actions/ssh-key-action
1
0
Fork 0
mirror of https://github.com/shimataro/ssh-key-action.git synced 2025-06-19 22:52:10 +10:00
Code Activity

support OpenSSH key format (#171)

Browse source 
* Make up for LF in last line of SSH key file

* refactor insertLf()

* add test for OpenSSH format

* add PKCS8 format

* apply to other virtual machines

* update README

* update CHANGELOG

Co-authored-by: Tatsunori Uchino <tats.u@live.jp>
This commit is contained in:
shimataro 2021-02-23 10:22:30 +09:00 committed by GitHub
parent 026e5f82bf
commit e83b5ac86d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 261 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

46
.github/workflows/verify-on-container.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push - push
jobs: jobs:
ssh: ssh-pem:
name: Connect to github.com name: Connect to github.com (PEM format)
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
container: ubuntu:20.04 container: ubuntu:20.04
steps: steps:
@ -20,7 +20,47 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l /root/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-20.04
container: ubuntu:20.04
steps:
- name: Install packages
run: |
apt update
apt -y install openssh-client git
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l /root/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-20.04
container: ubuntu:20.04
steps:
- name: Install packages
run: |
apt update
apt -y install openssh-client git
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files - name: print created files
run: ls -l /root/.ssh run: ls -l /root/.ssh

38
.github/workflows/verify-on-macos-1015.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push - push
jobs: jobs:
ssh: ssh-pem:
name: Connect to github.com name: Connect to github.com (PEM format)
runs-on: macos-10.15 runs-on: macos-10.15
steps: steps:
- name: Checkout source codes - name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: macos-10.15
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: macos-10.15
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files - name: print created files
run: ls -l ~/.ssh run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional name: ssh_key_name # optional
config: | # optional config: | # optional

38
.github/workflows/verify-on-ubuntu-1604.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push - push
jobs: jobs:
ssh: ssh-pem:
name: Connect to github.com name: Connect to github.com (PEM format)
runs-on: ubuntu-16.04 runs-on: ubuntu-16.04
steps: steps:
- name: Checkout source codes - name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-16.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-16.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files - name: print created files
run: ls -l ~/.ssh run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional name: ssh_key_name # optional
config: | # optional config: | # optional

38
.github/workflows/verify-on-ubuntu-1804.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push - push
jobs: jobs:
ssh: ssh-pem:
name: Connect to github.com name: Connect to github.com (PEM format)
runs-on: ubuntu-18.04 runs-on: ubuntu-18.04
steps: steps:
- name: Checkout source codes - name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-18.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-18.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files - name: print created files
run: ls -l ~/.ssh run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional name: ssh_key_name # optional
config: | # optional config: | # optional

38
.github/workflows/verify-on-ubuntu-2004.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push - push
jobs: jobs:
ssh: ssh-pem:
name: Connect to github.com name: Connect to github.com (PEM format)
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout source codes - name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: ubuntu-20.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls -l ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: ubuntu-20.04
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files - name: print created files
run: ls -l ~/.ssh run: ls -l ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional name: ssh_key_name # optional
config: | # optional config: | # optional

40
.github/workflows/verify-on-windows-server-2019.yml vendored
View file

@ -6,8 +6,8 @@ on:
- push - push
jobs: jobs:
ssh: ssh-pem:
name: Connect to github.com name: Connect to github.com (PEM format)
runs-on: windows-2019 runs-on: windows-2019
steps: steps:
- name: Checkout source codes - name: Checkout source codes
@ -15,7 +15,37 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-pkcs8:
name: Connect to github.com (PKCS8 format)
runs-on: windows-2019
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_PKCS8 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files
run: ls ~/.ssh
- name: git clone through SSH
run: git clone git@github.com:shimataro/ssh-key-action.git tmp
ssh-rfc4716:
name: Connect to github.com (RFC4716 format)
runs-on: windows-2019
steps:
- name: Checkout source codes
uses: actions/checkout@v2
- name: Install SSH key
uses: ./.
with:
key: ${{ secrets.SSH_KEY_RFC4716 }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
- name: print created files - name: print created files
run: ls ~/.ssh run: ls ~/.ssh
@ -30,7 +60,7 @@ jobs:
- name: Install SSH key - name: Install SSH key
uses: ./. uses: ./.
with: with:
key: ${{ secrets.SSH_KEY }} key: ${{ secrets.SSH_KEY_PEM }}
known_hosts: ${{ secrets.KNOWN_HOSTS }} known_hosts: ${{ secrets.KNOWN_HOSTS }}
name: ssh_key_name # optional name: ssh_key_name # optional
config: | # optional config: | # optional
@ -39,6 +69,6 @@ jobs:
User git User git
IdentityFile ~/.ssh/ssh_key_name IdentityFile ~/.ssh/ssh_key_name
- name: print created files - name: print created files
run: ls ~/.ssh run: ls -l ~/.ssh
- name: git clone through SSH - name: git clone through SSH
run: git clone github:shimataro/ssh-key-action.git tmp run: git clone github:shimataro/ssh-key-action.git tmp

1
CHANGELOG.md
View file

@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Added ### Added
* Support Docker container (thanks [@kujaomega](https://github.com/kujaomega)) * Support Docker container (thanks [@kujaomega](https://github.com/kujaomega))
* Support PKCS8/RFC4716 formats (thanks [@tats-u](https://github.com/tats-u))
### Changed ### Changed

7
README.md
View file

@ -22,9 +22,7 @@ Useful for SCP, SFTP, and `rsync` over SSH in deployment script.
Add your SSH key to your product secrets by clicking `Settings` - `Secrets` - `Add a new secret` beforehand. Add your SSH key to your product secrets by clicking `Settings` - `Secrets` - `Add a new secret` beforehand.
**NOTE:** OPENSSH format (key begins with `-----BEGIN OPENSSH PRIVATE KEY-----`) may not work due to OpenSSH version on VM. PEM(RSA), PKCS8, and RFC4716(OpenSSH) formats are OK.
Please use PEM format (begins with `-----BEGIN RSA PRIVATE KEY-----`) instead.
In order to convert your key inline to PEM format simply use `ssh-keygen -p -m PEM -f ~/.ssh/id_rsa`.
```yaml ```yaml
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -85,9 +83,6 @@ steps:
Check below: Check below:
* `Load key "/HOME/.ssh/id_rsa": invalid format`:
* OPENSSH format (key begins with `-----BEGIN OPENSSH PRIVATE KEY-----`) may not work.
* Use PEM format (begins with `-----BEGIN RSA PRIVATE KEY-----`). Convert it from OPENSSH format using `ssh-keygen -p -m PEM -f ~/.ssh/id_rsa`
* `Host key verification failed.`: * `Host key verification failed.`:
* Set `known_hosts` parameter correctly (use `ssh-keyscan` command). * Set `known_hosts` parameter correctly (use `ssh-keyscan` command).

28
lib/index.js
View file

@ -430,8 +430,8 @@ function main() {
const files = [ const files = [
{ {
name: core.getInput("name"), name: core.getInput("name"),
contents: core.getInput("key", { contents: insertLf(core.getInput("key", { required: true }), {
required: true, append: true,
}), }),
options: { options: {
mode: 0o400, mode: 0o400,
@ -440,9 +440,10 @@ function main() {
}, },
{ {
name: "known_hosts", name: "known_hosts",
contents: insertLf(core.getInput("known_hosts", { contents: insertLf(core.getInput("known_hosts", { required: true }), {
required: true, prepend: true,
})), append: true,
}),
options: { options: {
mode: 0o644, mode: 0o644,
flag: "a", flag: "a",
@ -450,7 +451,10 @@ function main() {
}, },
{ {
name: "config", name: "config",
contents: insertLf(core.getInput("config")), contents: insertLf(core.getInput("config"), {
prepend: true,
append: true,
}),
options: { options: {
mode: 0o644, mode: 0o644,
flag: "a", flag: "a",
@ -505,19 +509,21 @@ function getHomeEnv() {
} }
/** /**
* prepend/append LF to value if not empty * prepend/append LF to value if not empty
* @param value the value to prepend LF * @param value the value to insert LF
* @returns prepended value * @param options options
* @returns new value
*/ */
function insertLf(value) { function insertLf(value, options) {
const normalizedOptions = Object.assign({ prepend: false, append: false }, options);
let affectedValue = value; let affectedValue = value;
if (value.length === 0) { if (value.length === 0) {
// do nothing if empty // do nothing if empty
return ""; return "";
} }
if (!affectedValue.startsWith("\n")) { if (normalizedOptions.prepend && !affectedValue.startsWith("\n")) {
affectedValue = `\n${affectedValue}`; affectedValue = `\n${affectedValue}`;
} }
if (!affectedValue.endsWith("\n")) { if (normalizedOptions.append && !affectedValue.endsWith("\n")) {
affectedValue = `${affectedValue}\n`; affectedValue = `${affectedValue}\n`;
} }
return affectedValue; return affectedValue;

39
src/main.ts
View file

@ -10,6 +10,13 @@ interface FileInfo
options: fs.WriteFileOptions; options: fs.WriteFileOptions;
} }
/** options for insertLf() */
interface InsertLfOptions
{
prepend?: boolean;
append?: boolean;
}
/** /**
* main function * main function
*/ */
@ -20,8 +27,8 @@ function main(): void
const files: FileInfo[] = [ const files: FileInfo[] = [
{ {
name: core.getInput("name"), name: core.getInput("name"),
contents: core.getInput("key", { contents: insertLf(core.getInput("key", {required: true}), {
required: true, append: true,
}), }),
options: { options: {
mode: 0o400, mode: 0o400,
@ -30,9 +37,10 @@ function main(): void
}, },
{ {
name: "known_hosts", name: "known_hosts",
contents: insertLf(core.getInput("known_hosts", { contents: insertLf(core.getInput("known_hosts", {required: true}), {
required: true, prepend: true,
})), append: true,
}),
options: { options: {
mode: 0o644, mode: 0o644,
flag: "a", flag: "a",
@ -40,7 +48,10 @@ function main(): void
}, },
{ {
name: "config", name: "config",
contents: insertLf(core.getInput("config")), contents: insertLf(core.getInput("config"), {
prepend: true,
append: true,
}),
options: { options: {
mode: 0o644, mode: 0o644,
flag: "a", flag: "a",
@ -111,11 +122,17 @@ function getHomeEnv(): string
/** /**
* prepend/append LF to value if not empty * prepend/append LF to value if not empty
* @param value the value to prepend LF * @param value the value to insert LF
* @returns prepended value * @param options options
* @returns new value
*/ */
function insertLf(value: string): string function insertLf(value: string, options: InsertLfOptions): string
{ {
const normalizedOptions: Required<InsertLfOptions> = {
prepend: false,
append: false,
...options,
};
let affectedValue = value; let affectedValue = value;
if(value.length === 0) if(value.length === 0)
@ -123,11 +140,11 @@ function insertLf(value: string): string
// do nothing if empty // do nothing if empty
return ""; return "";
} }
if(!affectedValue.startsWith("\n")) if(normalizedOptions.prepend && !affectedValue.startsWith("\n"))
{ {
affectedValue = `\n${affectedValue}`; affectedValue = `\n${affectedValue}`;
} }
if(!affectedValue.endsWith("\n")) if(normalizedOptions.append && !affectedValue.endsWith("\n"))
{ {
affectedValue = `${affectedValue}\n`; affectedValue = `${affectedValue}\n`;
} }