diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml new file mode 100644 index 0000000..1cfd2a1 --- /dev/null +++ b/.github/workflows/demo.yml @@ -0,0 +1,46 @@ +on: [ push, pull_request ] + +jobs: + deployment_keys_demo: + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest, macOS-latest, windows-latest ] + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - name: Setup key + uses: ./ + with: + ssh-private-key: | + ${{ secrets.MPDUDE_TEST_1_DEPLOY_KEY }} + ${{ secrets.MPDUDE_TEST_2_DEPLOY_KEY }} + - run: | + git clone https://github.com/mpdude/test-1.git test-1-http + git clone git@github.com:mpdude/test-1.git test-1-git + git clone ssh://git@github.com/mpdude/test-1.git test-1-git-ssh + git clone https://github.com/mpdude/test-2.git test-2-http + git clone git@github.com:mpdude/test-2.git test-2-git + git clone ssh://git@github.com/mpdude/test-2.git test-2-git-ssh + + docker_demo: + runs-on: ubuntu-latest + container: + image: ubuntu:latest + steps: + - uses: actions/checkout@v3 + - run: apt update && apt install -y openssh-client git + - name: Setup key + uses: ./ + with: + ssh-private-key: | + ${{ secrets.MPDUDE_TEST_1_DEPLOY_KEY }} + ${{ secrets.MPDUDE_TEST_2_DEPLOY_KEY }} + - run: | + git clone https://github.com/mpdude/test-1.git test-1-http + git clone git@github.com:mpdude/test-1.git test-1-git + git clone ssh://git@github.com/mpdude/test-1.git test-1-git-ssh + git clone https://github.com/mpdude/test-2.git test-2-http + git clone git@github.com:mpdude/test-2.git test-2-git + git clone ssh://git@github.com/mpdude/test-2.git test-2-git-ssh + diff --git a/CHANGELOG.md b/CHANGELOG.md index d66e0b0..811af67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,137 +7,112 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## v0.9.2 [2025-06-30] (khs.codes) - -- Support running under NixOS with dynamic user setting, or at least attempt to - -## v0.9.1 [2024-03-17] - -### Fixed - -- Fix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (#235) - -## v0.9.0 [2024-02-06] - -### Changed - -- Update all versions of `actions/checkout` to v4 (#199) -- Update to Node 20 (#201) - -## v0.8.0 [2023-03-24] - -### Changed - -- No longer writing GitHub's SSH host keys to `known_hosts` (#171) -- Update to actions/checkout@v3 (#143) -- Allow the user to override the commands for git, ssh-agent, and ssh-add (#154) - ## v0.7.0 [2022-10-19] ### Added -- Add the `log-public-key` input that can be used to turn off logging key identities (#122) + * Add the `log-public-key` input that can be used to turn off logging key identities (#122) ### Fixed -- Fix path to `git` binary on Windows, assuming GitHub-hosted runners (#136, #137) -- Fix a nonsensical log message (#139) + * Fix path to `git` binary on Windows, assuming GitHub-hosted runners (#136, #137) + * Fix a nonsensical log message (#139) ## v0.6.0 [2022-10-19] ### Changed -- Update the version of Node used by the action from 12 to 16 (https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/). + * Update the version of Node used by the action from 12 to 16 (https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/). ## v0.5.4 [2021-11-21] ### Fixed -- Update changed GitHub Host Keys (#102, #101) + * Update changed GitHub Host Keys (#102, #101) ### Changed -- Various documentation (README) improvements and additions -- Change logging to more precisely state that _public_ keys are being printed + * Various documentation (README) improvements and additions + * Change logging to more precisely state that _public_ keys are being printed ## v0.5.3 [2021-06-11] ### Fixed -- Fixed cleanup phase to really terminate the ssh-agent (#80) -- Fix termination of ssh-agent also on workflow failure (#79) + * Fixed cleanup phase to really terminate the ssh-agent (#80) + * Fix termination of ssh-agent also on workflow failure (#79) ### Changed -- Various documentation (README) improvements and additions + * Various documentation (README) improvements and additions ## v0.5.2 [2021-04-07] ### Fixed -- Use case-insensitive regex matching when scanning key comments (#68, #70, #71) + * Use case-insensitive regex matching when scanning key comments (#68, #70, #71) ### Changed -- Log when a key is _not_ used as a deploy key (#69) + * Log when a key is _not_ used as a deploy key (#69) ## v0.5.1 [2021-03-10] ### Fixed -- Fix deployment key mapping on Windows virtual environment by using SSH binaries from the Git - suite, terminate ssh-agent upon actio termination on Windows as well (#63) -- Handle ENOENT exceptions with a graceful message + * Fix deployment key mapping on Windows virtual environment by using SSH binaries from the Git + suite, terminate ssh-agent upon actio termination on Windows as well (#63) + * Handle ENOENT exceptions with a graceful message ### Changed -- Various documentation (README) improvements and additions + * Various documentation (README) improvements and additions ## v0.5.0 [2021-02-19] ### Added -- Add support for GitHub Deployment Keys through key comments (#59). Fixes #30, closes #38. -- Support for container-based workflows and Windows (#17) + * Add support for GitHub Deployment Keys through key comments (#59). Fixes #30, closes #38. + * Support for container-based workflows and Windows (#17) ### Fixed -- Fix scripts/build.js to work on Windows (#38) + * Fix scripts/build.js to work on Windows (#38) ### Changed -- Various documentation (README) improvements and additions + * Various documentation (README) improvements and additions ## v0.4.1 [2020-10-07] ### Fixed -- This action no longer relies on `set-env`, which has been deprecated. +* This action no longer relies on `set-env`, which has been deprecated. ## v0.4.0 ### Changed -- A failure to kill the agent in the post-action step will no longer fail the workflow run. That way, you can kill the agent yourself when necessary (#33). +* A failure to kill the agent in the post-action step will no longer fail the workflow run. That way, you can kill the agent yourself when necessary (#33). ## v0.3.0 [2020-05-18] -### Added +### Added -- A new post-action step will automatically clean up the running agent at the end of a job. This helps with self-hosted runners, which are non-ephemeral. (@thommyhh, #27) +* A new post-action step will automatically clean up the running agent at the end of a job. This helps with self-hosted runners, which are non-ephemeral. (@thommyhh, #27) ### Changed -- Unless the SSH_AUTH_SOCK is configured explicitly, the SSH agent will now use a random file name for the socket. That way, multiple, concurrent SSH agents can be used on self-hosted runners. (@thommyhh, #27) +* Unless the SSH_AUTH_SOCK is configured explicitly, the SSH agent will now use a random file name for the socket. That way, multiple, concurrent SSH agents can be used on self-hosted runners. (@thommyhh, #27) ## v0.2.0 [2020-01-14] ### Added -- Multiple SSH keys can now be provided (#14, closes #7). Thanks to +* Multiple SSH keys can now be provided (#14, closes #7). Thanks to @webknjaz and @bradmartin for support and tests. -- Catch empty ssh-private-key input values and exit with a helpful +* Catch empty ssh-private-key input values and exit with a helpful error message right away. ## v0.1.0 [2019-09-15] diff --git a/README.md b/README.md index 3028201..46c74a5 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,10 @@ # `ssh-agent` GitHub Action -This action -* starts the `ssh-agent`, -* exports the `SSH_AUTH_SOCK` environment variable, and -* loads one or several private SSH key into the agent. +This action +* starts the `ssh-agent`, +* exports the `SSH_AUTH_SOCK` environment variable, +* loads one or several private SSH key into the agent and +* configures `known_hosts` for GitHub.com. It should work in all GitHub Actions virtual environments, including container-based workflows. @@ -26,7 +27,7 @@ GitHub Actions only have access to the repository they run for. So, in order to * In your repository, go to the *Settings > Secrets* menu and create a new secret. In this example, we'll call it `SSH_PRIVATE_KEY`. * Put the contents of the *private* SSH key file into the contents field.
* This key should start with `-----BEGIN ... PRIVATE KEY-----`, consist of many lines and ends with `-----END ... PRIVATE KEY-----`. -5. In your workflow definition file, add the following step. Preferably this would be rather on top, near the `actions/checkout@v4` line. +5. In your workflow definition file, add the following step. Preferably this would be rather on top, near the `actions/checkout@v2` line. ```yaml # .github/workflows/my-workflow.yml @@ -34,9 +35,9 @@ jobs: my_job: ... steps: - - uses: actions/checkout@v4 - # Make sure the @v0.9.0 matches the current version of the action - - uses: webfactory/ssh-agent@v0.9.0 + - uses: actions/checkout@v3 + # Make sure the @v0.7.0 matches the current version of the action + - uses: webfactory/ssh-agent@v0.7.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} # ... other steps @@ -51,7 +52,7 @@ You can set up different keys as different secrets and pass them all to the acti ```yaml # ... contents as before - - uses: webfactory/ssh-agent@v0.9.0 + - uses: webfactory/ssh-agent@v0.7.0 with: ssh-private-key: | ${{ secrets.FIRST_KEY }} diff --git a/action.yml b/action.yml index 8f32cc8..4c54ef5 100644 --- a/action.yml +++ b/action.yml @@ -20,11 +20,10 @@ inputs: description: 'git command' required: false runs: - using: 'node20' + using: 'node16' main: 'dist/index.js' post: 'dist/cleanup.js' post-if: 'always()' - branding: icon: loader color: 'yellow' diff --git a/cleanup.js b/cleanup.js index 71c657b..6b7ab7d 100644 --- a/cleanup.js +++ b/cleanup.js @@ -1,3 +1,4 @@ +const core = require('@actions/core'); const { execFileSync } = require('child_process'); const { sshAgentCmd } = require('./paths.js'); diff --git a/dist/cleanup.js b/dist/cleanup.js index 18202e4..61fc276 100644 --- a/dist/cleanup.js +++ b/dist/cleanup.js @@ -292,13 +292,14 @@ var __importStar = (this && this.__importStar) || function (mod) { return result; }; Object.defineProperty(exports, "__esModule", { value: true }); -exports.issueCommand = void 0; +exports.prepareKeyValueMessage = exports.issueFileCommand = void 0; // We use any as a valid input type /* eslint-disable @typescript-eslint/no-explicit-any */ const fs = __importStar(__webpack_require__(747)); const os = __importStar(__webpack_require__(87)); +const uuid_1 = __webpack_require__(62); const utils_1 = __webpack_require__(82); -function issueCommand(command, message) { +function issueFileCommand(command, message) { const filePath = process.env[`GITHUB_${command}`]; if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); @@ -310,7 +311,22 @@ function issueCommand(command, message) { encoding: 'utf8' }); } -exports.issueCommand = issueCommand; +exports.issueFileCommand = issueFileCommand; +function prepareKeyValueMessage(key, value) { + const delimiter = `ghadelimiter_${uuid_1.v4()}`; + const convertedValue = utils_1.toCommandValue(value); + // These should realistically never happen, but just in case someone finds a + // way to exploit uuid generation let's not allow keys or values that contain + // the delimiter. + if (key.includes(delimiter)) { + throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`); + } + if (convertedValue.includes(delimiter)) { + throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`); + } + return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`; +} +exports.prepareKeyValueMessage = prepareKeyValueMessage; //# sourceMappingURL=file-command.js.map /***/ }), @@ -597,6 +613,7 @@ exports.debug = debug; // for test /***/ 175: /***/ (function(__unusedmodule, __unusedexports, __webpack_require__) { +const core = __webpack_require__(470); const { execFileSync } = __webpack_require__(129); const { sshAgentCmd } = __webpack_require__(972); @@ -1667,7 +1684,6 @@ const file_command_1 = __webpack_require__(102); const utils_1 = __webpack_require__(82); const os = __importStar(__webpack_require__(87)); const path = __importStar(__webpack_require__(622)); -const uuid_1 = __webpack_require__(62); const oidc_utils_1 = __webpack_require__(742); /** * The code to exit an action @@ -1697,20 +1713,9 @@ function exportVariable(name, val) { process.env[name] = convertedVal; const filePath = process.env['GITHUB_ENV'] || ''; if (filePath) { - const delimiter = `ghadelimiter_${uuid_1.v4()}`; - // These should realistically never happen, but just in case someone finds a way to exploit uuid generation let's not allow keys or values that contain the delimiter. - if (name.includes(delimiter)) { - throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`); - } - if (convertedVal.includes(delimiter)) { - throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`); - } - const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`; - file_command_1.issueCommand('ENV', commandValue); - } - else { - command_1.issueCommand('set-env', { name }, convertedVal); + return file_command_1.issueFileCommand('ENV', file_command_1.prepareKeyValueMessage(name, val)); } + command_1.issueCommand('set-env', { name }, convertedVal); } exports.exportVariable = exportVariable; /** @@ -1728,7 +1733,7 @@ exports.setSecret = setSecret; function addPath(inputPath) { const filePath = process.env['GITHUB_PATH'] || ''; if (filePath) { - file_command_1.issueCommand('PATH', inputPath); + file_command_1.issueFileCommand('PATH', inputPath); } else { command_1.issueCommand('add-path', {}, inputPath); @@ -1768,7 +1773,10 @@ function getMultilineInput(name, options) { const inputs = getInput(name, options) .split('\n') .filter(x => x !== ''); - return inputs; + if (options && options.trimWhitespace === false) { + return inputs; + } + return inputs.map(input => input.trim()); } exports.getMultilineInput = getMultilineInput; /** @@ -1801,8 +1809,12 @@ exports.getBooleanInput = getBooleanInput; */ // eslint-disable-next-line @typescript-eslint/no-explicit-any function setOutput(name, value) { + const filePath = process.env['GITHUB_OUTPUT'] || ''; + if (filePath) { + return file_command_1.issueFileCommand('OUTPUT', file_command_1.prepareKeyValueMessage(name, value)); + } process.stdout.write(os.EOL); - command_1.issueCommand('set-output', { name }, value); + command_1.issueCommand('set-output', { name }, utils_1.toCommandValue(value)); } exports.setOutput = setOutput; /** @@ -1931,7 +1943,11 @@ exports.group = group; */ // eslint-disable-next-line @typescript-eslint/no-explicit-any function saveState(name, value) { - command_1.issueCommand('save-state', { name }, value); + const filePath = process.env['GITHUB_STATE'] || ''; + if (filePath) { + return file_command_1.issueFileCommand('STATE', file_command_1.prepareKeyValueMessage(name, value)); + } + command_1.issueCommand('save-state', { name }, utils_1.toCommandValue(value)); } exports.saveState = saveState; /** @@ -2821,10 +2837,11 @@ exports.default = _default; /***/ (function(module, __unusedexports, __webpack_require__) { const os = __webpack_require__(87); -const core = __webpack_require__(470); -const defaults = (process.env['OS'] != 'Windows_NT') ? { - homePath: os.homedir(), +module.exports = (process.env['OS'] != 'Windows_NT') ? { + // Use getent() system call, since this is what ssh does; makes a difference in Docker-based + // Action runs, where $HOME is different from the pwent + homePath: os.userInfo().homedir, sshAgentCmdDefault: 'ssh-agent', sshAddCmdDefault: 'ssh-add', gitCmdDefault: 'git' @@ -2836,17 +2853,6 @@ const defaults = (process.env['OS'] != 'Windows_NT') ? { gitCmdDefault: 'c://progra~1//git//bin//git.exe' }; -const sshAgentCmdInput = core.getInput('ssh-agent-cmd'); -const sshAddCmdInput = core.getInput('ssh-add-cmd'); -const gitCmdInput = core.getInput('git-cmd'); - -module.exports = { - homePath: defaults.homePath, - sshAgentCmd: sshAgentCmdInput !== '' ? sshAgentCmdInput : defaults.sshAgentCmdDefault, - sshAddCmd: sshAddCmdInput !== '' ? sshAddCmdInput : defaults.sshAddCmdDefault, - gitCmd: gitCmdInput !== '' ? gitCmdInput : defaults.gitCmdDefault, -}; - /***/ }) diff --git a/dist/index.js b/dist/index.js index 5be2d35..2c23f23 100644 --- a/dist/index.js +++ b/dist/index.js @@ -292,13 +292,14 @@ var __importStar = (this && this.__importStar) || function (mod) { return result; }; Object.defineProperty(exports, "__esModule", { value: true }); -exports.issueCommand = void 0; +exports.prepareKeyValueMessage = exports.issueFileCommand = void 0; // We use any as a valid input type /* eslint-disable @typescript-eslint/no-explicit-any */ const fs = __importStar(__webpack_require__(747)); const os = __importStar(__webpack_require__(87)); +const uuid_1 = __webpack_require__(62); const utils_1 = __webpack_require__(82); -function issueCommand(command, message) { +function issueFileCommand(command, message) { const filePath = process.env[`GITHUB_${command}`]; if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); @@ -310,7 +311,22 @@ function issueCommand(command, message) { encoding: 'utf8' }); } -exports.issueCommand = issueCommand; +exports.issueFileCommand = issueFileCommand; +function prepareKeyValueMessage(key, value) { + const delimiter = `ghadelimiter_${uuid_1.v4()}`; + const convertedValue = utils_1.toCommandValue(value); + // These should realistically never happen, but just in case someone finds a + // way to exploit uuid generation let's not allow keys or values that contain + // the delimiter. + if (key.includes(delimiter)) { + throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`); + } + if (convertedValue.includes(delimiter)) { + throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`); + } + return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`; +} +exports.prepareKeyValueMessage = prepareKeyValueMessage; //# sourceMappingURL=file-command.js.map /***/ }), @@ -322,12 +338,20 @@ const core = __webpack_require__(470); const child_process = __webpack_require__(129); const fs = __webpack_require__(747); const crypto = __webpack_require__(417); -const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = __webpack_require__(972); +const { homePath, sshAgentCmdDefault, sshAddCmdDefault, gitCmdDefault } = __webpack_require__(972); try { const privateKey = core.getInput('ssh-private-key'); const logPublicKey = core.getBooleanInput('log-public-key', {default: true}); + const sshAgentCmdInput = core.getInput('ssh-agent-cmd'); + const sshAddCmdInput = core.getInput('ssh-add-cmd'); + const gitCmdInput = core.getInput('git-cmd'); + + const sshAgentCmd = sshAgentCmdInput ? sshAgentCmdInput : sshAgentCmdDefault; + const sshAddCmd = sshAddCmdInput ? sshAddCmdInput : sshAddCmdDefault; + const gitCmd = gitCmdInput ? gitCmdInput : gitCmdDefault; + if (!privateKey) { core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file."); @@ -1741,7 +1765,6 @@ const file_command_1 = __webpack_require__(102); const utils_1 = __webpack_require__(82); const os = __importStar(__webpack_require__(87)); const path = __importStar(__webpack_require__(622)); -const uuid_1 = __webpack_require__(62); const oidc_utils_1 = __webpack_require__(742); /** * The code to exit an action @@ -1771,20 +1794,9 @@ function exportVariable(name, val) { process.env[name] = convertedVal; const filePath = process.env['GITHUB_ENV'] || ''; if (filePath) { - const delimiter = `ghadelimiter_${uuid_1.v4()}`; - // These should realistically never happen, but just in case someone finds a way to exploit uuid generation let's not allow keys or values that contain the delimiter. - if (name.includes(delimiter)) { - throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`); - } - if (convertedVal.includes(delimiter)) { - throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`); - } - const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`; - file_command_1.issueCommand('ENV', commandValue); - } - else { - command_1.issueCommand('set-env', { name }, convertedVal); + return file_command_1.issueFileCommand('ENV', file_command_1.prepareKeyValueMessage(name, val)); } + command_1.issueCommand('set-env', { name }, convertedVal); } exports.exportVariable = exportVariable; /** @@ -1802,7 +1814,7 @@ exports.setSecret = setSecret; function addPath(inputPath) { const filePath = process.env['GITHUB_PATH'] || ''; if (filePath) { - file_command_1.issueCommand('PATH', inputPath); + file_command_1.issueFileCommand('PATH', inputPath); } else { command_1.issueCommand('add-path', {}, inputPath); @@ -1842,7 +1854,10 @@ function getMultilineInput(name, options) { const inputs = getInput(name, options) .split('\n') .filter(x => x !== ''); - return inputs; + if (options && options.trimWhitespace === false) { + return inputs; + } + return inputs.map(input => input.trim()); } exports.getMultilineInput = getMultilineInput; /** @@ -1875,8 +1890,12 @@ exports.getBooleanInput = getBooleanInput; */ // eslint-disable-next-line @typescript-eslint/no-explicit-any function setOutput(name, value) { + const filePath = process.env['GITHUB_OUTPUT'] || ''; + if (filePath) { + return file_command_1.issueFileCommand('OUTPUT', file_command_1.prepareKeyValueMessage(name, value)); + } process.stdout.write(os.EOL); - command_1.issueCommand('set-output', { name }, value); + command_1.issueCommand('set-output', { name }, utils_1.toCommandValue(value)); } exports.setOutput = setOutput; /** @@ -2005,7 +2024,11 @@ exports.group = group; */ // eslint-disable-next-line @typescript-eslint/no-explicit-any function saveState(name, value) { - command_1.issueCommand('save-state', { name }, value); + const filePath = process.env['GITHUB_STATE'] || ''; + if (filePath) { + return file_command_1.issueFileCommand('STATE', file_command_1.prepareKeyValueMessage(name, value)); + } + command_1.issueCommand('save-state', { name }, utils_1.toCommandValue(value)); } exports.saveState = saveState; /** @@ -2895,10 +2918,11 @@ exports.default = _default; /***/ (function(module, __unusedexports, __webpack_require__) { const os = __webpack_require__(87); -const core = __webpack_require__(470); -const defaults = (process.env['OS'] != 'Windows_NT') ? { - homePath: os.homedir(), +module.exports = (process.env['OS'] != 'Windows_NT') ? { + // Use getent() system call, since this is what ssh does; makes a difference in Docker-based + // Action runs, where $HOME is different from the pwent + homePath: os.userInfo().homedir, sshAgentCmdDefault: 'ssh-agent', sshAddCmdDefault: 'ssh-add', gitCmdDefault: 'git' @@ -2910,17 +2934,6 @@ const defaults = (process.env['OS'] != 'Windows_NT') ? { gitCmdDefault: 'c://progra~1//git//bin//git.exe' }; -const sshAgentCmdInput = core.getInput('ssh-agent-cmd'); -const sshAddCmdInput = core.getInput('ssh-add-cmd'); -const gitCmdInput = core.getInput('git-cmd'); - -module.exports = { - homePath: defaults.homePath, - sshAgentCmd: sshAgentCmdInput !== '' ? sshAgentCmdInput : defaults.sshAgentCmdDefault, - sshAddCmd: sshAddCmdInput !== '' ? sshAddCmdInput : defaults.sshAddCmdDefault, - gitCmd: gitCmdInput !== '' ? gitCmdInput : defaults.gitCmdDefault, -}; - /***/ }) diff --git a/index.js b/index.js index d28a764..0c2e08b 100644 --- a/index.js +++ b/index.js @@ -2,12 +2,20 @@ const core = require('@actions/core'); const child_process = require('child_process'); const fs = require('fs'); const crypto = require('crypto'); -const { homePath, sshAgentCmd, sshAddCmd, gitCmd } = require('./paths.js'); +const { homePath, sshAgentCmdDefault, sshAddCmdDefault, gitCmdDefault } = require('./paths.js'); try { const privateKey = core.getInput('ssh-private-key'); const logPublicKey = core.getBooleanInput('log-public-key', {default: true}); + const sshAgentCmdInput = core.getInput('ssh-agent-cmd'); + const sshAddCmdInput = core.getInput('ssh-add-cmd'); + const gitCmdInput = core.getInput('git-cmd'); + + const sshAgentCmd = sshAgentCmdInput ? sshAgentCmdInput : sshAgentCmdDefault; + const sshAddCmd = sshAddCmdInput ? sshAddCmdInput : sshAddCmdDefault; + const gitCmd = gitCmdInput ? gitCmdInput : gitCmdDefault; + if (!privateKey) { core.setFailed("The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file."); diff --git a/paths.js b/paths.js index 7966262..1c6fbf0 100644 --- a/paths.js +++ b/paths.js @@ -1,30 +1,16 @@ -const os = require("os"); -const core = require("@actions/core"); +const os = require('os'); -const defaults = - process.env["OS"] != "Windows_NT" - ? { - homePath: os.homedir(), - sshAgentCmdDefault: "ssh-agent", - sshAddCmdDefault: "ssh-add", - gitCmdDefault: "git", - } - : { - // Assuming GitHub hosted `windows-*` runners for now - homePath: os.homedir(), - sshAgentCmdDefault: "c://progra~1//git//usr//bin//ssh-agent.exe", - sshAddCmdDefault: "c://progra~1//git//usr//bin//ssh-add.exe", - gitCmdDefault: "c://progra~1//git//bin//git.exe", - }; - -const sshAgentCmdInput = core.getInput("ssh-agent-cmd"); -const sshAddCmdInput = core.getInput("ssh-add-cmd"); -const gitCmdInput = core.getInput("git-cmd"); - -module.exports = { - homePath: defaults.homePath, - sshAgentCmd: - sshAgentCmdInput !== "" ? sshAgentCmdInput : defaults.sshAgentCmdDefault, - sshAddCmd: sshAddCmdInput !== "" ? sshAddCmdInput : defaults.sshAddCmdDefault, - gitCmd: gitCmdInput !== "" ? gitCmdInput : defaults.gitCmdDefault, +module.exports = (process.env['OS'] != 'Windows_NT') ? { + // Use getent() system call, since this is what ssh does; makes a difference in Docker-based + // Action runs, where $HOME is different from the pwent + homePath: os.userInfo().homedir, + sshAgentCmdDefault: 'ssh-agent', + sshAddCmdDefault: 'ssh-add', + gitCmdDefault: 'git' +} : { + // Assuming GitHub hosted `windows-*` runners for now + homePath: os.homedir(), + sshAgentCmdDefault: 'c://progra~1//git//usr//bin//ssh-agent.exe', + sshAddCmdDefault: 'c://progra~1//git//usr//bin//ssh-add.exe', + gitCmdDefault: 'c://progra~1//git//bin//git.exe' };