From c7671d858f032e258a724d8ab1475e9be42cf391 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 6 Feb 2022 15:15:00 +0800 Subject: [PATCH 01/95] docs: update format Signed-off-by: Bo-Yi Wu --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 779db86..bcf4469 100644 --- a/README.md +++ b/README.md @@ -378,7 +378,7 @@ Setting up SSH host fingerprint verification can help to prevent Person-in-the-M In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7). -``` +```sh ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ``` @@ -399,7 +399,9 @@ Now you can adjust you config: ``` ## Contributing + We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! ## License + The scripts and documentation in this project are released under the [MIT License](LICENSE) From ba1d4fb0eb89e3b83ad843bd875398d0d73fe721 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 6 Feb 2022 16:12:37 +0800 Subject: [PATCH 02/95] chore(CI): show secrets. Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d6a683a..3a13e96 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,6 +39,7 @@ jobs: ls -al # - name: stop script if command error + # if: always() # uses: ./ # with: # host: ${{ secrets.HOST }} @@ -70,16 +71,18 @@ jobs: FOO: "BAR" BAR: "FOO" SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA + envs: FOO,BAR,SHA,PORT script: | echo "I am $FOO, thanks" echo "I am $BAR, thanks" echo "sha: $SHA" + echo "port: $PORT" - name: ssh key passphrase uses: ./ From c732d38392bd59adadcb5e688fb1f7f1d29c6951 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 28 Feb 2022 07:08:00 +0800 Subject: [PATCH 03/95] chore: Add global environments Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3a13e96..efa88cd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,10 @@ name: remote ssh command on: [push] + +env: + FOO: "BAR" + BAR: "FOO" + jobs: build: From ea5c23a2b57ea400480c9cad9e2738aae1bca226 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 26 May 2022 09:02:47 +0800 Subject: [PATCH 04/95] Enable Sponsor Button --- .github/FUNDING.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..df9ae63 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,13 @@ +# These are supported funding model platforms + +github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +patreon: # Replace with a single Patreon username +open_collective: # Replace with a single Open Collective username +ko_fi: # Replace with a single Ko-fi username +tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +liberapay: # Replace with a single Liberapay username +issuehunt: # Replace with a single IssueHunt username +otechie: # Replace with a single Otechie username +lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry +custom: ['https://www.paypal.me/appleboy46'] From dce9d565de8d876c11d93fa4fe677c0285a66d78 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 28 May 2022 16:42:12 +0800 Subject: [PATCH 05/95] Update FUNDING.yml --- .github/FUNDING.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index df9ae63..c08c914 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -2,7 +2,7 @@ github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] patreon: # Replace with a single Patreon username -open_collective: # Replace with a single Open Collective username +open_collective: ssh-action ko_fi: # Replace with a single Ko-fi username tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry From ed1f3fc7c1bdb438aa7317557a0eb980aea774ad Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 29 Jul 2022 20:54:56 +0800 Subject: [PATCH 06/95] docs: problem with an EC2 instance Signed-off-by: Bo-Yi Wu --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index bcf4469..3a70693 100644 --- a/README.md +++ b/README.md @@ -398,6 +398,25 @@ Now you can adjust you config: ls -al ``` +## FAQ + +### Login with an EC2 instance + +See the [solution](https://github.com/appleboy/ssh-action/issues/80#issuecomment-1130407377). Open the following file + +```sh +/etc/ssh/sshd_config +``` + +and add the following configuration + +```sh +PubkeyAuthentication yes +PubkeyAcceptedKeyTypes=+ssh-rsa +``` + +restart the ssh server finally. + ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From f82e23f1a370495df4b0418d27fdbfbfd14994f8 Mon Sep 17 00:00:00 2001 From: Alister MacCormack <78695941+a-maccormack@users.noreply.github.com> Date: Fri, 29 Jul 2022 08:58:30 -0400 Subject: [PATCH 07/95] updated README to include OpenSSH comments (#161) --- README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/README.md b/README.md index 3a70693..4761996 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,26 @@ See the detail information about [SSH login without password](http://www.linuxpr * Change the permissions of `.ssh` to 700 * Change the permissions of `.ssh/authorized_keys2` to 640 +### If you are using OpenSSH +If you are currently using OpenSSH and are getting the following error: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +Make sure that your key algorithm of choice is supported. +On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under +`/etc/ssh/sshd_config.d/`): + +``` +CASignatureAlgorithms +ssh-rsa +``` + +Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + ### Example #### Executing remote ssh commands using password From a8d82ec39b75784f1bcd3d44e6c8261b710311d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A1niel=20Dobos?= <73838420+DanielDobos1985@users.noreply.github.com> Date: Fri, 29 Jul 2022 15:19:21 +0200 Subject: [PATCH 08/95] Switch to appleboy/drone-ssh:1.6.4 (#171) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6ee3e3c..416b5df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.3-linux-amd64 +FROM appleboy/drone-ssh:1.6.4-linux-amd64 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From e1116226a05cf6016654f0734e48b6d537501723 Mon Sep 17 00:00:00 2001 From: Ayanwola Ayomide <77179231+devvspaces@users.noreply.github.com> Date: Fri, 29 Jul 2022 14:19:55 +0100 Subject: [PATCH 09/95] updated readme envs option in example (#172) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4761996..bde11bf 100644 --- a/README.md +++ b/README.md @@ -289,7 +289,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} port: ${{ secrets.PORT }} -+ envs: FOO,BAR ++ envs: FOO,BAR,SHA script: | echo "I am $FOO" echo "I am $BAR" From f9010ff7f1bbd7db1a0b4bab661437550cea20c0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 29 Jul 2022 21:24:53 +0800 Subject: [PATCH 10/95] docs: remove FAQ section Signed-off-by: Bo-Yi Wu --- README.md | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index bde11bf..c1f7233 100644 --- a/README.md +++ b/README.md @@ -164,21 +164,22 @@ See the detail information about [SSH login without password](http://www.linuxpr * Change the permissions of `.ssh/authorized_keys2` to 640 ### If you are using OpenSSH + If you are currently using OpenSSH and are getting the following error: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Make sure that your key algorithm of choice is supported. -On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under +Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): -``` +```bash CASignatureAlgorithms +ssh-rsa ``` Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: + ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` @@ -375,7 +376,7 @@ Host FooServer #### Protecting a Private Key The purpose of the passphrase is usually to encrypt the private key. -This makes the key file by itself useless to an attacker. +This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. ```diff @@ -418,25 +419,6 @@ Now you can adjust you config: ls -al ``` -## FAQ - -### Login with an EC2 instance - -See the [solution](https://github.com/appleboy/ssh-action/issues/80#issuecomment-1130407377). Open the following file - -```sh -/etc/ssh/sshd_config -``` - -and add the following configuration - -```sh -PubkeyAuthentication yes -PubkeyAcceptedKeyTypes=+ssh-rsa -``` - -restart the ssh server finally. - ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From cc051b07ed0666619f6ea5703319edf00d06be13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Delgado?= Date: Mon, 17 Oct 2022 11:00:39 -0300 Subject: [PATCH 11/95] Update README.md (#188) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c1f7233..01e0173 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ See [action.yml](./action.yml) for more detailed information. * `sync` - synchronous execution if multiple hosts, default is false * `timeout` - timeout for ssh to remote host, default is `30s` * `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, rembemer include the BEGIN and END lines * `key_path` - path of ssh private key * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification * `script` - execute commands From f23dd5c68131bcfedeeb014c00136c5278de8166 Mon Sep 17 00:00:00 2001 From: Inaction Date: Sat, 26 Nov 2022 11:24:18 +0100 Subject: [PATCH 12/95] docs(readme): Fix typo (#191) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 01e0173..2cf4618 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ See [action.yml](./action.yml) for more detailed information. * `sync` - synchronous execution if multiple hosts, default is false * `timeout` - timeout for ssh to remote host, default is `30s` * `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, rembemer include the BEGIN and END lines +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines * `key_path` - path of ssh private key * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification * `script` - execute commands From 9a7da95c8c2bfb2b69be5e3dfe9f5f170cbdc91d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 9 Dec 2022 10:13:56 +0800 Subject: [PATCH 13/95] chore(ssh): upgrade to drone 1.6.5 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 416b5df..5fd496f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.4-linux-amd64 +FROM appleboy/drone-ssh:1.6.5-linux-amd64 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From db9be1d5f2fa6a5590015d66861ca0f073c62fe1 Mon Sep 17 00:00:00 2001 From: Leo Schick <67712864+leo-schick@users.noreply.github.com> Date: Fri, 9 Dec 2022 03:16:07 +0100 Subject: [PATCH 14/95] use fixed version in documentation (#199) --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 2cf4618..af27276 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@master + uses: appleboy/ssh-action@v0.1.5 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 0d5a3d0e48ba0a3f30d82c05f994722d3386888f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 9 Dec 2022 10:17:03 +0800 Subject: [PATCH 15/95] test: comment the ED25519 ssh testing --- .github/workflows/ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index efa88cd..db6c341 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -141,11 +141,11 @@ jobs: -lah use_insecure_cipher: true - - name: SSH ED25519 Private Key - uses: ./ - with: - host: ${{ secrets.TUNNEL_HOST }} - username: ${{ secrets.TUNNEL_USERNAME }} - key: ${{ secrets.ID_ED25519 }} - port: ${{ secrets.TUNNEL_PORT }} - script: whoami + # - name: SSH ED25519 Private Key + # uses: ./ + # with: + # host: ${{ secrets.TUNNEL_HOST }} + # username: ${{ secrets.TUNNEL_USERNAME }} + # key: ${{ secrets.ID_ED25519 }} + # port: ${{ secrets.TUNNEL_PORT }} + # script: whoami From 4a03da89e5c43da56e502053be4bbcb293411883 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 9 Dec 2022 10:32:49 +0800 Subject: [PATCH 16/95] docs: update to v0.1.6 --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index af27276..13968f8 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.5 + uses: appleboy/ssh-action@v0.1.6 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From d91a1af6f57cd4478ceee14d7705601dafabaa19 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 8 Jan 2023 09:08:14 +0800 Subject: [PATCH 17/95] Fix(envs): set environment variable instead of bash variable (#209) --- .github/workflows/ci.yml | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index db6c341..27fe433 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -88,6 +88,7 @@ jobs: echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" + sh test.sh - name: ssh key passphrase uses: ./ diff --git a/Dockerfile b/Dockerfile index 5fd496f..6249d23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.5-linux-amd64 +FROM appleboy/drone-ssh:1.6.8-linux-amd64 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From c1965ddd2563844fddc1ec01cafc798365706143 Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Sun, 8 Jan 2023 09:13:12 +0800 Subject: [PATCH 18/95] docs: upgrade to v0.1.7 Signed-off-by: Bo-Yi.Wu --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 13968f8..cbb2c34 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.6 + uses: appleboy/ssh-action@v0.1.7 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 7bf58514dbdd91c9949688650956cb60e92b469b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 28 Feb 2023 17:11:47 +0800 Subject: [PATCH 19/95] chore(auth): allow set password and private key at same time. (#226) --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ Dockerfile | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27fe433..2c44c53 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,26 @@ jobs: - name: checkout uses: actions/checkout@v1 + - name: correct password but wrong key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami + + - name: wrong password but correct key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + - name: executing remote ssh commands using password uses: ./ with: diff --git a/Dockerfile b/Dockerfile index 6249d23..56289e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.8-linux-amd64 +FROM appleboy/drone-ssh COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From ae2bb3c3dc0ff64e47218f5a068dc63c201c785e Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 28 Feb 2023 17:16:13 +0800 Subject: [PATCH 20/95] chore(docker): update appleboy/drone-ssh to v1.6.10 version Signed-off-by: Bo-Yi.Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 56289e6..0f1e3c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh +FROM appleboy/drone-ssh:1.6.10 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From b60142998894e495c513803efc6d5d72a72c968a Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 28 Feb 2023 17:18:27 +0800 Subject: [PATCH 21/95] docs: update to v0.1.8 version Signed-off-by: Bo-Yi.Wu --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cbb2c34..40569ba 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -203,7 +203,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -233,7 +233,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -249,7 +249,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -264,7 +264,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: "foo.com,bar.com" + sync: true @@ -280,7 +280,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 + env: + FOO: "BAR" + BAR: "FOO" @@ -305,7 +305,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -358,7 +358,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -407,7 +407,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.7 + uses: appleboy/ssh-action@v0.1.8 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 495830820fa9cf8c3026738073281a05f0d6dfeb Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 28 Feb 2023 18:12:19 +0800 Subject: [PATCH 22/95] docs: add traditional chinese documentation. Signed-off-by: Bo-Yi.Wu --- README.zh-tw.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 README.zh-tw.md diff --git a/README.zh-tw.md b/README.zh-tw.md new file mode 100644 index 0000000..f08a5f7 --- /dev/null +++ b/README.zh-tw.md @@ -0,0 +1,45 @@ +# 🚀 用於 GitHub Actions 的 SSH + +[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. + +![ssh workflow](./images/ssh-workflow.png) + +[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) + +**注意**: 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。 + +## 輸入變數 + +更詳細的資訊,請參閱 [action.yml](./action.yml)。 + +* `host` - SSH 主機 +* `port` - SSH 連接埠,預設為 `22` +* `username` - SSH 使用者名稱 +* `password` - SSH 密碼 +* `passphrase` - 通常用於加密私鑰的 passphrase +* `sync` - 同步執行多個主機上的命令,預設為 false +* `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s` +* `command_timeout` - SSH 命令超時時間,預設為 10m +* `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行 +* `key_path` - SSH 私鑰的路徑 +* `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 +* `script` - 執行命令 +* `script_stop` - 當出現第一個錯誤時停止執行命令 +* `envs` - 傳遞環境變數到 shell script +* `debug` - 啟用偵錯模式 +* `use_insecure_cipher` - 使用不安全的密碼(ciphers)進行加密,參見 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `cipher` - 允許使用的密碼(ciphers)演算法。如果未指定,則使用適當的演算法 + +SSH 代理設置: + +* `proxy_host` - 代理主機 +* `proxy_port` - 代理端口,預設為 `22` +* `proxy_username` - 代理使用者名稱 +* `proxy_password` - 代理密碼 +* `proxy_passphrase` - 密碼通常用於加密私有金鑰 +* `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s` +* `proxy_key` - SSH 代理私有金鑰內容 +* `proxy_key_path` - SSH 代理私有金鑰路徑 +* `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 +* `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 From 51b83ba47471c1d7399cec9b43aaf0d57432f707 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Mar 2023 10:22:51 +0800 Subject: [PATCH 23/95] docs: format --- README.md | 47 ++++++++--------------------------------------- 1 file changed, 8 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 40569ba..2e0aa53 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ See [action.yml](./action.yml) for more detailed information. * `sync` - synchronous execution if multiple hosts, default is false * `timeout` - timeout for ssh to remote host, default is `30s` * `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines +* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines * `key_path` - path of ssh private key * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification * `script` - execute commands @@ -85,76 +85,46 @@ Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair: -
-rsa -

+rsa ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -

-
- -
-ed25519 -

+ed25519 ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` -

-
- Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). -
-rsa -

+rsa ```bash cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -

-
- -
-ed25519 -

+ed25519 ```bash cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -

-
- Copy Private Key content and paste in Github Secrets. -
-rsa -

+rsa ```bash clip < ~/.ssh/id_rsa ``` -

-
- -
-ed25519 -

+ed25519 ```bash clip < ~/.ssh/id_ed25519 ``` -

-
- See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). **A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: @@ -171,8 +141,7 @@ If you are currently using OpenSSH and are getting the following error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under -`/etc/ssh/sshd_config.d/`): +Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): ```bash CASignatureAlgorithms +ssh-rsa From e4a881008dbb8a3c211786f8a9c0c7a21c339a3c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Mar 2023 10:26:23 +0800 Subject: [PATCH 24/95] docs(readme): update --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2e0aa53..87f303d 100644 --- a/README.md +++ b/README.md @@ -85,13 +85,13 @@ Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair: -rsa +### Generate rsa key ```bash ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ``` -ed25519 +### Generate ed25519 key ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" @@ -99,13 +99,13 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). -rsa +### Add rsa key into Authorized keys ```bash cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' ``` -ed25519 +### Add ed25519 key into Authorized keys ```bash cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' @@ -113,13 +113,13 @@ cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' Copy Private Key content and paste in Github Secrets. -rsa +### Copy rsa Private key ```bash clip < ~/.ssh/id_rsa ``` -ed25519 +### Copy ed25519 Private key ```bash clip < ~/.ssh/id_ed25519 From 6a1b59d972b8284bc1127691af3cb964ae4c841b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 3 Mar 2023 10:45:48 +0800 Subject: [PATCH 25/95] docs: add chinese --- README.md | 2 + README.zh-tw.md | 348 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 350 insertions(+) diff --git a/README.md b/README.md index 87f303d..460866f 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # 🚀 SSH for GitHub Actions +[繁體中文](./README.zh-tw.md) + [GitHub Action](https://github.com/features/actions) for executing remote ssh commands. ![ssh workflow](./images/ssh-workflow.png) diff --git a/README.zh-tw.md b/README.zh-tw.md index f08a5f7..eeeca6d 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -43,3 +43,351 @@ SSH 代理設置: * `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 * `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) * `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 + +## 使用方式 + +執行遠端 SSH 命令 + +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +畫面輸出 + +```sh +======CMD====== +whoami +======END====== +out: *** +============================================== +✅ Successfully executed commands to all host. +============================================== +``` + +### 設置 SSH 金鑰 + +請在創建 SSH 金鑰並使用 SSH 金鑰時遵循以下步驟。最佳做法是在本地機器上創建 SSH 金鑰而不是遠端機器上。請使用 Github Secrets 中指定的用戶名登錄。生成 RSA 金鑰: + +### 生成 RSA 金鑰 + +```bash +ssh-keygen -t rsa -b 4096 -C "your_email@example.com" +``` + +### 生成 ed25519 金鑰 + +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + +將新生成的金鑰添加到已授權的金鑰中。詳細了解已授權的金鑰請點擊[此處](https://www.ssh.com/ssh/authorized_keys/). + +### 將 RSA 金鑰添加到已授權金鑰中 + +```bash +cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' +``` + +### 將 ed25519 金鑰添加到已授權金鑰中 + +```bash +cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' +``` + +複製私鑰內容,然後將其粘貼到 Github Secrets 中。 + +### 複製 rsa 私鑰內容 + +```bash +clip < ~/.ssh/id_rsa +``` + +### 複製 ed25519 私鑰內容 + +```bash +clip < ~/.ssh/id_ed25519 +``` + +有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 + +**來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: + +* 將公鑰放在 `.ssh/authorized_keys2` 中 +* 將 `.ssh` 的權限更改為700 +* 將 `.ssh/authorized_keys2` 的權限更改為640 + +### 如果你使用的是 OpenSSH + +如果您正在使用 OpenSSH,並出現以下錯誤: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +請確保您所選擇的密鑰演算法得到支援。在 Ubuntu 20.04 或更高版本上,您必須明確允許使用 SSH-RSA 演算法。請在 OpenSSH 守護進程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一個附著文件): + +```bash +CASignatureAlgorithms +ssh-rsa +``` + +或者,`Ed25519` 密鑰在 OpenSSH 中默認被接受。如果需要,您可以使用它來替代 RSA。 + +```bash +ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" +``` + +### Example + +#### 使用密碼執行遠端 SSH 命令 + +```yaml +- name: executing remote ssh commands using password + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 使用私鑰 + +```yaml +- name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 多個命令 + +```yaml +- name: multiple command + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +![result](./images/output-result.png) + +#### 多台主機 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v0.1.8 + with: +- host: "foo.com" ++ host: "foo.com,bar.com" + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 多個不同端口的主機 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v0.1.8 + with: +- host: "foo.com" ++ host: "foo.com:1234,bar.com:5678" + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + script: | + whoami + ls -al +``` + +#### 在多個主機上同步執行 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v0.1.8 + with: + host: "foo.com,bar.com" ++ sync: true + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 將環境變量傳遞到 Shell 腳本 + +```diff + - name: pass environment + uses: appleboy/ssh-action@v0.1.8 ++ env: ++ FOO: "BAR" ++ BAR: "FOO" ++ SHA: ${{ github.sha }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ envs: FOO,BAR,SHA + script: | + echo "I am $FOO" + echo "I am $BAR" + echo "sha: $SHA" +``` + +_在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ + +#### 在第一次失敗後停止腳本 + +> ex: missing `abc` folder + +```diff + - name: stop script if command error + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ script_stop: true + script: | + mkdir abc/def + ls -al +``` + +畫面輸出: + +```sh +======CMD====== +mkdir abc/def +ls -al + +======END====== +2019/11/21 01:16:21 Process exited with status 1 +err: mkdir: cannot create directory ‘abc/def’: No such file or directory +##[error]Docker run failed with exit code 1 +``` + +#### 如何使用 `ProxyCommand` 連接遠程服務器? + +```bash ++--------+ +----------+ +-----------+ +| Laptop | <--> | Jumphost | <--> | FooServer | ++--------+ +----------+ +-----------+ +``` + +在您的 `~/.ssh/config` 文件中,您會看到以下內容。 + +```bash +Host Jumphost + HostName Jumphost + User ubuntu + Port 22 + IdentityFile ~/.ssh/keys/jump_host.pem + +Host FooServer + HostName FooServer + User ubuntu + Port 22 + ProxyCommand ssh -q -W %h:%p Jumphost +``` + +#### 如何將其轉換為 GitHubActions 的 YAML 格式? + +```diff + - name: ssh proxy command + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ proxy_host: ${{ secrets.PROXY_HOST }} ++ proxy_username: ${{ secrets.PROXY_USERNAME }} ++ proxy_key: ${{ secrets.PROXY_KEY }} ++ proxy_port: ${{ secrets.PROXY_PORT }} + script: | + mkdir abc/def + ls -al +``` + +#### 如何保護私鑰? + +密碼短語通常用於加密私鑰。這使得攻擊者無法單獨使用密鑰文件。文件泄露可能來自備份或停用的硬件,黑客通常可以從受攻擊系統中洩露文件。因此,保護私鑰非常重要。 + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al +``` + +#### 使用主機指紋驗證 + +設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 + +現代 OpenSSH 版本中,需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 + +```sh +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 +``` + +現在您可以調整您的配置: + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v0.1.8 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ fingerprint: ${{ secrets.FINGERPRINT }} + script: | + whoami + ls -al +``` + +## 貢獻 + +我們非常希望您為 `appleboy/ssh-action` 做出貢獻,歡迎提交請求! + +## 授權方式 + +本項目中的腳本和文檔采用 [MIT](LICENSE) 許可證 發布。 From 3cd1bcf7713f758a2c03f1fa7b0401826d0b1dcf Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 4 Apr 2023 17:25:53 +0800 Subject: [PATCH 26/95] feat: refactor code for parallel execution on multiple hosts (#237) - Update Dockerfile to use a newer version of `drone-ssh` - Modify `ci.yml` to use `continue-on-error` instead of commenting out code fix https://github.com/appleboy/ssh-action/issues/233 --- .github/workflows/ci.yml | 26 ++++++++++++++------------ Dockerfile | 2 +- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2c44c53..8494f9c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -63,18 +63,20 @@ jobs: whoami ls -al - # - name: stop script if command error - # if: always() - # uses: ./ - # with: - # host: ${{ secrets.HOST }} - # username: ${{ secrets.USERNAME }} - # key: ${{ secrets.KEY }} - # port: ${{ secrets.PORT }} - # script_stop: true - # script: | - # mkdir abc/def - # ls -al + - name: stop script if command error + uses: ./ + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al - name: pass environment uses: ./ diff --git a/Dockerfile b/Dockerfile index 0f1e3c8..6cd936d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM appleboy/drone-ssh:1.6.10 +FROM ghcr.io/appleboy/drone-ssh:1.6.12 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 5f64c95280a8e7632da28096e00ccaecb296d200 Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 4 Apr 2023 17:37:29 +0800 Subject: [PATCH 27/95] chore: improve SSH key handling and documentation - Upgrade the ssh-action package from version `v0.1.8` to `v0.1.9` - Update the ssh-keygen command to use `-t ed25519 -a 200 -C` flag with an email address - Clarify how to pass environment variables as strings in the `env` object - Add a command to check the fingerprint of an ed25519 key in the README - Remove duplicate Host entry for `FooServer` in the Chinese version of the README Signed-off-by: Bo-Yi.Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 460866f..0bf9bb8 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -161,7 +161,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -174,7 +174,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -187,7 +187,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -204,7 +204,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -220,7 +220,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -235,7 +235,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: "foo.com,bar.com" + sync: true @@ -251,7 +251,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 + env: + FOO: "BAR" + BAR: "FOO" @@ -276,7 +276,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -329,7 +329,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -378,7 +378,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index eeeca6d..e81326c 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.8 + uses: appleboy/ssh-action@v0.1.9 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 6268c80dd6526b1531eedc69f6c315e9d3848673 Mon Sep 17 00:00:00 2001 From: "Bo-Yi.Wu" Date: Tue, 4 Apr 2023 17:56:49 +0800 Subject: [PATCH 28/95] docs: add external resources to README file - Add a line linking to Golang and drone-ssh in the README file Signed-off-by: Bo-Yi.Wu --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0bf9bb8..783d892 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ **Important**: Only support **Linux** [docker](https://www.docker.com/) container. +This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 + ## Input variables See [action.yml](./action.yml) for more detailed information. From 334f9259f2f8eb3376d33fa4c684fff373f2c2a6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 11:15:42 +0800 Subject: [PATCH 29/95] chore: update action configuration for greater flexibility (#240) - Update base image version from `1.6.12` to `1.6.13` in Dockerfile - Add `envs_format` input with flexible configuration in action.yml - Add a line to README.md pointing to action.yml for more information fix https://github.com/appleboy/ssh-action/issues/213 --- .github/workflows/ci.yml | 97 +++++++++++++++++++++++++--------------- Dockerfile | 2 +- README.md | 1 + action.yml | 2 + 4 files changed, 65 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8494f9c..58d418c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,8 +7,8 @@ env: jobs: - build: - name: Build + testing01: + name: default flag testing runs-on: ubuntu-latest steps: - name: checkout @@ -78,40 +78,6 @@ jobs: mkdir abc/def ls -al - - name: pass environment - uses: ./ - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: ./ - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh - - name: ssh key passphrase uses: ./ with: @@ -172,3 +138,62 @@ jobs: # key: ${{ secrets.ID_ED25519 }} # port: ${{ secrets.TUNNEL_PORT }} # script: whoami + + testing02: + name: testing with envs + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: pass environment + uses: ./ + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: ./ + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: ./ + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" diff --git a/Dockerfile b/Dockerfile index 6cd936d..ffdb73d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.12 +FROM ghcr.io/appleboy/drone-ssh:1.6.13 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/README.md b/README.md index 783d892..425658d 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ See [action.yml](./action.yml) for more detailed information. * `debug` - enable debug mode * `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) * `cipher` - the allowed cipher algorithms. If unspecified then a sensible +* `envs_format` - flexible configuration of environment value transfer. default is `export {NAME}={VALUE}` SSH Proxy Setting: diff --git a/action.yml b/action.yml index 65891e8..3cdc797 100644 --- a/action.yml +++ b/action.yml @@ -65,6 +65,8 @@ inputs: default: false envs: description: 'pass environment variable to shell script' + envs_format: + description: 'flexible configuration of environment value transfer' debug: description: 'enable debug mode' default: false From 2b7de38eedf6e1cd145f62cad6c0b85f5c757757 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 12:18:50 +0800 Subject: [PATCH 30/95] chore: update `appleboy/ssh-action` to latest version - Update the version of `appleboy/ssh-action` from `v0.1.9` to `v0.1.10` in multiple files. Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 425658d..181fd18 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index e81326c..700a2bb 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.9 + uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 3130c7a2bcc2189118f51bfacd60c0974a89f031 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 13 Apr 2023 14:38:24 +0800 Subject: [PATCH 31/95] ci: improve CI workflow for private repository cloning (#241) - Add a new job for git clone and pull in CI - Clone a private repository in CI with secrets - Remove a directory in the cloned repository ref: https://github.com/appleboy/ssh-action/issues/65 --- .github/workflows/ci.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 58d418c..9da0438 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -197,3 +197,22 @@ jobs: echo "I am $TEST_BAR, thanks" echo "I am $BAR, thanks" echo "I am $TEST_AAA, thanks" + + testing03: + name: git clone and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: clone private repository + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository From d87d276960fd7693a6c0d13631bf6e92196a62b9 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 18 Apr 2023 09:31:39 +0800 Subject: [PATCH 32/95] ci: add Docker login and pull job to CI pipeline (#244) - Add a new job named "testing04" for docker login and pull in ci.yml file. ref: https://github.com/appleboy/ssh-action/issues/230 --- .github/workflows/ci.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9da0438..d1b576f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -216,3 +216,32 @@ jobs: script: | git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository rm -rf test_repository + + testing04: + name: docker login and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: login GitHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + + - name: login DockerHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin From f579d71942bc5b32150f75471c095aa438c5689d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 11:06:25 +0800 Subject: [PATCH 33/95] chore: improve action.yml clarity and update default values - Update descriptions for input fields in action.yml for better clarity - Change default values for SSH port and SSH proxy port to string format Signed-off-by: Bo-Yi Wu --- action.yml | 67 +++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/action.yml b/action.yml index 3cdc797..2e04181 100644 --- a/action.yml +++ b/action.yml @@ -3,73 +3,68 @@ description: 'Executing remote ssh commands' author: 'Bo-Yi Wu' inputs: host: - description: 'ssh host' + description: 'SSH host address.' port: - description: 'ssh port' - default: 22 + description: 'SSH port number.' + default: "22" passphrase: - description: 'ssh key passphrase' + description: 'Passphrase for the SSH key.' username: - description: 'ssh username' + description: 'SSH username.' password: - description: 'ssh password' + description: 'SSH password.' sync: - description: 'synchronous execution if multiple hosts' - default: false + description: 'Enable synchronous execution if multiple hosts are involved.' use_insecure_cipher: - description: 'include more ciphers with use_insecure_cipher' - default: false + description: 'Include more ciphers by using insecure ciphers.' cipher: - description: 'the allowed cipher algorithms. If unspecified then a sensible' + description: 'Allowed cipher algorithms. If unspecified, a sensible default is used.' timeout: - description: 'timeout for ssh to host' + description: 'Timeout duration for establishing SSH connection to the host.' default: "30s" command_timeout: - description: 'timeout for ssh command' + description: 'Timeout duration for SSH commands execution.' default: "10m" key: - description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa' + description: 'Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa.' key_path: - description: 'path of ssh private key' + description: 'Path to the SSH private key file.' fingerprint: - description: 'sha256 fingerprint of the host public key' + description: 'SHA256 fingerprint of the host public key.' proxy_host: - description: 'ssh proxy host' + description: 'SSH proxy host address.' proxy_port: - description: 'ssh proxy port' - default: 22 + description: 'SSH proxy port number.' + default: "22" proxy_username: - description: 'ssh proxy username' + description: 'SSH proxy username.' proxy_password: - description: 'ssh proxy password' + description: 'SSH proxy password.' proxy_passphrase: - description: 'ssh proxy key passphrase' + description: 'SSH proxy key passphrase.' proxy_timeout: - description: 'timeout for ssh to proxy host' + description: 'Timeout duration for establishing SSH connection to the proxy host.' default: "30s" proxy_key: - description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa' + description: 'Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa.' proxy_key_path: - description: 'path of ssh proxy private key' + description: 'Path to the SSH proxy private key file.' proxy_fingerprint: - description: 'sha256 fingerprint of the proxy host public key' + description: 'SHA256 fingerprint of the proxy host public key.' proxy_cipher: - description: 'the allowed cipher algorithms. If unspecified then a sensible' + description: 'Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used.' proxy_use_insecure_cipher: - description: 'include more ciphers with use_insecure_cipher' - default: false + description: 'Include more ciphers for the proxy by using insecure ciphers.' script: - description: 'execute commands' + description: 'Commands to be executed.' script_stop: - description: 'stop script after first failure' - default: false + description: 'Stop the script after the first failure.' envs: - description: 'pass environment variable to shell script' + description: 'Environment variables to be passed to the shell script.' envs_format: - description: 'flexible configuration of environment value transfer' + description: 'Flexible configuration for environment value transfer.' debug: - description: 'enable debug mode' - default: false + description: 'Enable debug mode.' runs: using: 'docker' image: 'Dockerfile' From c7d850f6cdde249c4ca63d8651271f7a24959b4f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 11:08:59 +0800 Subject: [PATCH 34/95] docs: improve readability and functionality across project - Reformat input parameters in README.md as a table for better readability Signed-off-by: Bo-Yi Wu --- README.md | 63 +++++++++++++++++++++++++++---------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 181fd18..974c7de 100644 --- a/README.md +++ b/README.md @@ -16,38 +16,37 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. -* `host` - ssh host -* `port` - ssh port, default is `22` -* `username` - ssh username -* `password` - ssh password -* `passphrase` - the passphrase is usually to encrypt the private key -* `sync` - synchronous execution if multiple hosts, default is false -* `timeout` - timeout for ssh to remote host, default is `30s` -* `command_timeout` - timeout for ssh command, default is `10m` -* `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines -* `key_path` - path of ssh private key -* `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification -* `script` - execute commands -* `script_stop` - stop script after first failure -* `envs` - pass environment variable to shell script -* `debug` - enable debug mode -* `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* `cipher` - the allowed cipher algorithms. If unspecified then a sensible -* `envs_format` - flexible configuration of environment value transfer. default is `export {NAME}={VALUE}` - -SSH Proxy Setting: - -* `proxy_host` - proxy host -* `proxy_port` - proxy port, default is `22` -* `proxy_username` - proxy username -* `proxy_password` - proxy password -* `proxy_passphrase` - the passphrase is usually to encrypt the private key -* `proxy_timeout` - timeout for ssh to proxy host, default is `30s` -* `proxy_key` - content of ssh proxy private key. -* `proxy_key_path` - path of ssh proxy private key -* `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification -* `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) -* `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible +| Input Parameter | Description | Default Value | +|-------------------------|-----------------------------------------------------------------|---------------| +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | SSH key passphrase | | +| username | SSH username | | +| password | SSH password | | +| sync | Enable synchronous execution if multiple hosts | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| timeout | Timeout duration for SSH to host | 30s | +| command_timeout | Timeout duration for SSH command | 10m | +| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | +| key_path | Path of SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| script | Execute commands | | +| script_stop | Stop script after first failure | false | +| envs | Pass environment variables to shell script | | +| envs_format | Flexible configuration of environment value transfer | | +| debug | Enable debug mode | false | ## Usage From a01d3ea1dfcdbed994ab6c85fb3d7daf5e785f85 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 4 Jun 2023 16:30:25 +0800 Subject: [PATCH 35/95] chore: improve performance and test coverage across OSs - Update the Dockerfile to use drone-ssh version 1.6.14 Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ffdb73d..533f0f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.13 +FROM ghcr.io/appleboy/drone-ssh:1.6.14 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From 5ac43dd7628ddabb9fc5fae29368b663142fcc8f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 23 Jul 2023 09:53:20 +0800 Subject: [PATCH 36/95] chore(ssh): pass all ENV variables to script (#259) --- .github/workflows/ci.yml | 18 ++++++++++++++++++ Dockerfile | 2 +- action.yml | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d1b576f..8e8e5dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -198,6 +198,23 @@ jobs: echo "I am $BAR, thanks" echo "I am $TEST_AAA, thanks" + - name: pass all ENV variables to script + uses: ./ + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" + testing03: name: git clone and pull runs-on: ubuntu-latest @@ -245,3 +262,4 @@ jobs: script_stop: true script: | echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + diff --git a/Dockerfile b/Dockerfile index 533f0f9..cb97f5b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.6.14 +FROM ghcr.io/appleboy/drone-ssh:1.7.0 COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/action.yml b/action.yml index 2e04181..405b14a 100644 --- a/action.yml +++ b/action.yml @@ -65,6 +65,8 @@ inputs: description: 'Flexible configuration for environment value transfer.' debug: description: 'Enable debug mode.' + allenvs: + description: 'pass all environment variable to shell script.' runs: using: 'docker' image: 'Dockerfile' From 8d9094f3b161ae3721150b835be0dfa3a3f65f4a Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 09:57:59 +0800 Subject: [PATCH 37/95] docs: "Introduce `allenvs` option for shell script execution" - Add a new option `allenvs` in the README to pass all environment variables to the shell script. Signed-off-by: appleboy --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 974c7de..7ac1189 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | +| allenvs | Pass all environment variables to shell script | false | ## Usage From 55dabf81b49d4120609345970c91507e2d734799 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 10:01:08 +0800 Subject: [PATCH 38/95] docs: update appleboy/ssh-action version in README - Update the version of `appleboy/ssh-action` from `v0.1.10` to `v0.2.0` in multiple places in the README file. Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 7ac1189..ed77ce2 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v0.2.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 4330a1ea489ced98a6778fb35bb6bfed8b61fca5 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 23 Jul 2023 10:05:56 +0800 Subject: [PATCH 39/95] docs: update appleboy/ssh-action version in README - Update the version of `appleboy/ssh-action` from `v0.2.0` to `v1.0.0` in multiple places in the README. Signed-off-by: appleboy --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index ed77ce2..77f71dd 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.2.0 + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From b9f6bf6223b169d55fdc9d4317424830474585e6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:07:39 +0800 Subject: [PATCH 40/95] style: refine CI Workflow and Test Configurations - Remove empty lines from the GitHub Actions CI workflow file Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 410 +++++++++++++++++++-------------------- 1 file changed, 204 insertions(+), 206 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e8e5dd..e9f2b7c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,129 +6,128 @@ env: BAR: "FOO" jobs: - testing01: name: default flag testing runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: correct password but wrong key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami + - name: correct password but wrong key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami - - name: wrong password but correct key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami + - name: wrong password but correct key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami - - name: executing remote ssh commands using password - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using password + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami - - name: executing remote ssh commands using ssh key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami + - name: executing remote ssh commands using ssh key + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami - - name: multiple command - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al + - name: multiple command + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al - - name: stop script if command error - uses: ./ - continue-on-error: true - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al + - name: stop script if command error + uses: ./ + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al - - name: ssh key passphrase - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} - script: | - whoami - ls -al + - name: ssh key passphrase + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH2 }} + port: ${{ secrets.PORT }} + passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al - - name: use insecure cipher - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | + - name: use insecure cipher + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script_stop: true - script: | + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: ./ - with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 - script_stop: true - script: | + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: ./ + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | ls \ -lah - use_insecure_cipher: true + use_insecure_cipher: true # - name: SSH ED25519 Private Key # uses: ./ @@ -143,123 +142,122 @@ jobs: name: testing with envs runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: pass environment - uses: ./ - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" + - name: pass environment + uses: ./ + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" - - name: pass multiple environment - uses: ./ - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh + - name: pass multiple environment + uses: ./ + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh - - name: custom envs format - uses: ./ - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" + - name: custom envs format + uses: ./ + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" - - name: pass all ENV variables to script - uses: ./ - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" + - name: pass all ENV variables to script + uses: ./ + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" testing03: name: git clone and pull runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 + - name: checkout + uses: actions/checkout@v1 - - name: clone private repository - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository + - name: clone private repository + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository testing04: name: docker login and pull runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v1 - - - name: login GitHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + - name: checkout + uses: actions/checkout@v1 - - name: login DockerHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + - name: login GitHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + - name: login DockerHub Container Registry + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin From 2344d975738ad85c2c0bc848a78cef0d4ce17ec0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:11:53 +0800 Subject: [PATCH 41/95] chore(security): update drone-ssh to v1.7.1 (#286) - Update the base image in Dockerfile from `1.7.0` to `1.7.1` - Change the location of `entrypoint.sh` from root to `/bin/` directory in Dockerfile - Remove the explicit `chmod +x` command for `entrypoint.sh` in Dockerfile Signed-off-by: Bo-Yi Wu --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index cb97f5b..bc4c6cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.0 +FROM ghcr.io/appleboy/drone-ssh:1.7.1 -COPY entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] +COPY entrypoint.sh /bin/entrypoint.sh + +ENTRYPOINT ["/bin/entrypoint.sh"] From 8f949198563a347a01c65ffc60399aef2b59d4ab Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 26 Dec 2023 15:13:15 +0800 Subject: [PATCH 42/95] chore: update appleboy/ssh-action to v1.0.1 in documentation - Update appleboy/ssh-action from v1.0.0 to v1.0.1 in README.md - Update appleboy/ssh-action from v0.1.10 to v1.0.1 in README.zh-tw.md Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 77f71dd..1ffd1ce 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.0 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 700a2bb..081c8ca 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v0.1.10 + uses: appleboy/ssh-action@v1.0.1 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 1f3c33893694c04aef214bb7cf82793046ec9ca1 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 1 Jan 2024 14:22:41 +0800 Subject: [PATCH 43/95] chore: update base image to 1.7.2 in Dockerfile - Update the base image from `1.7.1` to `1.7.2` in the Dockerfile Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bc4c6cf..d065a87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.1 +FROM ghcr.io/appleboy/drone-ssh:1.7.2 COPY entrypoint.sh /bin/entrypoint.sh From 2451745138b602d3e100a6def50c8e4e39591d4c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 1 Jan 2024 14:23:27 +0800 Subject: [PATCH 44/95] chore: update SSH action version in README files - Update the version of the `appleboy/ssh-action` to `v1.0.2` in the `README.md` and `README.zh-tw.md` files. Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 1ffd1ce..84aaaf4 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -164,7 +164,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -177,7 +177,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -190,7 +190,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -207,7 +207,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -223,7 +223,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -238,7 +238,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: "foo.com,bar.com" + sync: true @@ -254,7 +254,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -279,7 +279,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -332,7 +332,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -355,7 +355,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -381,7 +381,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 081c8ca..94b7e9c 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.1 + uses: appleboy/ssh-action@v1.0.2 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From d134a26a1f62a1eb6f470f543cb0a988f888573d Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:39:23 +0800 Subject: [PATCH 45/95] fix(sudo): support request_pty to execute sudo command (#288) - Add a new job called `testing05` to the CI workflow - Update the base image in the Dockerfile from `1.7.2` to `1.7.3` - Update the action name, description, and author in the action.yml file - Update the descriptions for various inputs in the action.yml file - Add a new input `request_pty` with a description in the action.yml file - Update the `using` and `image` fields in the action.yml file - Update the `using` and `image` fields in the runs section of the action.yml file - Update the `icon` and `color` fields in the branding section of the action.yml file Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 21 +++++++++++ Dockerfile | 2 +- action.yml | 76 +++++++++++++++++++++------------------- 3 files changed, 61 insertions(+), 38 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9f2b7c..b676e5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -261,3 +261,24 @@ jobs: script_stop: true script: | echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + + testing05: + name: switch user + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: switch to root user + uses: ./ + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami diff --git a/Dockerfile b/Dockerfile index d065a87..dd5119d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.2 +FROM ghcr.io/appleboy/drone-ssh:1.7.3 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/action.yml b/action.yml index 405b14a..2d1067e 100644 --- a/action.yml +++ b/action.yml @@ -1,76 +1,78 @@ -name: 'SSH Remote Commands' -description: 'Executing remote ssh commands' -author: 'Bo-Yi Wu' +name: "SSH Remote Commands" +description: "Executing remote ssh commands" +author: "Bo-Yi Wu" inputs: host: - description: 'SSH host address.' + description: "SSH host address." port: - description: 'SSH port number.' + description: "SSH port number." default: "22" passphrase: - description: 'Passphrase for the SSH key.' + description: "Passphrase for the SSH key." username: - description: 'SSH username.' + description: "SSH username." password: - description: 'SSH password.' + description: "SSH password." sync: - description: 'Enable synchronous execution if multiple hosts are involved.' + description: "Enable synchronous execution if multiple hosts are involved." use_insecure_cipher: - description: 'Include more ciphers by using insecure ciphers.' + description: "Include more ciphers by using insecure ciphers." cipher: - description: 'Allowed cipher algorithms. If unspecified, a sensible default is used.' + description: "Allowed cipher algorithms. If unspecified, a sensible default is used." timeout: - description: 'Timeout duration for establishing SSH connection to the host.' + description: "Timeout duration for establishing SSH connection to the host." default: "30s" command_timeout: - description: 'Timeout duration for SSH commands execution.' + description: "Timeout duration for SSH commands execution." default: "10m" key: - description: 'Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa.' + description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa." key_path: - description: 'Path to the SSH private key file.' + description: "Path to the SSH private key file." fingerprint: - description: 'SHA256 fingerprint of the host public key.' + description: "SHA256 fingerprint of the host public key." proxy_host: - description: 'SSH proxy host address.' + description: "SSH proxy host address." proxy_port: - description: 'SSH proxy port number.' + description: "SSH proxy port number." default: "22" proxy_username: - description: 'SSH proxy username.' + description: "SSH proxy username." proxy_password: - description: 'SSH proxy password.' + description: "SSH proxy password." proxy_passphrase: - description: 'SSH proxy key passphrase.' + description: "SSH proxy key passphrase." proxy_timeout: - description: 'Timeout duration for establishing SSH connection to the proxy host.' + description: "Timeout duration for establishing SSH connection to the proxy host." default: "30s" proxy_key: - description: 'Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa.' + description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa." proxy_key_path: - description: 'Path to the SSH proxy private key file.' + description: "Path to the SSH proxy private key file." proxy_fingerprint: - description: 'SHA256 fingerprint of the proxy host public key.' + description: "SHA256 fingerprint of the proxy host public key." proxy_cipher: - description: 'Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used.' + description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used." proxy_use_insecure_cipher: - description: 'Include more ciphers for the proxy by using insecure ciphers.' + description: "Include more ciphers for the proxy by using insecure ciphers." script: - description: 'Commands to be executed.' + description: "Commands to be executed." script_stop: - description: 'Stop the script after the first failure.' + description: "Stop the script after the first failure." envs: - description: 'Environment variables to be passed to the shell script.' + description: "Environment variables to be passed to the shell script." envs_format: - description: 'Flexible configuration for environment value transfer.' + description: "Flexible configuration for environment value transfer." debug: - description: 'Enable debug mode.' + description: "Enable debug mode." allenvs: - description: 'pass all environment variable to shell script.' + description: "pass all environment variable to shell script." + request_pty: + description: "Request a pseudo-terminal from the server." runs: - using: 'docker' - image: 'Dockerfile' + using: "docker" + image: "Dockerfile" branding: - icon: 'terminal' - color: 'gray-dark' + icon: "terminal" + color: "gray-dark" From 029f5b4aeeeb58fdfe1410a5d17f967dacf36262 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:40:43 +0800 Subject: [PATCH 46/95] docs: update README.md and improve code documentation - Add a new entry for `request_pty` in the README.md file Signed-off-by: Bo-Yi Wu --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 84aaaf4..c21143f 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ See [action.yml](./action.yml) for more detailed information. | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | | allenvs | Pass all environment variables to shell script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From 9b978f09f2587beff9c80449f57cb0f0612d3039 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 7 Jan 2024 19:48:12 +0800 Subject: [PATCH 47/95] chore: update SSH action version in README files - Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.md file - Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.zh-tw.md file Signed-off-by: Bo-Yi Wu --- README.md | 24 ++++++++++++------------ README.zh-tw.md | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index c21143f..37265d6 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -165,7 +165,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -178,7 +178,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -191,7 +191,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -208,7 +208,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -224,7 +224,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -239,7 +239,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: "foo.com,bar.com" + sync: true @@ -255,7 +255,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" @@ -280,7 +280,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -333,7 +333,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -356,7 +356,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -382,7 +382,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-tw.md b/README.zh-tw.md index 94b7e9c..9c37b34 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.2 + uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 8a779a5b1a8a79465e63ce4724624b4755fed49b Mon Sep 17 00:00:00 2001 From: Kushal Dhakal <55182298+hussu010@users.noreply.github.com> Date: Sat, 16 Mar 2024 07:28:37 +0545 Subject: [PATCH 48/95] docs: describe true usage of allenvs parameter (#301) --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 37265d6..7fc55db 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ See [action.yml](./action.yml) for more detailed information. | username | SSH username | | | password | SSH password | | | sync | Enable synchronous execution if multiple hosts | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | | cipher | Allowed cipher algorithms. If unspecified, a sensible default | | | timeout | Timeout duration for SSH to host | 30s | | command_timeout | Timeout duration for SSH command | 10m | @@ -36,19 +36,19 @@ See [action.yml](./action.yml) for more detailed information. | proxy_username | SSH proxy username | | | proxy_password | SSH proxy password | | | proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | script | Execute commands | | -| script_stop | Stop script after first failure | false | +| script_stop | Stop script after first failure | false | | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | Pass all environment variables to shell script | false | -| request_pty | Request a pseudo-terminal from the server | false | +| allenvs | pass the environment variables with prefix value of GITHUB_ and INPUT_ to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From c78141851a6d716353b2ce13c978924e0300775e Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 15:45:28 +0800 Subject: [PATCH 49/95] ci: enhance GitHub Actions for IPv6 and flexibility (#303) * ci: enhance GitHub Actions for IPv6 and flexibility - Add a new CI job for testing IPv6 in GitHub Actions workflow - Update the Docker image version from `1.7.3` to `1.7.4` - Add a new `protocol` input parameter to the GitHub action with a default value of `tcp` - Change the GitHub action to use a composite run steps action instead of a Docker container - Update the `entrypoint.sh` script to use `bash` instead of `sh`, set stricter error handling, and add a function to detect client platform and architecture - Modify the `entrypoint.sh` script to download a specific version of `drone-ssh` based on the detected client info and execute it Signed-off-by: Bo-Yi Wu * ci: refactor CI workflow and Docker setup - Remove IPv6 ping command from CI workflow - Uncomment Docker run configuration in action.yml Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 28 +++++++++++++++++ Dockerfile | 2 +- action.yml | 50 +++++++++++++++++++++++++++++-- entrypoint.sh | 65 ++++++++++++++++++++++++++++++++++++++-- 4 files changed, 139 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b676e5f..e188bf9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -282,3 +282,31 @@ jobs: script: | whoami && echo 'hello world' && touch todo.txt sudo whoami + + testing06: + name: testing ipv6 + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v1 + + - name: Set up WARP + uses: fscarmen/warp-on-actions@v1.1 + with: + stack: dual + + - name: testing ipv6 for command + run: | + curl -m 9 --ipv6 --verbose https://google.com + + - name: testing ipv6 + uses: ./ + with: + host: 2402:1f00:8000:800::2628 + username: ubuntu + password: ${{ secrets.OVH_PASSWORD }} + protocol: tcp6 + port: 22 + command_timeout: 30s + script: | + whoami diff --git a/Dockerfile b/Dockerfile index dd5119d..d84c375 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.3 +FROM ghcr.io/appleboy/drone-ssh:1.7.4 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/action.yml b/action.yml index 2d1067e..4a16472 100644 --- a/action.yml +++ b/action.yml @@ -13,6 +13,9 @@ inputs: description: "SSH username." password: description: "SSH password." + protocol: + description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + default: "tcp" sync: description: "Enable synchronous execution if multiple hosts are involved." use_insecure_cipher: @@ -69,9 +72,52 @@ inputs: description: "pass all environment variable to shell script." request_pty: description: "Request a pseudo-terminal from the server." + runs: - using: "docker" - image: "Dockerfile" + using: "composite" + steps: + - name: Set GitHub Path + run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH + shell: bash + env: + GITHUB_ACTION_PATH: ${{ github.action_path }} + - name: Run entrypoint.sh + run: entrypoint.sh + shell: bash + env: + GITHUB_ACTION_PATH: ${{ github.action_path }} + INPUT_HOST: ${{ inputs.host }} + INPUT_PORT: ${{ inputs.port }} + INPUT_PROTOCOL: ${{ inputs.protocol }} + INPUT_USERNAME: ${{ inputs.username }} + INPUT_PASSWORD: ${{ inputs.password }} + INPUT_PASSPHRASE: ${{ inputs.passphrase }} + INPUT_KEY: ${{ inputs.key }} + INPUT_KEY_PATH: ${{ inputs.key_path }} + INPUT_FINGERPRINT: ${{ inputs.fingerprint }} + INPUT_PROXY_HOST: ${{ inputs.proxy_host }} + INPUT_PROXY_PORT: ${{ inputs.proxy_port }} + INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }} + INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }} + INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }} + INPUT_PROXY_KEY: ${{ inputs.proxy_key }} + INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }} + INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }} + INPUT_TIMEOUT: ${{ inputs.timeout }} + INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} + INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} + INPUT_SCRIPT: ${{ inputs.script }} + INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} + INPUT_ENVS: ${{ inputs.envs }} + INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} + INPUT_DEBUG: ${{ inputs.debug }} + INPUT_ALL_ENVS: ${{ inputs.allenvs }} + INPUT_REQUEST_PTY: ${{ inputs.request_pty }} + INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }} + INPUT_CIPHER: ${{ inputs.cipher }} + INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} + INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} + INPUT_SYNC: ${{ inputs.sync }} branding: icon: "terminal" diff --git a/entrypoint.sh b/entrypoint.sh index f880594..e4e661c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,7 +1,66 @@ -#!/bin/sh +#!/usr/bin/env bash -set -eu +set -o errexit +set -o nounset +set -o pipefail export GITHUB="true" -sh -c "/bin/drone-ssh $*" +DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" + +function detect_client_info() { + if [ -n "${SSH_CLIENT_OS-}" ]; then + CLIENT_PLATFORM="${SSH_CLIENT_OS}" + else + local kernel + kernel="$(uname -s)" + case "${kernel}" in + Darwin) + CLIENT_PLATFORM="darwin" + ;; + Linux) + CLIENT_PLATFORM="linux" + ;; + Windows) + CLIENT_PLATFORM="windows" + ;; + *) + echo "Unknown, unsupported platform: ${kernel}." >&2 + echo "Supported platforms: Linux, Darwin and Windows." >&2 + echo "Bailing out." >&2 + exit 2 + esac + fi + + if [ -n "${SSH_CLIENT_ARCH-}" ]; then + CLIENT_ARCH="${SSH_CLIENT_ARCH}" + else + # TODO: migrate the kube::util::host_platform function out of hack/lib and + # use it here. + local machine + machine="$(uname -m)" + case "${machine}" in + x86_64*|i?86_64*|amd64*) + CLIENT_ARCH="amd64" + ;; + aarch64*|arm64*) + CLIENT_ARCH="arm64" + ;; + *) + echo "Unknown, unsupported architecture (${machine})." >&2 + echo "Supported architectures x86_64, i686, arm64." >&2 + echo "Bailing out." >&2 + exit 3 + ;; + esac + fi +} + +detect_client_info +DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" +CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" +echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" +curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${GITHUB_ACTION_PATH}/drone-ssh +chmod +x ${GITHUB_ACTION_PATH}drone-ssh +sh -c "${GITHUB_ACTION_PATH}/drone-ssh $*" From fe44be0b96e09ca219322f172bc338fd0718a55b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 15:47:10 +0800 Subject: [PATCH 50/95] docs: improve documentation and CI robustness - Add backticks around `GITHUB_` and `INPUT_` in the README for clarity Signed-off-by: Bo-Yi Wu --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7fc55db..8e850a1 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ See [action.yml](./action.yml) for more detailed information. | envs | Pass environment variables to shell script | | | envs_format | Flexible configuration of environment value transfer | | | debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of GITHUB_ and INPUT_ to the script | false | +| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | request_pty | Request a pseudo-terminal from the server | false | ## Usage From 1991c553ec29aeb9fe1cbffabfabe0c2f0ea891e Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 16 Mar 2024 15:59:42 +0800 Subject: [PATCH 51/95] chore(file): update target file Signed-off-by: appleboy --- entrypoint.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index e4e661c..f50d56e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,6 +6,7 @@ set -o pipefail export GITHUB="true" +GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" @@ -36,8 +37,6 @@ function detect_client_info() { if [ -n "${SSH_CLIENT_ARCH-}" ]; then CLIENT_ARCH="${SSH_CLIENT_ARCH}" else - # TODO: migrate the kube::util::host_platform function out of hack/lib and - # use it here. local machine machine="$(uname -m)" case "${machine}" in @@ -60,7 +59,8 @@ function detect_client_info() { detect_client_info DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" +TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${GITHUB_ACTION_PATH}/drone-ssh -chmod +x ${GITHUB_ACTION_PATH}drone-ssh -sh -c "${GITHUB_ACTION_PATH}/drone-ssh $*" +curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +chmod +x ${TARGET} +sh -c "${TARGET} $*" From dd0f09ca072e60babe3cc58ed83c66a86176300c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 16 Mar 2024 16:04:59 +0800 Subject: [PATCH 52/95] docs: improve README clarity and completeness - Update the README table formatting to include an additional column separator - Add documentation for the SSH protocol version option in the README table Signed-off-by: Bo-Yi Wu --- README.md | 67 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 8e850a1..186602a 100644 --- a/README.md +++ b/README.md @@ -16,39 +16,40 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. -| Input Parameter | Description | Default Value | -|-------------------------|-----------------------------------------------------------------|---------------| -| host | SSH host address | | -| port | SSH port number | 22 | -| passphrase | SSH key passphrase | | -| username | SSH username | | -| password | SSH password | | -| sync | Enable synchronous execution if multiple hosts | false | -| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | -| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | -| timeout | Timeout duration for SSH to host | 30s | -| command_timeout | Timeout duration for SSH command | 10m | -| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | -| key_path | Path of SSH private key | | -| fingerprint | SHA256 fingerprint of the host public key | | -| proxy_host | SSH proxy host | | -| proxy_port | SSH proxy port | 22 | -| proxy_username | SSH proxy username | | -| proxy_password | SSH proxy password | | -| proxy_passphrase | SSH proxy key passphrase | | -| proxy_timeout | Timeout for SSH to proxy host | 30s | -| proxy_key | Content of SSH proxy private key | | -| proxy_key_path | Path of SSH proxy private key | | -| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | -| proxy_cipher | Allowed cipher algorithms for the proxy | | -| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | -| script | Execute commands | | -| script_stop | Stop script after first failure | false | -| envs | Pass environment variables to shell script | | -| envs_format | Flexible configuration of environment value transfer | | -| debug | Enable debug mode | false | -| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | -| request_pty | Request a pseudo-terminal from the server | false | +| Input Parameter | Description | Default Value | +|---------------------------|------------------------------------------------------------------------------------------|---------------| +| host | SSH host address | | +| port | SSH port number | 22 | +| passphrase | SSH key passphrase | | +| username | SSH username | | +| password | SSH password | | +| protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | +| sync | Enable synchronous execution if multiple hosts | false | +| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | +| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | +| timeout | Timeout duration for SSH to host | 30s | +| command_timeout | Timeout duration for SSH command | 10m | +| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | +| key_path | Path of SSH private key | | +| fingerprint | SHA256 fingerprint of the host public key | | +| proxy_host | SSH proxy host | | +| proxy_port | SSH proxy port | 22 | +| proxy_username | SSH proxy username | | +| proxy_password | SSH proxy password | | +| proxy_passphrase | SSH proxy key passphrase | | +| proxy_timeout | Timeout for SSH to proxy host | 30s | +| proxy_key | Content of SSH proxy private key | | +| proxy_key_path | Path of SSH proxy private key | | +| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | | +| proxy_cipher | Allowed cipher algorithms for the proxy | | +| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | +| script | Execute commands | | +| script_stop | Stop script after first failure | false | +| envs | Pass environment variables to shell script | | +| envs_format | Flexible configuration of environment value transfer | | +| debug | Enable debug mode | false | +| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | +| request_pty | Request a pseudo-terminal from the server | false | ## Usage From d2d68588591b705c406168accae85968a2f75c0d Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 21 Mar 2024 21:38:55 +0800 Subject: [PATCH 53/95] ci: enhance GitHub workflow for SSH actions and deployments - Add a new GitHub workflow file `version.yml` - Define environment variables `FOO` and `BAR` - Add multiple jobs for testing different scenarios - Include steps for SSH actions using different authentication methods - Implement scripts for executing remote SSH commands - Configure SSH key passphrase authentication - Add a job for using insecure cipher - Include a job for executing multiline SSH commands - Implement a job for deployment to multiple hosts with different ports - Add jobs for passing environment variables to scripts - Configure custom environment variables format - Implement a job for passing all ENV variables to a script - Include jobs for cloning private repositories and logging into container registries - Implement a job for switching users and testing IPv6 connectivity Signed-off-by: appleboy --- .github/workflows/version.yml | 312 ++++++++++++++++++++++++++++++++++ 1 file changed, 312 insertions(+) create mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml new file mode 100644 index 0000000..0d2b264 --- /dev/null +++ b/.github/workflows/version.yml @@ -0,0 +1,312 @@ +name: the stable version of ssh-action +on: [push] + +env: + FOO: "BAR" + BAR: "FOO" + +jobs: + testing01: + name: default flag testing + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: correct password but wrong key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + key: "1234" + port: ${{ secrets.PORT }} + script: whoami + + - name: wrong password but correct key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: "abcdef" + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami + + - name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami + + - name: multiple command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al + + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al + + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.SSH2 }} + port: ${{ secrets.PORT }} + passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al + + - name: use insecure cipher + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: appleboy/ssh-action@v1.0.3 + with: + host: "${{ secrets.HOST }}:${{ secrets.PORT }}" + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: 1024 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true + + # - name: SSH ED25519 Private Key + # uses: appleboy/ssh-action@v1.0.3 + # with: + # host: ${{ secrets.TUNNEL_HOST }} + # username: ${{ secrets.TUNNEL_USERNAME }} + # key: ${{ secrets.ID_ED25519 }} + # port: ${{ secrets.TUNNEL_PORT }} + # script: whoami + + testing02: + name: testing with envs + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" + + - name: pass all ENV variables to script + uses: appleboy/ssh-action@v1.0.3 + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" + + testing03: + name: git clone and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: clone private repository + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository + rm -rf test_repository + + testing04: + name: docker login and pull + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: login GitHub Container Registry + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin + + - name: login DockerHub Container Registry + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + script: | + echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + + testing05: + name: switch user + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: switch to root user + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami + + testing06: + name: testing ipv6 + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: Set up WARP + uses: fscarmen/warp-on-actions@v1.1 + with: + stack: dual + + - name: testing ipv6 for command + run: | + curl -m 9 --ipv6 --verbose https://google.com + + - name: testing ipv6 + uses: appleboy/ssh-action@v1.0.3 + with: + host: 2402:1f00:8000:800::2628 + username: ubuntu + password: ${{ secrets.OVH_PASSWORD }} + protocol: tcp6 + port: 22 + command_timeout: 30s + script: | + whoami From 551964ebda1034f0b5449d74db25c42e371ca1f7 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Fri, 22 Mar 2024 13:21:33 +0800 Subject: [PATCH 54/95] ci: optimize GitHub Actions workflow configuration - Remove the `testing06` job related to testing IPv6 from the GitHub Actions workflow. Signed-off-by: Bo-Yi Wu --- .github/workflows/version.yml | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 0d2b264..a15c0af 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -282,31 +282,3 @@ jobs: script: | whoami && echo 'hello world' && touch todo.txt sudo whoami - - testing06: - name: testing ipv6 - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: Set up WARP - uses: fscarmen/warp-on-actions@v1.1 - with: - stack: dual - - - name: testing ipv6 for command - run: | - curl -m 9 --ipv6 --verbose https://google.com - - - name: testing ipv6 - uses: appleboy/ssh-action@v1.0.3 - with: - host: 2402:1f00:8000:800::2628 - username: ubuntu - password: ${{ secrets.OVH_PASSWORD }} - protocol: tcp6 - port: 22 - command_timeout: 30s - script: | - whoami From f9163462563f649b27272d32e585525a5fe68d76 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 4 May 2024 19:52:33 +0800 Subject: [PATCH 55/95] ci: refactor CI workflow and improve robustness (#320) * ci: refactor CI workflow and improve robustness - Update GitHub Actions checkout step from version 1 to version 4 in multiple jobs within the CI workflow Signed-off-by: Bo-Yi Wu * docs: improve non-interactive shell command handling - Add a Q&A section to the README with information on resolving 'command not found' errors for non-interactive shells - Provide a solution involving editing `/etc/bash.bashrc` to ensure commands are added to the path in non-interactive shells Signed-off-by: Bo-Yi Wu * docs: improve documentation and CI robustness - Update acknowledgment for the interactive shell solution in the README.md file Signed-off-by: Bo-Yi Wu --------- Signed-off-by: Bo-Yi Wu --- .github/workflows/ci.yml | 12 ++++++------ README.md | 23 +++++++++++++++++++++++ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e188bf9..a62c774 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: correct password but wrong key uses: ./ @@ -143,7 +143,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: pass environment uses: ./ @@ -219,7 +219,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: clone private repository uses: ./ @@ -238,7 +238,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: login GitHub Container Registry uses: ./ @@ -267,7 +267,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: switch to root user uses: ./ @@ -288,7 +288,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: Set up WARP uses: fscarmen/warp-on-actions@v1.1 diff --git a/README.md b/README.md index 186602a..0e11a25 100644 --- a/README.md +++ b/README.md @@ -395,6 +395,29 @@ Now you can adjust you config: ls -al ``` +## Q&A + +### Command not found (npm or other command) + +See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. + +Basically, if you are running a command in a non interactive shell, like ssh-action, on many linux distros, + +`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, + +```sh +# /etc/bash.bashrc +# System-wide .bashrc file for interactive bash(1) shells. + +# To enable the settings / commands in this file for login shells as well, +# this file has to be sourced in /etc/profile. + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return` +``` + +just comment out the line that returns early and everything should work fine, or you can use the real paths of the commands that you would like to use. + ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! From aabaf1254d78efafd55cd5880a874e9715b4c6e8 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 1 Jun 2024 14:20:58 +0800 Subject: [PATCH 56/95] ci: add bug report template --- .github/ISSUE_TEMPLATE/bug_report.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..75125d9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,24 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: bug +assignees: appleboy + +--- + +## Describe the bug + +A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem. + +## Yaml Config + +Please post your Yaml configuration file along with the output results. + +## Related environment + +Please provide the following information: + +1. Your hosting provider information, such as DigitalOcean, Linode, AWS, or GCP. +2. The version information of your host's SSH service. +3. The information from your host's SSH configuration file. From c8594ae37d5bd9a779dc12abd0236b1bcff70119 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sat, 1 Jun 2024 14:22:37 +0800 Subject: [PATCH 57/95] ci: implement GitHub Actions for remote SSH execution - Add example GitHub Actions workflow for executing remote SSH commands using password authentication Signed-off-by: appleboy --- .github/ISSUE_TEMPLATE/bug_report.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 75125d9..6e2dcf4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -11,10 +11,29 @@ assignees: appleboy A clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem. -## Yaml Config +## Yaml Config Please post your Yaml configuration file along with the output results. +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + ## Related environment Please provide the following information: From 40aad53c5a18b2676371816d258458b2ccd56c50 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 13:34:57 +0800 Subject: [PATCH 58/95] ci: add SSH authentication setup for GitHub Actions - Add a GitHub Action workflow to set up an OpenSSH server using Docker - Add RSA private key for SSH authentication in test data - Add RSA public key for SSH authentication in test data - Add OpenSSH private key for SSH authentication in test data - Add OpenSSH public key for SSH authentication in test data Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 40 +++++++++++++++++++++++++ testdata/.ssh/id_rsa | 27 +++++++++++++++++ testdata/.ssh/id_rsa.pub | 1 + testdata/.ssh/test | 50 ++++++++++++++++++++++++++++++++ testdata/.ssh/test.pub | 1 + 5 files changed, 119 insertions(+) create mode 100644 .github/workflows/ssh-server.yml create mode 100644 testdata/.ssh/id_rsa create mode 100644 testdata/.ssh/id_rsa.pub create mode 100644 testdata/.ssh/test create mode 100644 testdata/.ssh/test.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml new file mode 100644 index 0000000..3d3b0a7 --- /dev/null +++ b/.github/workflows/ssh-server.yml @@ -0,0 +1,40 @@ +name: openssh-server + +on: [push] + +jobs: + default-user-name-password: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + + - name: executing remote ssh commands using password (1.0.3) + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 + script: whoami diff --git a/testdata/.ssh/id_rsa b/testdata/.ssh/id_rsa new file mode 100644 index 0000000..6270f55 --- /dev/null +++ b/testdata/.ssh/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4e2D/qPN08pzTac+a8ZmlP1ziJOXk45CynMPtva0rtK/RB26 +VbfAF0hIJji7ltvnYnqCU9oFfvEM33cTn7T96+od8ib/Vz25YU8ZbstqtIskPuwC +bv3K0mAHgsviJyRD7yM+QKTbBQEgbGuW6gtbMKhiYfiIB4Dyj7AdS/fk3v26wDgz +7SHI5OBqu9bv1KhxQYdFEnU3PAtAqeccgzNpbH3eYLyGzuUxEIJlhpZ/uU2G9ppj +/cSrONVPiI8Ahi4RrlZjmP5l57/sq1ClGulyLpFcMw68kP5FikyqHpHJHRBNgU57 +1y0Ph33SjBbs0haCIAcmreWEhGe+/OXnJe6VUQIDAQABAoIBAH97emORIm9DaVSD +7mD6DqA7c5m5Tmpgd6eszU08YC/Vkz9oVuBPUwDQNIX8tT0m0KVs42VVPIyoj874 +bgZMJoucC1G8V5Bur9AMxhkShx9g9A7dNXJTmsKilRpk2TOk7wBdLp9jZoKoZBdJ +jlp6FfaazQjjKD6zsCsMATwAoRCBpBNsmT6QDN0n0bIgY0tE6YGQaDdka0dAv68G +R0VZrcJ9voT6+f+rgJLoojn2DAu6iXaM99Gv8FK91YCymbQlXXgrk6CyS0IHexN7 +V7a3k767KnRbrkqd3o6JyNun/CrUjQwHs1IQH34tvkWScbseRaFehcAm6mLT93RP +muauvMECgYEA9AXGtfDMse0FhvDPZx4mx8x+vcfsLvDHcDLkf/lbyPpu97C27b/z +ia07bu5TAXesUZrWZtKA5KeRE5doQSdTOv1N28BEr8ZwzDJwfn0DPUYUOxsN2iIy +MheO5A45Ko7bjKJVkZ61Mb1UxtqCTF9mqu9R3PBdJGthWOd+HUvF460CgYEA7QRf +Z8+vpGA+eSuu29e0xgRKnRzed5zXYpcI4aERc3JzBgO4Z0er9G8l66OWVGdMfpe6 +CBajC5ToIiT8zqoYxXwqJgN+glir4gJe3mm8J703QfArZiQrdk0NTi5bY7+vLLG/ +knTrtpdsKih6r3kjhuPPaAsIwmMxIydFvATKjLUCgYEAh/y4EihRSk5WKC8GxeZt +oiZ58vT4z+fqnMIfyJmD5up48JuQNcokw/LADj/ODiFM7GUnWkGxBrvDA3H67WQm +49bJjs8E+BfUQFdTjYnJRlpJZ+7Zt1gbNQMf5ENw5CCchTDqEq6pN0DVf8PBnSIF +KvkXW9KvdV5J76uCAn15mDkCgYA1y8dHzbjlCz9Cy2pt1aDfTPwOew33gi7U3skS +RTerx29aDyAcuQTLfyrROBkX4TZYiWGdEl5Bc7PYhCKpWawzrsH2TNa7CRtCOh2E +R+V/84+GNNf04ALJYCXD9/ugQVKmR1XfDRCvKeFQFE38Y/dvV2etCswbKt5tRy2p +xkCe/QKBgQCkLqafD4S20YHf6WTp3jp/4H/qEy2X2a8gdVVBi1uKkGDXr0n+AoVU +ib4KbP5ovZlrjL++akMQ7V2fHzuQIFWnCkDA5c2ZAqzlM+ZN+HRG7gWur7Bt4XH1 +7XC9wlRna4b3Ln8ew3q1ZcBjXwD4ppbTlmwAfQIaZTGJUgQbdsO9YA== +-----END RSA PRIVATE KEY----- diff --git a/testdata/.ssh/id_rsa.pub b/testdata/.ssh/id_rsa.pub new file mode 100644 index 0000000..2983f04 --- /dev/null +++ b/testdata/.ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh7YP+o83TynNNpz5rxmaU/XOIk5eTjkLKcw+29rSu0r9EHbpVt8AXSEgmOLuW2+dieoJT2gV+8QzfdxOftP3r6h3yJv9XPblhTxluy2q0iyQ+7AJu/crSYAeCy+InJEPvIz5ApNsFASBsa5bqC1swqGJh+IgHgPKPsB1L9+Te/brAODPtIcjk4Gq71u/UqHFBh0USdTc8C0Cp5xyDM2lsfd5gvIbO5TEQgmWGln+5TYb2mmP9xKs41U+IjwCGLhGuVmOY/mXnv+yrUKUa6XIukVwzDryQ/kWKTKoekckdEE2BTnvXLQ+HfdKMFuzSFoIgByat5YSEZ7785ecl7pVR drone-scp@localhost diff --git a/testdata/.ssh/test b/testdata/.ssh/test new file mode 100644 index 0000000..89cc6ec --- /dev/null +++ b/testdata/.ssh/test @@ -0,0 +1,50 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZka7A7i +FscMeJBPyPteclAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2o +nnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mh +HBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+ +rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMG +vX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv +9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOr +b93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mr +D2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jI +NHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE +3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpv +jwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQAAB1CnEMQGwAKZbd3F1DJqwfPf +KWjoUJKbTRiav6h5pQr65JaqDe/7YE2ZHYo5917AC2vPLwPxAnoHFMsbObd5mWcmpATg/0 +K/qkN5Z4Ml5U3bwr51wfSPh1MiAP21Aickt09BDstIJzNNwwgcY31O3k/d6VBjqyM6Ezop +66LI4s/IIni1BI+cALyEfzE4Qu16GfzIeM+JVxildP4VImhvNBESmmbBL8rNmSzlQ+FTuF +JVmowUbcon1O0CppM1MRVPeG805XDwjxHXKwOp5O7MdTz7H8JeORoe8D6+4rNfJE0eQGY7 +Nm4+Wa97HzAFbT9IS433rxoGx9Qps3LAySFONso2JWSOEfo8rxnqO04DrfVHQhY3DkkwQt +FsDnMtkthJa+ZzUYc75fnS0DBPGuF9DZUCqrev5oAUHP6C4Vc4b33JJQD4FZJ+ehk3Xsci +cwJQsmgLyc5Jdh543Dm7kZoM9ku7HDNrB4H/1p45Vo6aBZMAY50x+fTdBeTgCzzhzzTbf+ +0IF8W3yW3/BYD+S2Byo3JKp6NH0Q8cgPJrGTl6GltGfpVuc6kLjMZ5zvxRbyWaqtIygM46 +W1izbA+9jwbHhitCtOk42e/ff6iEB1MVC13LqPty3gPNR8Pv0rDUDjJS4KiVwXqUY+bMr0 +C8l/hx93euHjLUJ49Ru6uy/2fBlHZEj6GmEAJhu/i6t2c1Rq0HBLis9X356oQT+YZnIai2 +ym0MknPxjeYBAItOV3zhRd1cYnk7CDcl1XALcnh0tqP712x24IJ+Ytqg7nvB2NZV8T469I +8Fp254Nr89HOMAXaZD0UcIPm7D2rfWV+YJFI3ZcJ/8DM99H3tpXe2j4oHMdmAbBd++09sx +KBRdFLcvnBfd1lqwxpA7hbxzrxi/yehYCqzh5KQGaf2UXej6TPiVzBWVYbp34cMZtsT6mF +K8SS3l5TXoNK2DNEk30o8K3q+vngQpfC9GZ/id4B7LS/3ybellxemZHXQoU4PxDkLKt7jd +AAsd5WO13dv3n/qgyu8iBRiFU+W66NX0RJGkp+lZMnta0YzukafM2n6GDn/r/Cx/y21PAi +ah8i41ByI1QLI4m1r+bRHdUxAarS/XJw4tTSFiZu3zddMYrlzeG9O3VUX9zBvBtfQbSmeJ +omml0zlr/qD7TMsORiujy7XIn7sMW+Ls/NA8TvX8oRnACjXe/MYNEZ8WDu2rkZuY/Dfc+o +NyYWO7kZ3kcejQZ1NusJSA7MG0FFGYSIaC9T9CWqYd5IcRSJW4dZnCt9z8CIJ6TSUFqMb/ +H1Y5Rmi0IIX+8qbGGXVBDIBk5y9xtS43+nz1nsdXwDmkTiXN9+ZX+GDsLxCWoHGryrWDbk +EuOAlqpvxFKzEkNsx+AC5wae6i/hBeiEce9bm4nZp+hFv1ic1Z9WS8B37YOFgJ4utGeOjB +6hnywUUJ3aH0LnCQNB3UzeFR7BmEaxmYD/phJodmjA5SD3CWpeizdXfrUjtqXGhYlr2jzq +vBAeeYEO4uaHIGxg8GqoqtaseqVcIdtouHxrVAxxXkjShV2ji7oJ/AtrLZNlkKYxMk0TpX +fFiKqL/uKfS78FfvVOhOkHZTD6ZeMgmdL/uOghEAtrf08ChyRvdp7QLjA802aio9eUVIQm +lHb1ltPEbIZNuvQ5kTIwk2eM6EAkOh0MBMoAYOxOpIb00XHNRDGJYuLewByjMQa8EoT6VM +NoiFIzJU9lLAXE6yz6JswctpTpLHK9Aq5vY7ObaOvrmpCQqsXfOuVUo2nR/FyEes97zuXG +E4aKaHK4IAW4UY/oGYk7pU/yRpudhiNRMXzmcQXfVmBEHuvDrh2chg8lDYn++07F7RWqkI +nfMAOWR8UEl4xp4zJtThDjRxNW6QLl8E1ADjndA9wVaKNSzv2i1TLXKBr5luFqY9MSJ2rm +yBR5EwairH/Qn9TUxaDD+0p6J+E9iz1l8UPTJa/cjtwiySljahY/6tHHnr9YQVnox92yfU +UXpfINGjYrpqh6EFwmyRw9fryIMvMhgZYo6ZoCRBCK2GfGAB0VTzJy2FGs4GecZK5ptXKu +sOX8BgGX/Q/nAJ7PWf9hgYlX2YyjmLjQZDMWECp05VFx9znEETNKlwF1FX5/E/37ISyz4d +I1LVSKOEccJX7jCR32LzvRW1UBX47Z+q3LVE4sa0QAV/JoISq6Qn6zAsVIV0yEPmVbd/xx +aX2uBUGHhmd99YJDh81xJIoYEMRzoGVfp0JjfYcDUc+2I6JdrOMF9/KmMA5wsZl4OKiu/F +cTRGjUkgw/cF2EFRGWknee2esYRB7tOr4y56qZ4gxqw8q9rYXhyB42jbdTvt5xcCm/ynid +sn4InokRRoIiMIPL5Ur7FZQHOP+915MWUBsrTJtkCWQuqJheYUi3mCzh/7NadAKplRpaKb +rS/DJIOOkjnGni/sDxJzPq7STDBVy4WStwQl6NI5hq+/c+JvN9GI4Vu/kz0z8qUcdShLaH +l4njcaMpg4tpQMHtCBOicGyV0= +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/test.pub b/testdata/.ssh/test.pub new file mode 100644 index 0000000..559daf2 --- /dev/null +++ b/testdata/.ssh/test.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh From 0b0e77098a4fa59703014092ddd6d2ad7267088f Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 13:54:09 +0800 Subject: [PATCH 59/95] ci: optimize and enhance SSH server workflow - Add a 5-second sleep command to the SSH server workflow Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 3d3b0a7..f0e5521 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -29,6 +29,7 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" + sleep 5 - name: executing remote ssh commands using password (1.0.3) uses: appleboy/ssh-action@v1.0.3 From 977b74a12d4201105f3b851126516847ed6b80b0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 14:54:29 +0800 Subject: [PATCH 60/95] ci: enhance CI workflow with SSH job and optimizations - Remove an empty line in the jobs section - Reduce sleep duration from 5 seconds to 3 seconds - Add a new job `check-ssh-key` to the workflow - Add steps to create a new SSH server using Docker - Add steps to set environment variables for remote host and private key - Add a step to execute remote SSH commands using the `appleboy/ssh-action` GitHub Action Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 43 ++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index f0e5521..c410658 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -5,7 +5,6 @@ on: [push] jobs: default-user-name-password: runs-on: ubuntu-latest - steps: - name: Checkout code uses: actions/checkout@v4 @@ -29,7 +28,7 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 5 + sleep 3 - name: executing remote ssh commands using password (1.0.3) uses: appleboy/ssh-action@v1.0.3 @@ -39,3 +38,43 @@ jobs: password: password port: 2222 script: whoami + + check-ssh-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2223:2222 \ + -e PUBLIC_KEY=$(cat testdata/.ssh/id_rsa.pub) \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 3 + + - name: executing remote ssh commands using password (1.0.3) + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2223 + script: whoami From 2eeab5bdbadfcfd821c3f107a694803080f4b126 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:53:33 +0800 Subject: [PATCH 61/95] ci: refactor GitHub Actions key management - Add steps to set public and private keys in GitHub Actions environment - Replace inline public key assignment with environment variable reference - Remove redundant steps for setting private key in GitHub Actions environment Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index c410658..98bbd69 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -45,13 +45,28 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_rsa.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_rsa + echo "============================" + - name: create new ssh server run: | docker run -d \ --name=openssh-server \ --hostname=openssh-server \ -p 2223:2222 \ - -e PUBLIC_KEY=$(cat testdata/.ssh/id_rsa.pub) \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=false \ -e PASSWORD_ACCESS=true \ -e USER_PASSWORD=password \ @@ -62,9 +77,6 @@ jobs: echo "REMOTE_HOST<> $GITHUB_ENV cat ip.txt >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - echo "PRIVATE_KEY<> $GITHUB_ENV - cat testdata/.ssh/id_rsa >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV echo "======= container ip address =========" cat ip.txt echo "======================================" From da612c801589d64bea89ca943c84fe1aae7a1d06 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:54:35 +0800 Subject: [PATCH 62/95] refactor: optimize CI pipeline for faster execution - Reduce sleep duration from 3 seconds to 2 seconds - Rename SSH job steps for clarity - Change port mapping from 2223 to 2222 Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 98bbd69..0a19104 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -28,9 +28,9 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 3 + sleep 2 - - name: executing remote ssh commands using password (1.0.3) + - name: ssh by username and password uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} @@ -65,7 +65,7 @@ jobs: docker run -d \ --name=openssh-server \ --hostname=openssh-server \ - -p 2223:2222 \ + -p 2222:2222 \ -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=false \ -e PASSWORD_ACCESS=true \ @@ -80,13 +80,13 @@ jobs: echo "======= container ip address =========" cat ip.txt echo "======================================" - sleep 3 + sleep 2 - - name: executing remote ssh commands using password (1.0.3) + - name: ssh by private uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io key: ${{ env.PRIVATE_KEY }} - port: 2223 + port: 2222 script: whoami From acd41e5091e04c5db86c78f86723e9baec27f452 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:57:27 +0800 Subject: [PATCH 63/95] ci: enhance SSH job testing with varied key/password scenarios - Correct the name of the SSH job from "ssh by private" to "ssh by private key" - Add a job to test SSH with the correct key but wrong password - Add a job to test SSH with the correct password but wrong key Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 0a19104..cfe805c 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -82,7 +82,7 @@ jobs: echo "======================================" sleep 2 - - name: ssh by private + - name: ssh by private key uses: appleboy/ssh-action@v1.0.3 with: host: ${{ env.REMOTE_HOST }} @@ -90,3 +90,23 @@ jobs: key: ${{ env.PRIVATE_KEY }} port: 2222 script: whoami + + - name: wrong password but correct key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: "abcdef" + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: whoami + + - name: correct password but wrong key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script: whoami From f05aefe3514f74f9cda4825a2a5d9905aa45ae2a Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 15:59:32 +0800 Subject: [PATCH 64/95] ci: enhance SSH action configuration and error handling - Add a step to stop the script if a command error occurs using `appleboy/ssh-action@v1.0.3` - Configure SSH action with host, username, password, key, port, and other parameters - Add script to create a directory and list its contents Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index cfe805c..837dd0a 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -110,3 +110,19 @@ jobs: key: password port: 2222 script: whoami + + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script_stop: true + sync: true + debug: true + script: | + mkdir abc/def + ls -al From e40b597081b0c96e4f93bee63cec35d4ea3b4d3a Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 16:13:42 +0800 Subject: [PATCH 65/95] ci: add GitHub Actions job for SSH key passphrase support - Add a new job `support-key-passphrase` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add a step to the new job for running an SSH command with a passphrase - Add a new private SSH key file `id_passphrase` to the test data - Add a new public SSH key file `id_passphrase.pub` to the test data Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 55 ++++++++++++++++++++++++++++++++ testdata/.ssh/id_passphrase | 39 ++++++++++++++++++++++ testdata/.ssh/id_passphrase.pub | 1 + 3 files changed, 95 insertions(+) create mode 100644 testdata/.ssh/id_passphrase create mode 100644 testdata/.ssh/id_passphrase.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 837dd0a..1fce1b2 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -126,3 +126,58 @@ jobs: script: | mkdir abc/def ls -al + + support-key-passphrase: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 + script: | + whoami + ls -al diff --git a/testdata/.ssh/id_passphrase b/testdata/.ssh/id_passphrase new file mode 100644 index 0000000..089d425 --- /dev/null +++ b/testdata/.ssh/id_passphrase @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA5p9eRXu +BJantF5ARnBfnqAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vl +v3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE +0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fD +o08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG +3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLq +xI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ +7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98 +QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+ +vsAPSHdnEjP58AAAWQCUj9ajDO6N0sI5jzkRxiMIaeDvP7Ns+cJtE1uxzrm7Ecgf7kBL2V +9Ru0gW1+ii3U/hPLkxwBwd3xvoc1Xy+n+c7D6bQVviv1lsbY1uPzxGR3fUfRCu2M1D8OEH +vol7jvFAZmtrpgy3gY45k2lbsY368bIJ+hYIqeHRqFsD+SyM/xSnj5/bZNvNrc+kHikiA3 +uVSvXe9oWVNm3hxLDppYPEYkORERHx9EWh5sruLwoM2NW6qwE+wGw0Vx1AuA7cNszDdmMs +qJFq0n5cQ78E3q0V49e0FOBjMoSJBxdQRHRz2al9MzJlcVVs5LGwmgVH0ur0V9QR8zv2Pv +ZV6r+H9mMo2eCtUDlKUXlCnfgwDP0ghXysFKSDLzXNEPrddmvzQeWA973fcguniLLq7Gbw +gpHSuP/vqVqtQQbXEdozgUl666SXC7GdPqaA5YsfGIJ4Ank3/Vjb3hc0/hElx4O0fEn18E +TWbd9o6v70mNbu3LjeJPNDwODMGn9GC3kRtSc5bU0A8YAM+gFaeytrz2W/vCe3EST8VBcQ +UtvYqGG/zGJhV8+OYoIZZQQkyCmTt0i4nTCJAMUnZ+pgY6YJk+UdBGhLvwNBtl4Z1nQKSA +hcBBo6T08bQfe/HmVs4dcwBO956qiOX/QjHDLew81MfpvjZ2kGD5Hp/qhieUdJ3IiUEsOC +FQC01JeEJlkEqd2jqBR/9RDnK7O8gTR0AA858L+MftN4nN2h2UkGjWMWSbkmwGMqyRGfRa +TJeg5njxYJVcRlWZ/KvNPxis8wIuCaRMbPT2WpHsRr1lY3s4IzFn+EMCkybHZArQVYtl1O +iGXYjpxe+cOc02PM1aKlUfCQfsr0CrXwwGzIQ73uXVSQgP5pQdV3iN/57+5aiH8F9D7X3n +p5QJzBuLGvhUDWqqwbwWy+81k3Y8rHXNfhVSlRmtGJXAPqpw0PCyquySJNwogi4rBkg0jF +xuqvimvhNcWzF7yf+fnYa6H+N8PavH32HRM50AYyWPyKWBp3Syri0P54cnkBjKTjTKGYA6 +4KwizazsbOMY5kp0UAmgX6XyM5OSROtxUp4P6T20okjKaSzamgMBKZULP/b768l4UYRgFe +uohg2/9A1fwYB/K8I+V7Qw9079JvAG05eIOgce3Dd+bXoH6j/Ylmk5Gj7LzhEXtMz3NEpj +LCg8tx0YFpuyoCaRlqOnsZCpc1EnL0UyMguCh9ADTG9h6V3Xf2j2Q94rKvAc4ZrBtj6qXT +BIfGsBIA7vA1KnKHB9oOFQZ26iRU7oTAunAQvSKF7/7luTqONoni6U/RpvERT/KeeIDSxz +uzFQ+apy/PTESSUtutpnTug6rexwrPb6ugJipag8ebNWVdOgaNBUL8wciW4lN8YkzjhXMw +xHB0PUuSXcBuuPDQuYZk84dpXxM10fWwuCTMlH1bXatSQhtRVbjVJIDXnnYpQKtuURiwMm +j4WLEt10hvu6t4aNJzzVY80/iLMb4ZGQgHotrjFfx9nzwe3SioINPaxRIb3m2gTsi8Nr/p +Y5zNjV9NOjONktUjLznRpfY/yBxOtPe9lxnaKfniRTK5HjBbi8hmei9G8lIHV9qyhpURYM +1EdZB86uZWJOaRA8/fpwt8z2stmpKpuGFQOSgr7W5JQWSFeTAMYPoafsm0PD1zSyw7j1wE +DWlmUAzpMirSnPUQndR8IcF7fZmI8J1g30eIFTQpoTDCyoiegkOXHa9HyWwmEAwws1PCWZ +a5Viw6XLJI3tahSNhZzdY/UNFikuO8AuIDXykBM7riaqK4PADtmGY88QGWXQbw5xxWtH6r +Wwk4KzDL9UFeCMSiQo//e+kg/mPLml6Sa4THOzP3iOmx810JoMDmF/jvtpC+ew5HpPPtg4 +h55pSap77CEhEhE5FPZKuH9f7/E= +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_passphrase.pub b/testdata/.ssh/id_passphrase.pub new file mode 100644 index 0000000..1d84832 --- /dev/null +++ b/testdata/.ssh/id_passphrase.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuWKQh09Vlv3IRu/+oK18ws72VQS7PCXJaIEp1L+7HqC/6+plizaVgd9SjAg0UJSqvp+WfpU5I53hevE0Ip3s71Tsoeu1azWoi2Mbq3ycZ5ysh4htZZklKBkYsyW+2EdITPcmhA8rF+KiDRyuvk7fDo08G3YWgbCScY6VkLA06ReThCehAY54WNvgbx7lyvCWj1qYG0XjM7mTQHr3QN0JHJNdFaG3MCi1rTG2hK/owOlzcesIbzfM1VMIQG5HT4vNg/ULP0BTZ7pGtdvWlvR/660KQwc1tBxLqxI1dYoCgiS/gMyPxhOtNKTvhR/NR7e2sp/StkXURIxTHhj0KjKbnpXTQ2IndnesHAG9kDJ7c31SXastWpbXWhCIdRZk+KQsnmwobZlw3w1vfx2Dm7M2ZCcCgG/ArUPjY44nGOWO5Nz98QHyz3IocsKJXrGVo/3YpNNu72jkw7UGVMqh1dAe3ZMaCAC5pAAa0HKvkid7jdXawL2b//+vsAPSHdnEjP58= mtk10671@NB22040567 From 15b64dc8919f9e984dd7c4e96fdd5d74ccc03088 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 16:16:59 +0800 Subject: [PATCH 66/95] ci: enhance CI pipeline with SSH key handling improvements - Add a job to handle missing SSH key passphrase with `appleboy/ssh-action` and `continue-on-error` set to true Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1fce1b2..8f753cd 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -181,3 +181,15 @@ jobs: script: | whoami ls -al + + - name: missing ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al From a39b3cce7dbd84fb06164ac1a60a27615417de71 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 17:00:36 +0800 Subject: [PATCH 67/95] ci: enhance CI/CD pipeline with SSH command execution - Add a step to execute multiline SSH commands using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 8f753cd..f381c32 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -193,3 +193,18 @@ jobs: script: | whoami ls -al + + # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 + - name: Multiline SSH commands interpreted as single lines + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true From 815c5743ac3927b147e22309d57a1f5a140a2d30 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 17:01:56 +0800 Subject: [PATCH 68/95] ci: enhance deployment with multi-host SSH action - Add deployment step for multiple hosts with different ports using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index f381c32..bba8b45 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -208,3 +208,18 @@ jobs: ls \ -lah use_insecure_cipher: true + + # https://github.com/appleboy/ssh-action/issues/85 + - name: Deployment to multiple hosts with different ports + uses: appleboy/ssh-action@v1.0.3 + with: + host: "${{ env.REMOTE_HOST }}:2222" + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 1111 + passphrase: 1234 + script_stop: true + script: | + ls \ + -lah + use_insecure_cipher: true From 378323e4c85be1bb394f07e5a3a3c7c687499829 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 19:07:07 +0800 Subject: [PATCH 69/95] ci: add multi-server support to CI workflow - Add a new job `multiple-server` to the GitHub Actions workflow - Configure the job to run on `ubuntu-latest` - Add steps to checkout code, add public and private keys to environment variables, and create two new SSH servers using Docker - Update the `host` configuration to include both new SSH servers - Remove the `port` configuration - Replace the command `ls -lah` with `whoami` - Remove the `use_insecure_cipher` configuration Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 70 +++++++++++++++++++++++++++++--- 1 file changed, 65 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index bba8b45..6d987a2 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -209,17 +209,77 @@ jobs: -lah use_insecure_cipher: true + multiple-server: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server-01 \ + --hostname=openssh-server-01 \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt + echo "REMOTE_HOST_01<> $GITHUB_ENV + cat ip01.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip01.txt + echo "======================================" + + docker run -d \ + --name=openssh-server-02 \ + --hostname=openssh-server-02 \ + -p 2223:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt + echo "REMOTE_HOST_02<> $GITHUB_ENV + cat ip02.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip02.txt + echo "======================================" + + sleep 2 + # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports uses: appleboy/ssh-action@v1.0.3 with: - host: "${{ env.REMOTE_HOST }}:2222" + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2223" username: linuxserver.io key: ${{ env.PRIVATE_KEY }} - port: 1111 passphrase: 1234 script_stop: true script: | - ls \ - -lah - use_insecure_cipher: true + whoami From aa293c24bb8b49499c238d2260b26a5ab2ee10e0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Wed, 5 Jun 2024 19:22:24 +0800 Subject: [PATCH 70/95] chore: optimize system configuration and API integration - Change port for REMOTE_HOST_02 from `2223` to `2222` Signed-off-by: Bo-Yi Wu --- .github/workflows/ssh-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 6d987a2..b7ecec1 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -276,7 +276,7 @@ jobs: - name: Deployment to multiple hosts with different ports uses: appleboy/ssh-action@v1.0.3 with: - host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2223" + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" username: linuxserver.io key: ${{ env.PRIVATE_KEY }} passphrase: 1234 From fc1c1fce5140b0530a36d88286de8a29df8518bb Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:01:23 +0800 Subject: [PATCH 71/95] ci: add GitHub Actions job for ed25519 key support - Add a new job `support-ed25519-key` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add steps to the new job for testing the `id_ed25519` key using `appleboy/ssh-action` - Add a new private SSH key file `testdata/.ssh/id_ed25519` - Add a new public SSH key file `testdata/.ssh/id_ed25519.pub` Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 54 ++++++++++++++++++++++++++++++++ testdata/.ssh/id_ed25519 | 7 +++++ testdata/.ssh/id_ed25519.pub | 1 + 3 files changed, 62 insertions(+) create mode 100644 testdata/.ssh/id_ed25519 create mode 100644 testdata/.ssh/id_ed25519.pub diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index b7ecec1..576207c 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -283,3 +283,57 @@ jobs: script_stop: true script: | whoami + + support-ed25519-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al diff --git a/testdata/.ssh/id_ed25519 b/testdata/.ssh/id_ed25519 new file mode 100644 index 0000000..9dc32bb --- /dev/null +++ b/testdata/.ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2AAAAKBF5e2SReXt +kgAAAAtzc2gtZWQyNTUxOQAAACDoi7FltQCqpWporKh61nJUPIeazUYdzdstncoeU5XS2A +AAAEBrsLG1vSg08yaQgYM46KQW93Lz2ZikS1tTMH35gfHhpOiLsWW1AKqlamisqHrWclQ8 +h5rNRh3N2y2dyh5TldLYAAAAFnlvdXJfZW1haWxAZXhhbXBsZS5jb20BAgMEBQYH +-----END OPENSSH PRIVATE KEY----- diff --git a/testdata/.ssh/id_ed25519.pub b/testdata/.ssh/id_ed25519.pub new file mode 100644 index 0000000..14f2085 --- /dev/null +++ b/testdata/.ssh/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiLsWW1AKqlamisqHrWclQ8h5rNRh3N2y2dyh5TldLY your_email@example.com From f0e5a23d530cb42b84b01340c5fb1a6ad570d4e8 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:04:07 +0800 Subject: [PATCH 72/95] ci: add environment variable handling in GitHub Actions - Add a new job `testing-with-env` to the GitHub Actions workflow - Add steps to set up environment variables for public and private SSH keys - Add a step to create a new SSH server using Docker - Add a step to test the SSH connection using the `id_ed25519` key - Add a step to pass a single environment variable to the SSH action - Add a step to pass multiple environment variables to the SSH action - Add a step to use a custom format for environment variables - Add a step to pass all environment variables to the SSH action Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 123 +++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 576207c..1742641 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -337,3 +337,126 @@ jobs: script: | whoami ls -al + + testing-with-env: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + + - name: pass multiple environment + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + BAR: "FOO" + SHA: ${{ github.sha }} + PORT: ${{ secrets.PORT }} + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO,BAR,SHA,PORT + script: | + echo "I am $FOO, thanks" + echo "I am $BAR, thanks" + echo "sha: $SHA" + echo "port: $PORT" + sh test.sh + + - name: custom envs format + uses: appleboy/ssh-action@v1.0.3 + env: + FOO: "BAR" + AAA: "BBB" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + envs: FOO,BAR,AAA + envs_format: export TEST_{NAME}={VALUE} + script: | + echo "I am $TEST_FOO, thanks" + echo "I am $TEST_BAR, thanks" + echo "I am $BAR, thanks" + echo "I am $TEST_AAA, thanks" + + - name: pass all ENV variables to script + uses: appleboy/ssh-action@v1.0.3 + env: + INPUT_FOO: "BAR" + INPUT_AAA: "BBB" + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + allenvs: true + script: | + echo "I am $INPUT_FOO, thanks" + echo "I am $INPUT_AAA, thanks" + echo "$GITHUB_BASE_REF" + echo "$GITHUB_REF" From 9c32aa61f8c24f38e93a3282178429b314c14e8a Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:07:39 +0800 Subject: [PATCH 73/95] ci: refactor workflows and API integrations - Remove the execution of `test.sh` from the SSH server workflow Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1742641..0dbe24a 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -424,7 +424,6 @@ jobs: echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" - sh test.sh - name: custom envs format uses: appleboy/ssh-action@v1.0.3 From 97f8d752b568999364c7296fa08e33d68367e3fd Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:18:46 +0800 Subject: [PATCH 74/95] ci: enable root access in CI pipeline - Change `SUDO_ACCESS` environment variable from `false` to `true` - Add a step to switch to root user using `appleboy/ssh-action@v1.0.3` with specified parameters and commands Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 0dbe24a..4aec5ac 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -366,7 +366,7 @@ jobs: --hostname=openssh-server \ -p 2222:2222 \ -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ - -e SUDO_ACCESS=false \ + -e SUDO_ACCESS=true \ -e PASSWORD_ACCESS=true \ -e USER_PASSWORD=password \ -e USER_NAME=linuxserver.io \ @@ -459,3 +459,17 @@ jobs: echo "I am $INPUT_AAA, thanks" echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" + + - name: switch to root user + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script_stop: true + request_pty: true + command_timeout: 30s + script: | + whoami && echo 'hello world' && touch todo.txt + sudo whoami From 5a8776fd157405e3e88da24413b04c2aaf01e99c Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:30:47 +0800 Subject: [PATCH 75/95] ci: switch to password authentication in GitHub workflow - Replace SSH key authentication with password authentication in GitHub workflow Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 4aec5ac..1599b96 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -465,7 +465,7 @@ jobs: with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io - key: ${{ env.PRIVATE_KEY }} + password: password port: 2222 script_stop: true request_pty: true From 0c7561b1a30e223b97730bb8b92671995d9fb1d0 Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:35:45 +0800 Subject: [PATCH 76/95] fix: switch to SSH key authentication for security - Remove hardcoded user password from environment variables - Replace hardcoded password with a private key for SSH authentication Signed-off-by: appleboy --- .github/workflows/ssh-server.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1599b96..1719cf6 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -368,7 +368,6 @@ jobs: -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ -e SUDO_ACCESS=true \ -e PASSWORD_ACCESS=true \ - -e USER_PASSWORD=password \ -e USER_NAME=linuxserver.io \ --restart unless-stopped \ lscr.io/linuxserver/openssh-server:latest @@ -465,7 +464,7 @@ jobs: with: host: ${{ env.REMOTE_HOST }} username: linuxserver.io - password: password + key: ${{ env.PRIVATE_KEY }} port: 2222 script_stop: true request_pty: true From b6941ae5d5746e351d7fede90e718688304d2b4a Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:38:35 +0800 Subject: [PATCH 77/95] ci: refactor codebase and optimize performance - Delete the GitHub Actions workflow file `version.yml` Signed-off-by: appleboy --- .github/workflows/version.yml | 284 ---------------------------------- 1 file changed, 284 deletions(-) delete mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml deleted file mode 100644 index a15c0af..0000000 --- a/.github/workflows/version.yml +++ /dev/null @@ -1,284 +0,0 @@ -name: the stable version of ssh-action -on: [push] - -env: - FOO: "BAR" - BAR: "FOO" - -jobs: - testing01: - name: default flag testing - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: correct password but wrong key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami - - - name: wrong password but correct key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: whoami - - - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: whoami - - - name: multiple command - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al - - - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 - continue-on-error: true - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - sync: true - debug: true - script: | - mkdir abc/def - ls -al - - - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} - script: | - whoami - ls -al - - - name: use insecure cipher - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | - ls \ - -lah - use_insecure_cipher: true - - # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - - name: Multiline SSH commands interpreted as single lines - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - ls \ - -lah - use_insecure_cipher: true - - # https://github.com/appleboy/ssh-action/issues/85 - - name: Deployment to multiple hosts with different ports - uses: appleboy/ssh-action@v1.0.3 - with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 - script_stop: true - script: | - ls \ - -lah - use_insecure_cipher: true - - # - name: SSH ED25519 Private Key - # uses: appleboy/ssh-action@v1.0.3 - # with: - # host: ${{ secrets.TUNNEL_HOST }} - # username: ${{ secrets.TUNNEL_USERNAME }} - # key: ${{ secrets.ID_ED25519 }} - # port: ${{ secrets.TUNNEL_PORT }} - # script: whoami - - testing02: - name: testing with envs - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: pass environment - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - - - name: pass multiple environment - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - BAR: "FOO" - SHA: ${{ github.sha }} - PORT: ${{ secrets.PORT }} - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,SHA,PORT - script: | - echo "I am $FOO, thanks" - echo "I am $BAR, thanks" - echo "sha: $SHA" - echo "port: $PORT" - sh test.sh - - - name: custom envs format - uses: appleboy/ssh-action@v1.0.3 - env: - FOO: "BAR" - AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - envs: FOO,BAR,AAA - envs_format: export TEST_{NAME}={VALUE} - script: | - echo "I am $TEST_FOO, thanks" - echo "I am $TEST_BAR, thanks" - echo "I am $BAR, thanks" - echo "I am $TEST_AAA, thanks" - - - name: pass all ENV variables to script - uses: appleboy/ssh-action@v1.0.3 - env: - INPUT_FOO: "BAR" - INPUT_AAA: "BBB" - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - allenvs: true - script: | - echo "I am $INPUT_FOO, thanks" - echo "I am $INPUT_AAA, thanks" - echo "$GITHUB_BASE_REF" - echo "$GITHUB_REF" - - testing03: - name: git clone and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: clone private repository - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository - - testing04: - name: docker login and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: login GitHub Container Registry - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - testing05: - name: switch user - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: switch to root user - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - request_pty: true - command_timeout: 30s - script: | - whoami && echo 'hello world' && touch todo.txt - sudo whoami From 43895f2cd585d373b747690a3e7f9bdcdd09e1cd Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:55:28 +0800 Subject: [PATCH 78/95] ci: refactor SSH testing workflows and job configurations - Rename workflow from "remote ssh command" to "testing main branch" - Remove environment variables `FOO` and `BAR` - Rename job `testing01` to `default-user-name-password` - Rename step "checkout" to "Checkout code" - Replace step "correct password but wrong key" with "create new ssh server" using Docker - Update SSH connection details to use environment variables for host, username, password, and port - Add new job `check-ssh-key` with steps to add public key to environment and create a new SSH server - Add new job `support-key-passphrase` with steps to add public key to environment and create a new SSH server - Add new job `multiple-server` to create and manage multiple SSH servers - Add new job `support-ed25519-key` with steps to add public key to environment and create a new SSH server - Add new job `testing-with-env` with steps to add public key to environment and create a new SSH server - Remove jobs `testing02`, `testing03`, `testing04`, and `testing05` - Rename workflow in `ssh-server.yml` from "openssh-server" to "testing stable version" Signed-off-by: appleboy --- .github/workflows/ci.yml | 504 +++++++++++++++++++++---------- .github/workflows/ssh-server.yml | 2 +- 2 files changed, 348 insertions(+), 158 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a62c774..e4a92da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,75 +1,125 @@ -name: remote ssh command -on: [push] +name: testing main branch -env: - FOO: "BAR" - BAR: "FOO" +on: [push] jobs: - testing01: - name: default flag testing + default-user-name-password: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 - - name: correct password but wrong key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 - - name: wrong password but correct key + - name: ssh by username and password uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 script: whoami - - name: executing remote ssh commands using password + check-ssh-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_rsa.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_rsa + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by private key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - - name: executing remote ssh commands using ssh key + - name: wrong password but correct key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: "abcdef" + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - - name: multiple command + - name: correct password but wrong key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script: whoami - name: stop script if command error uses: ./ continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 script_stop: true sync: true debug: true @@ -77,83 +127,279 @@ jobs: mkdir abc/def ls -al + support-key-passphrase: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + - name: ssh key passphrase uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script: | whoami ls -al - - name: use insecure cipher + - name: missing ssh key passphrase uses: ./ + continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: | - ls \ - -lah - use_insecure_cipher: true + whoami + ls -al # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script_stop: true script: | ls \ -lah use_insecure_cipher: true + multiple-server: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server-01 \ + --hostname=openssh-server-01 \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt + echo "REMOTE_HOST_01<> $GITHUB_ENV + cat ip01.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip01.txt + echo "======================================" + + docker run -d \ + --name=openssh-server-02 \ + --hostname=openssh-server-02 \ + -p 2223:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt + echo "REMOTE_HOST_02<> $GITHUB_ENV + cat ip02.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip02.txt + echo "======================================" + + sleep 2 + # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports uses: ./ with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + passphrase: 1234 script_stop: true script: | - ls \ - -lah - use_insecure_cipher: true + whoami - # - name: SSH ED25519 Private Key - # uses: ./ - # with: - # host: ${{ secrets.TUNNEL_HOST }} - # username: ${{ secrets.TUNNEL_USERNAME }} - # key: ${{ secrets.ID_ED25519 }} - # port: ${{ secrets.TUNNEL_PORT }} - # script: whoami - - testing02: - name: testing with envs + support-ed25519-key: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + + testing-with-env: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=true \ + -e PASSWORD_ACCESS=true \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + - name: pass environment uses: ./ env: FOO: "BAR" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO script: | echo "I am $FOO, thanks" @@ -167,17 +413,16 @@ jobs: SHA: ${{ github.sha }} PORT: ${{ secrets.PORT }} with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,SHA,PORT script: | echo "I am $FOO, thanks" echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" - sh test.sh - name: custom envs format uses: ./ @@ -185,10 +430,10 @@ jobs: FOO: "BAR" AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,AAA envs_format: export TEST_{NAME}={VALUE} script: | @@ -203,10 +448,10 @@ jobs: INPUT_FOO: "BAR" INPUT_AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 allenvs: true script: | echo "I am $INPUT_FOO, thanks" @@ -214,68 +459,13 @@ jobs: echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" - testing03: - name: git clone and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: clone private repository - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository - - testing04: - name: docker login and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: login GitHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - testing05: - name: switch user - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - name: switch to root user uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script_stop: true request_pty: true command_timeout: 30s diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1719cf6..86ab7dc 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -1,4 +1,4 @@ -name: openssh-server +name: testing stable version on: [push] From 71d43ea0f75a1f73c9b0e4608c059783968ad29c Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Thu, 6 Jun 2024 08:30:06 +0800 Subject: [PATCH 79/95] docs: improve documentation and testing configurations - Add note about the default value of `port` being `22` in the README Signed-off-by: Bo-Yi Wu --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0e11a25..7055cf5 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,8 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ls -al ``` +The default value of `port` is `22`. + #### Multiple hosts with different port ```diff From 036cad7df774e9168d1de6c77d668c6a292d4540 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:17:12 +0800 Subject: [PATCH 80/95] chore: update drone-ssh to version 1.7.7 - Update drone-ssh Docker image version from `1.7.4` to `1.7.7` - Update DRONE_SSH_VERSION environment variable default from `1.7.4` to `1.7.7` Signed-off-by: Bo-Yi Wu --- Dockerfile | 2 +- entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d84c375..960d488 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.4 +FROM ghcr.io/appleboy/drone-ssh:1.7.7 COPY entrypoint.sh /bin/entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index f50d56e..c48f963 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ export GITHUB="true" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" -DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" +DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.7}" function detect_client_info() { if [ -n "${SSH_CLIENT_OS-}" ]; then From 8b6078208d71a6d9364c7f23d78ca9b38bed48c0 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:21:41 +0800 Subject: [PATCH 81/95] chore(cli): enhance version handling and testing mechanisms - Add a command to print the version of the target before running the main command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index c48f963..a9e359d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -63,4 +63,5 @@ TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} -sh -c "${TARGET} $*" +sh -c "${TARGET} --version" # print version +sh -c "${TARGET} $*" # run the command From 5ade82648576fb5118b586573e9c607af4941b24 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:42:46 +0800 Subject: [PATCH 82/95] chore: improve CLI reliability and version visibility - Increase curl retry attempts from 3 to 5 - Add echo statements to display CLI version before and after running the version command Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index a9e359d..19d6b5d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -61,7 +61,9 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +curl -fL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} +echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version +echo "===========================" sh -c "${TARGET} $*" # run the command From 28428a13f5b0283d667b1c6501d144f15b059726 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 16:59:55 +0800 Subject: [PATCH 83/95] docs: improve cross-platform clipboard support for key copying - Add instructions to install `xclip` on Ubuntu before copying the private key - Replace `clip` command with platform-specific commands (`pbcopy` for macOS and `xclip` for Ubuntu) for copying the private key Signed-off-by: Bo-Yi Wu --- README.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7055cf5..75fe1c4 100644 --- a/README.md +++ b/README.md @@ -122,14 +122,29 @@ Copy Private Key content and paste in Github Secrets. ### Copy rsa Private key +Before copying the private key, install `clip` command as shown below: + +```bash +# Ubuntu +sudo apt-get install xclip +``` + +copy the private key: + ```bash -clip < ~/.ssh/id_rsa +# macOS +pbcopy < ~/.ssh/id_rsa +# Ubuntu +xclip < ~/.ssh/id_rsa ``` ### Copy ed25519 Private key ```bash -clip < ~/.ssh/id_ed25519 +# macOS +pbcopy < ~/.ssh/id_ed25519 +# Ubuntu +xclip < ~/.ssh/id_ed25519 ``` See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). From 06fa62e61cac6c39015db4efcde64776f56965c4 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 17:19:13 +0800 Subject: [PATCH 84/95] ci: rename the workflow files. - Rename `ci.yml` to `main.yml` - Rename `ssh-server.yml` to `stable.yml` Signed-off-by: Bo-Yi Wu --- .github/workflows/{ci.yml => main.yml} | 0 .github/workflows/{ssh-server.yml => stable.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{ci.yml => main.yml} (100%) rename .github/workflows/{ssh-server.yml => stable.yml} (100%) diff --git a/.github/workflows/ci.yml b/.github/workflows/main.yml similarity index 100% rename from .github/workflows/ci.yml rename to .github/workflows/main.yml diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/stable.yml similarity index 100% rename from .github/workflows/ssh-server.yml rename to .github/workflows/stable.yml From eaeb06998d86f5e66259ee8dc3d0909612f0ce65 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 14 Jul 2024 20:55:52 +0800 Subject: [PATCH 85/95] chore(cli): enhance curl command with silent mode and redirects - Add silent mode and follow redirects to curl command in entrypoint.sh Signed-off-by: Bo-Yi Wu --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 19d6b5d..67132c6 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -61,7 +61,7 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" -curl -fL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} +curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} chmod +x ${TARGET} echo "======= CLI Version =======" sh -c "${TARGET} --version" # print version From b4a07ca5940a7dc94925e99f8e6eab3671b0fa64 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 20 Jul 2024 13:32:11 +0800 Subject: [PATCH 86/95] ci: enhance GitHub Actions with secret variable support (#330) * ci: enhance GitHub Actions with secret variable support - Add a step to pass secret variables in the shell within the GitHub Actions workflow Signed-off-by: appleboy * ci: enhance CI workflow and API integration - Add `continue-on-error: true` to the GitHub Actions workflow Signed-off-by: appleboy * ci: improve GitHub Actions workflow reliability - Add `continue-on-error: true` to the GitHub Actions workflow Signed-off-by: appleboy --------- Signed-off-by: appleboy --- .github/workflows/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e4a92da..cfe58fb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -459,6 +459,16 @@ jobs: echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" + - name: pass secret variable in shell + uses: ./ + continue-on-error: true + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: cd ${{ secrets.PORT }} + - name: switch to root user uses: ./ with: @@ -491,6 +501,7 @@ jobs: - name: testing ipv6 uses: ./ + continue-on-error: true with: host: 2402:1f00:8000:800::2628 username: ubuntu From d732991ab09097d8c8f390d91385b0386e619598 Mon Sep 17 00:00:00 2001 From: archiguru Date: Sat, 7 Sep 2024 15:36:08 +0800 Subject: [PATCH 87/95] docs(lang): README.zh-cn Document (#332) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add README.zh-cn Document * feat: add zh-cn superlink --- README.md | 1 + README.zh-cn.md | 393 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 394 insertions(+) create mode 100644 README.zh-cn.md diff --git a/README.md b/README.md index 75fe1c4..218ed33 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # 🚀 SSH for GitHub Actions [繁體中文](./README.zh-tw.md) +[简体中文](./README.zh-cn.md) [GitHub Action](https://github.com/features/actions) for executing remote ssh commands. diff --git a/README.zh-cn.md b/README.zh-cn.md new file mode 100644 index 0000000..44ac07d --- /dev/null +++ b/README.zh-cn.md @@ -0,0 +1,393 @@ +# 🚀 用于 GitHub Actions 的 SSH + +[GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 + +![ssh workflow](./images/ssh-workflow.png) + +[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) + +**注意**: 只支持在 **Linux** [docker](https://www.docker.com/) 容器上执行。 + +## 输入变量 + +更详细的信息,请参考 [action.yml](./action.yml)。 + +* `host` - SSH 主机 +* `port` - SSH 连接端口,默认为 `22` +* `username` - SSH 用户名称 +* `password` - SSH 密码 +* `passphrase` - 通常用于加密私钥的 passphrase +* `sync` - 同步执行多个主机上的命令,默认为 false +* `timeout` - SSH 连接到远程主机的超时时间,默认为 `30s` +* `command_timeout` - SSH 命令超时时间,默认为 10m +* `key` - SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容,请记得包含 BEGIN 和 END 行 +* `key_path` - SSH 私钥的路径 +* `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 +* `script` - 执行命令 +* `script_stop` - 当出现第一个错误时停止执行命令 +* `envs` - 传递环境变量到 shell script +* `debug` - 启用调试模式 +* `use_insecure_cipher` - 使用不安全的密码(ciphers)进行加密,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `cipher` - 允许使用的密码(ciphers)算法。如果未指定,则使用适当的算法 + +SSH 代理设置: + +* `proxy_host` - 代理主机 +* `proxy_port` - 代理端口,默认为 `22` +* `proxy_username` - 代理用户名 +* `proxy_password` - 代理密码 +* `proxy_passphrase` - 密码通常用于加密私有密钥 +* `proxy_timeout` - SSH 连接至代理主机的超时时间,默认为 `30s` +* `proxy_key` - SSH 代理私有密钥内容 +* `proxy_key_path` - SSH 代理私有密钥路径 +* `proxy_fingerprint` - 代理主机公钥的 SHA256 指纹,默认为跳过验证 +* `proxy_use_insecure_cipher` - 使用不安全的加密方式,详见 [#56](https://github.com/appleboy/ssh-action/issues/56) +* `proxy_cipher` - 允许的加密算法。如果未指定,则使用合理的算法 + +## 使用方法 + +执行远程 SSH 命令 + +```yaml +name: remote ssh command +on: [push] +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +画面输出 + +```sh +======CMD====== +whoami +======END====== +out: *** +============================================== +✅ Successfully executed commands to all host. +============================================== +``` + +### 设置 SSH 密钥 + +请在创建 SSH 密钥并使用 SSH 密钥时遵循以下步骤。最佳做法是在本地机器上创建 SSH 密钥而不是远程机器上。请使用 Github Secrets 中指定的用户名登录。生成 RSA 密钥: + +### 生成 RSA 密钥 + +```bash +ssh-keygen -t rsa -b 4096 -C ”your_email@example.com“ +``` + +### 生成 ed25519 密钥 + +```bash +ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +``` + +将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 + +### 将 RSA 密钥添加到已授权密钥中 + +```bash +cat .ssh/id_rsa.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +``` + +### 将 ed25519 密钥添加到已授权密钥中 + +```bash +cat .ssh/id_ed25519.pub | ssh b@B ’cat >> .ssh/authorized_keys‘ +``` + +复制私钥内容,然后将其粘贴到 Github Secrets 中。 + +### 复制 rsa 私钥内容 + +```bash +clip < ~/.ssh/id_rsa +``` + +### 复制 ed25519 私钥内容 + +```bash +clip < ~/.ssh/id_ed25519 +``` + +有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 + +**来自读者的注意事项**: 根据您的 SSH 版本,您可能还需要进行以下更改: + +* 将公钥放在 `.ssh/authorized_keys2` 中 +* 将 `.ssh` 的权限更改为700 +* 将 `.ssh/authorized_keys2` 的权限更改为640 + +### 如果你使用的是 OpenSSH + +如果您正在使用 OpenSSH,并出现以下错误: + +```bash +ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] +``` + +请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 SSH-RSA 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一个附加文件): + +```bash +CASignatureAlgorithms +ssh-rsa +``` + +或者,`Ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA。 + +```bash +ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ +``` + +### Example + +#### 使用密码执行远程 SSH 命令 + +```yaml +- name: executing remote ssh commands using password + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSWORD }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 使用私钥 + +```yaml +- name: executing remote ssh commands using ssh key + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: whoami +``` + +#### 多个命令 + +```yaml +- name: multiple command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +![result](./images/output-result.png) + +#### 多台主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: +- host: ”foo.com“ ++ host: ”foo.com,bar.com“ + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 多个不同端口的主机 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: +- host: ”foo.com“ ++ host: ”foo.com:1234,bar.com:5678“ + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + script: | + whoami + ls -al +``` + +#### 在多台主机上同步执行 + +```diff + - name: multiple host + uses: appleboy/ssh-action@v1.0.3 + with: + host: ”foo.com,bar.com“ ++ sync: true + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} + script: | + whoami + ls -al +``` + +#### 将环境变量传递到 Shell 脚本 + +```diff + - name: pass environment + uses: appleboy/ssh-action@v1.0.3 ++ env: ++ FOO: ”BAR“ ++ BAR: ”FOO“ ++ SHA: ${{ github.sha }} + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ envs: FOO,BAR,SHA + script: | + echo ”I am $FOO“ + echo ”I am $BAR“ + echo ”sha: $SHA“ +``` + +_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ + +#### 在第一次失败后停止脚本 + +> ex: missing `abc` folder + +```diff + - name: stop script if command error + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ script_stop: true + script: | + mkdir abc/def + ls -al +``` + +画面输出: + +```sh +======CMD====== +mkdir abc/def +ls -al + +======END====== +2019/11/21 01:16:21 Process exited with status 1 +err: mkdir: cannot create directory ‘abc/def’: No such file or directory +##[error]Docker run failed with exit code 1 +``` + +#### 如何使用 `ProxyCommand` 连接远程服务器? + +```bash ++———+ +-———+ +————+ +| Laptop | <—> | Jumphost | <—> | FooServer | ++———+ +-———+ +————+ +``` + +在您的 `~/.ssh/config` 文件中,您会看到以下内容。 + +```bash +Host Jumphost + HostName Jumphost + User ubuntu + Port 22 + IdentityFile ~/.ssh/keys/jump_host.pem + +Host FooServer + HostName FooServer + User ubuntu + Port 22 + ProxyCommand ssh -q -W %h:%p Jumphost +``` + +#### 如何将其转换为 GitHubActions 的 YAML 格式? + +```diff + - name: ssh proxy command + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ proxy_host: ${{ secrets.PROXY_HOST }} ++ proxy_username: ${{ secrets.PROXY_USERNAME }} ++ proxy_key: ${{ secrets.PROXY_KEY }} ++ proxy_port: ${{ secrets.PROXY_PORT }} + script: | + mkdir abc/def + ls -al +``` + +#### 如何保护私钥? + +密码短语通常用于加密私钥。这使得攻击者无法单独使用密钥文件。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。因此,保护私钥非常重要。 + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ passphrase: ${{ secrets.PASSPHRASE }} + script: | + whoami + ls -al +``` + +#### 使用主机指纹验证 + +设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa`、 `dsa`等),而 `example.com` 则替换为您的主机。 + +现代 OpenSSH 版本中,需要提取的_默认密钥_类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 + +```sh +ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ‘ -f2 +``` + +现在您可以调整您的配置: + +```diff + - name: ssh key passphrase + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.KEY }} + port: ${{ secrets.PORT }} ++ fingerprint: ${{ secrets.FINGERPRINT }} + script: | + whoami + ls -al +``` + +## 贡献 + +我们非常希望您为 `appleboy/ssh-action` 做出贡献,欢迎提交请求! + +## 授权方式 + +本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 \ No newline at end of file From 58164d0dc2b76ba5c47e110152e94bfbd13ea235 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 22 Sep 2024 08:12:49 +0800 Subject: [PATCH 88/95] chore: remove Dockerfile and related configurations - Remove Dockerfile and its associated configurations Signed-off-by: appleboy --- Dockerfile | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 960d488..0000000 --- a/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM ghcr.io/appleboy/drone-ssh:1.7.7 - -COPY entrypoint.sh /bin/entrypoint.sh - -ENTRYPOINT ["/bin/entrypoint.sh"] From 25ce8cbbcb08177468c7ff7ec5cbfa236f9341e1 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 6 Oct 2024 21:15:22 +0800 Subject: [PATCH 89/95] ci: implement automated release workflow with GoReleaser - Add GitHub Actions workflow for GoReleaser - Configure GoReleaser to skip builds - Set up changelog groups for features, bug fixes, enhancements, refactors, build process updates, and documentation updates Signed-off-by: appleboy --- .github/workflows/goreleaser.yml | 33 ++++++++++++++++++++++++++++++++ .goreleaser.yaml | 28 +++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 .github/workflows/goreleaser.yml create mode 100644 .goreleaser.yaml diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml new file mode 100644 index 0000000..7f1ae24 --- /dev/null +++ b/.github/workflows/goreleaser.yml @@ -0,0 +1,33 @@ +name: Goreleaser + +on: + push: + tags: + - "*" + +permissions: + contents: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup go + uses: actions/setup-go@v5 + with: + go-version: "^1" + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v6 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..01b1081 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,28 @@ +builds: + - # If true, skip the build. + # Useful for library projects. + # Default is false + skip: true + +changelog: + use: github + groups: + - title: Features + regexp: "^.*feat[(\\w)]*:+.*$" + order: 0 + - title: "Bug fixes" + regexp: "^.*fix[(\\w)]*:+.*$" + order: 1 + - title: "Enhancements" + regexp: "^.*chore[(\\w)]*:+.*$" + order: 2 + - title: "Refactor" + regexp: "^.*refactor[(\\w)]*:+.*$" + order: 3 + - title: "Build process updates" + regexp: ^.*?(build|ci)(\(.+\))??!?:.+$ + order: 4 + - title: "Documentation updates" + regexp: ^.*?docs?(\(.+\))??!?:.+$ + order: 4 + - title: Others From bb32884d53eb81279b477ae19ecf3d319978c768 Mon Sep 17 00:00:00 2001 From: appleboy Date: Sun, 6 Oct 2024 21:19:31 +0800 Subject: [PATCH 90/95] chore: enhance CI/CD workflows and documentation formatting - Update `appleboy/ssh-action` from version `v1.0.3` to `v1.1.0` in multiple instances - Fix table formatting in `README.md` Signed-off-by: appleboy --- README.md | 26 +++++++++++++------------- README.zh-cn.md | 26 +++++++++++++------------- README.zh-tw.md | 24 ++++++++++++------------ 3 files changed, 38 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 218ed33..c6dbe2c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ This thing is built using [Golang](https://go.dev) and [drone-ssh](https://githu See [action.yml](./action.yml) for more detailed information. | Input Parameter | Description | Default Value | -|---------------------------|------------------------------------------------------------------------------------------|---------------| +| ------------------------- | ---------------------------------------------------------------------------------------- | ------------- | | host | SSH host address | | | port | SSH port number | 22 | | passphrase | SSH key passphrase | | @@ -66,7 +66,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -182,7 +182,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -195,7 +195,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -208,7 +208,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -225,7 +225,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -243,7 +243,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -258,7 +258,7 @@ The default value of `port` is `22`. ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: "foo.com,bar.com" + sync: true @@ -274,7 +274,7 @@ The default value of `port` is `22`. ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -299,7 +299,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -352,7 +352,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -375,7 +375,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -401,7 +401,7 @@ Now you can adjust you config: ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} diff --git a/README.zh-cn.md b/README.zh-cn.md index 44ac07d..8afa230 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: ”foo.com“ + host: ”foo.com,bar.com“ @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: ”foo.com“ + host: ”foo.com:1234,bar.com:5678“ @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ”foo.com,bar.com“ + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: ”BAR“ + BAR: ”FOO“ @@ -272,7 +272,7 @@ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -390,4 +390,4 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ’ ## 授权方式 -本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 \ No newline at end of file +本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 diff --git a/README.zh-tw.md b/README.zh-tw.md index 9c37b34..b5d64cb 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -157,7 +157,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using password - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -170,7 +170,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: executing remote ssh commands using ssh key - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -183,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```yaml - name: multiple command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -200,7 +200,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com,bar.com" @@ -216,7 +216,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: - host: "foo.com" + host: "foo.com:1234,bar.com:5678" @@ -231,7 +231,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: multiple host - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: "foo.com,bar.com" + sync: true @@ -247,7 +247,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ```diff - name: pass environment - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 + env: + FOO: "BAR" + BAR: "FOO" @@ -272,7 +272,7 @@ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳 ```diff - name: stop script if command error - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -325,7 +325,7 @@ Host FooServer ```diff - name: ssh proxy command - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -346,7 +346,7 @@ Host FooServer ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} @@ -372,7 +372,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' ```diff - name: ssh key passphrase - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1.1.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} From 3f1416813d34f7167832a87fe9607a99b05622a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Tesa=C5=99?= Date: Sun, 13 Oct 2024 03:00:02 +0200 Subject: [PATCH 91/95] fix: typo in success message (#340) Reflects changes made by [drone-ssh#283](https://github.com/appleboy/drone-ssh/pull/283) --- README.md | 6 +++--- README.zh-cn.md | 6 +++--- README.zh-tw.md | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c6dbe2c..347f512 100644 --- a/README.md +++ b/README.md @@ -82,9 +82,9 @@ output: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### Setting up a SSH Key diff --git a/README.zh-cn.md b/README.zh-cn.md index 8afa230..6e7e69d 100644 --- a/README.zh-cn.md +++ b/README.zh-cn.md @@ -74,9 +74,9 @@ jobs: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### 设置 SSH 密钥 diff --git a/README.zh-tw.md b/README.zh-tw.md index b5d64cb..b5674f3 100644 --- a/README.zh-tw.md +++ b/README.zh-tw.md @@ -74,9 +74,9 @@ jobs: whoami ======END====== out: *** -============================================== -✅ Successfully executed commands to all host. -============================================== +=============================================== +✅ Successfully executed commands to all hosts. +=============================================== ``` ### 設置 SSH 金鑰 From 2763143a97c8f9c4e85766b7458183ec99341e81 Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 24 Oct 2024 01:25:39 +0800 Subject: [PATCH 92/95] ci(script): enhance CI workflows and API integration - Change script execution to a multi-line bash script with error handling in GitHub workflow Signed-off-by: appleboy --- .github/workflows/stable.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 86ab7dc..ce98c8e 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -37,7 +37,10 @@ jobs: username: linuxserver.io password: password port: 2222 - script: whoami + script: | + #!/usr/bin/env bash + set -e + whoami check-ssh-key: runs-on: ubuntu-latest From 8b84eaec3a216f1a0a6f56e15a7ab08f9975236a Mon Sep 17 00:00:00 2001 From: appleboy Date: Thu, 24 Oct 2024 01:27:03 +0800 Subject: [PATCH 93/95] ci(script): improve CI robustness and coverage across environments - Change single-line script to multi-line bash script with error handling in GitHub Actions workflow Signed-off-by: appleboy --- .github/workflows/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cfe58fb..e248967 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,10 @@ jobs: username: linuxserver.io password: password port: 2222 - script: whoami + script: | + #!/usr/bin/env bash + set -e + whoami check-ssh-key: runs-on: ubuntu-latest From 703ffa3c1ee959aa3694ac64b3a8a9bfa38c2c20 Mon Sep 17 00:00:00 2001 From: appleboy Date: Mon, 28 Oct 2024 22:36:36 +0800 Subject: [PATCH 94/95] feat(actions): enhance system performance and API integration - Add `proxy_protocol` input with description and default value "tcp" Signed-off-by: appleboy --- action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/action.yml b/action.yml index 4a16472..bf15e25 100644 --- a/action.yml +++ b/action.yml @@ -43,6 +43,9 @@ inputs: description: "SSH proxy username." proxy_password: description: "SSH proxy password." + proxy_protocol: + description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' + default: "tcp" proxy_passphrase: description: "SSH proxy key passphrase." proxy_timeout: From ab698e59d82afb1b65ffe8f70a0d482d744d6239 Mon Sep 17 00:00:00 2001 From: appleboy Date: Mon, 28 Oct 2024 22:37:55 +0800 Subject: [PATCH 95/95] docs(readme): enhance network protocol support and testing - Add `proxy_protocol` option to the README with possible values `tcp`, `tcp4`, `tcp6` and default `tcp` Signed-off-by: appleboy --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 347f512..da31541 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ See [action.yml](./action.yml) for more detailed information. | fingerprint | SHA256 fingerprint of the host public key | | | proxy_host | SSH proxy host | | | proxy_port | SSH proxy port | 22 | +| proxy_protocol | SSH proxy protocol version (tcp, tcp4, tcp6) | tcp | | proxy_username | SSH proxy username | | | proxy_password | SSH proxy password | | | proxy_passphrase | SSH proxy key passphrase | |