actions/ssh-action
0
0
Fork 0
mirror of https://github.com/appleboy/ssh-action.git synced 2025-04-22 00:54:28 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Compare commits

base: actions:v1.1.0
Branches Tags
actions:master
actions:346
actions:testing
actions:v1
actions:v1.2.2
actions:v1.8.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.3
actions:v1.0.2
actions:v1.0.1
actions:v1.0.0
actions:v0.1.10
actions:v0.1.9
actions:v0.1.8
actions:v0.1.7
actions:v0.1.6
actions:v0.1.5
actions:v0.1.4
actions:v0.1.3
actions:v0.1.2
actions:v0.1.1
actions:v0.1.0
actions:v0.0.9
actions:v0.0.8
actions:v0.0.7
actions:v0.0.6
actions:v0.0.5
actions:v0.0.4
actions:v0.0.3
actions:v0.0.2
actions:v0.0.1
...
compare: actions:master
Branches Tags
actions:master
actions:346
actions:testing
actions:v1
actions:v1.2.2
actions:v1.8.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.3
actions:v1.0.2
actions:v1.0.1
actions:v1.0.0
actions:v0.1.10
actions:v0.1.9
actions:v0.1.8
actions:v0.1.7
actions:v0.1.6
actions:v0.1.5
actions:v0.1.4
actions:v0.1.3
actions:v0.1.2
actions:v0.1.1
actions:v0.1.0
actions:v0.0.9
actions:v0.0.8
actions:v0.0.7
actions:v0.0.6
actions:v0.0.5
actions:v0.0.4
actions:v0.0.3
actions:v0.0.2
actions:v0.0.1

44 Commits
v1.1.0 ... master

Author SHA1 Message Date
Bo-Yi Wu
0e19dd962d
chore: improve robustness and consistency across multiple scripts 
- Combine `errexit`, `nounset`, and `pipefail` options into a single `set -euo pipefail` command

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-04-10 16:56:18 +08:00
Bo-Yi Wu
bd83ba7e2b
docs: document and configure drone-ssh version usage (#381) 
- Add `version` entry to README.md specifying drone-ssh binary version usage
- Add `version` entry to README.zh-cn.md specifying drone-ssh version usage in Chinese
- Add `version` entry to README.zh-tw.md specifying drone-ssh version usage in Traditional Chinese
- Add `version` input to action.yml with description for drone-ssh version
- Set DRONE_SSH_VERSION environment variable in action.yml to use specified version input

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-04-10 14:47:33 +08:00
appleboy
9ca1cd2174
docs: document the new curl_insecure configuration option 
- Add `curl_insecure` option to README.md
- Add `curl_insecure` option to README.zh-cn.md
- Add `curl_insecure` option to README.zh-tw.md

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-29 12:46:43 +08:00
appleboy
20d5c5bbc9
feat: add configurable curl insecure flag to GitHub action 
- Add input parameter `curl_insecure` to `action.yml` with a default value of false
- Pass `curl_insecure` input to the action's environment in `action.yml`
- Modify `entrypoint.sh` to conditionally add the `--insecure` option to curl if `INPUT_CURL_INSECURE` is true

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-29 12:43:09 +08:00
appleboy
b27b9f8968
chore: refactor system to improve efficiency and update API usage 
- Update changelog order value from `4` to `5`

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-29 00:29:34 +08:00
appleboy
689de3cf64
docs: improve CLI messaging and error clarity for users 
- Clarify error message for unsupported platforms
- Clarify error message for unsupported architectures
- Change download message to indicate ongoing action
- Expand CLI version header for clarity

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-29 00:27:32 +08:00
Bo-Yi Wu
b6690ee817
refactor: improve error handling and code readability across scripts (#374) 
- Add `log_error` function for error handling
- Simplify the detection of client platform and architecture
- Use `log_error` for unsupported platform or architecture handling
- Use consistent quoting for variable expansions
- Improve readability for `curl` and `chmod` commands
- Simplify the commands for running and capturing stdout

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-29 00:25:15 +08:00
Bo-Yi Wu
52a1840ca6
docs: update SSH action version to v1 in all README files (#372) 
- Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in the README.md file
- Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-cn.md
- Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-tw.md

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-15 15:01:18 +08:00
appleboy
2b3c6504b3
ci: unify and enhance GitHub workflow configurations 
- Update appleboy/ssh-action to use the generic v1 version instead of v1.2.2 for multiple steps within the workflow

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-15 14:57:10 +08:00
appleboy
2ead5e3657
chore: update action version across workflows and documentation 
- Update the version of `appleboy/ssh-action` from `v1.2.1` to `v1.2.2` in multiple files
- Modify the bug report template to reflect the updated action version
- Change the action version in the stable workflow file
- Adjust the action version in the README files for consistency across documentation
- Ensure the action version is updated in both Chinese language README files

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-09 22:08:40 +08:00
appleboy
a0a0326939
docs: clarify parameter descriptions for improved documentation 
- Update descriptions for various input parameters to provide clearer guidance on their usage.
- Enhance the description for the `capture_stdout` parameter to specify its effect on action output.
- Modify the description for the `stdout` output to clarify its relation to the `capture_stdout` setting.

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-09 22:02:08 +08:00
appleboy
b0a8f324e1
chore: bump DRONE_SSH version to 1.8.1 
- Update the default version of DRONE_SSH from 1.8.0 to 1.8.1

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-09 21:54:21 +08:00
appleboy
039c9e07bb
docs: update README with private key instructions in multiple languages 
- Add instructions for copying the private key to GitHub Secrets in English, Chinese (Simplified), and Chinese (Traditional) versions of the README.

ref: https://github.com/appleboy/ssh-action/issues/6#issuecomment-922368411
Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-08 15:55:34 +08:00
appleboy
48992f2e2c
docs: prioritize English in language selection options 
- Change the language options to include English as the first option.

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-08 15:50:53 +08:00
appleboy
01a53594eb
docs: enhance language support and improve documentation clarity 
- Add Simplified Chinese as an option in the language selection
- Improve the phrasing of sentences for clarity in the GitHub Action description
- Update instructions for enabling synchronous execution for multiple hosts
- Clarify the default behavior for the cipher option
- Change the wording for SSH command execution to enhance readability
- Update the username in the example to a specific value
- Revise instructions for copying SSH keys to include installation steps for the `clip` command
- Adjust the phrasing for security practices regarding private key protection
- Update the license statement to specify the MIT license more clearly
- Change section titles for better consistency and clarity across languages

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-08 15:47:51 +08:00
appleboy
d99ccf8c09
docs: improve documentation clarity and consistency 
- Change "GitHub Action" to "A GitHub Action" for clarity.
- Update phrasing from "built using" to "built with" for consistency.
- Revise "Make sure to follow the below steps" to "Follow the steps below" for improved readability.
- Modify "best practice is create" to "It is best practice to create" for grammatical correctness.
- Change "Add newly generated key into Authorized keys" to "Add the newly generated key to the Authorized keys" for clarity.
- Update "Copy Private Key content and paste in Github Secrets" to "Copy the Private Key content and paste it into GitHub Secrets" for consistency.
- Change "install `clip` command" to "install the `clip` command" for grammatical correctness.
- Revise "See the detail information about" to "See detailed information about" for improved readability.
- Update "A note from one of our readers" to "Note: Depending on your version of SSH" for clarity.
- Change "Make sure that your key algorithm of choice is supported" to "Ensure that your chosen key algorithm is supported" for conciseness.
- Revise "Alternatively, `ed25519` keys are accepted by default" to "Alternatively, `ed25519` keys are accepted by default in OpenSSH" for clarity.
- Update "if you are running a command in a non interactive shell" to "If you are running a command in a non-interactive shell" for grammatical correctness.

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-03-08 15:42:40 +08:00
Bo-Yi Wu
92737056c0
docs: improve documentation and defaults for execution and security 
- Clarify that synchronous execution is enabled if multiple hosts are specified
- Specify that sensible defaults are used for allowed cipher algorithms if unspecified
- Clarify that environment variables are passed to the shell script

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-03-07 08:10:39 +08:00
Seth Landry
9817ef4a17
docs(readme): set -e for script_stop functionality (#368) 
Fixes #367

Add a note in the "Input variables" section of `README.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option.

Add a note in the "输入变量" section of `README.zh-cn.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option.

Add a note in the "輸入變數" section of `README.zh-tw.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/appleboy/ssh-action/issues/367?shareId=XXXX-XXXX-XXXX-XXXX).
 2025-02-24 20:31:51 +08:00
Bo-Yi Wu
8faa84277b
chore: standardize formatting and update dependencies in workflows 
- Change the title format in the bug report template from single quotes to double quotes
- Update `appleboy/ssh-action` version from `v1.2.0` to `v1.2.1` in multiple workflow files
- Remove unnecessary blank lines in the bug report template

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-02-19 17:50:00 +08:00
Bo-Yi Wu
49751ff516
docs: standardize script_file naming to script_path in documentation (#360) 
- Rename `script_file` to `script_path` in README.md
- Rename `script_file` to `script_path` in README.zh-cn.md
- Rename `script_file` to `script_path` in README.zh-tw.md

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-01-03 10:17:01 +08:00
Bo-Yi Wu
86aa40ddb7
ci: add SSH server testing to GitHub Actions workflow 
- Add a new job `testing-script-error` to the GitHub Actions workflow
- Use `actions/checkout@v4` to check out the code
- Create and run a new SSH server container using `lscr.io/linuxserver/openssh-server:latest`
- Capture the container's IP address and set it as an environment variable
- Add a step to test script errors with `continue-on-error: true`
- Configure the test script to connect to the SSH server and run a command that will fail (`ls /nonexistent`)

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-01-03 09:31:39 +08:00
Bo-Yi Wu
66aa4d343b
ci: add SSH testing job to GitHub Actions workflow (#355) 
* ci: add SSH testing job to GitHub Actions workflow

https://github.com/appleboy/ssh-action/issues/335#issuecomment-2372414496

- Add a new job `testing-script-stop` to the GitHub Actions workflow
- Set up an SSH server using a Docker container within the new job
- Capture the container's IP address and store it in the GitHub environment
- Add a step to run an SSH command with stdout capture
- Include a script to test conditional logic within the SSH command
- Add a step to check and print the captured stdout from the SSH command

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* ci: improve GitHub Actions workflow with conditional checks

- Add conditional checks in GitHub Actions workflow to handle 'True' and 'False' outputs

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* ci: standardize naming and validation of stdout steps

- Rename `stdout` step to `stdout01` in the GitHub Actions workflow
- Rename `check stdout` step to `check stdout 01`
- Update references to `stdout` to `stdout01` in echo and grep commands
- Add a new step `stdout02` for SSH command execution with stdout capture
- Add a new step `check stdout 02` to validate the output of `stdout02` step

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2024-12-05 16:23:32 +08:00
Jesse
102c0d2e5f
feat: capture stdout and store as output (#287) 2024-12-04 09:49:35 +08:00
Bo-Yi Wu
e13c387332
ci(action): display an environment variable with special characters (#351) 
- Add a new job `testing07` with steps to set environment variables and create an SSH server container
- Set a special character password in environment variables
- Run a Docker container for an OpenSSH server and capture its IP address
- Add steps to SSH into the server using username and password authentication

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-12-02 23:19:33 +08:00
Bo-Yi Wu
1c1ad10f6d
ci(action): remove script stop functionality from project (#350) 
- Remove the `stop script if command error` step from GitHub workflows
- Remove the `script_stop` option from the README and its translations
- Remove the `script_stop` input from `action.yml`

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-12-02 21:25:26 +08:00
appleboy
48531853a7
docs(readme): refactor README files to improve language link structure 
- Combine language links into a single line in `README.md`
- Add links to English and Traditional Chinese README in `README.zh-cn.md`
- Combine language links into a single line in `README.zh-tw.md`

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-12-01 10:12:22 +08:00
appleboy
b76e6173e8
docs(readme): standardize and format README files across languages 
- Remove an empty line in `README.md`
- Replace underscores with bold formatting for default key types in `README.zh-cn.md` and `README.zh-tw.md`
- Standardize list formatting in `README.md`, `README.zh-cn.md`, and `README.zh-tw.md`

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-12-01 10:10:43 +08:00
appleboy
6137f733fb
docs: improve project documentation and organization 
- Add a project description mentioning the use of Golang and drone-ssh
- Replace the list of input variables with a table format for better readability and organization

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-23 23:30:59 +08:00
Kyle Leonhard
43d4ebbb72
chore: Add test to stable workflow for script_path (#347) 2024-11-18 08:57:32 +08:00
appleboy
a9e2fdf08d
docs(readme): improve README structure and add new input variables 
- Update title to remove redundant "用於"
- Add links to English and Simplified Chinese versions of the README
- Add a note about the project using Golang and drone-ssh
- Replace detailed input variable descriptions with a table format
- Add new input variables `protocol`, `proxy_protocol`, `envs_format`, `allenvs`, and `request_pty`
- Update usage section to refer to `action.yml` for detailed information

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 16:00:24 +08:00
appleboy
cec69ef231
docs(readme): standardize terminology and capitalization across project 
- Capitalize "SSH" in multiple instances for consistency
- Change "This thing" to "This project" for clarity and professionalism
- Capitalize "Pass" in the description of the `allenvs` option

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 15:53:54 +08:00
appleboy
a8952ebe2a
docs(readme): update documentation for GitHub Actions and Docker support 
- Update README badges to reflect the new GitHub Actions workflow
- Remove outdated information about Linux Docker container support in README files

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 15:51:42 +08:00
appleboy
8fdfeb034e
chore(github): update appleboy/ssh-action to version v1.2.0 across workflows 
- Update `appleboy/ssh-action` from version `v1.0.3` to `v1.2.0` in bug report template
- Update `appleboy/ssh-action` from version `v1.0.3` to `v1.2.0` in stable workflow

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 15:17:02 +08:00
appleboy
7eaf76671a
docs(readme): update SSH action and enhance Chinese README files 
- Update `appleboy/ssh-action` from version `v1.1.0` to `v1.2.0` in multiple instances
- Add `script_file` option to the Chinese (Simplified) and Chinese (Traditional) README files
- Add example for executing commands from a file in the Chinese (Simplified) and Chinese (Traditional) README files

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 15:08:23 +08:00
appleboy
176437b548
chore: refactor codebase for improved consistency and performance 
- Change the username from `${{ secrets.USERNAME }}` to `linuxserver.io`
- Update the output from `***` to `linuxserver.io`

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 15:05:56 +08:00
appleboy
25259c3d50
fix: refactor and enhance API and testing infrastructure 
- Update DRONE_SSH_VERSION from 1.7.7 to 1.8.0
- Add missing case statement terminator in detect_client_info function

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 15:02:20 +08:00
appleboy
bf84378588
refactor: refactor codebase and improve API performance 
-

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-11-17 15:00:26 +08:00
Kyle Leonhard
362a7f1677
chore: support running commands from a file (#341) 2024-11-17 14:57:46 +08:00
appleboy
ab698e59d8
docs(readme): enhance network protocol support and testing 
- Add `proxy_protocol` option to the README with possible values `tcp`, `tcp4`, `tcp6` and default `tcp`

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-10-28 22:37:55 +08:00
appleboy
703ffa3c1e
feat(actions): enhance system performance and API integration 
- Add `proxy_protocol` input with description and default value "tcp"

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-10-28 22:36:36 +08:00
appleboy
8b84eaec3a
ci(script): improve CI robustness and coverage across environments 
- Change single-line script to multi-line bash script with error handling in GitHub Actions workflow

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-10-24 01:27:03 +08:00
appleboy
2763143a97
ci(script): enhance CI workflows and API integration 
- Change script execution to a multi-line bash script with error handling in GitHub workflow

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-10-24 01:25:46 +08:00
Lukáš Tesař
3f1416813d
fix: typo in success message (#340) 
Reflects changes made by [drone-ssh#283](https://github.com/appleboy/drone-ssh/pull/283)
 2024-10-13 09:00:02 +08:00
appleboy
bb32884d53
chore: enhance CI/CD workflows and documentation formatting 
- Update `appleboy/ssh-action` from version `v1.0.3` to `v1.1.0` in multiple instances
- Fix table formatting in `README.md`

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2024-10-06 21:19:31 +08:00
10 changed files with 681 additions and 463 deletions
Show Stats Expand all files Collapse all files

6
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -1,10 +1,9 @@
--- ---
name: Bug report name: Bug report
about: Create a report to help us improve about: Create a report to help us improve
title: '' title: ""
labels: bug labels: bug
assignees: appleboy assignees: appleboy
--- ---
## Describe the bug ## Describe the bug
@ -19,13 +18,12 @@ Please post your Yaml configuration file along with the output results.
name: remote ssh command name: remote ssh command
on: [push] on: [push]
jobs: jobs:
build: build:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: executing remote ssh commands using password - name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1.2.2
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}

251
.github/workflows/main.yml vendored
View File

@ -37,7 +37,19 @@ jobs:
username: linuxserver.io username: linuxserver.io
password: password password: password
port: 2222 port: 2222
script: whoami script: |
#!/usr/bin/env bash
set -e
whoami
- name: ssh commands from a file
uses: ./
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
port: 2222
script_path: testdata/test.sh
check-ssh-key: check-ssh-key:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -111,22 +123,6 @@ jobs:
port: 2222 port: 2222
script: whoami script: whoami
- name: stop script if command error
uses: ./
continue-on-error: true
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
key: password
port: 2222
script_stop: true
sync: true
debug: true
script: |
mkdir abc/def
ls -al
support-key-passphrase: support-key-passphrase:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -203,7 +199,6 @@ jobs:
key: ${{ env.PRIVATE_KEY }} key: ${{ env.PRIVATE_KEY }}
port: 2222 port: 2222
passphrase: 1234 passphrase: 1234
script_stop: true
script: | script: |
ls \ ls \
-lah -lah
@ -280,7 +275,6 @@ jobs:
username: linuxserver.io username: linuxserver.io
key: ${{ env.PRIVATE_KEY }} key: ${{ env.PRIVATE_KEY }}
passphrase: 1234 passphrase: 1234
script_stop: true
script: | script: |
whoami whoami
@ -476,7 +470,6 @@ jobs:
username: linuxserver.io username: linuxserver.io
key: ${{ env.PRIVATE_KEY }} key: ${{ env.PRIVATE_KEY }}
port: 2222 port: 2222
script_stop: true
request_pty: true request_pty: true
command_timeout: 30s command_timeout: 30s
script: | script: |
@ -511,3 +504,221 @@ jobs:
command_timeout: 30s command_timeout: 30s
script: | script: |
whoami whoami
testing07:
name: some special character
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: Set Environment Variables
run: |
PASS='3HUS$?8kLu)}'
printf "PASS=${PASS}" >> $GITHUB_ENV
- name: create new ssh server
run: |
docker run -d \
--name=openssh-server \
--hostname=openssh-server \
-p 2222:2222 \
-e SUDO_ACCESS=false \
-e PASSWORD_ACCESS=true \
-e USER_PASSWORD='${{ env.PASS }}' \
-e USER_NAME=linuxserver.io \
--restart unless-stopped \
lscr.io/linuxserver/openssh-server:latest
docker exec openssh-server sh -c "hostname -i" > ip.txt
echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
cat ip.txt >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
echo "======= container ip address ========="
cat ip.txt
echo "======================================"
sleep 2
- name: ssh by username and password
uses: ./
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: ${{ env.PASS }}
port: 2222
script: |
#!/usr/bin/env bash
set -e
whoami
testing-capturing-output:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: create new ssh server
run: |
docker run -d \
--name=openssh-server \
--hostname=openssh-server \
-p 2222:2222 \
-e SUDO_ACCESS=false \
-e PASSWORD_ACCESS=true \
-e USER_PASSWORD=password \
-e USER_NAME=linuxserver.io \
--restart unless-stopped \
lscr.io/linuxserver/openssh-server:latest
docker exec openssh-server sh -c "hostname -i" > ip.txt
echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
cat ip.txt >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
echo "======= container ip address ========="
cat ip.txt
echo "======================================"
sleep 2
- id: stdout
name: ssh command with stdout
uses: ./
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
port: 2222
capture_stdout: true
script: |
#!/usr/bin/env bash
set -e
whoami
- name: check stdout
run: |
echo "stdout: ${{ steps.stdout.outputs.stdout }}"
testing-script-stop:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: create new ssh server
run: |
docker run -d \
--name=openssh-server \
--hostname=openssh-server \
-p 2222:2222 \
-e SUDO_ACCESS=false \
-e PASSWORD_ACCESS=true \
-e USER_PASSWORD=password \
-e USER_NAME=linuxserver.io \
--restart unless-stopped \
lscr.io/linuxserver/openssh-server:latest
docker exec openssh-server sh -c "hostname -i" > ip.txt
echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
cat ip.txt >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
echo "======= container ip address ========="
cat ip.txt
echo "======================================"
sleep 2
- id: stdout01
name: ssh command with stdout 01
uses: ./
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
port: 2222
capture_stdout: true
script: |
#!/usr/bin/env bash
set -e
echo "TMP TESTING IF"
if [[ "2" == "1" ]]; then
echo "True"
else
echo "False"
fi
- name: check stdout 01
run: |
echo "stdout: ${{ steps.stdout01.outputs.stdout }}"
if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "True"; then
echo "Output contains 'True'"
exit 1
fi
if echo "${{ steps.stdout01.outputs.stdout }}" | grep -q "False"; then
echo "Output contains 'False'"
fi
- id: stdout02
name: ssh command with stdout 01
uses: ./
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
port: 2222
capture_stdout: true
script: |
#!/usr/bin/env bash
set -e
echo "TMP TESTING IF"
if [[ "1" == "1" ]]; then
echo "True"
else
echo "False"
fi
- name: check stdout 02
run: |
echo "stdout: ${{ steps.stdout02.outputs.stdout }}"
if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "False"; then
echo "Output contains 'False'"
exit 1
fi
if echo "${{ steps.stdout02.outputs.stdout }}" | grep -q "True"; then
echo "Output contains 'True'"
fi
testing-script-error:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: create new ssh server
run: |
docker run -d \
--name=openssh-server \
--hostname=openssh-server \
-p 2222:2222 \
-e SUDO_ACCESS=false \
-e PASSWORD_ACCESS=true \
-e USER_PASSWORD=password \
-e USER_NAME=linuxserver.io \
--restart unless-stopped \
lscr.io/linuxserver/openssh-server:latest
docker exec openssh-server sh -c "hostname -i" > ip.txt
echo "REMOTE_HOST<<EOF" >> $GITHUB_ENV
cat ip.txt >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
echo "======= container ip address ========="
cat ip.txt
echo "======================================"
sleep 2
- name: test script error
uses: ./
continue-on-error: true
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
port: 2222
capture_stdout: true
script: |
#!/usr/bin/env bash
set -e
ls /nonexistent

63
.github/workflows/stable.yml vendored
View File

@ -31,13 +31,25 @@ jobs:
sleep 2 sleep 2
- name: ssh by username and password - name: ssh by username and password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
password: password password: password
port: 2222 port: 2222
script: whoami script: |
#!/usr/bin/env bash
set -e
whoami
- name: ssh commands from a file
uses: appleboy/ssh-action@v1
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
port: 2222
script_path: testdata/test.sh
check-ssh-key: check-ssh-key:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -83,7 +95,7 @@ jobs:
sleep 2 sleep 2
- name: ssh by private key - name: ssh by private key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
@ -92,7 +104,7 @@ jobs:
script: whoami script: whoami
- name: wrong password but correct key - name: wrong password but correct key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
@ -102,7 +114,7 @@ jobs:
script: whoami script: whoami
- name: correct password but wrong key - name: correct password but wrong key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
@ -111,22 +123,6 @@ jobs:
port: 2222 port: 2222
script: whoami script: whoami
- name: stop script if command error
uses: appleboy/ssh-action@v1.0.3
continue-on-error: true
with:
host: ${{ env.REMOTE_HOST }}
username: linuxserver.io
password: password
key: password
port: 2222
script_stop: true
sync: true
debug: true
script: |
mkdir abc/def
ls -al
support-key-passphrase: support-key-passphrase:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -171,7 +167,7 @@ jobs:
sleep 2 sleep 2
- name: ssh key passphrase - name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
@ -183,7 +179,7 @@ jobs:
ls -al ls -al
- name: missing ssh key passphrase - name: missing ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
continue-on-error: true continue-on-error: true
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
@ -196,14 +192,13 @@ jobs:
# https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
- name: Multiline SSH commands interpreted as single lines - name: Multiline SSH commands interpreted as single lines
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
key: ${{ env.PRIVATE_KEY }} key: ${{ env.PRIVATE_KEY }}
port: 2222 port: 2222
passphrase: 1234 passphrase: 1234
script_stop: true
script: | script: |
ls \ ls \
-lah -lah
@ -274,13 +269,12 @@ jobs:
# https://github.com/appleboy/ssh-action/issues/85 # https://github.com/appleboy/ssh-action/issues/85
- name: Deployment to multiple hosts with different ports - name: Deployment to multiple hosts with different ports
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222"
username: linuxserver.io username: linuxserver.io
key: ${{ env.PRIVATE_KEY }} key: ${{ env.PRIVATE_KEY }}
passphrase: 1234 passphrase: 1234
script_stop: true
script: | script: |
whoami whoami
@ -328,7 +322,7 @@ jobs:
sleep 2 sleep 2
- name: testing id_ed25519 key - name: testing id_ed25519 key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
@ -381,7 +375,7 @@ jobs:
sleep 2 sleep 2
- name: testing id_ed25519 key - name: testing id_ed25519 key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
@ -392,7 +386,7 @@ jobs:
ls -al ls -al
- name: pass environment - name: pass environment
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
env: env:
FOO: "BAR" FOO: "BAR"
with: with:
@ -406,7 +400,7 @@ jobs:
echo "I am $BAR, thanks" echo "I am $BAR, thanks"
- name: pass multiple environment - name: pass multiple environment
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
env: env:
FOO: "BAR" FOO: "BAR"
BAR: "FOO" BAR: "FOO"
@ -425,7 +419,7 @@ jobs:
echo "port: $PORT" echo "port: $PORT"
- name: custom envs format - name: custom envs format
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
env: env:
FOO: "BAR" FOO: "BAR"
AAA: "BBB" AAA: "BBB"
@ -443,7 +437,7 @@ jobs:
echo "I am $TEST_AAA, thanks" echo "I am $TEST_AAA, thanks"
- name: pass all ENV variables to script - name: pass all ENV variables to script
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
env: env:
INPUT_FOO: "BAR" INPUT_FOO: "BAR"
INPUT_AAA: "BBB" INPUT_AAA: "BBB"
@ -460,13 +454,12 @@ jobs:
echo "$GITHUB_REF" echo "$GITHUB_REF"
- name: switch to root user - name: switch to root user
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ env.REMOTE_HOST }} host: ${{ env.REMOTE_HOST }}
username: linuxserver.io username: linuxserver.io
key: ${{ env.PRIVATE_KEY }} key: ${{ env.PRIVATE_KEY }}
port: 2222 port: 2222
script_stop: true
request_pty: true request_pty: true
command_timeout: 30s command_timeout: 30s
script: | script: |

2
.goreleaser.yaml
View File

@ -24,5 +24,5 @@ changelog:
order: 4 order: 4
- title: "Documentation updates" - title: "Documentation updates"
regexp: ^.*?docs?(\(.+\))??!?:.+$ regexp: ^.*?docs?(\(.+\))??!?:.+$
order: 4 order: 5
- title: Others - title: Others

143
README.md
View File

@ -1,33 +1,30 @@
# 🚀 SSH for GitHub Actions # 🚀 SSH for GitHub Actions
[繁體中文](./README.zh-tw.md) English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md)
[简体中文](./README.zh-cn.md)
[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. A [GitHub Action](https://github.com/features/actions) for executing remote SSH commands.
![ssh workflow](./images/ssh-workflow.png) ![ssh workflow](./images/ssh-workflow.png)
[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
**Important**: Only support **Linux** [docker](https://www.docker.com/) container. This project is built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀
This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀
## Input variables ## Input variables
See [action.yml](./action.yml) for more detailed information. Refer to [action.yml](./action.yml) for more detailed information.
| Input Parameter | Description | Default Value | | Input Parameter | Description | Default Value |
|---------------------------|------------------------------------------------------------------------------------------|---------------| | ------------------------- | ---------------------------------------------------------------------------------------- | ------------- |
| host | SSH host address | | | host | SSH host address | |
| port | SSH port number | 22 | | port | SSH port number | 22 |
| passphrase | SSH key passphrase | | | passphrase | SSH key passphrase | |
| username | SSH username | | | username | SSH username | |
| password | SSH password | | | password | SSH password | |
| protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp | | protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp |
| sync | Enable synchronous execution if multiple hosts | false | | sync | Enable synchronous execution if multiple hosts are specified | false |
| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false | | use_insecure_cipher | Include more ciphers with use_insecure_cipher | false |
| cipher | Allowed cipher algorithms. If unspecified, a sensible default | | | cipher | Allowed cipher algorithms. If unspecified, sensible defaults are used | |
| timeout | Timeout duration for SSH to host | 30s | | timeout | Timeout duration for SSH to host | 30s |
| command_timeout | Timeout duration for SSH command | 10m | | command_timeout | Timeout duration for SSH command | 10m |
| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | | | key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | |
@ -35,6 +32,7 @@ See [action.yml](./action.yml) for more detailed information.
| fingerprint | SHA256 fingerprint of the host public key | | | fingerprint | SHA256 fingerprint of the host public key | |
| proxy_host | SSH proxy host | | | proxy_host | SSH proxy host | |
| proxy_port | SSH proxy port | 22 | | proxy_port | SSH proxy port | 22 |
| proxy_protocol | SSH proxy protocol version (tcp, tcp4, tcp6) | tcp |
| proxy_username | SSH proxy username | | | proxy_username | SSH proxy username | |
| proxy_password | SSH proxy password | | | proxy_password | SSH proxy password | |
| proxy_passphrase | SSH proxy key passphrase | | | proxy_passphrase | SSH proxy key passphrase | |
@ -45,31 +43,34 @@ See [action.yml](./action.yml) for more detailed information.
| proxy_cipher | Allowed cipher algorithms for the proxy | | | proxy_cipher | Allowed cipher algorithms for the proxy | |
| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false | | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false |
| script | Execute commands | | | script | Execute commands | |
| script_stop | Stop script after first failure | false | | script_path | Execute commands from a file | |
| envs | Pass environment variables to shell script | | | envs | Pass environment variables to the shell script | |
| envs_format | Flexible configuration of environment value transfer | | | envs_format | Flexible configuration of environment value transfer | |
| debug | Enable debug mode | false | | debug | Enable debug mode | false |
| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false | | allenvs | Pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false |
| request_pty | Request a pseudo-terminal from the server | false | | request_pty | Request a pseudo-terminal from the server | false |
| curl_insecure | Allow curl to connect to SSL sites without certificates | false |
| version | drone-ssh binary version. If not specified, the latest version will be used. | |
**Note:** Users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option.
## Usage ## Usage
Executing remote ssh commands. Executing remote SSH commands.
```yaml ```yaml
name: remote ssh command name: remote ssh command
on: [push] on: [push]
jobs: jobs:
build: build:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: executing remote ssh commands using password - name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: linuxserver.io
password: ${{ secrets.PASSWORD }} password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }} port: ${{ secrets.PORT }}
script: whoami script: whoami
@ -81,17 +82,17 @@ output:
======CMD====== ======CMD======
whoami whoami
======END====== ======END======
out: *** linuxserver.io
============================================== ===============================================
✅ Successfully executed commands to all host. ✅ Successfully executed commands to all hosts.
============================================== ===============================================
``` ```
### Setting up a SSH Key ### Setting up a SSH Key
Make sure to follow the below steps while creating SSH Keys and using them. Follow the steps below to create and use SSH Keys.
The best practice is create the SSH Keys on local machine not remote machine. It is best practice to create SSH Keys on your local machine, not on a remote machine.
Login with username specified in Github Secrets. Generate a RSA Key-Pair: Log in with the username specified in GitHub Secrets and generate an RSA Key-Pair:
### Generate rsa key ### Generate rsa key
@ -105,7 +106,7 @@ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
``` ```
Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). Add the newly generated key to the Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
### Add rsa key into Authorized keys ### Add rsa key into Authorized keys
@ -119,18 +120,18 @@ cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
``` ```
Copy Private Key content and paste in Github Secrets. Copy the Private Key content and paste it into GitHub Secrets.
### Copy rsa Private key ### Copy rsa Private key
Before copying the private key, install `clip` command as shown below: Before copying the private key, install the `clip` command as shown below:
```bash ```bash
# Ubuntu # Ubuntu
sudo apt-get install xclip sudo apt-get install xclip
``` ```
copy the private key: Copy the private key:
```bash ```bash
# macOS # macOS
@ -139,6 +140,8 @@ pbcopy < ~/.ssh/id_rsa
xclip < ~/.ssh/id_rsa xclip < ~/.ssh/id_rsa
``` ```
Starting from and including the comment section `-----BEGIN OPENSSH PRIVATE KEY-----` and ending at and including the comment section `-----END OPENSSH PRIVATE KEY-----`, copy the private key and paste it into GitHub Secrets.
### Copy ed25519 Private key ### Copy ed25519 Private key
```bash ```bash
@ -148,13 +151,13 @@ pbcopy < ~/.ssh/id_ed25519
xclip < ~/.ssh/id_ed25519 xclip < ~/.ssh/id_ed25519
``` ```
See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). See detailed information about [SSH login without a password](http://www.linuxproblem.org/art_9.html).
**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: **Note**: Depending on your version of SSH, you might also need to make the following changes:
* Put the public key in `.ssh/authorized_keys2` - Put the public key in `.ssh/authorized_keys2`
* Change the permissions of `.ssh` to 700 - Change the permissions of `.ssh` to 700
* Change the permissions of `.ssh/authorized_keys2` to 640 - Change the permissions of `.ssh/authorized_keys2` to 640
### If you are using OpenSSH ### If you are using OpenSSH
@ -164,13 +167,13 @@ If you are currently using OpenSSH and are getting the following error:
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
``` ```
Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): Ensure that your chosen key algorithm is supported. On Ubuntu 20.04 or later, you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`):
```bash ```bash
CASignatureAlgorithms +ssh-rsa CASignatureAlgorithms +ssh-rsa
``` ```
Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: Alternatively, `ed25519` keys are accepted by default in OpenSSH. You can use this instead of rsa if needed:
```bash ```bash
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
@ -182,7 +185,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```yaml ```yaml
- name: executing remote ssh commands using password - name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -195,7 +198,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```yaml ```yaml
- name: executing remote ssh commands using ssh key - name: executing remote ssh commands using ssh key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -208,7 +211,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```yaml ```yaml
- name: multiple command - name: multiple command
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -221,11 +224,24 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
![result](./images/output-result.png) ![result](./images/output-result.png)
#### Commands from a file
```yaml
- name: file commands
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_path: scripts/script.sh
```
#### Multiple Hosts #### Multiple Hosts
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
- host: "foo.com" - host: "foo.com"
+ host: "foo.com,bar.com" + host: "foo.com,bar.com"
@ -243,7 +259,7 @@ The default value of `port` is `22`.
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
- host: "foo.com" - host: "foo.com"
+ host: "foo.com:1234,bar.com:5678" + host: "foo.com:1234,bar.com:5678"
@ -258,7 +274,7 @@ The default value of `port` is `22`.
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: "foo.com,bar.com" host: "foo.com,bar.com"
+ sync: true + sync: true
@ -274,7 +290,7 @@ The default value of `port` is `22`.
```diff ```diff
- name: pass environment - name: pass environment
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
+ env: + env:
+ FOO: "BAR" + FOO: "BAR"
+ BAR: "FOO" + BAR: "FOO"
@ -293,37 +309,6 @@ The default value of `port` is `22`.
_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._ _Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._
#### Stop script after first failure
> ex: missing `abc` folder
```diff
- name: stop script if command error
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ script_stop: true
script: |
mkdir abc/def
ls -al
```
output:
```sh
======CMD======
mkdir abc/def
ls -al
======END======
2019/11/21 01:16:21 Process exited with status 1
err: mkdir: cannot create directory abc/def: No such file or directory
##[error]Docker run failed with exit code 1
```
#### How to connect remote server using `ProxyCommand`? #### How to connect remote server using `ProxyCommand`?
```bash ```bash
@ -352,7 +337,7 @@ Host FooServer
```diff ```diff
- name: ssh proxy command - name: ssh proxy command
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -375,7 +360,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an
```diff ```diff
- name: ssh key passphrase - name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -401,7 +386,7 @@ Now you can adjust you config:
```diff ```diff
- name: ssh key passphrase - name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -419,7 +404,7 @@ Now you can adjust you config:
See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution. See the [issue comment](https://github.com/appleboy/ssh-action/issues/31#issuecomment-1006565847) about interactive vs non interactive shell. Thanks @kocyigityunus for the solution.
Basically, if you are running a command in a non interactive shell, like ssh-action, on many linux distros, If you are running a command in a non-interactive shell, like ssh-action, on many Linux distros,
`/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path, `/etc/bash.bashrc` file has a specific command that returns only, so some of the files didn't run and some specific commands doesn't add to path,
@ -434,7 +419,7 @@ Basically, if you are running a command in a non interactive shell, like ssh-act
[ -z "$PS1" ] && return` [ -z "$PS1" ] && return`
``` ```
just comment out the line that returns early and everything should work fine, or you can use the real paths of the commands that you would like to use. comment out the line that returns early, and everything should work fine. Alternatively, you can use the real paths of the commands you want to use.
## Contributing ## Contributing

252
README.zh-cn.md
View File

@ -1,98 +1,109 @@
# 🚀 用于 GitHub Actions 的 SSH # 🚀 用于 GitHub Actions 的 SSH
[GitHub Action](https://github.com/features/actions) 用于执行远程 SSH 命令。 [English](./README.md) | [繁體中文](./README.zh-tw.md) | 简体中文
一个用于执行远程 SSH 命令的 [GitHub Action](https://github.com/features/actions)。
![ssh workflow](./images/ssh-workflow.png) ![ssh workflow](./images/ssh-workflow.png)
[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
**注意** 只支持在 **Linux** [docker](https://www.docker.com/) 容器上执行。 该项目使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建。🚀
## 输入变量 ## 输入变量
更详细的信息,请参考 [action.yml](./action.yml)。 有关更详细的信息,请参阅 [action.yml](./action.yml)。
* `host` - SSH 主机 | 输入参数 | 描述 | 默认值 |
* `port` - SSH 连接端口,默认为 `22` | ------------------------- | ----------------------------------------------------- | ------ |
* `username` - SSH 用户名称 | host | SSH 主机地址 | |
* `password` - SSH 密码 | port | SSH 端口号 | 22 |
* `passphrase` - 通常用于加密私钥的 passphrase | passphrase | SSH 密钥密码短语 | |
* `sync` - 同步执行多个主机上的命令,默认为 false | username | SSH 用户名 | |
* `timeout` - SSH 连接到远程主机的超时时间,默认为 `30s` | password | SSH 密码 | |
* `command_timeout` - SSH 命令超时时间,默认为 10m | protocol | SSH 协议版本tcp, tcp4, tcp6 | tcp |
* `key` - SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容,请记得包含 BEGIN 和 END 行 | sync | 如果指定了多个主机,则启用同步执行 | false |
* `key_path` - SSH 私钥的路径 | use_insecure_cipher | 使用不安全的密码算法 | false |
* `fingerprint` - 主机公钥的 SHA256 指纹,默认为跳过验证 | cipher | 允许的密码算法。如果未指定,则使用适当的默认值 | |
* `script` - 执行命令 | timeout | SSH 连接到主机的超时时间 | 30s |
* `script_stop` - 当出现第一个错误时停止执行命令 | command_timeout | SSH 命令的超时时间 | 10m |
* `envs` - 传递环境变量到 shell script | key | SSH 私钥的内容,例如 ~/.ssh/id_rsa 的原始内容 | |
* `debug` - 启用调试模式 | key_path | SSH 私钥的路径 | |
* `use_insecure_cipher` - 使用不安全的密码ciphers进行加密详见 [#56](https://github.com/appleboy/ssh-action/issues/56) | fingerprint | 主机公钥的 SHA256 指纹 | |
* `cipher` - 允许使用的密码ciphers算法。如果未指定则使用适当的算法 | proxy_host | SSH 代理主机 | |
| proxy_port | SSH 代理端口 | 22 |
| proxy_protocol | SSH 代理协议版本tcp, tcp4, tcp6 | tcp |
| proxy_username | SSH 代理用户名 | |
| proxy_password | SSH 代理密码 | |
| proxy_passphrase | SSH 代理密钥密码短语 | |
| proxy_timeout | SSH 连接到代理主机的超时时间 | 30s |
| proxy_key | SSH 代理私钥的内容 | |
| proxy_key_path | SSH 代理私钥的路径 | |
| proxy_fingerprint | 代理主机公钥的 SHA256 指纹 | |
| proxy_cipher | 代理允许的密码算法 | |
| proxy_use_insecure_cipher | 使用不安全的密码算法 | false |
| script | 执行命令 | |
| script_path | 从文件执行命令 | |
| envs | 传递环境变量到 shell 脚本 | |
| envs_format | 环境变量传递的灵活配置 | |
| debug | 启用调试模式 | false |
| allenvs | 将带有 `GITHUB_``INPUT_` 前缀的环境变量传递给脚本 | false |
| request_pty | 请求伪终端 | false |
| curl_insecure | 在 curl 中使用不安全的证书验证 | false |
| version | drone-ssh 版本号。若未指定,将使用最新版本。 | |
SSH 代理设置: **注意:** 用户可以在他们的 shell 脚本中添加 `set -e` 以实现类似于已删除的 `script_stop` 选项的功能。
* `proxy_host` - 代理主机
* `proxy_port` - 代理端口,默认为 `22`
* `proxy_username` - 代理用户名
* `proxy_password` - 代理密码
* `proxy_passphrase` - 密码通常用于加密私有密钥
* `proxy_timeout` - SSH 连接至代理主机的超时时间,默认为 `30s`
* `proxy_key` - SSH 代理私有密钥内容
* `proxy_key_path` - SSH 代理私有密钥路径
* `proxy_fingerprint` - 代理主机公钥的 SHA256 指纹,默认为跳过验证
* `proxy_use_insecure_cipher` - 使用不安全的加密方式,详见 [#56](https://github.com/appleboy/ssh-action/issues/56)
* `proxy_cipher` - 允许的加密算法。如果未指定,则使用合理的算法
## 使用方法 ## 使用方法
执行远程 SSH 命令 执行远程 SSH 命令。
```yaml ```yaml
name: remote ssh command name: remote ssh command
on: [push] on: [push]
jobs: jobs:
build: build:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: executing remote ssh commands using password - name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: linuxserver.io
password: ${{ secrets.PASSWORD }} password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }} port: ${{ secrets.PORT }}
script: whoami script: whoami
``` ```
画面输出 输出
```sh ```sh
======CMD====== ======CMD======
whoami whoami
======END====== ======END======
out: *** linuxserver.io
============================================== ===============================================
✅ Successfully executed commands to all host. ✅ Successfully executed commands to all hosts.
============================================== ===============================================
``` ```
### 设置 SSH 密钥 ### 设置 SSH 密钥
请在创建 SSH 密钥并使用 SSH 密钥时遵循以下步骤。最佳做法是在本地机器上创建 SSH 密钥而不是远程机器上。请使用 Github Secrets 中指定的用户名登录。生成 RSA 密钥: 请按照以下步骤创建和使用 SSH 密钥。
最佳做法是在本地机器上创建 SSH 密钥,而不是在远程机器上。
使用 GitHub Secrets 中指定的用户名登录并生成 RSA 密钥对:
### 生成 RSA 密钥 ### 生成 RSA 密钥
```bash ```bash
ssh-keygen -t rsa -b 4096 -C ”your_email@example.com“ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
``` ```
### 生成 ed25519 密钥 ### 生成 ed25519 密钥
```bash ```bash
ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
``` ```
将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。 将新生成的密钥添加到已授权的密钥中。详细了解已授权的密钥请点[此处](https://www.ssh.com/ssh/authorized_keys/)。
@ -100,36 +111,53 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
### 将 RSA 密钥添加到已授权密钥中 ### 将 RSA 密钥添加到已授权密钥中
```bash ```bash
cat .ssh/id_rsa.pub | ssh b@B cat >> .ssh/authorized_keys cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
``` ```
### 将 ed25519 密钥添加到已授权密钥中 ### 将 ed25519 密钥添加到已授权密钥中
```bash ```bash
cat .ssh/id_ed25519.pub | ssh b@B cat >> .ssh/authorized_keys cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
``` ```
复制私钥内容,然后将其粘贴到 Github Secrets 中。 复制私钥内容,然后将其粘贴到 GitHub Secrets 中。
### 复制 rsa 私钥内容 ### 复制 RSA 私钥内容
在复制私钥之前,按照以下步骤安装 `clip` 命令:
```bash ```bash
clip < ~/.ssh/id_rsa # Ubuntu
sudo apt-get install xclip
``` ```
复制私钥:
```bash
# macOS
pbcopy < ~/.ssh/id_rsa
# Ubuntu
xclip < ~/.ssh/id_rsa
```
从包含注释部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 开始,到包含注释部分 `-----END OPENSSH PRIVATE KEY-----` 结束,复制私钥并将其粘贴到 GitHub Secrets 中。
### 复制 ed25519 私钥内容 ### 复制 ed25519 私钥内容
```bash ```bash
clip < ~/.ssh/id_ed25519 # macOS
pbcopy < ~/.ssh/id_ed25519
# Ubuntu
xclip < ~/.ssh/id_ed25519
``` ```
有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。 有关无需密码登录 SSH 的详细信息,请[见该网站](http://www.linuxproblem.org/art_9.html)。
**来自读者的注意事项** 根据您的 SSH 版本,您可能还需要进行以下更改: **注意**:根据您的 SSH 版本,您可能还需要进行以下更改:
* 将公钥放在 `.ssh/authorized_keys2` - 将公钥放在 `.ssh/authorized_keys2`
* 将 `.ssh` 的权限更改为700 - 将 `.ssh` 的权限更改为 700
*`.ssh/authorized_keys2` 的权限更改为640 -`.ssh/authorized_keys2` 的权限更改为 640
### 如果你使用的是 OpenSSH ### 如果你使用的是 OpenSSH
@ -139,25 +167,25 @@ clip < ~/.ssh/id_ed25519
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
``` ```
请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 SSH-RSA 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config``/etc/ssh/sshd_config.d/` 中的一个附加文件): 请确保您所选择的密钥算法得到支持。在 Ubuntu 20.04 或更高版本上,您必须明确允许使用 ssh-rsa 算法。请在 OpenSSH 守护进程文件中添加以下行(它可以是 `/etc/ssh/sshd_config``/etc/ssh/sshd_config.d/` 中的一个附加文件):
```bash ```bash
CASignatureAlgorithms +ssh-rsa CASignatureAlgorithms +ssh-rsa
``` ```
或者,`Ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA。 或者,`ed25519` 密钥在 OpenSSH 中默认被接受。如果需要,您可以使用它来替代 RSA
```bash ```bash
ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
``` ```
### Example ### 示例
#### 使用密码执行远程 SSH 命令 #### 使用密码执行远程 SSH 命令
```yaml ```yaml
- name: executing remote ssh commands using password - name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -170,7 +198,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
```yaml ```yaml
- name: executing remote ssh commands using ssh key - name: executing remote ssh commands using ssh key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -183,7 +211,7 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
```yaml ```yaml
- name: multiple command - name: multiple command
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -196,14 +224,27 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
![result](./images/output-result.png) ![result](./images/output-result.png)
#### 从文件执行命令
```yaml
- name: file commands
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_path: scripts/script.sh
```
#### 多台主机 #### 多台主机
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
- host: ”foo.com“ - host: "foo.com"
+ host: ”foo.com,bar.com“ + host: "foo.com,bar.com"
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }} key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }} port: ${{ secrets.PORT }}
@ -212,14 +253,16 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
ls -al ls -al
``` ```
默认的 `port` 值是 `22`
#### 多个不同端口的主机 #### 多个不同端口的主机
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
- host: ”foo.com“ - host: "foo.com"
+ host: ”foo.com:1234,bar.com:5678“ + host: "foo.com:1234,bar.com:5678"
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }} key: ${{ secrets.KEY }}
script: | script: |
@ -231,9 +274,9 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ”foo.com,bar.com“ host: "foo.com,bar.com"
+ sync: true + sync: true
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }} key: ${{ secrets.KEY }}
@ -243,14 +286,14 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
ls -al ls -al
``` ```
#### 将环境变量传递到 Shell 脚本 #### 将环境变量传递到 shell 脚本
```diff ```diff
- name: pass environment - name: pass environment
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
+ env: + env:
+ FOO: ”BAR“ + FOO: "BAR"
+ BAR: ”FOO“ + BAR: "FOO"
+ SHA: ${{ github.sha }} + SHA: ${{ github.sha }}
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
@ -259,50 +302,19 @@ ssh-keygen -t ed25519 -a 200 -C ”your_email@example.com“
port: ${{ secrets.PORT }} port: ${{ secrets.PORT }}
+ envs: FOO,BAR,SHA + envs: FOO,BAR,SHA
script: | script: |
echo ”I am $FOO“ echo "I am $FOO"
echo ”I am $BAR“ echo "I am $BAR"
echo ”sha: $SHA“ echo "sha: $SHA"
``` ```
_在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_ _在 `env` 对象中,您需要将每个环境变量作为字符串传递,传递 `Integer` 数据类型或任何其他类型可能会产生意外结果。_
#### 在第一次失败后停止脚本
> ex: missing `abc` folder
```diff
- name: stop script if command error
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ script_stop: true
script: |
mkdir abc/def
ls -al
```
画面输出:
```sh
======CMD======
mkdir abc/def
ls -al
======END======
2019/11/21 01:16:21 Process exited with status 1
err: mkdir: cannot create directory abc/def: No such file or directory
##[error]Docker run failed with exit code 1
```
#### 如何使用 `ProxyCommand` 连接远程服务器? #### 如何使用 `ProxyCommand` 连接远程服务器?
```bash ```bash
+———+ +-———+ +————+ +--------+ +----------+ +-----------+
| Laptop | <—> | Jumphost | <—> | FooServer | | Laptop | <--> | Jumphost | <--> | FooServer |
+———+ +-———+ +————+ +--------+ +----------+ +-----------+
``` ```
在您的 `~/.ssh/config` 文件中,您会看到以下内容。 在您的 `~/.ssh/config` 文件中,您会看到以下内容。
@ -325,7 +337,7 @@ Host FooServer
```diff ```diff
- name: ssh proxy command - name: ssh proxy command
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -340,13 +352,13 @@ Host FooServer
ls -al ls -al
``` ```
#### 如何保护私钥 #### 保护私钥
密码短语通常用于加密私钥。这使得攻击者无法单独使密钥文件。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。因此,保护私钥非常重要。 密码短语通常用于加密私钥。这使得密钥文件本身对攻击者无用。文件泄露可能来自备份或停用的硬件,黑客通常可以从受攻击系统中泄露文件。
```diff ```diff
- name: ssh key passphrase - name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -362,17 +374,17 @@ Host FooServer
设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa``dsa`等),而 `example.com` 则替换为您的主机。 设置 SSH 主机指纹验证可以帮助防止中间人攻击。在设置之前,运行以下命令以获取 SSH 主机指纹。请记得将 `ed25519` 替换为您适当的密钥类型(`rsa``dsa`等),而 `example.com` 则替换为您的主机。
现代 OpenSSH 版本中需要提取的_默认密钥_类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。 在现代 OpenSSH 版本中,默认提取的密钥类型是 `rsa`(从版本 5.1 开始)、`ecdsa`(从版本 6.0 开始)和 `ed25519`(从版本 6.7 开始)。
```sh ```sh
ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d -f2 ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
``` ```
现在您可以调整您的配置: 现在您可以调整您的配置:
```diff ```diff
- name: ssh key passphrase - name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -390,4 +402,4 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d
## 授权方式 ## 授权方式
本项目中的脚本和文档采用 [MIT](LICENSE) 许可证 发布。 本项目中的脚本和文档采用 [MIT 许可证](LICENSE) 发布。

190
README.zh-tw.md
View File

@ -1,50 +1,60 @@
# 🚀 用於 GitHub Actions 的 SSH # 🚀 GitHub Actions 的 SSH
[GitHub Action](https://github.com/features/actions) for executing remote ssh commands. [English](./README.md) | 繁體中文 | [简体中文](./README.zh-cn.md)
[GitHub Action](https://github.com/features/actions) 用於執行遠端 SSH 命令。
![ssh workflow](./images/ssh-workflow.png) ![ssh workflow](./images/ssh-workflow.png)
[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions) [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
**注意** 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。 此專案使用 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立。🚀
## 輸入變數 ## 輸入變數
更詳細的資訊,請參閱 [action.yml](./action.yml)。 請參閱 [action.yml](./action.yml) 以獲取更詳細的信息
* `host` - SSH 主機 | 輸入參數 | 描述 | 預設值 |
* `port` - SSH 連接埠,預設為 `22` | ------------------------- | ----------------------------------------------------- | ------ |
* `username` - SSH 使用者名稱 | host | SSH 主機地址 | |
* `password` - SSH 密碼 | port | SSH 埠號 | 22 |
* `passphrase` - 通常用於加密私鑰的 passphrase | passphrase | SSH 金鑰密碼 | |
* `sync` - 同步執行多個主機上的命令,預設為 false | username | SSH 使用者名稱 | |
* `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s` | password | SSH 密碼 | |
* `command_timeout` - SSH 命令超時時間,預設為 10m | protocol | SSH 協議版本 (tcp, tcp4, tcp6) | tcp |
* `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行 | sync | 如果有多個主機,啟用同步執行 | false |
* `key_path` - SSH 私鑰的路徑 | use_insecure_cipher | 包含更多不安全的加密算法 | false |
* `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 | cipher | 允許的加密算法。如果未指定,則使用合理的預設值 | |
* `script` - 執行命令 | timeout | SSH 連接主機的超時時間 | 30s |
* `script_stop` - 當出現第一個錯誤時停止執行命令 | command_timeout | SSH 命令的超時時間 | 10m |
* `envs` - 傳遞環境變數到 shell script | key | SSH 私鑰的內容。例如,~/.ssh/id_rsa 的原始內容 | |
* `debug` - 啟用偵錯模式 | key_path | SSH 私鑰的路徑 | |
* `use_insecure_cipher` - 使用不安全的密碼ciphers進行加密參見 [#56](https://github.com/appleboy/ssh-action/issues/56) | fingerprint | 主機公鑰的 SHA256 指紋 | |
* `cipher` - 允許使用的密碼ciphers演算法。如果未指定則使用適當的演算法 | proxy_host | SSH 代理主機 | |
| proxy_port | SSH 代理埠號 | 22 |
| proxy_protocol | SSH 代理協議版本 (tcp, tcp4, tcp6) | tcp |
| proxy_username | SSH 代理使用者名稱 | |
| proxy_password | SSH 代理密碼 | |
| proxy_passphrase | SSH 代理金鑰密碼 | |
| proxy_timeout | SSH 連接代理主機的超時時間 | 30s |
| proxy_key | SSH 代理私鑰的內容 | |
| proxy_key_path | SSH 代理私鑰的路徑 | |
| proxy_fingerprint | 代理主機公鑰的 SHA256 指紋 | |
| proxy_cipher | 代理允許的加密算法 | |
| proxy_use_insecure_cipher | 包含更多不安全的加密算法 | false |
| script | 執行命令 | |
| script_path | 從文件中執行命令 | |
| envs | 將環境變數傳遞給 shell 腳本 | |
| envs_format | 環境值傳遞的靈活配置 | |
| debug | 啟用調試模式 | false |
| allenvs | 將帶有 `GITHUB_``INPUT_` 前綴的環境變數傳遞給腳本 | false |
| request_pty | 從伺服器請求偽終端 | false |
| curl_insecure | 在 curl 命令中使用不安全的 SSL 證書驗證 | false |
| version | drone-ssh 版本號。若未指定,將使用最新版本。 | |
SSH 代理設置: **注意:** 用戶可以在他們的 shell 腳本中添加 `set -e` 以實現類似於已刪除的 `script_stop` 選項的功能。
* `proxy_host` - 代理主機 ## 用法
* `proxy_port` - 代理端口,預設為 `22`
* `proxy_username` - 代理使用者名稱
* `proxy_password` - 代理密碼
* `proxy_passphrase` - 密碼通常用於加密私有金鑰
* `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s`
* `proxy_key` - SSH 代理私有金鑰內容
* `proxy_key_path` - SSH 代理私有金鑰路徑
* `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證
* `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56)
* `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法
## 使用方式
執行遠端 SSH 命令 執行遠端 SSH 命令
@ -52,16 +62,15 @@ SSH 代理設置:
name: remote ssh command name: remote ssh command
on: [push] on: [push]
jobs: jobs:
build: build:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: executing remote ssh commands using password - name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: linuxserver.io
password: ${{ secrets.PASSWORD }} password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }} port: ${{ secrets.PORT }}
script: whoami script: whoami
@ -73,10 +82,10 @@ jobs:
======CMD====== ======CMD======
whoami whoami
======END====== ======END======
out: *** linuxserver.io
============================================== ===============================================
✅ Successfully executed commands to all host. ✅ Successfully executed commands to all hosts.
============================================== ===============================================
``` ```
### 設置 SSH 金鑰 ### 設置 SSH 金鑰
@ -113,23 +122,40 @@ cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
### 複製 rsa 私鑰內容 ### 複製 rsa 私鑰內容
在複製私鑰之前,請按照以下說明安裝 `clip` 命令:
```bash ```bash
clip < ~/.ssh/id_rsa # Ubuntu
sudo apt-get install xclip
``` ```
複製私鑰:
```bash
# macOS
pbcopy < ~/.ssh/id_rsa
# Ubuntu
xclip < ~/.ssh/id_rsa
```
從包含註釋部分 `-----BEGIN OPENSSH PRIVATE KEY-----` 開始,到包含註釋部分 `-----END OPENSSH PRIVATE KEY-----` 結束,複製私鑰並將其粘貼到 GitHub Secrets 中。
### 複製 ed25519 私鑰內容 ### 複製 ed25519 私鑰內容
```bash ```bash
clip < ~/.ssh/id_ed25519 # macOS
pbcopy < ~/.ssh/id_ed25519
# Ubuntu
xclip < ~/.ssh/id_ed25519
``` ```
有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。
**來自讀者的注意事項** 根據您的 SSH 版本,您可能還需要進行以下更改: **注意**:根據您的 SSH 版本,您可能還需要進行以下更改:
* 將公鑰放在 `.ssh/authorized_keys2` - 將公鑰放在 `.ssh/authorized_keys2`
* 將 `.ssh` 的權限更改為700 - 將 `.ssh` 的權限更改為 700
*`.ssh/authorized_keys2` 的權限更改為640 -`.ssh/authorized_keys2` 的權限更改為 640
### 如果你使用的是 OpenSSH ### 如果你使用的是 OpenSSH
@ -157,7 +183,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```yaml ```yaml
- name: executing remote ssh commands using password - name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -170,7 +196,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```yaml ```yaml
- name: executing remote ssh commands using ssh key - name: executing remote ssh commands using ssh key
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -183,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```yaml ```yaml
- name: multiple command - name: multiple command
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -196,11 +222,24 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
![result](./images/output-result.png) ![result](./images/output-result.png)
#### 從文件中執行命令
```yaml
- name: file commands
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_path: scripts/script.sh
```
#### 多台主機 #### 多台主機
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
- host: "foo.com" - host: "foo.com"
+ host: "foo.com,bar.com" + host: "foo.com,bar.com"
@ -216,7 +255,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
- host: "foo.com" - host: "foo.com"
+ host: "foo.com:1234,bar.com:5678" + host: "foo.com:1234,bar.com:5678"
@ -231,7 +270,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```diff ```diff
- name: multiple host - name: multiple host
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: "foo.com,bar.com" host: "foo.com,bar.com"
+ sync: true + sync: true
@ -247,7 +286,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```diff ```diff
- name: pass environment - name: pass environment
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
+ env: + env:
+ FOO: "BAR" + FOO: "BAR"
+ BAR: "FOO" + BAR: "FOO"
@ -266,37 +305,6 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
_在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_
#### 在第一次失敗後停止腳本
> ex: missing `abc` folder
```diff
- name: stop script if command error
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ script_stop: true
script: |
mkdir abc/def
ls -al
```
畫面輸出:
```sh
======CMD======
mkdir abc/def
ls -al
======END======
2019/11/21 01:16:21 Process exited with status 1
err: mkdir: cannot create directory abc/def: No such file or directory
##[error]Docker run failed with exit code 1
```
#### 如何使用 `ProxyCommand` 連接遠程服務器? #### 如何使用 `ProxyCommand` 連接遠程服務器?
```bash ```bash
@ -325,7 +333,7 @@ Host FooServer
```diff ```diff
- name: ssh proxy command - name: ssh proxy command
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -346,7 +354,7 @@ Host FooServer
```diff ```diff
- name: ssh key passphrase - name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}
@ -362,7 +370,7 @@ Host FooServer
設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa``dsa`等),而 `example.com` 則替換為您的主機。 設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa``dsa`等),而 `example.com` 則替換為您的主機。
現代 OpenSSH 版本中,需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 現代 OpenSSH 版本中,需要提取的**默認金鑰**類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。
```sh ```sh
ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
@ -372,7 +380,7 @@ ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' '
```diff ```diff
- name: ssh key passphrase - name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} username: ${{ secrets.USERNAME }}

91
action.yml
View File

@ -3,75 +3,92 @@ description: "Executing remote ssh commands"
author: "Bo-Yi Wu" author: "Bo-Yi Wu"
inputs: inputs:
host: host:
description: "SSH host address." description: "SSH host address or IP to connect to."
port: port:
description: "SSH port number." description: "SSH port number for the connection."
default: "22" default: "22"
passphrase: passphrase:
description: "Passphrase for the SSH key." description: "Passphrase to decrypt the SSH private key if protected."
username: username:
description: "SSH username." description: "SSH username for authentication on the remote server."
password: password:
description: "SSH password." description: "SSH password for authentication (use secrets for sensitive data)."
protocol: protocol:
description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
default: "tcp" default: "tcp"
sync: sync:
description: "Enable synchronous execution if multiple hosts are involved." description: "When true, executes commands synchronously across multiple hosts (one after another)."
use_insecure_cipher: use_insecure_cipher:
description: "Include more ciphers by using insecure ciphers." description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems."
cipher: cipher:
description: "Allowed cipher algorithms. If unspecified, a sensible default is used." description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults."
timeout: timeout:
description: "Timeout duration for establishing SSH connection to the host." description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'."
default: "30s" default: "30s"
command_timeout: command_timeout:
description: "Timeout duration for SSH commands execution." description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'."
default: "10m" default: "10m"
key: key:
description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa." description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)."
key_path: key_path:
description: "Path to the SSH private key file." description: "Path to the SSH private key file on the runner."
fingerprint: fingerprint:
description: "SHA256 fingerprint of the host public key." description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks."
proxy_host: proxy_host:
description: "SSH proxy host address." description: "Proxy server hostname or IP if connecting through an SSH jump host."
proxy_port: proxy_port:
description: "SSH proxy port number." description: "SSH port number for the proxy connection."
default: "22" default: "22"
proxy_username: proxy_username:
description: "SSH proxy username." description: "Username for authentication on the proxy server."
proxy_password: proxy_password:
description: "SSH proxy password." description: "Password for authentication on the proxy server (use secrets for sensitive data)."
proxy_protocol:
description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
default: "tcp"
proxy_passphrase: proxy_passphrase:
description: "SSH proxy key passphrase." description: "Passphrase to decrypt the proxy SSH private key if protected."
proxy_timeout: proxy_timeout:
description: "Timeout duration for establishing SSH connection to the proxy host." description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'."
default: "30s" default: "30s"
proxy_key: proxy_key:
description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa." description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)."
proxy_key_path: proxy_key_path:
description: "Path to the SSH proxy private key file." description: "Path to the SSH proxy private key file on the runner."
proxy_fingerprint: proxy_fingerprint:
description: "SHA256 fingerprint of the proxy host public key." description: "SHA256 fingerprint of the proxy host public key for verification."
proxy_cipher: proxy_cipher:
description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used." description: "Specify custom cipher algorithms for proxy connection encryption."
proxy_use_insecure_cipher: proxy_use_insecure_cipher:
description: "Include more ciphers for the proxy by using insecure ciphers." description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)."
script: script:
description: "Commands to be executed." description: "Commands to execute on the remote server (inline script string)."
script_stop: script_path:
description: "Stop the script after the first failure." description: "Path to a local file containing commands to execute on the remote server."
envs: envs:
description: "Environment variables to be passed to the shell script." description: "Environment variables to expose to the remote script, format: key=value,key2=value2."
envs_format: envs_format:
description: "Flexible configuration for environment value transfer." description: "Format specification for environment variable transfer (for advanced usage)."
debug: debug:
description: "Enable debug mode." description: "Set to true to enable verbose logging for troubleshooting connection issues."
allenvs: allenvs:
description: "pass all environment variable to shell script." description: "When true, passes all GitHub Actions environment variables to the remote script."
request_pty: request_pty:
description: "Request a pseudo-terminal from the server." description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)."
curl_insecure:
description: "When true, uses the --insecure option with curl for insecure downloads."
default: "false"
capture_stdout:
description: "When true, captures and returns standard output from the commands as action output."
default: "false"
version:
description: |
The version of drone-ssh to use.
outputs:
stdout:
description: "Standard output of the executed commands when capture_stdout is enabled."
value: ${{ steps.entrypoint.outputs.stdout }}
runs: runs:
using: "composite" using: "composite"
@ -81,7 +98,8 @@ runs:
shell: bash shell: bash
env: env:
GITHUB_ACTION_PATH: ${{ github.action_path }} GITHUB_ACTION_PATH: ${{ github.action_path }}
- name: Run entrypoint.sh - id: entrypoint
name: Run entrypoint.sh
run: entrypoint.sh run: entrypoint.sh
shell: bash shell: bash
env: env:
@ -107,7 +125,7 @@ runs:
INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
INPUT_SCRIPT: ${{ inputs.script }} INPUT_SCRIPT: ${{ inputs.script }}
INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} INPUT_SCRIPT_FILE: ${{ inputs.script_path }}
INPUT_ENVS: ${{ inputs.envs }} INPUT_ENVS: ${{ inputs.envs }}
INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} INPUT_ENVS_FORMAT: ${{ inputs.envs_format }}
INPUT_DEBUG: ${{ inputs.debug }} INPUT_DEBUG: ${{ inputs.debug }}
@ -118,6 +136,9 @@ runs:
INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
INPUT_SYNC: ${{ inputs.sync }} INPUT_SYNC: ${{ inputs.sync }}
INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}
INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }}
DRONE_SSH_VERSION: ${{ inputs.version }}
branding: branding:
icon: "terminal" icon: "terminal"

91
entrypoint.sh
View File

@ -1,69 +1,56 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -o errexit set -euo pipefail
set -o nounset
set -o pipefail
export GITHUB="true" export GITHUB="true"
GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}"
DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}"
DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.7}" DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.8.1}"
function log_error() {
echo "$1" >&2
exit "$2"
}
function detect_client_info() { function detect_client_info() {
if [ -n "${SSH_CLIENT_OS-}" ]; then CLIENT_PLATFORM="${SSH_CLIENT_OS:-$(uname -s | tr '[:upper:]' '[:lower:]')}"
CLIENT_PLATFORM="${SSH_CLIENT_OS}" CLIENT_ARCH="${SSH_CLIENT_ARCH:-$(uname -m)}"
else
local kernel
kernel="$(uname -s)"
case "${kernel}" in
Darwin)
CLIENT_PLATFORM="darwin"
;;
Linux)
CLIENT_PLATFORM="linux"
;;
Windows)
CLIENT_PLATFORM="windows"
;;
*)
echo "Unknown, unsupported platform: ${kernel}." >&2
echo "Supported platforms: Linux, Darwin and Windows." >&2
echo "Bailing out." >&2
exit 2
esac
fi
if [ -n "${SSH_CLIENT_ARCH-}" ]; then case "${CLIENT_PLATFORM}" in
CLIENT_ARCH="${SSH_CLIENT_ARCH}" darwin | linux | windows) ;;
else *) log_error "Unknown or unsupported platform: ${CLIENT_PLATFORM}. Supported platforms are Linux, Darwin, and Windows." 2 ;;
local machine esac
machine="$(uname -m)"
case "${machine}" in case "${CLIENT_ARCH}" in
x86_64*|i?86_64*|amd64*) x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;;
CLIENT_ARCH="amd64" aarch64* | arm64*) CLIENT_ARCH="arm64" ;;
;; *) log_error "Unknown or unsupported architecture: ${CLIENT_ARCH}. Supported architectures are x86_64, i686, and arm64." 3 ;;
aarch64*|arm64*)
CLIENT_ARCH="arm64"
;;
*)
echo "Unknown, unsupported architecture (${machine})." >&2
echo "Supported architectures x86_64, i686, arm64." >&2
echo "Bailing out." >&2
exit 3
;;
esac esac
fi
} }
detect_client_info detect_client_info
DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}"
CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}"
TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}"
echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}"
curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} INSECURE_OPTION=""
chmod +x ${TARGET} if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then
echo "======= CLI Version =======" INSECURE_OPTION="--insecure"
sh -c "${TARGET} --version" # print version fi
echo "==========================="
sh -c "${TARGET} $*" # run the command curl -fsSL --retry 5 --keepalive-time 2 ${INSECURE_OPTION} "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}"
chmod +x "${TARGET}"
echo "======= CLI Version Information ======="
"${TARGET}" --version
echo "======================================="
if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then
{
echo 'stdout<<EOF'
"${TARGET}" "$@" | tee -a "${GITHUB_OUTPUT}"
echo 'EOF'
} >>"${GITHUB_OUTPUT}"
else
"${TARGET}" "$@"
fi

3
testdata/test.sh vendored Normal file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
set -e
whoami