 | false | -| curl_insecure | 在 curl 命令中使用不安全的 SSL 證書驗證 | false | -| version | drone-ssh 版本號。若未指定,將使用最新版本。 | | +| proxy_cipher | 代理允許的加密演算法 | | +| proxy_use_insecure_cipher | 代理允許額外(不安全)的加密演算法 | false | +| script | 遠端執行的指令 | | +| script_path | 包含要執行指令的檔案路徑 | | +| envs | 傳遞給 shell 腳本的環境變數 | | +| envs_format | 環境變數傳遞的彈性設定 | | +| debug | 啟用除錯模式 | false | +| allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false | +| request_pty | 向伺服器請求偽終端 | false | +| curl_insecure | 允許 curl 連線無憑證的 SSL 網站 | false | +| version | drone-ssh 執行檔版本,未指定時使用最新版本 | | -**注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。 +> **注意:** 如需實現已移除的 `script_stop` 功能,請在 shell 腳本最上方加上 `set -e`。 -## 用法 +--- -執行遠端 SSH 命令 +## 🚦 使用範例 + +在工作流程中執行遠端 SSH 指令: ```yaml -name: remote ssh command +name: Remote SSH Command on: [push] jobs: build: name: Build runs-on: ubuntu-latest steps: - - name: executing remote ssh commands using password + - name: 執行遠端 SSH 指令(密碼認證) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -76,7 +80,7 @@ jobs: script: whoami ``` -畫面輸出 +**輸出:** ```sh ======CMD====== @@ -88,48 +92,35 @@ linuxserver.io =============================================== ``` -### 設置 SSH 金鑰 +--- -請在創建 SSH 金鑰並使用 SSH 金鑰時遵循以下步驟。最佳做法是在本地機器上創建 SSH 金鑰而不是遠端機器上。請使用 Github Secrets 中指定的用戶名登錄。生成 RSA 金鑰: +## 🔑 設定 SSH 金鑰 -### 生成 RSA 金鑰 +建議於本地端(非遠端伺服器)產生 SSH 金鑰。請以 GitHub Secrets 指定的使用者名稱登入並產生金鑰對: + +### 產生 RSA 金鑰 ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 生成 ed25519 金鑰 +### 產生 ED25519 金鑰 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -將新生成的金鑰添加到已授權的金鑰中。詳細了解已授權的金鑰請點擊[此處](https://www.ssh.com/ssh/authorized_keys/). - -### 將 RSA 金鑰添加到已授權金鑰中 +將新產生的公鑰加入伺服器的 authorized_keys。 [了解更多 authorized_keys](https://www.ssh.com/ssh/authorized_keys/) ```bash -cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +# 加入 RSA 公鑰 +cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys' + +# 加入 ED25519 公鑰 +cat .ssh/id_ed25519.pub | ssh user@host 'cat >> .ssh/authorized_keys' ``` -### 將 ed25519 金鑰添加到已授權金鑰中 - -```bash -cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' -``` - -複製私鑰內容,然後將其粘貼到 Github Secrets 中。 - -### 複製 rsa 私鑰內容 - -在複製私鑰之前,請按照以下說明安裝 `clip` 命令: - -```bash -# Ubuntu -sudo apt-get install xclip -``` - -複製私鑰: +複製私鑰內容並貼到 GitHub Secrets。 ```bash # macOS @@ -138,9 +129,9 @@ pbcopy < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa ``` -從包含註釋部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 開始,到包含註釋部分 `-----END OPENSSH PRIVATE KEY-----` 結束,複製私鑰並將其粘貼到 GitHub Secrets 中。 +> **提示:** 複製內容需包含 `-----BEGIN OPENSSH PRIVATE KEY-----` 到 `-----END OPENSSH PRIVATE KEY-----`(含)。 -### 複製 ed25519 私鑰內容 +ED25519 同理: ```bash # macOS @@ -149,40 +140,44 @@ pbcopy < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519 ``` -有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 +更多資訊:[SSH 免密碼登入](http://www.linuxproblem.org/art_9.html)。 -**注意**:根據您的 SSH 版本,您可能還需要進行以下更改: +> **注意:** 根據 SSH 版本,可能還需: +> +> - 將公鑰放入 `.ssh/authorized_keys2` +> - 設定 `.ssh` 權限為 700 +> - 設定 `.ssh/authorized_keys2` 權限為 640 -- 將公鑰放在 `.ssh/authorized_keys2` 中 -- 將 `.ssh` 的權限更改為 700 -- 將 `.ssh/authorized_keys2` 的權限更改為 640 +--- -### 如果你使用的是 OpenSSH +## 🛡️ OpenSSH 相容性 -如果您正在使用 OpenSSH,並出現以下錯誤: +若出現以下錯誤: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -請確保您所選擇的密鑰演算法得到支援。在 Ubuntu 20.04 或更高版本上,您必須明確允許使用 SSH-RSA 演算法。請在 OpenSSH 守護進程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一個附著文件): +在 Ubuntu 20.04+,你可能需明確允許 `ssh-rsa` 演算法。請於 OpenSSH 設定檔(`/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 下的 drop-in 檔案)加入: ```bash CASignatureAlgorithms +ssh-rsa ``` -或者,`Ed25519` 密鑰在 OpenSSH 中默認被接受。如果需要,您可以使用它來替代 RSA。 +或直接使用預設支援的 ED25519 金鑰: ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -### Example +--- -#### 使用密碼執行遠端 SSH 命令 +## 🧑‍💻 更多用法範例 + +### 使用密碼認證 ```yaml -- name: executing remote ssh commands using password +- name: 執行遠端 SSH 指令(密碼認證) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -192,10 +187,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 使用私鑰 +### 使用私鑰認證 ```yaml -- name: executing remote ssh commands using ssh key +- name: 執行遠端 SSH 指令(私鑰認證) uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -205,10 +200,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script: whoami ``` -#### 多個命令 +### 多條指令 ```yaml -- name: multiple command +- name: 多條指令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -222,10 +217,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ![result](./images/output-result.png) -#### 從文件中執行命令 +### 從檔案執行指令 ```yaml -- name: file commands +- name: 檔案指令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -235,10 +230,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" script_path: scripts/script.sh ``` -#### 多台主機 +### 多主機 ```diff - - name: multiple host + - name: 多主機 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -251,10 +246,12 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 多個不同端口的主機 +預設 `port` 為 `22`。 + +### 多主機不同埠號 ```diff - - name: multiple host + - name: 多主機 uses: appleboy/ssh-action@v1 with: - host: "foo.com" @@ -266,10 +263,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 在多個主機上同步執行 +### 多主機同步執行 ```diff - - name: multiple host + - name: 多主機 uses: appleboy/ssh-action@v1 with: host: "foo.com,bar.com" @@ -282,10 +279,10 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` -#### 將環境變量傳遞到 Shell 腳本 +### 傳遞環境變數到 shell 腳本 ```diff - - name: pass environment + - name: 傳遞環境變數 uses: appleboy/ssh-action@v1 + env: + FOO: "BAR" @@ -303,9 +300,11 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" echo "sha: $SHA" ``` -_在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ +> _`env` 物件中的所有環境變數必須為字串。傳遞整數或其他型別可能導致非預期結果。_ -#### 如何使用 `ProxyCommand` 連接遠程服務器? +--- + +## 🌐 使用 ProxyCommand(跳板機) ```bash +--------+ +----------+ +-----------+ @@ -313,7 +312,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 +--------+ +----------+ +-----------+ ``` -在您的 `~/.ssh/config` 文件中,您會看到以下內容。 +範例 `~/.ssh/config`: ```bash Host Jumphost @@ -329,10 +328,10 @@ Host FooServer ProxyCommand ssh -q -W %h:%p Jumphost ``` -#### 如何將其轉換為 GitHubActions 的 YAML 格式? +**GitHub Actions YAML:** ```diff - - name: ssh proxy command + - name: SSH 代理指令 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -348,12 +347,14 @@ Host FooServer ls -al ``` -#### 如何保護私鑰? +--- -密碼短語通常用於加密私鑰。這使得攻擊者無法單獨使用密鑰文件。文件泄露可能來自備份或停用的硬件,黑客通常可以從受攻擊系統中洩露文件。因此,保護私鑰非常重要。 +## 🔒 保護你的私鑰 + +密碼短語會加密你的私鑰,即使外洩也無法被攻擊者直接利用。請務必妥善保管私鑰。 ```diff - - name: ssh key passphrase + - name: SSH 私鑰密碼 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -366,20 +367,20 @@ Host FooServer ls -al ``` -#### 使用主機指紋驗證 +--- -設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 +## 🖐️ 主機指紋驗證 -現代 OpenSSH 版本中,需要提取的**默認金鑰**類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 +驗證 SSH 主機指紋有助於防止中間人攻擊。取得主機指紋(將 `ed25519` 換成你的金鑰型別,`example.com` 換成你的主機): ```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` -現在您可以調整您的配置: +更新設定: ```diff - - name: ssh key passphrase + - name: SSH 私鑰密碼 uses: appleboy/ssh-action@v1 with: host: ${{ secrets.HOST }} @@ -392,10 +393,31 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ls -al ``` -## 貢獻 +--- -我們非常希望您為 `appleboy/ssh-action` 做出貢獻,歡迎提交請求! +## ❓ 常見問題 -## 授權方式 +### 指令找不到(npm 或其他指令) -本項目中的腳本和文檔采用 [MIT](LICENSE) 許可證 發布。 +若遇到 "command not found" 錯誤,請參考 [此討論](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解互動式與非互動式 shell 差異。 + +許多 Linux 發行版的 `/etc/bash.bashrc` 包含如下內容: + +```sh +# If not running interactively, don't do anything +[ -z "$PS1" ] && return +``` + +請將該行註解掉或使用指令的絕對路徑。 + +--- + +## 🤝 貢獻 + +歡迎貢獻!請提交 Pull Request 改善 `appleboy/ssh-action`。 + +--- + +## 📝 授權 + +本專案採用 [MIT License](LICENSE) 授權。 From c7fbbc9208e4020c3b78e5db9e7042248c991866 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 09:53:26 +0800 Subject: [PATCH 108/114] docs: add table of contents to multilingual README files - Add a table of contents section to the English, Simplified Chinese, and Traditional Chinese readme files Signed-off-by: appleboy --- README.md | 27 +++++++++++++++++++++++++++ README.zh-cn.md | 27 +++++++++++++++++++++++++++ README.zh-tw.md | 27 +++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/README.md b/README.md index 4bf35fe..feb0e6b 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,33 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) +## Table of Contents + +- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions) + - [Table of Contents](#table-of-contents) + - [📥 Input Parameters](#-input-parameters) + - [🚦 Usage Example](#-usage-example) + - [🔑 Setting Up SSH Keys](#-setting-up-ssh-keys) + - [Generate RSA key](#generate-rsa-key) + - [Generate ED25519 key](#generate-ed25519-key) + - [🛡️ OpenSSH Compatibility](#️-openssh-compatibility) + - [🧑‍💻 More Usage Examples](#-more-usage-examples) + - [Using password authentication](#using-password-authentication) + - [Using private key authentication](#using-private-key-authentication) + - [Multiple commands](#multiple-commands) + - [Run commands from a file](#run-commands-from-a-file) + - [Multiple hosts](#multiple-hosts) + - [Multiple hosts with different ports](#multiple-hosts-with-different-ports) + - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts) + - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script) + - [🌐 Using ProxyCommand (Jump Host)](#-using-proxycommand-jump-host) + - [🔒 Protecting Your Private Key](#-protecting-your-private-key) + - [🖐️ Host Fingerprint Verification](#️-host-fingerprint-verification) + - [❓ Q\&A](#-qa) + - [Command not found (npm or other command)](#command-not-found-npm-or-other-command) + - [🤝 Contributing](#-contributing) + - [📝 License](#-license) + A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely. ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-cn.md b/README.zh-cn.md index 609229a..9ac80e6 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,6 +2,33 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 +## 目录 + +- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh) + - [目录](#目录) + - [📥 输入参数](#-输入参数) + - [🚦 使用示例](#-使用示例) + - [🔑 配置 SSH 密钥](#-配置-ssh-密钥) + - [生成 RSA 密钥](#生成-rsa-密钥) + - [生成 ED25519 密钥](#生成-ed25519-密钥) + - [🛡️ OpenSSH 兼容性](#️-openssh-兼容性) + - [🧑‍💻 更多用法示例](#-更多用法示例) + - [使用密码认证](#使用密码认证) + - [使用私钥认证](#使用私钥认证) + - [多条命令](#多条命令) + - [从文件执行命令](#从文件执行命令) + - [多主机](#多主机) + - [多主机不同端口](#多主机不同端口) + - [多主机同步执行](#多主机同步执行) + - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本) + - [🌐 使用 ProxyCommand(跳板机)](#-使用-proxycommand跳板机) + - [🔒 保护你的私钥](#-保护你的私钥) + - [🖐️ 主机指纹验证](#️-主机指纹验证) + - [❓ 常见问题](#-常见问题) + - [命令未找到(npm 或其他命令)](#命令未找到npm-或其他命令) + - [🤝 贡献](#-贡献) + - [📝 许可证](#-许可证) + 一个让你轻松安全地执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-tw.md b/README.zh-tw.md index f93a310..cfb9303 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,6 +2,33 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) +## 目錄 + +- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh) + - [目錄](#目錄) + - [📥 輸入參數](#-輸入參數) + - [🚦 使用範例](#-使用範例) + - [🔑 設定 SSH 金鑰](#-設定-ssh-金鑰) + - [產生 RSA 金鑰](#產生-rsa-金鑰) + - [產生 ED25519 金鑰](#產生-ed25519-金鑰) + - [🛡️ OpenSSH 相容性](#️-openssh-相容性) + - [🧑‍💻 更多用法範例](#-更多用法範例) + - [使用密碼認證](#使用密碼認證) + - [使用私鑰認證](#使用私鑰認證) + - [多條指令](#多條指令) + - [從檔案執行指令](#從檔案執行指令) + - [多主機](#多主機) + - [多主機不同埠號](#多主機不同埠號) + - [多主機同步執行](#多主機同步執行) + - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本) + - [🌐 使用 ProxyCommand(跳板機)](#-使用-proxycommand跳板機) + - [🔒 保護你的私鑰](#-保護你的私鑰) + - [🖐️ 主機指紋驗證](#️-主機指紋驗證) + - [❓ 常見問題](#-常見問題) + - [指令找不到(npm 或其他指令)](#指令找不到npm-或其他指令) + - [🤝 貢獻](#-貢獻) + - [📝 授權](#-授權) + 一個讓你輕鬆安全執行遠端 SSH 指令的 [GitHub Action](https://github.com/features/actions)。 ![ssh workflow](./images/ssh-workflow.png) From 4d84f0522a5d50416e14452c3285361e7fdff665 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 11:52:09 +0800 Subject: [PATCH 109/114] docs: revamp and unify multi-language readme documentation - Remove the Table of Contents section to simplify documentation. - Add and reorganize introduction sections for a clearer project overview. - Rename and clarify section titles for improved structure and navigation. - Consolidate and expand explanatory text around SSH key setup, OpenSSH compatibility, security, and troubleshooting. - Provide richer descriptions for core concepts and advanced SSH usage scenarios. - Apply the same documentation improvements and structural changes across English, Simplified Chinese, and Traditional Chinese readme files for consistency. Signed-off-by: appleboy --- README.md | 74 +++++++++++++++++++------------------------------ README.zh-cn.md | 74 +++++++++++++++++++------------------------------ README.zh-tw.md | 74 +++++++++++++++++++------------------------------ 3 files changed, 87 insertions(+), 135 deletions(-) diff --git a/README.md b/README.md index feb0e6b..9a1ad06 100644 --- a/README.md +++ b/README.md @@ -2,44 +2,22 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) -## Table of Contents +--- -- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions) - - [Table of Contents](#table-of-contents) - - [📥 Input Parameters](#-input-parameters) - - [🚦 Usage Example](#-usage-example) - - [🔑 Setting Up SSH Keys](#-setting-up-ssh-keys) - - [Generate RSA key](#generate-rsa-key) - - [Generate ED25519 key](#generate-ed25519-key) - - [🛡️ OpenSSH Compatibility](#️-openssh-compatibility) - - [🧑‍💻 More Usage Examples](#-more-usage-examples) - - [Using password authentication](#using-password-authentication) - - [Using private key authentication](#using-private-key-authentication) - - [Multiple commands](#multiple-commands) - - [Run commands from a file](#run-commands-from-a-file) - - [Multiple hosts](#multiple-hosts) - - [Multiple hosts with different ports](#multiple-hosts-with-different-ports) - - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts) - - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script) - - [🌐 Using ProxyCommand (Jump Host)](#-using-proxycommand-jump-host) - - [🔒 Protecting Your Private Key](#-protecting-your-private-key) - - [🖐️ Host Fingerprint Verification](#️-host-fingerprint-verification) - - [❓ Q\&A](#-qa) - - [Command not found (npm or other command)](#command-not-found-npm-or-other-command) - - [🤝 Contributing](#-contributing) - - [📝 License](#-license) +## 📖 Introduction -A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely. +**SSH for GitHub Actions** is a powerful [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely in your CI/CD workflows. +Built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh), it supports a wide range of SSH scenarios, including multi-host, proxy, and advanced authentication. ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). - --- -## 📥 Input Parameters +## 🧩 Core Concepts & Input Parameters + +This action provides flexible SSH command execution with a rich set of configuration options. For full details, see [action.yml](./action.yml). @@ -85,9 +63,9 @@ For full details, see [action.yml](./action.yml). --- -## 🚦 Usage Example +## ⚡ Quick Start -Run remote SSH commands in your workflow: +Run remote SSH commands in your workflow with minimal configuration: ```yaml name: Remote SSH Command @@ -121,17 +99,19 @@ linuxserver.io --- -## 🔑 Setting Up SSH Keys +## 🔑 SSH Key Setup & OpenSSH Compatibility + +### Setting Up SSH Keys It is best practice to create SSH keys on your local machine (not on a remote server). Log in with the username specified in GitHub Secrets and generate a key pair: -### Generate RSA key +#### Generate RSA key ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### Generate ED25519 key +#### Generate ED25519 key ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -175,9 +155,7 @@ See more: [SSH login without a password](http://www.linuxproblem.org/art_9.html) > - Set `.ssh` permissions to 700 > - Set `.ssh/authorized_keys2` permissions to 640 ---- - -## 🛡️ OpenSSH Compatibility +### OpenSSH Compatibility If you see this error: @@ -199,7 +177,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🧑‍💻 More Usage Examples +## 🛠️ Usage Scenarios & Advanced Examples + +This section covers common and advanced usage patterns, including multi-host, proxy, and environment variable passing. ### Using password authentication @@ -331,7 +311,9 @@ Default `port` is `22`. --- -## 🌐 Using ProxyCommand (Jump Host) +## 🌐 Proxy & Jump Host Usage + +You can connect to remote hosts via a proxy (jump host) for advanced network topologies. ```bash +--------+ +----------+ +-----------+ @@ -376,7 +358,9 @@ Host FooServer --- -## 🔒 Protecting Your Private Key +## 🛡️ Security Best Practices + +### Protecting Your Private Key A passphrase encrypts your private key, making it useless to attackers if leaked. Always store your private key securely. @@ -394,9 +378,7 @@ A passphrase encrypts your private key, making it useless to attackers if leaked ls -al ``` ---- - -## 🖐️ Host Fingerprint Verification +### Host Fingerprint Verification Verifying the SSH host fingerprint helps prevent man-in-the-middle attacks. To get your host's fingerprint (replace `ed25519` with your key type and `example.com` with your host): @@ -422,9 +404,11 @@ Update your config: --- -## ❓ Q&A +## 🚨 Error Handling & Troubleshooting -### Command not found (npm or other command) +### Q&A + +#### Command not found (npm or other command) If you encounter "command not found" errors, see [this issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non-interactive shells. diff --git a/README.zh-cn.md b/README.zh-cn.md index 9ac80e6..3d773ca 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,44 +2,22 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 -## 目录 +--- -- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh) - - [目录](#目录) - - [📥 输入参数](#-输入参数) - - [🚦 使用示例](#-使用示例) - - [🔑 配置 SSH 密钥](#-配置-ssh-密钥) - - [生成 RSA 密钥](#生成-rsa-密钥) - - [生成 ED25519 密钥](#生成-ed25519-密钥) - - [🛡️ OpenSSH 兼容性](#️-openssh-兼容性) - - [🧑‍💻 更多用法示例](#-更多用法示例) - - [使用密码认证](#使用密码认证) - - [使用私钥认证](#使用私钥认证) - - [多条命令](#多条命令) - - [从文件执行命令](#从文件执行命令) - - [多主机](#多主机) - - [多主机不同端口](#多主机不同端口) - - [多主机同步执行](#多主机同步执行) - - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本) - - [🌐 使用 ProxyCommand(跳板机)](#-使用-proxycommand跳板机) - - [🔒 保护你的私钥](#-保护你的私钥) - - [🖐️ 主机指纹验证](#️-主机指纹验证) - - [❓ 常见问题](#-常见问题) - - [命令未找到(npm 或其他命令)](#命令未找到npm-或其他命令) - - [🤝 贡献](#-贡献) - - [📝 许可证](#-许可证) +## 📖 简介 -一个让你轻松安全地执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。 +**SSH for GitHub Actions** 是一个强大的 [GitHub Action](https://github.com/features/actions),可让你在 CI/CD 工作流中轻松且安全地执行远程 SSH 命令。 +本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建,支持多主机、代理、高级认证等多种 SSH 场景。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。 - --- -## 📥 输入参数 +## 🧩 核心概念与输入参数 + +本 Action 提供灵活的 SSH 命令执行能力,并具备丰富的配置选项。 详细参数请参阅 [action.yml](./action.yml)。 @@ -85,9 +63,9 @@ --- -## 🚦 使用示例 +## ⚡ 快速开始 -在工作流中执行远程 SSH 命令: +只需简单配置,即可在工作流中执行远程 SSH 命令: ```yaml name: Remote SSH Command @@ -121,17 +99,19 @@ linuxserver.io --- -## 🔑 配置 SSH 密钥 +## 🔑 SSH 密钥配置与 OpenSSH 兼容性 + +### 配置 SSH 密钥 建议在本地机器(而非远程服务器)上创建 SSH 密钥。请使用 GitHub Secrets 中指定的用户名登录并生成密钥对: -### 生成 RSA 密钥 +#### 生成 RSA 密钥 ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 生成 ED25519 密钥 +#### 生成 ED25519 密钥 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -175,9 +155,7 @@ xclip < ~/.ssh/id_ed25519 > - 设置 `.ssh` 权限为 700 > - 设置 `.ssh/authorized_keys2` 权限为 640 ---- - -## 🛡️ OpenSSH 兼容性 +### OpenSSH 兼容性 如果出现如下错误: @@ -199,7 +177,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🧑‍💻 更多用法示例 +## 🛠️ 用法场景与进阶示例 + +本节涵盖常见与进阶用法,包括多主机、代理、环境变量传递等。 ### 使用密码认证 @@ -331,7 +311,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🌐 使用 ProxyCommand(跳板机) +## 🌐 代理与跳板机用法 + +你可以通过代理(跳板机)连接到远程主机,适用于进阶网络拓扑。 ```bash +--------+ +----------+ +-----------+ @@ -376,7 +358,9 @@ Host FooServer --- -## 🔒 保护你的私钥 +## 🛡️ 安全最佳实践 + +### 保护你的私钥 密码短语会加密你的私钥,即使泄露也无法被攻击者直接利用。请务必妥善保管私钥。 @@ -394,9 +378,7 @@ Host FooServer ls -al ``` ---- - -## 🖐️ 主机指纹验证 +### 主机指纹验证 验证 SSH 主机指纹有助于防止中间人攻击。获取主机指纹(将 `ed25519` 替换为你的密钥类型,`example.com` 替换为你的主机): @@ -422,9 +404,11 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' --- -## ❓ 常见问题 +## 🚨 错误处理与疑难解答 -### 命令未找到(npm 或其他命令) +### 常见问题 + +#### 命令未找到(npm 或其他命令) 如果遇到 "command not found" 错误,请参考 [此评论](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解交互式与非交互式 shell 的区别。 diff --git a/README.zh-tw.md b/README.zh-tw.md index cfb9303..657df02 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,44 +2,22 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) -## 目錄 +--- -- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh) - - [目錄](#目錄) - - [📥 輸入參數](#-輸入參數) - - [🚦 使用範例](#-使用範例) - - [🔑 設定 SSH 金鑰](#-設定-ssh-金鑰) - - [產生 RSA 金鑰](#產生-rsa-金鑰) - - [產生 ED25519 金鑰](#產生-ed25519-金鑰) - - [🛡️ OpenSSH 相容性](#️-openssh-相容性) - - [🧑‍💻 更多用法範例](#-更多用法範例) - - [使用密碼認證](#使用密碼認證) - - [使用私鑰認證](#使用私鑰認證) - - [多條指令](#多條指令) - - [從檔案執行指令](#從檔案執行指令) - - [多主機](#多主機) - - [多主機不同埠號](#多主機不同埠號) - - [多主機同步執行](#多主機同步執行) - - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本) - - [🌐 使用 ProxyCommand(跳板機)](#-使用-proxycommand跳板機) - - [🔒 保護你的私鑰](#-保護你的私鑰) - - [🖐️ 主機指紋驗證](#️-主機指紋驗證) - - [❓ 常見問題](#-常見問題) - - [指令找不到(npm 或其他指令)](#指令找不到npm-或其他指令) - - [🤝 貢獻](#-貢獻) - - [📝 授權](#-授權) +## 📖 簡介 -一個讓你輕鬆安全執行遠端 SSH 指令的 [GitHub Action](https://github.com/features/actions)。 +**SSH for GitHub Actions** 是一個強大的 [GitHub Action](https://github.com/features/actions),可讓你在 CI/CD 工作流程中輕鬆且安全地執行遠端 SSH 指令。 +本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立,支援多主機、代理、進階認證等多種 SSH 場景。 ![ssh workflow](./images/ssh-workflow.png) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml) -本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。 - --- -## 📥 輸入參數 +## 🧩 核心概念與輸入參數 + +本 Action 提供彈性的 SSH 指令執行能力,並具備豐富的設定選項。 完整參數請參閱 [action.yml](./action.yml)。 @@ -85,9 +63,9 @@ --- -## 🚦 使用範例 +## ⚡ 快速開始 -在工作流程中執行遠端 SSH 指令: +只需簡單設定,即可在工作流程中執行遠端 SSH 指令: ```yaml name: Remote SSH Command @@ -121,17 +99,19 @@ linuxserver.io --- -## 🔑 設定 SSH 金鑰 +## 🔑 SSH 金鑰設定與 OpenSSH 相容性 + +### 設定 SSH 金鑰 建議於本地端(非遠端伺服器)產生 SSH 金鑰。請以 GitHub Secrets 指定的使用者名稱登入並產生金鑰對: -### 產生 RSA 金鑰 +#### 產生 RSA 金鑰 ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -### 產生 ED25519 金鑰 +#### 產生 ED25519 金鑰 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -175,9 +155,7 @@ xclip < ~/.ssh/id_ed25519 > - 設定 `.ssh` 權限為 700 > - 設定 `.ssh/authorized_keys2` 權限為 640 ---- - -## 🛡️ OpenSSH 相容性 +### OpenSSH 相容性 若出現以下錯誤: @@ -199,7 +177,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🧑‍💻 更多用法範例 +## 🛠️ 用法場景與進階範例 + +本節涵蓋常見與進階用法,包括多主機、代理、環境變數傳遞等。 ### 使用密碼認證 @@ -331,7 +311,9 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" --- -## 🌐 使用 ProxyCommand(跳板機) +## 🌐 代理與跳板機用法 + +你可以透過代理(跳板機)連線到遠端主機,適用於進階網路拓撲。 ```bash +--------+ +----------+ +-----------+ @@ -376,7 +358,9 @@ Host FooServer --- -## 🔒 保護你的私鑰 +## 🛡️ 安全最佳實踐 + +### 保護你的私鑰 密碼短語會加密你的私鑰,即使外洩也無法被攻擊者直接利用。請務必妥善保管私鑰。 @@ -394,9 +378,7 @@ Host FooServer ls -al ``` ---- - -## 🖐️ 主機指紋驗證 +### 主機指紋驗證 驗證 SSH 主機指紋有助於防止中間人攻擊。取得主機指紋(將 `ed25519` 換成你的金鑰型別,`example.com` 換成你的主機): @@ -422,9 +404,11 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' --- -## ❓ 常見問題 +## 🚨 錯誤處理與疑難排解 -### 指令找不到(npm 或其他指令) +### 常見問題 + +#### 指令找不到(npm 或其他指令) 若遇到 "command not found" 錯誤,請參考 [此討論](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) 了解互動式與非互動式 shell 差異。 From 8f3cc07719a6ef0a247c6a0b146041bf14ea6211 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 11:58:18 +0800 Subject: [PATCH 110/114] docs: add comprehensive tables of contents to all README files - Add a detailed table of contents to all three README files in English, Simplified Chinese, and Traditional Chinese for easier navigation. Signed-off-by: appleboy --- README.md | 31 +++++++++++++++++++++++++++++++ README.zh-cn.md | 31 +++++++++++++++++++++++++++++++ README.zh-tw.md | 31 +++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/README.md b/README.md index 9a1ad06..86067f8 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,37 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) +## Table of Contents + +- [🚀 SSH for GitHub Actions](#-ssh-for-github-actions) + - [Table of Contents](#table-of-contents) + - [📖 Introduction](#-introduction) + - [🧩 Core Concepts \& Input Parameters](#-core-concepts--input-parameters) + - [⚡ Quick Start](#-quick-start) + - [🔑 SSH Key Setup \& OpenSSH Compatibility](#-ssh-key-setup--openssh-compatibility) + - [Setting Up SSH Keys](#setting-up-ssh-keys) + - [Generate RSA key](#generate-rsa-key) + - [Generate ED25519 key](#generate-ed25519-key) + - [OpenSSH Compatibility](#openssh-compatibility) + - [🛠️ Usage Scenarios \& Advanced Examples](#️-usage-scenarios--advanced-examples) + - [Using password authentication](#using-password-authentication) + - [Using private key authentication](#using-private-key-authentication) + - [Multiple commands](#multiple-commands) + - [Run commands from a file](#run-commands-from-a-file) + - [Multiple hosts](#multiple-hosts) + - [Multiple hosts with different ports](#multiple-hosts-with-different-ports) + - [Synchronous execution on multiple hosts](#synchronous-execution-on-multiple-hosts) + - [Pass environment variables to shell script](#pass-environment-variables-to-shell-script) + - [🌐 Proxy \& Jump Host Usage](#-proxy--jump-host-usage) + - [🛡️ Security Best Practices](#️-security-best-practices) + - [Protecting Your Private Key](#protecting-your-private-key) + - [Host Fingerprint Verification](#host-fingerprint-verification) + - [🚨 Error Handling \& Troubleshooting](#-error-handling--troubleshooting) + - [Q\&A](#qa) + - [Command not found (npm or other command)](#command-not-found-npm-or-other-command) + - [🤝 Contributing](#-contributing) + - [📝 License](#-license) + --- ## 📖 Introduction diff --git a/README.zh-cn.md b/README.zh-cn.md index 3d773ca..d4fa4d4 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -2,6 +2,37 @@ [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文 +## 目录 + +- [🚀 用于 GitHub Actions 的 SSH](#-用于-github-actions-的-ssh) + - [目录](#目录) + - [📖 简介](#-简介) + - [🧩 核心概念与输入参数](#-核心概念与输入参数) + - [⚡ 快速开始](#-快速开始) + - [🔑 SSH 密钥配置与 OpenSSH 兼容性](#-ssh-密钥配置与-openssh-兼容性) + - [配置 SSH 密钥](#配置-ssh-密钥) + - [生成 RSA 密钥](#生成-rsa-密钥) + - [生成 ED25519 密钥](#生成-ed25519-密钥) + - [OpenSSH 兼容性](#openssh-兼容性) + - [🛠️ 用法场景与进阶示例](#️-用法场景与进阶示例) + - [使用密码认证](#使用密码认证) + - [使用私钥认证](#使用私钥认证) + - [多条命令](#多条命令) + - [从文件执行命令](#从文件执行命令) + - [多主机](#多主机) + - [多主机不同端口](#多主机不同端口) + - [多主机同步执行](#多主机同步执行) + - [传递环境变量到 shell 脚本](#传递环境变量到-shell-脚本) + - [🌐 代理与跳板机用法](#-代理与跳板机用法) + - [🛡️ 安全最佳实践](#️-安全最佳实践) + - [保护你的私钥](#保护你的私钥) + - [主机指纹验证](#主机指纹验证) + - [🚨 错误处理与疑难解答](#-错误处理与疑难解答) + - [常见问题](#常见问题) + - [命令未找到(npm 或其他命令)](#命令未找到npm-或其他命令) + - [🤝 贡献](#-贡献) + - [📝 许可证](#-许可证) + --- ## 📖 简介 diff --git a/README.zh-tw.md b/README.zh-tw.md index 657df02..f417f66 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -2,6 +2,37 @@ [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md) +## 目錄 + +- [🚀 GitHub Actions 的 SSH](#-github-actions-的-ssh) + - [目錄](#目錄) + - [📖 簡介](#-簡介) + - [🧩 核心概念與輸入參數](#-核心概念與輸入參數) + - [⚡ 快速開始](#-快速開始) + - [🔑 SSH 金鑰設定與 OpenSSH 相容性](#-ssh-金鑰設定與-openssh-相容性) + - [設定 SSH 金鑰](#設定-ssh-金鑰) + - [產生 RSA 金鑰](#產生-rsa-金鑰) + - [產生 ED25519 金鑰](#產生-ed25519-金鑰) + - [OpenSSH 相容性](#openssh-相容性) + - [🛠️ 用法場景與進階範例](#️-用法場景與進階範例) + - [使用密碼認證](#使用密碼認證) + - [使用私鑰認證](#使用私鑰認證) + - [多條指令](#多條指令) + - [從檔案執行指令](#從檔案執行指令) + - [多主機](#多主機) + - [多主機不同埠號](#多主機不同埠號) + - [多主機同步執行](#多主機同步執行) + - [傳遞環境變數到 shell 腳本](#傳遞環境變數到-shell-腳本) + - [🌐 代理與跳板機用法](#-代理與跳板機用法) + - [🛡️ 安全最佳實踐](#️-安全最佳實踐) + - [保護你的私鑰](#保護你的私鑰) + - [主機指紋驗證](#主機指紋驗證) + - [🚨 錯誤處理與疑難排解](#-錯誤處理與疑難排解) + - [常見問題](#常見問題) + - [指令找不到(npm 或其他指令)](#指令找不到npm-或其他指令) + - [🤝 貢獻](#-貢獻) + - [📝 授權](#-授權) + --- ## 📖 簡介 From 8745f9583c033551b991c73d76d23dd610c9f26e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 27 Apr 2025 12:35:14 +0800 Subject: [PATCH 111/114] docs: restructure and clarify parameter documentation across all readmes - Restructure input parameter documentation by splitting into distinct sections: Connection Settings, SSH Command Settings, and Proxy Settings for better clarity - Move parameters related to command execution out of proxy section and into the new SSH Command Settings section - Add/clarify descriptions for individual sections and parameters in all three language readmes - Update and correct parameter ordering, grouping, and formatting for consistency across all documentation - Add missing SSH Command Settings parameters and improve readability of parameter tables Signed-off-by: appleboy --- README.md | 99 +++++++++++++++++++++++++++++++------------------ README.zh-cn.md | 99 +++++++++++++++++++++++++++++++------------------ README.zh-tw.md | 99 +++++++++++++++++++++++++++++++------------------ 3 files changed, 186 insertions(+), 111 deletions(-) diff --git a/README.md b/README.md index 86067f8..0a89eed 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,9 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md) - [Table of Contents](#table-of-contents) - [📖 Introduction](#-introduction) - [🧩 Core Concepts \& Input Parameters](#-core-concepts--input-parameters) + - [🔌 Connection Settings](#-connection-settings) + - [🛠️ SSH Command Settings](#️-ssh-command-settings) + - [🌐 Proxy Settings](#-proxy-settings) - [⚡ Quick Start](#-quick-start) - [🔑 SSH Key Setup \& OpenSSH Compatibility](#-ssh-key-setup--openssh-compatibility) - [Setting Up SSH Keys](#setting-up-ssh-keys) @@ -52,43 +55,65 @@ This action provides flexible SSH command execution with a rich set of configura For full details, see [action.yml](./action.yml). -| Parameter | Description | Default | -| ------------------------- | --------------------------------------------------------------------------------- | ------- | -| host | SSH host address | | -| port | SSH port number | 22 | -| passphrase | Passphrase for the SSH private key | | -| username | SSH username | | -| password | SSH password | | -| protocol | SSH protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | -| sync | Run synchronously if multiple hosts are specified | false | -| use_insecure_cipher | Allow additional (less secure) ciphers | false | -| cipher | Allowed cipher algorithms. Uses sensible defaults if unspecified | | -| timeout | Timeout for SSH connection to host | 30s | -| command_timeout | Timeout for SSH command execution | 10m | -| key | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) | | -| key_path | Path to SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_protocol | SSH proxy protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH connection to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path to SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Allow additional (less secure) ciphers for the proxy | false | -| script | Commands to execute remotely | | -| script_path | Path to a file containing commands to execute | | -| envs | Environment variables to pass to the shell script | | -| envs_format | Flexible configuration for environment variable transfer | | -| debug | Enable debug mode | false | -| allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | -| request_pty | Request a pseudo-terminal from the server | false | -| curl_insecure | Allow curl to connect to SSL sites without certificates | false | -| version | drone-ssh binary version. If not specified, the latest version will be used. | | +### 🔌 Connection Settings + +These parameters control how the action connects to your remote host. + +| Parameter | Description | Default | +| ------------------- | ----------------------------------------------------------------- | ------- | +| host | SSH host address | | +| port | SSH port number | 22 | +| username | SSH username | | +| password | SSH password | | +| protocol | SSH protocol version (`tcp`, `tcp4`, `tcp6`) | tcp | +| sync | Run synchronously if multiple hosts are specified | false | +| timeout | Timeout for SSH connection to host | 30s | +| key | Content of SSH private key (e.g., raw content of `~/.ssh/id_rsa`) | | +| key_path | Path to SSH private key | | +| passphrase | Passphrase for the SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| use_insecure_cipher | Allow additional (less secure) ciphers | false | +| cipher | Allowed cipher algorithms. Uses sensible defaults if unspecified | | + +--- + +### 🛠️ SSH Command Settings + +These parameters control the commands executed on the remote host and related behaviors. + +| Parameter | Description | Default | +| --------------- | --------------------------------------------------------------------------------- | ------- | +| script | Commands to execute remotely | | +| script_path | Path to a file containing commands to execute | | +| envs | Environment variables to pass to the shell script | | +| envs_format | Flexible configuration for environment variable transfer | | +| allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | +| command_timeout | Timeout for SSH command execution | 10m | +| debug | Enable debug mode | false | +| request_pty | Request a pseudo-terminal from the server | false | +| curl_insecure | Allow curl to connect to SSL sites without certificates | false | +| version | drone-ssh binary version. If not specified, the latest version will be used. | | + +--- + +### 🌐 Proxy Settings + +These parameters control the use of a proxy (jump host) for connecting to your target host. + +| Parameter | Description | Default | +| ------------------------- | ----------------------------------------------- | ------- | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_protocol | SSH proxy protocol version | tcp | +| proxy_timeout | Timeout for SSH connection to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path to SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Allow insecure ciphers for the proxy | false | > **Note:** To mimic the removed `script_stop` option, add `set -e` at the top of your shell script. diff --git a/README.zh-cn.md b/README.zh-cn.md index d4fa4d4..6886c25 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -8,6 +8,9 @@ - [目录](#目录) - [📖 简介](#-简介) - [🧩 核心概念与输入参数](#-核心概念与输入参数) + - [🔌 连接设置](#-连接设置) + - [🛠️ 指令设置](#️-指令设置) + - [🌐 代理设置](#-代理设置) - [⚡ 快速开始](#-快速开始) - [🔑 SSH 密钥配置与 OpenSSH 兼容性](#-ssh-密钥配置与-openssh-兼容性) - [配置 SSH 密钥](#配置-ssh-密钥) @@ -52,43 +55,65 @@ 详细参数请参阅 [action.yml](./action.yml)。 -| 参数 | 描述 | 默认值 | -| ------------------------- | ----------------------------------------------------- | ------ | -| host | SSH 主机地址 | | -| port | SSH 端口号 | 22 | -| passphrase | SSH 私钥密码短语 | | -| username | SSH 用户名 | | -| password | SSH 密码 | | -| protocol | SSH 协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| sync | 指定多个主机时同步执行 | false | -| use_insecure_cipher | 允许额外(不安全)的加密算法 | false | -| cipher | 允许的加密算法,未指定时使用默认值 | | -| timeout | SSH 连接主机的超时时间 | 30s | -| command_timeout | SSH 命令执行超时时间 | 10m | -| key | SSH 私钥内容(如 `~/.ssh/id_rsa` 的原始内容) | | -| key_path | SSH 私钥路径 | | -| fingerprint | 主机公钥的 SHA256 指纹 | | -| proxy_host | SSH 代理主机 | | -| proxy_port | SSH 代理端口 | 22 | -| proxy_protocol | SSH 代理协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| proxy_username | SSH 代理用户名 | | -| proxy_password | SSH 代理密码 | | -| proxy_passphrase | SSH 代理私钥密码短语 | | -| proxy_timeout | SSH 连接代理主机的超时时间 | 30s | -| proxy_key | SSH 代理私钥内容 | | -| proxy_key_path | SSH 代理私钥路径 | | -| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | -| proxy_cipher | 代理允许的加密算法 | | -| proxy_use_insecure_cipher | 代理允许额外(不安全)的加密算法 | false | -| script | 远程执行的命令 | | -| script_path | 包含要执行命令的文件路径 | | -| envs | 传递给 shell 脚本的环境变量 | | -| envs_format | 环境变量传递的灵活配置 | | -| debug | 启用调试模式 | false | -| allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | -| request_pty | 向服务器请求伪终端 | false | -| curl_insecure | 允许 curl 连接无证书的 SSL 站点 | false | -| version | drone-ssh 二进制版本,未指定时使用最新版本 | | +### 🔌 连接设置 + +这些参数用于控制如何连接到远程主机。 + +| 参数 | 描述 | 默认值 | +| ------------------- | --------------------------------------------- | ------ | +| host | SSH 主机地址 | | +| port | SSH 端口号 | 22 | +| username | SSH 用户名 | | +| password | SSH 密码 | | +| protocol | SSH 协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多个主机时同步执行 | false | +| timeout | SSH 连接主机的超时时间 | 30s | +| key | SSH 私钥内容(如 `~/.ssh/id_rsa` 的原始内容) | | +| key_path | SSH 私钥路径 | | +| passphrase | SSH 私钥密码短语 | | +| fingerprint | 主机公钥的 SHA256 指纹 | | +| use_insecure_cipher | 允许额外(不安全)的加密算法 | false | +| cipher | 允许的加密算法,未指定时使用默认值 | | + +--- + +### 🛠️ 指令设置 + +这些参数用于控制在远程主机上执行的命令及相关行为。 + +| 参数 | 描述 | 默认值 | +| --------------- | ----------------------------------------------------- | ------ | +| script | 远程执行的命令 | | +| script_path | 包含要执行命令的文件路径 | | +| envs | 传递给 shell 脚本的环境变量 | | +| envs_format | 环境变量传递的灵活配置 | | +| allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | +| command_timeout | SSH 命令执行超时时间 | 10m | +| debug | 启用调试模式 | false | +| request_pty | 向服务器请求伪终端 | false | +| curl_insecure | 允许 curl 连接无证书的 SSL 站点 | false | +| version | drone-ssh 二进制版本,未指定时使用最新版本 | | + +--- + +### 🌐 代理设置 + +这些参数用于通过代理(跳板机)连接到目标主机。 + +| 参数 | 描述 | 默认值 | +| ------------------------- | ----------------------------------------- | ------ | +| proxy_host | SSH 代理主机 | | +| proxy_port | SSH 代理端口 | 22 | +| proxy_username | SSH 代理用户名 | | +| proxy_password | SSH 代理密码 | | +| proxy_passphrase | SSH 代理私钥密码短语 | | +| proxy_protocol | SSH 代理协议版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| proxy_timeout | SSH 连接代理主机的超时时间 | 30s | +| proxy_key | SSH 代理私钥内容 | | +| proxy_key_path | SSH 代理私钥路径 | | +| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | | +| proxy_cipher | 代理允许的加密算法 | | +| proxy_use_insecure_cipher | 代理允许额外(不安全)的加密算法 | false | > **注意:** 如需实现已移除的 `script_stop` 功能,请在 shell 脚本顶部添加 `set -e`。 diff --git a/README.zh-tw.md b/README.zh-tw.md index f417f66..4634ff5 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -8,6 +8,9 @@ - [目錄](#目錄) - [📖 簡介](#-簡介) - [🧩 核心概念與輸入參數](#-核心概念與輸入參數) + - [🔌 連線設定](#-連線設定) + - [🛠️ 指令設定](#️-指令設定) + - [🌐 代理設定](#-代理設定) - [⚡ 快速開始](#-快速開始) - [🔑 SSH 金鑰設定與 OpenSSH 相容性](#-ssh-金鑰設定與-openssh-相容性) - [設定 SSH 金鑰](#設定-ssh-金鑰) @@ -52,43 +55,65 @@ 完整參數請參閱 [action.yml](./action.yml)。 -| 參數 | 說明 | 預設值 | -| ------------------------- | ----------------------------------------------------- | ------ | -| host | SSH 主機位址 | | -| port | SSH 埠號 | 22 | -| passphrase | SSH 私鑰密碼 | | -| username | SSH 使用者名稱 | | -| password | SSH 密碼 | | -| protocol | SSH 協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| sync | 指定多個主機時同步執行 | false | -| use_insecure_cipher | 允許額外(不安全)的加密演算法 | false | -| cipher | 允許的加密演算法,未指定時使用預設值 | | -| timeout | SSH 連線主機的逾時時間 | 30s | -| command_timeout | SSH 指令執行逾時時間 | 10m | -| key | SSH 私鑰內容(如 `~/.ssh/id_rsa` 的原始內容) | | -| key_path | SSH 私鑰路徑 | | -| fingerprint | 主機公鑰的 SHA256 指紋 | | -| proxy_host | SSH 代理主機 | | -| proxy_port | SSH 代理埠號 | 22 | -| proxy_protocol | SSH 代理協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | -| proxy_username | SSH 代理使用者名稱 | | -| proxy_password | SSH 代理密碼 | | -| proxy_passphrase | SSH 代理私鑰密碼 | | -| proxy_timeout | SSH 連線代理主機的逾時時間 | 30s | -| proxy_key | SSH 代理私鑰內容 | | -| proxy_key_path | SSH 代理私鑰路徑 | | -| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | -| proxy_cipher | 代理允許的加密演算法 | | -| proxy_use_insecure_cipher | 代理允許額外(不安全)的加密演算法 | false | -| script | 遠端執行的指令 | | -| script_path | 包含要執行指令的檔案路徑 | | -| envs | 傳遞給 shell 腳本的環境變數 | | -| envs_format | 環境變數傳遞的彈性設定 | | -| debug | 啟用除錯模式 | false | -| allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false | -| request_pty | 向伺服器請求偽終端 | false | -| curl_insecure | 允許 curl 連線無憑證的 SSL 網站 | false | -| version | drone-ssh 執行檔版本,未指定時使用最新版本 | | +### 🔌 連線設定 + +這些參數用於控制如何連線到遠端主機。 + +| 參數 | 說明 | 預設值 | +| ------------------- | --------------------------------------------- | ------ | +| host | SSH 主機位址 | | +| port | SSH 埠號 | 22 | +| username | SSH 使用者名稱 | | +| password | SSH 密碼 | | +| protocol | SSH 協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| sync | 指定多個主機時同步執行 | false | +| timeout | SSH 連線主機的逾時時間 | 30s | +| key | SSH 私鑰內容(如 `~/.ssh/id_rsa` 的原始內容) | | +| key_path | SSH 私鑰路徑 | | +| passphrase | SSH 私鑰密碼 | | +| fingerprint | 主機公鑰的 SHA256 指紋 | | +| use_insecure_cipher | 允許額外(不安全)的加密演算法 | false | +| cipher | 允許的加密演算法,未指定時使用預設值 | | + +--- + +### 🛠️ 指令設定 + +這些參數用於控制在遠端主機上執行的指令及相關行為。 + +| 參數 | 說明 | 預設值 | +| --------------- | ----------------------------------------------------- | ------ | +| script | 遠端執行的指令 | | +| script_path | 包含要執行指令的檔案路徑 | | +| envs | 傳遞給 shell 腳本的環境變數 | | +| envs_format | 環境變數傳遞的彈性設定 | | +| allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false | +| command_timeout | SSH 指令執行逾時時間 | 10m | +| debug | 啟用除錯模式 | false | +| request_pty | 向伺服器請求偽終端 | false | +| curl_insecure | 允許 curl 連線無憑證的 SSL 網站 | false | +| version | drone-ssh 執行檔版本,未指定時使用最新版本 | | + +--- + +### 🌐 代理設定 + +這些參數用於透過代理(跳板機)連線到目標主機。 + +| 參數 | 說明 | 預設值 | +| ------------------------- | ----------------------------------------- | ------ | +| proxy_host | SSH 代理主機 | | +| proxy_port | SSH 代理埠號 | 22 | +| proxy_username | SSH 代理使用者名稱 | | +| proxy_password | SSH 代理密碼 | | +| proxy_passphrase | SSH 代理私鑰密碼 | | +| proxy_protocol | SSH 代理協議版本(`tcp`、`tcp4`、`tcp6`) | tcp | +| proxy_timeout | SSH 連線代理主機的逾時時間 | 30s | +| proxy_key | SSH 代理私鑰內容 | | +| proxy_key_path | SSH 代理私鑰路徑 | | +| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | | +| proxy_cipher | 代理允許的加密演算法 | | +| proxy_use_insecure_cipher | 代理允許額外(不安全)的加密演算法 | false | > **注意:** 如需實現已移除的 `script_stop` 功能,請在 shell 腳本最上方加上 `set -e`。 From ffd1eec36471c1bfbebcf1941411db862c9b0e38 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 18 May 2025 11:26:30 +0800 Subject: [PATCH 112/114] ci: add workflow step for multi-command SSH testing (#386) - Add a workflow step to run multiple SSH commands for testing, including creating a directory, writing a file, listing files, and displaying file contents Signed-off-by: appleboy --- .github/workflows/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7737940..aa01707 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -51,6 +51,21 @@ jobs: port: 2222 script_path: testdata/test.sh + # https://github.com/appleboy/ssh-action/issues/377 + - name: multiple commands + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script: | + mkdir -p /tmp/test + echo "hello world" > /tmp/test/hello.txt + cd /tmp/test + ls -al + cat /tmp/test/hello.txt + check-ssh-key: runs-on: ubuntu-latest steps: From 57f6f3556d4a3e900b37a8dcf9e06ec7da87d6e7 Mon Sep 17 00:00:00 2001 From: Johannes Neumeier Date: Wed, 18 Jun 2025 17:20:23 +0300 Subject: [PATCH 113/114] docs(readme): better wording for script_path property (#387) Better wording for `script_path` property. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a89eed..f3f79a3 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ These parameters control the commands executed on the remote host and related be | Parameter | Description | Default | | --------------- | --------------------------------------------------------------------------------- | ------- | | script | Commands to execute remotely | | -| script_path | Path to a file containing commands to execute | | +| script_path | Path to a file in the repository containing commands to execute remotely | | | envs | Environment variables to pass to the shell script | | | envs_format | Flexible configuration for environment variable transfer | | | allenvs | Pass all environment variables with `GITHUB_` and `INPUT_` prefixes to the script | false | From 3ca8a7c5359ac6ad91aa47f1946ece1c3b025004 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 18 Jun 2025 22:26:31 +0800 Subject: [PATCH 114/114] docs: clarify script_path usage in Chinese remote execution docs - Clarify that the script_path parameter refers to a file path within the repository for remote command execution in both Simplified and Traditional Chinese documentation Signed-off-by: appleboy --- README.zh-cn.md | 2 +- README.zh-tw.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.zh-cn.md b/README.zh-cn.md index 6886c25..40d6400 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -84,7 +84,7 @@ | 参数 | 描述 | 默认值 | | --------------- | ----------------------------------------------------- | ------ | | script | 远程执行的命令 | | -| script_path | 包含要执行命令的文件路径 | | +| script_path | 仓库中包含要远程执行命令的文件路径 | | | envs | 传递给 shell 脚本的环境变量 | | | envs_format | 环境变量传递的灵活配置 | | | allenvs | 传递所有带 `GITHUB_` 和 `INPUT_` 前缀的环境变量到脚本 | false | diff --git a/README.zh-tw.md b/README.zh-tw.md index 4634ff5..cb590aa 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -84,7 +84,7 @@ | 參數 | 說明 | 預設值 | | --------------- | ----------------------------------------------------- | ------ | | script | 遠端執行的指令 | | -| script_path | 包含要執行指令的檔案路徑 | | +| script_path | 儲存庫中包含要遠端執行指令的檔案路徑 | | | envs | 傳遞給 shell 腳本的環境變數 | | | envs_format | 環境變數傳遞的彈性設定 | | | allenvs | 傳遞所有帶 `GITHUB_` 和 `INPUT_` 前綴的環境變數到腳本 | false |