File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : " Setup SSH to Discovery"
2+ description : " Configure SSH access to the discovery host and fetch build instructions (derivaitons)."
3+ author : " The Standard Authors"
4+
5+ inputs :
6+ ssh_key :
7+ required : true
8+ description : |
9+ The private SSH key used to authenticate with the Discovery host.
10+
11+ You should not add your private key directly to the workflow file but
12+ instead define a GitHub Secret for it, to avoid mistakenly sharing your
13+ key with others.
14+
15+ It is advisable to create a new SSH key specifically for use within GitHub
16+ (or even per repository or workflow). That way you can revoke access to
17+ your Discovery host in a fine-grained fashion.
18+
19+ user_name :
20+ required : true
21+ description : |
22+ The user name to connect with.
23+
24+ ssh_known_hosts_entry :
25+ required : true
26+ description : |
27+ The known host entry to use for the Discovery host.
28+
29+ runs :
30+ using : " composite"
31+ steps :
32+ - name : Set up SSH access to the Discovery host
33+ id : setup
34+ run : ${{ github.action_path }}/setup.sh
35+ shell : bash
36+ env :
37+ DISCOVERY_USER_NAME : ${{ inputs.user_name }}
38+ DISCOVERY_SSH_KNOWN_HOSTS_ENTRY : ${{ inputs.ssh_known_hosts_entry }}
39+ DISCOVERY_SSH_KEY : ${{ inputs.ssh_key }}
Original file line number Diff line number Diff line change 1+ #! /usr/bin/env bash
2+
3+ set -eu
4+ set -o pipefail
5+
6+ # Setup known_hosts
7+ SSH_KNOWN_HOSTS_FILE=" $( mktemp) "
8+ printenv DISCOVERY_SSH_KNOWN_HOSTS_ENTRY > " $SSH_KNOWN_HOSTS_FILE "
9+
10+ host_name=" $( echo " $DISCOVERY_SSH_KNOWN_HOSTS_ENTRY " | cut -d ' ' -f 1) "
11+
12+ # Create ssh config
13+ SSH_CONFIG_FILE=" $( mktemp) "
14+ cat > " $SSH_CONFIG_FILE " << EOF
15+ Host discovery
16+ HostName $host_name
17+ User $DISCOVERY_USER_NAME
18+ LogLevel ERROR
19+ StrictHostKeyChecking yes
20+ UserKnownHostsFile $SSH_KNOWN_HOSTS_FILE
21+ ControlPath none
22+ EOF
23+
24+ # Setup auth
25+ ssh_key_file=" $( mktemp) "
26+ printenv DISCOVERY_SSH_KEY > " $ssh_key_file "
27+ if ssh-keygen -y -f " $ssh_key_file " & > /dev/null; then
28+ # Start ssh agent
29+ eval $( ssh-agent)
30+ # Add ssh key to agent
31+ ssh-add -q " $ssh_key_file " && rm " $ssh_key_file "
32+ # Auth agent socket to ssh config
33+ echo " IdentityAgent $SSH_AUTH_SOCK " >> " $SSH_CONFIG_FILE "
34+ else
35+ echo -e >&2 \
36+ " Your SSH key is not a valid OpenSSH private key\n" \
37+ " This is likely caused by one of these issues:\n" \
38+ " * The key has been configured incorrectly in your workflow file.\n" \
39+ " * The workflow was triggered by an actor that has no access to\n" \
40+ " the GitHub Action secret used for storing your SSH key.\n" \
41+ " For example, Pull Requests originating from a fork of your\n" \
42+ " repository can't access secrets."
43+ exit 1
44+ fi
45+
46+ # Append ssh config to system config
47+ sudo mkdir -p /etc/ssh
48+ sudo touch /etc/ssh/ssh_config
49+ sudo tee -a /etc/ssh/ssh_config < " $SSH_CONFIG_FILE " > /dev/null
You can’t perform that action at this time.
0 commit comments