actions/ssh-key-action
1
0
Fork 0
mirror of https://github.com/shimataro/ssh-key-action.git synced 2025-06-19 22:52:10 +10:00
Code Activity

Merge pull request #98 from shimataro/develop

Browse source 
version 1.6.3
This commit is contained in:
shimataro 2020-01-27 00:21:23 +09:00 committed by GitHub
commit da773c893e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 87 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.markdownlint.yml
View file

@ -4,3 +4,4 @@ MD013:
line_length: 255
MD024:
siblings_only: true
MD026: false

9
CHANGELOG.md
View file

@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased]
## [1.6.3] - 2020-01-27
### Others
* add FAQ
## [1.6.2] - 2020-01-25
### Others
@ -65,7 +71,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
* First release.
[Unreleased]: https://github.com/shimataro/ssh-key-action/compare/v1.6.2...HEAD
[Unreleased]: https://github.com/shimataro/ssh-key-action/compare/v1.6.3...HEAD
[1.6.3]: https://github.com/shimataro/ssh-key-action/compare/v1.6.2...v1.6.3
[1.6.2]: https://github.com/shimataro/ssh-key-action/compare/v1.6.1...v1.6.2
[1.6.1]: https://github.com/shimataro/ssh-key-action/compare/v1.6.0...v1.6.1
[1.6.0]: https://github.com/shimataro/ssh-key-action/compare/v1.5.0...v1.6.0

43
README.md
View file

@ -74,6 +74,49 @@ steps:
run: scp ./foo/ target:bar/
```
## Q&A
### SSH failed even though key has been installed.
Check belows:
* `Load key "/HOME/.ssh/id_rsa": invalid format`:
* OPENSSH format (key begins with `-----BEGIN OPENSSH PRIVATE KEY-----`) may not work.
* Use PEM format (begins with `-----BEGIN RSA PRIVATE KEY-----`).
* `Host key verification failed.`:
* Set `known-hosts` option or use `ssh -o StrictHostKeyChecking=no`.
* The former is **HIGHLY** recommended for security reason.
* I'm planning to make `known-hosts` required in v2.
### How do I use encrypted SSH key?
This action doesn't support encrypted key directly.
Here are some solutions:
* decrypting key beforehand: best bet, and works on any VM
* `sshpass` command: next best bet, but not supported on Windows
* `expect` command: be careful not to expose passphrase to console
* `SSH_ASKPASS` environment variable: might be troublesome
### Which one is the best way for transferring files, "direct SCP/SFTP/rsync" or "SCP/SFTP/rsync via bastion"?
I recommend **rsync via bastion**.
It has some advantages over other methods:
* "Rsync via bastion" doesn't require to update workflow files and `secrets` even if it is necessary to transfer files to multiple servers.
* Other methods require to update `known-hosts` if servers have changed.
* Rsync:
* is fastest of all.
* does **NOT** break files even if disconnected during transferring.
* can remove files that don't exist on server.
* SCP is [deprecated by OpenSSH](https://www.openssh.com/txt/release-8.0) due to outdated and inflexible protocol.
* Using bastion is more secure because:
* it is not necessarily to expose SSH port on servers to public.
* Address filtering is less effective.
* Because Azure address range is [very wide](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners#ip-addresses-of-github-hosted-runners).
* And will be updated continuously.
* if security incident ―e.g., private key leaked― occurs, it's OK just to remove `authorized_keys` on bastion.
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE)

1
node_modules/.bin/acorn generated vendored Symbolic link
View file

@ -0,0 +1 @@
../acorn/bin/acorn

1
node_modules/.bin/eslint generated vendored Symbolic link
View file

@ -0,0 +1 @@
../eslint/bin/eslint.js

1
node_modules/.bin/esparse generated vendored Symbolic link
View file

@ -0,0 +1 @@
../esprima/bin/esparse.js

1
node_modules/.bin/esvalidate generated vendored Symbolic link
View file

@ -0,0 +1 @@
../esprima/bin/esvalidate.js

1
node_modules/.bin/installed-package-contents generated vendored Symbolic link
View file

@ -0,0 +1 @@
../@npmcli/installed-package-contents/index.js

1
node_modules/.bin/is-ci generated vendored Symbolic link
View file

@ -0,0 +1 @@
../is-ci/bin.js

1
node_modules/.bin/js-yaml generated vendored Symbolic link
View file

@ -0,0 +1 @@
../js-yaml/bin/js-yaml.js

1
node_modules/.bin/json5 generated vendored Symbolic link
View file

@ -0,0 +1 @@
../json5/lib/cli.js

1
node_modules/.bin/markdown-it generated vendored Symbolic link
View file

@ -0,0 +1 @@
../markdown-it/bin/markdown-it.js

1
node_modules/.bin/markdownlint generated vendored Symbolic link
View file

@ -0,0 +1 @@
../markdownlint-cli/markdownlint.js

1
node_modules/.bin/mkdirp generated vendored Symbolic link
View file

@ -0,0 +1 @@
../mkdirp/bin/cmd.js

1
node_modules/.bin/ncu generated vendored Symbolic link
View file

@ -0,0 +1 @@
../npm-check-updates/bin/ncu

1
node_modules/.bin/npm-check-updates generated vendored Symbolic link
View file

@ -0,0 +1 @@
../npm-check-updates/bin/npm-check-updates

1
node_modules/.bin/npm-packlist generated vendored Symbolic link
View file

@ -0,0 +1 @@
../npm-packlist/bin/index.js

1
node_modules/.bin/npm-run-all generated vendored Symbolic link
View file

@ -0,0 +1 @@
../npm-run-all/bin/npm-run-all/index.js

1
node_modules/.bin/pacote generated vendored Symbolic link
View file

@ -0,0 +1 @@
../pacote/lib/bin.js

1
node_modules/.bin/pidtree generated vendored Symbolic link
View file

@ -0,0 +1 @@
../pidtree/bin/pidtree.js

1
node_modules/.bin/rc generated vendored Symbolic link
View file

@ -0,0 +1 @@
../rc/cli.js

1
node_modules/.bin/rimraf generated vendored Symbolic link
View file

@ -0,0 +1 @@
../rimraf/bin.js

1
node_modules/.bin/run-p generated vendored Symbolic link
View file

@ -0,0 +1 @@
../npm-run-all/bin/run-p/index.js

1
node_modules/.bin/run-s generated vendored Symbolic link
View file

@ -0,0 +1 @@
../npm-run-all/bin/run-s/index.js

1
node_modules/.bin/semver generated vendored Symbolic link
View file

@ -0,0 +1 @@
../semver/bin/semver.js

1
node_modules/.bin/tsc generated vendored Symbolic link
View file

@ -0,0 +1 @@
../typescript/bin/tsc

1
node_modules/.bin/tsserver generated vendored Symbolic link
View file

@ -0,0 +1 @@
../typescript/bin/tsserver

1
node_modules/.bin/which generated vendored Symbolic link
View file

@ -0,0 +1 @@
../which/bin/which

1
node_modules/.bin/window-size generated vendored Symbolic link
View file

@ -0,0 +1 @@
../window-size/cli.js

1
node_modules/.bin/yamllint generated vendored Symbolic link
View file

@ -0,0 +1 @@
../yaml-lint/cli.js

2
package-lock.json generated
View file

@ -1,6 +1,6 @@
{
"name": "install-ssh-key",
"version": "1.6.2",
"version": "1.6.3",
"lockfileVersion": 1,
"requires": true,
"dependencies": {

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "install-ssh-key",
"version": "1.6.2",
"version": "1.6.3",
"private": true,
"description": "Install SSH key in .ssh",
"main": "lib/main.js",

11
scripts/create-release-branch.sh
View file

@ -119,12 +119,13 @@ function update_package_version() {
}
function update_dependencies_version() {
npm ci
npm run check-updates -- -u
}
function regenerate_package_lock() {
rm -rf package-lock.json node_modules &&
npm install
rm -rf package-lock.json node_modules
npm install
}
function build_package() {
@ -135,9 +136,9 @@ function build_package() {
function commit_changes() {
local VERSION=$1
npm ci --only=production &&
git add CHANGELOG.md package.json package-lock.json node_modules lib &&
git commit -m "version ${VERSION}"
npm ci --only=production
git add CHANGELOG.md package.json package-lock.json node_modules lib
git commit -m "version ${VERSION}"
}
function finish() {