actions/ssh-key-action
1
0
Fork 0
mirror of https://github.com/shimataro/ssh-key-action.git synced 2025-06-19 22:52:10 +10:00
Code Activity

support OpenSSH key format (#171)

Browse source 
* Make up for LF in last line of SSH key file

* refactor insertLf()

* add test for OpenSSH format

* add PKCS8 format

* apply to other virtual machines

* update README

* update CHANGELOG

Co-authored-by: Tatsunori Uchino <tats.u@live.jp>
This commit is contained in:
shimataro 2021-02-23 10:22:30 +09:00 committed by GitHub
parent 026e5f82bf
commit e83b5ac86d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 261 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

46
.github/workflows/verify-on-container.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push
jobs:
ssh:
name: Connect to github.com
ssh-pem:
name: Connect to github.com (PEM format)
runs-on: ubuntu-20.04
container: ubuntu:20.04
steps:
@ -20,7 +20,47 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l /root/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-20.04
container: ubuntu:20.04
steps:
- name: Install packages
run: |
apt update
apt -y install openssh-client git
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l /root/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-20.04
container: ubuntu:20.04
steps:
- name: Install packages
run: |
apt update
apt -y install openssh-client git
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l /root/.ssh

38
.github/workflows/verify-on-macos-1015.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push
jobs:
ssh:
name: Connect to github.com
ssh-pem:
name: Connect to github.com (PEM format)
runs-on: macos-10.15
steps:
- name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: macos-10.15
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: macos-10.15
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional
config: | # optional

38
.github/workflows/verify-on-ubuntu-1604.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push
jobs:
ssh:
name: Connect to github.com
ssh-pem:
name: Connect to github.com (PEM format)
runs-on: ubuntu-16.04
steps:
- name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-16.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-16.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional
config: | # optional

38
.github/workflows/verify-on-ubuntu-1804.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push
jobs:
ssh:
name: Connect to github.com
ssh-pem:
name: Connect to github.com (PEM format)
runs-on: ubuntu-18.04
steps:
- name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-18.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-18.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional
config: | # optional

38
.github/workflows/verify-on-ubuntu-2004.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push
jobs:
ssh:
name: Connect to github.com
ssh-pem:
name: Connect to github.com (PEM format)
runs-on: ubuntu-20.04
steps:
- name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-20.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-20.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional
config: | # optional

40
.github/workflows/verify-on-windows-server-2019.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push
jobs:
ssh:
name: Connect to github.com
ssh-pem:
name: Connect to github.com (PEM format)
runs-on: windows-2019
steps:
- name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: windows-2019
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: windows-2019
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY }}
key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional
config: | # optional
@ -39,6 +69,6 @@ jobs:
User git
IdentityFile ~/.ssh/ssh_key_name
- name: print created files
run: ls ~/.ssh
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone github:shimataro/ssh-key-action.git tmp

1
CHANGELOG.md
View file

@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Added
* Support Docker container (thanks [@kujaomega](https://github.com/kujaomega))
* Support PKCS8/RFC4716 formats (thanks [@tats-u](https://github.com/tats-u))
### Changed

7
README.md
View file

@ -22,9 +22,7 @@ Useful for SCP, SFTP, and `rsync` over SSH in deployment script.
Add your SSH key to your product secrets by clicking `Settings` - `Secrets` - `Add a new secret` beforehand.
**NOTE:** OPENSSH format (key begins with `-----BEGIN OPENSSH PRIVATE KEY-----`) may not work due to OpenSSH version on VM.
Please use PEM format (begins with `-----BEGIN RSA PRIVATE KEY-----`) instead.
In order to convert your key inline to PEM format simply use `ssh-keygen -p -m PEM -f ~/.ssh/id_rsa`.
PEM(RSA), PKCS8, and RFC4716(OpenSSH) formats are OK.
```yaml
runs-on: ubuntu-latest
@ -85,9 +83,6 @@ steps:
Check below:
* `Load key "/HOME/.ssh/id_rsa": invalid format`:
* OPENSSH format (key begins with `-----BEGIN OPENSSH PRIVATE KEY-----`) may not work.
* Use PEM format (begins with `-----BEGIN RSA PRIVATE KEY-----`). Convert it from OPENSSH format using `ssh-keygen -p -m PEM -f ~/.ssh/id_rsa`
* `Host key verification failed.`:
* Set `known_hosts` parameter correctly (use `ssh-keyscan` command).

28
lib/index.js
View file

@ -430,8 +430,8 @@ function main() {
const files = [
{
name: core.getInput("name"),
contents: core.getInput("key", {
required: true,
contents: insertLf(core.getInput("key", { required: true }), {
append: true,
}),
options: {
mode: 0o400,
@ -440,9 +440,10 @@ function main() {
},
{
name: "known_hosts",
contents: insertLf(core.getInput("known_hosts", {
required: true,
})),
contents: insertLf(core.getInput("known_hosts", { required: true }), {
prepend: true,
append: true,
}),
options: {
mode: 0o644,
flag: "a",
@ -450,7 +451,10 @@ function main() {
},
{
name: "config",
contents: insertLf(core.getInput("config")),
contents: insertLf(core.getInput("config"), {
prepend: true,
append: true,
}),
options: {
mode: 0o644,
flag: "a",
@ -505,19 +509,21 @@ function getHomeEnv() {
}
/**
* prepend/append LF to value if not empty
* @param value the value to prepend LF
* @returns prepended value
* @param value the value to insert LF
* @param options options
* @returns new value
*/
function insertLf(value) {
function insertLf(value, options) {
const normalizedOptions = Object.assign({ prepend: false, append: false }, options);
let affectedValue = value;
if (value.length === 0) {
// do nothing if empty
return "";
}
if (!affectedValue.startsWith("\n")) {
if (normalizedOptions.prepend && !affectedValue.startsWith("\n")) {
affectedValue = `\n${affectedValue}`;
}
if (!affectedValue.endsWith("\n")) {
if (normalizedOptions.append && !affectedValue.endsWith("\n")) {
affectedValue = `${affectedValue}\n`;
}
return affectedValue;

39
src/main.ts
View file

@ -10,6 +10,13 @@ interface FileInfo
options: fs.WriteFileOptions;
}
/** options for insertLf() */
interface InsertLfOptions
{
prepend?: boolean;
append?: boolean;
}
/**
* main function
*/
@ -20,8 +27,8 @@ function main(): void
const files: FileInfo[] = [
{
name: core.getInput("name"),
contents: core.getInput("key", {
required: true,
contents: insertLf(core.getInput("key", {required: true}), {
append: true,
}),
options: {
mode: 0o400,
@ -30,9 +37,10 @@ function main(): void
},
{
name: "known_hosts",
contents: insertLf(core.getInput("known_hosts", {
required: true,
})),
contents: insertLf(core.getInput("known_hosts", {required: true}), {
prepend: true,
append: true,
}),
options: {
mode: 0o644,
flag: "a",
@ -40,7 +48,10 @@ function main(): void
},
{
name: "config",
contents: insertLf(core.getInput("config")),
contents: insertLf(core.getInput("config"), {
prepend: true,
append: true,
}),
options: {
mode: 0o644,
flag: "a",
@ -111,11 +122,17 @@ function getHomeEnv(): string
/**
* prepend/append LF to value if not empty
* @param value the value to prepend LF
* @returns prepended value
* @param value the value to insert LF
* @param options options
* @returns new value
*/
function insertLf(value: string): string
function insertLf(value: string, options: InsertLfOptions): string
{
const normalizedOptions: Required<InsertLfOptions> = {
prepend: false,
append: false,
...options,
};
let affectedValue = value;
if(value.length === 0)
@ -123,11 +140,11 @@ function insertLf(value: string): string
// do nothing if empty
return "";
}
if(!affectedValue.startsWith("\n"))
if(normalizedOptions.prepend && !affectedValue.startsWith("\n"))
{
affectedValue = `\n${affectedValue}`;
}
if(!affectedValue.endsWith("\n"))
if(normalizedOptions.append && !affectedValue.endsWith("\n"))
{
affectedValue = `${affectedValue}\n`;
}