85 Commits

Author SHA1 Message Date
Bo-Yi Wu
dd0f09ca07 docs: improve README clarity and completeness
- Update the README table formatting to include an additional column separator
- Add documentation for the SSH protocol version option in the README table

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-03-16 16:04:59 +08:00
appleboy
1991c553ec chore(file): update target file
Signed-off-by: appleboy <appleboy.tw@gmail.com>
2024-03-16 15:59:42 +08:00
Bo-Yi Wu
fe44be0b96 docs: improve documentation and CI robustness
- Add backticks around `GITHUB_` and `INPUT_` in the README for clarity

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-03-16 15:47:10 +08:00
Bo-Yi Wu
c78141851a ci: enhance GitHub Actions for IPv6 and flexibility (#303)
* ci: enhance GitHub Actions for IPv6 and flexibility

- Add a new CI job for testing IPv6 in GitHub Actions workflow
- Update the Docker image version from `1.7.3` to `1.7.4`
- Add a new `protocol` input parameter to the GitHub action with a default value of `tcp`
- Change the GitHub action to use a composite run steps action instead of a Docker container
- Update the `entrypoint.sh` script to use `bash` instead of `sh`, set stricter error handling, and add a function to detect client platform and architecture
- Modify the `entrypoint.sh` script to download a specific version of `drone-ssh` based on the detected client info and execute it

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* ci: refactor CI workflow and Docker setup

- Remove IPv6 ping command from CI workflow
- Uncomment Docker run configuration in action.yml

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-03-16 15:45:28 +08:00
Kushal Dhakal
8a779a5b1a docs: describe true usage of allenvs parameter (#301) 2024-03-16 09:43:37 +08:00
Bo-Yi Wu
9b978f09f2 chore: update SSH action version in README files
- Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.md file
- Update the version of the `appleboy/ssh-action` from `v1.0.2` to `v1.0.3` in the README.zh-tw.md file

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-01-07 19:48:12 +08:00
Bo-Yi Wu
029f5b4aee docs: update README.md and improve code documentation
Some checks failed
remote ssh command / default flag testing (push) Has been cancelled
remote ssh command / testing with envs (push) Has been cancelled
remote ssh command / git clone and pull (push) Has been cancelled
remote ssh command / docker login and pull (push) Has been cancelled
remote ssh command / switch user (push) Has been cancelled
- Add a new entry for `request_pty` in the README.md file

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-01-07 19:40:43 +08:00
Bo-Yi Wu
d134a26a1f fix(sudo): support request_pty to execute sudo command (#288)
- Add a new job called `testing05` to the CI workflow
- Update the base image in the Dockerfile from `1.7.2` to `1.7.3`
- Update the action name, description, and author in the action.yml file
- Update the descriptions for various inputs in the action.yml file
- Add a new input `request_pty` with a description in the action.yml file
- Update the `using` and `image` fields in the action.yml file
- Update the `using` and `image` fields in the runs section of the action.yml file
- Update the `icon` and `color` fields in the branding section of the action.yml file

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-01-07 19:39:23 +08:00
Bo-Yi Wu
2451745138 chore: update SSH action version in README files
Some checks failed
remote ssh command / default flag testing (push) Has been cancelled
remote ssh command / testing with envs (push) Has been cancelled
remote ssh command / git clone and pull (push) Has been cancelled
remote ssh command / docker login and pull (push) Has been cancelled
- Update the version of the `appleboy/ssh-action` to `v1.0.2` in the `README.md` and `README.zh-tw.md` files.

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-01-01 14:23:27 +08:00
Bo-Yi Wu
1f3c338936 chore: update base image to 1.7.2 in Dockerfile
- Update the base image from `1.7.1` to `1.7.2` in the Dockerfile

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-01-01 14:22:41 +08:00
Bo-Yi Wu
8f94919856 chore: update appleboy/ssh-action to v1.0.1 in documentation
Some checks failed
remote ssh command / default flag testing (push) Has been cancelled
remote ssh command / testing with envs (push) Has been cancelled
remote ssh command / git clone and pull (push) Has been cancelled
remote ssh command / docker login and pull (push) Has been cancelled
- Update appleboy/ssh-action from v1.0.0 to v1.0.1 in README.md
- Update appleboy/ssh-action from v0.1.10 to v1.0.1 in README.zh-tw.md

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-26 15:13:15 +08:00
Bo-Yi Wu
2344d97573 chore(security): update drone-ssh to v1.7.1 (#286)
- Update the base image in Dockerfile from `1.7.0` to `1.7.1`
- Change the location of `entrypoint.sh` from root to `/bin/` directory in Dockerfile
- Remove the explicit `chmod +x` command for `entrypoint.sh` in Dockerfile

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-26 15:11:53 +08:00
Bo-Yi Wu
b9f6bf6223 style: refine CI Workflow and Test Configurations
- Remove empty lines from the GitHub Actions CI workflow file

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-26 15:07:39 +08:00
appleboy
4330a1ea48 docs: update appleboy/ssh-action version in README
- Update the version of `appleboy/ssh-action` from `v0.2.0` to `v1.0.0` in multiple places in the README.

Signed-off-by: appleboy <appleboy.tw@gmail.com>
2023-07-23 10:05:56 +08:00
appleboy
55dabf81b4 docs: update appleboy/ssh-action version in README
Some checks failed
remote ssh command / default flag testing (push) Has been cancelled
remote ssh command / testing with envs (push) Has been cancelled
remote ssh command / git clone and pull (push) Has been cancelled
remote ssh command / docker login and pull (push) Has been cancelled
- Update the version of `appleboy/ssh-action` from `v0.1.10` to `v0.2.0` in multiple places in the README file.

Signed-off-by: appleboy <appleboy.tw@gmail.com>
2023-07-23 10:01:08 +08:00
appleboy
8d9094f3b1 docs: "Introduce allenvs option for shell script execution"
- Add a new option `allenvs` in the README to pass all environment variables to the shell script.

Signed-off-by: appleboy <appleboy.tw@gmail.com>
2023-07-23 09:57:59 +08:00
Bo-Yi Wu
5ac43dd762 chore(ssh): pass all ENV variables to script (#259) 2023-07-23 09:53:20 +08:00
Bo-Yi Wu
a01d3ea1df chore: improve performance and test coverage across OSs
- Update the Dockerfile to use drone-ssh version 1.6.14

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-06-04 16:30:25 +08:00
Bo-Yi Wu
c7d850f6cd docs: improve readability and functionality across project
- Reformat input parameters in README.md as a table for better readability

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-06-04 11:08:59 +08:00
Bo-Yi Wu
f579d71942 chore: improve action.yml clarity and update default values
- Update descriptions for input fields in action.yml for better clarity
- Change default values for SSH port and SSH proxy port to string format

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-06-04 11:06:25 +08:00
Bo-Yi Wu
d87d276960 ci: add Docker login and pull job to CI pipeline (#244)
- Add a new job named "testing04" for docker login and pull in ci.yml file.

ref: https://github.com/appleboy/ssh-action/issues/230
2023-04-18 09:31:39 +08:00
Bo-Yi Wu
3130c7a2bc ci: improve CI workflow for private repository cloning (#241)
- Add a new job for git clone and pull in CI
- Clone a private repository in CI with secrets
- Remove a directory in the cloned repository

ref: https://github.com/appleboy/ssh-action/issues/65
2023-04-13 14:38:24 +08:00
Bo-Yi Wu
2b7de38eed chore: update appleboy/ssh-action to latest version
- Update the version of `appleboy/ssh-action` from `v0.1.9` to `v0.1.10` in multiple files.

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-04-13 12:18:50 +08:00
Bo-Yi Wu
334f9259f2 chore: update action configuration for greater flexibility (#240)
Some checks failed
remote ssh command / default flag testing (push) Has been cancelled
remote ssh command / testing with envs (push) Has been cancelled
- Update base image version from `1.6.12` to `1.6.13` in Dockerfile
- Add `envs_format` input with flexible configuration in action.yml
- Add a line to README.md pointing to action.yml for more information

fix https://github.com/appleboy/ssh-action/issues/213
2023-04-13 11:15:42 +08:00
Bo-Yi.Wu
6268c80dd6 docs: add external resources to README file
- Add a line linking to Golang and drone-ssh in the README file

Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
2023-04-04 17:56:49 +08:00
Bo-Yi.Wu
5f64c95280 chore: improve SSH key handling and documentation
Some checks failed
remote ssh command / Build (push) Has been cancelled
- Upgrade the ssh-action package from version `v0.1.8` to `v0.1.9`
- Update the ssh-keygen command to use `-t ed25519 -a 200 -C` flag with an email address
- Clarify how to pass environment variables as strings in the `env` object
- Add a command to check the fingerprint of an ed25519 key in the README
- Remove duplicate Host entry for `FooServer` in the Chinese version of the README

Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
2023-04-04 17:37:29 +08:00
Bo-Yi Wu
3cd1bcf771 feat: refactor code for parallel execution on multiple hosts (#237)
- Update Dockerfile to use a newer version of `drone-ssh`
- Modify `ci.yml` to use `continue-on-error` instead of commenting out code

fix https://github.com/appleboy/ssh-action/issues/233
2023-04-04 17:25:53 +08:00
Bo-Yi Wu
6a1b59d972 docs: add chinese 2023-03-03 10:45:48 +08:00
Bo-Yi Wu
e4a881008d docs(readme): update 2023-03-03 10:26:23 +08:00
Bo-Yi Wu
51b83ba474 docs: format 2023-03-03 10:22:51 +08:00
Bo-Yi.Wu
495830820f docs: add traditional chinese documentation.
Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
2023-02-28 18:12:19 +08:00
Bo-Yi.Wu
b601429988 docs: update to v0.1.8 version
Some checks failed
remote ssh command / Build (push) Has been cancelled
Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
2023-02-28 17:18:27 +08:00
Bo-Yi.Wu
ae2bb3c3dc chore(docker): update appleboy/drone-ssh to v1.6.10 version
Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
2023-02-28 17:16:13 +08:00
Bo-Yi Wu
7bf58514db chore(auth): allow set password and private key at same time. (#226) 2023-02-28 17:11:47 +08:00
Bo-Yi.Wu
c1965ddd25 docs: upgrade to v0.1.7
Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
2023-01-08 09:13:12 +08:00
Bo-Yi Wu
d91a1af6f5 Fix(envs): set environment variable instead of bash variable (#209)
Some checks failed
remote ssh command / Build (push) Has been cancelled
2023-01-08 09:08:14 +08:00
Bo-Yi Wu
4a03da89e5 docs: update to v0.1.6
Some checks failed
remote ssh command / Build (push) Has been cancelled
2022-12-09 10:32:49 +08:00
Bo-Yi Wu
0d5a3d0e48 test: comment the ED25519 ssh testing 2022-12-09 10:17:11 +08:00
Leo Schick
db9be1d5f2 use fixed version in documentation (#199) 2022-12-09 10:16:07 +08:00
Bo-Yi Wu
9a7da95c8c chore(ssh): upgrade to drone 1.6.5 2022-12-09 10:13:56 +08:00
Inaction
f23dd5c681 docs(readme): Fix typo (#191) 2022-11-26 18:24:18 +08:00
Fabián Delgado
cc051b07ed Update README.md (#188) 2022-10-17 22:00:39 +08:00
Bo-Yi Wu
f9010ff7f1 docs: remove FAQ section
Some checks failed
remote ssh command / Build (push) Has been cancelled
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2022-07-29 21:24:53 +08:00
Ayanwola Ayomide
e1116226a0 updated readme envs option in example (#172) 2022-07-29 21:19:55 +08:00
Dániel Dobos
a8d82ec39b Switch to appleboy/drone-ssh:1.6.4 (#171) 2022-07-29 21:19:21 +08:00
Alister MacCormack
f82e23f1a3 updated README to include OpenSSH comments (#161) 2022-07-29 20:58:30 +08:00
Bo-Yi Wu
ed1f3fc7c1 docs: problem with an EC2 instance
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2022-07-29 20:54:56 +08:00
Bo-Yi Wu
dce9d565de Update FUNDING.yml 2022-05-28 16:42:12 +08:00
Bo-Yi Wu
ea5c23a2b5 Enable Sponsor Button 2022-05-26 09:02:47 +08:00
Bo-Yi Wu
c732d38392 chore: Add global environments
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2022-02-28 07:08:00 +08:00
Bo-Yi Wu
ba1d4fb0eb chore(CI): show secrets.
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2022-02-06 16:12:37 +08:00
Bo-Yi Wu
c7671d858f docs: update format
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2022-02-06 15:15:00 +08:00
Nicklas Frahm
1a8b3784ea Document setup of SSH host fingerprint validation (#120) 2021-05-15 23:05:07 +08:00
Bo-Yi Wu
29007ce6fb chore: update ssh key part
part from https://github.com/appleboy/ssh-action/issues/80
2021-05-09 21:11:10 +08:00
h1dden-da3m0n
e59c0ee97a docu(restructure): update readme structure and add ed25519 ssh key instructions (#113) 2021-04-04 05:59:44 +08:00
Bo-Yi Wu
c7104ccac4 chore: add ED25519 example 2021-03-06 23:00:38 +08:00
Bo-Yi Wu
63dd9dd662 chore: replace ADD with COPY 2021-02-13 10:55:57 +08:00
Bo-Yi Wu
61e292b601 docs: fix typo
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2020-11-17 10:54:18 +08:00
Bo-Yi Wu
1d1b21ca96 Support multiple host with different port (#94)
Some checks failed
remote ssh command / Build (push) Has been cancelled
2020-11-17 10:51:06 +08:00
Bo-Yi Wu
9fb11fb1f5 chore(host): support multiple port
https://github.com/appleboy/ssh-action/issues/85

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2020-11-17 10:20:18 +08:00
Bo-Yi Wu
fd39ef0f18 Update README.md 2020-10-31 07:03:29 +08:00
Bo-Yi Wu
ffff33f8fe docs: update readme 2020-08-13 01:06:27 +08:00
Himanshu Garg
8bd4933b73 Instructions to use SSH Key (#77) 2020-08-13 01:03:55 +08:00
Bo-Yi Wu
bf84735fa9 fix: Multiline SSH commands interpreted as single lines
Some checks failed
remote ssh command / Build (push) Has been cancelled
fix https://github.com/appleboy/ssh-action/issues/75
2020-08-08 15:39:00 +08:00
Bo-Yi Wu
d09b6e0211 chore: try the latest version 2020-08-08 15:34:38 +08:00
Bo-Yi Wu
3ac4675689 chore: Add Multiline SSH commands interpreted as single lines 2020-08-08 12:26:01 +08:00
Bo-Yi Wu
269a4479eb chore: Multiline SSH commands interpreted as single lines 2020-08-03 22:15:09 +08:00
Yashu Mittal
a2f91cbad1 (info) Pass env variable as string (#69) 2020-07-08 16:46:24 +08:00
Bo-Yi Wu
e2cbea5f00 chore: bump drone-ssh to v1.6.1 (#63)
Some checks failed
remote ssh command / Build (push) Has been cancelled
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2020-06-15 16:45:26 +08:00
Bo-Yi Wu
5711a203b3 fix typo 2020-06-05 09:05:02 +08:00
Bo-Yi Wu
b315fb5f98 Update README.md 2020-06-05 09:03:15 +08:00
Bo-Yi Wu
682eb0ddda chore: bump drone-ssh to v1.6.0
Some checks failed
remote ssh command / Build (push) Has been cancelled
2020-05-24 13:59:21 +08:00
Bo-Yi Wu
03b440e441 docs: add cipher parameter 2020-05-24 13:13:09 +08:00
Bo-Yi Wu
1cb5cd31c9 chore: update to latest version 2020-05-24 12:09:05 +08:00
Bo-Yi Wu
c9eebc1cde chore: support use_insecure_cipher (#57)
Some checks failed
remote ssh command / Build (push) Has been cancelled
2020-05-24 10:54:31 +08:00
Daniel Hwang
6b00175bad add support for fingerprint: (#54) 2020-05-19 14:21:26 +08:00
Bo-Yi Wu
a912e225ec chore: Add limitation in readme 2020-05-08 19:05:53 +08:00
Bo-Yi Wu
ad6643f705 chore: support ciphers
Some checks failed
remote ssh command / Build (push) Has been cancelled
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2020-04-30 15:56:29 +08:00
Bo-Yi Wu
26dd2b3a38 chore: upgrade drone-ssh to 1.5.6
Some checks failed
remote ssh command / Build (push) Has been cancelled
2020-04-16 22:24:18 +08:00
Bo-Yi Wu
122f35dca5 chore: improve ci workflow (#34) 2020-02-13 21:20:15 +08:00
Bo-Yi Wu
03b5d10ad6 docs: update desctiption 2020-02-13 21:17:09 +08:00
Bo-Yi Wu
fcfb760891 docs: add GitHub syntax (#30)
see: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions

fixed: https://github.com/appleboy/ssh-action/issues/28
2020-02-09 11:37:56 +08:00
Bo-Yi Wu
fd81fae289 chore: echo sha string 2020-02-09 11:29:31 +08:00
Bo-Yi Wu
242a8e2e57 chore: Add Contexts and expression example 2020-02-09 11:25:59 +08:00
Alexey Kleandrov
cfe9c45db6 docs: sync parameter (#25) 2020-01-30 22:40:33 +08:00
7 changed files with 1076 additions and 159 deletions

13
.github/FUNDING.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: ssh-action
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: ['https://www.paypal.me/appleboy46']

View File

@@ -1,89 +1,312 @@
name: remote ssh command
on: [push]
jobs:
build:
name: Build
env:
FOO: "BAR"
BAR: "FOO"
jobs:
testing01:
name: default flag testing
runs-on: ubuntu-latest
steps:
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
- name: checkout
uses: actions/checkout@v1
- name: executing remote ssh commands using ssh key
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami
- name: correct password but wrong key
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
key: "1234"
port: ${{ secrets.PORT }}
script: whoami
- name: multiple command
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
- name: wrong password but correct key
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: "abcdef"
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami
# - name: stop script if command error
# uses: appleboy/ssh-action@master
- name: executing remote ssh commands using password
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
- name: executing remote ssh commands using ssh key
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami
- name: multiple command
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
- name: stop script if command error
uses: ./
continue-on-error: true
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_stop: true
sync: true
debug: true
script: |
mkdir abc/def
ls -al
- name: ssh key passphrase
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH2 }}
port: ${{ secrets.PORT }}
passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al
- name: use insecure cipher
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: |
ls \
-lah
use_insecure_cipher: true
# https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
- name: Multiline SSH commands interpreted as single lines
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script_stop: true
script: |
ls \
-lah
use_insecure_cipher: true
# https://github.com/appleboy/ssh-action/issues/85
- name: Deployment to multiple hosts with different ports
uses: ./
with:
host: "${{ secrets.HOST }}:${{ secrets.PORT }}"
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: 1024
script_stop: true
script: |
ls \
-lah
use_insecure_cipher: true
# - name: SSH ED25519 Private Key
# uses: ./
# with:
# host: ${{ secrets.HOST }}
# username: ${{ secrets.USERNAME }}
# key: ${{ secrets.KEY }}
# port: ${{ secrets.PORT }}
# script_stop: true
# script: |
# mkdir abc/def
# ls -al
# host: ${{ secrets.TUNNEL_HOST }}
# username: ${{ secrets.TUNNEL_USERNAME }}
# key: ${{ secrets.ID_ED25519 }}
# port: ${{ secrets.TUNNEL_PORT }}
# script: whoami
- name: pass environment
uses: appleboy/ssh-action@master
env:
FOO: "BAR"
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
envs: FOO
script: |
echo "I am $FOO, thanks"
echo "I am $BAR, thanks"
testing02:
name: testing with envs
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v1
- name: pass multiple environment
uses: appleboy/ssh-action@master
env:
FOO: "BAR"
BAR: "FOO"
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
envs: FOO,BAR
script: |
echo "I am $FOO, thanks"
echo "I am $BAR, thanks"
- name: pass environment
uses: ./
env:
FOO: "BAR"
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
envs: FOO
script: |
echo "I am $FOO, thanks"
echo "I am $BAR, thanks"
- name: ssh key passphrase
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH2 }}
port: ${{ secrets.PORT }}
passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al
- name: pass multiple environment
uses: ./
env:
FOO: "BAR"
BAR: "FOO"
SHA: ${{ github.sha }}
PORT: ${{ secrets.PORT }}
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
envs: FOO,BAR,SHA,PORT
script: |
echo "I am $FOO, thanks"
echo "I am $BAR, thanks"
echo "sha: $SHA"
echo "port: $PORT"
sh test.sh
- name: custom envs format
uses: ./
env:
FOO: "BAR"
AAA: "BBB"
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
envs: FOO,BAR,AAA
envs_format: export TEST_{NAME}={VALUE}
script: |
echo "I am $TEST_FOO, thanks"
echo "I am $TEST_BAR, thanks"
echo "I am $BAR, thanks"
echo "I am $TEST_AAA, thanks"
- name: pass all ENV variables to script
uses: ./
env:
INPUT_FOO: "BAR"
INPUT_AAA: "BBB"
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
allenvs: true
script: |
echo "I am $INPUT_FOO, thanks"
echo "I am $INPUT_AAA, thanks"
echo "$GITHUB_BASE_REF"
echo "$GITHUB_REF"
testing03:
name: git clone and pull
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v1
- name: clone private repository
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_stop: true
script: |
git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository
rm -rf test_repository
testing04:
name: docker login and pull
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v1
- name: login GitHub Container Registry
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_stop: true
script: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin
- name: login DockerHub Container Registry
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_stop: true
script: |
echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
testing05:
name: switch user
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v1
- name: switch to root user
uses: ./
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script_stop: true
request_pty: true
command_timeout: 30s
script: |
whoami && echo 'hello world' && touch todo.txt
sudo whoami
testing06:
name: testing ipv6
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v1
- name: Set up WARP
uses: fscarmen/warp-on-actions@v1.1
with:
stack: dual
- name: testing ipv6 for command
run: |
curl -m 9 --ipv6 --verbose https://google.com
- name: testing ipv6
uses: ./
with:
host: 2402:1f00:8000:800::2628
username: ubuntu
password: ${{ secrets.OVH_PASSWORD }}
protocol: tcp6
port: 22
command_timeout: 30s
script: |
whoami

View File

@@ -1,5 +1,5 @@
FROM appleboy/drone-ssh:1.5.5-linux-amd64
FROM ghcr.io/appleboy/drone-ssh:1.7.4
ADD entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
COPY entrypoint.sh /bin/entrypoint.sh
ENTRYPOINT ["/bin/entrypoint.sh"]

251
README.md
View File

@@ -1,11 +1,56 @@
# 🚀 SSH for GitHub Actions
[繁體中文](./README.zh-tw.md)
[GitHub Action](https://github.com/features/actions) for executing remote ssh commands.
![ssh workflow](./images/ssh-workflow.png)
[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions)
**Important**: Only support **Linux** [docker](https://www.docker.com/) container.
This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀
## Input variables
See [action.yml](./action.yml) for more detailed information.
| Input Parameter | Description | Default Value |
|---------------------------|------------------------------------------------------------------------------------------|---------------|
| host | SSH host address | |
| port | SSH port number | 22 |
| passphrase | SSH key passphrase | |
| username | SSH username | |
| password | SSH password | |
| protocol | SSH protocol version (tcp, tcp4, tcp6) | tcp |
| sync | Enable synchronous execution if multiple hosts | false |
| use_insecure_cipher | Include more ciphers with use_insecure_cipher | false |
| cipher | Allowed cipher algorithms. If unspecified, a sensible default | |
| timeout | Timeout duration for SSH to host | 30s |
| command_timeout | Timeout duration for SSH command | 10m |
| key | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa | |
| key_path | Path of SSH private key | |
| fingerprint | SHA256 fingerprint of the host public key | |
| proxy_host | SSH proxy host | |
| proxy_port | SSH proxy port | 22 |
| proxy_username | SSH proxy username | |
| proxy_password | SSH proxy password | |
| proxy_passphrase | SSH proxy key passphrase | |
| proxy_timeout | Timeout for SSH to proxy host | 30s |
| proxy_key | Content of SSH proxy private key | |
| proxy_key_path | Path of SSH proxy private key | |
| proxy_fingerprint | SHA256 fingerprint of the proxy host public key | |
| proxy_cipher | Allowed cipher algorithms for the proxy | |
| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy | false |
| script | Execute commands | |
| script_stop | Stop script after first failure | false |
| envs | Pass environment variables to shell script | |
| envs_format | Flexible configuration of environment value transfer | |
| debug | Enable debug mode | false |
| allenvs | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false |
| request_pty | Request a pseudo-terminal from the server | false |
## Usage
Executing remote ssh commands.
@@ -20,7 +65,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
@@ -41,42 +86,87 @@ out: ***
==============================================
```
## Input variables
### Setting up a SSH Key
See [action.yml](./action.yml) for more detailed information.
Make sure to follow the below steps while creating SSH Keys and using them.
The best practice is create the SSH Keys on local machine not remote machine.
Login with username specified in Github Secrets. Generate a RSA Key-Pair:
* host - remote host
* port - remote port, default is `22`
* username - ssh username
* password - ssh password
* passphrase - the passphrase is usually to encrypt the private key
* timeout - timeout for ssh to remote host, default is `30s`
* command_timeout - timeout for ssh command, default is `10m`
* key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
* key_path - path of ssh private key
* script - execute commands
* script_stop - stop script after first failure
* envs - pass environment variable to shell script
* debug - enable debug mode
### Generate rsa key
SSH Proxy Setting:
```bash
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
* proxy_host - proxy host
* proxy_port - proxy port, default is `22`
* proxy_username - proxy username
* proxy_password - proxy password
* proxy_passphrase - the passphrase is usually to encrypt the private key
* proxy_timeout - timeout for ssh to proxy host, default is `30s`
* proxy_key - content of ssh proxy private key.
* proxy_key_path - path of ssh proxy private key
### Generate ed25519 key
```bash
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```
Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
### Add rsa key into Authorized keys
```bash
cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
```
### Add ed25519 key into Authorized keys
```bash
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
```
Copy Private Key content and paste in Github Secrets.
### Copy rsa Private key
```bash
clip < ~/.ssh/id_rsa
```
### Copy ed25519 Private key
```bash
clip < ~/.ssh/id_ed25519
```
See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html).
**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
* Put the public key in `.ssh/authorized_keys2`
* Change the permissions of `.ssh` to 700
* Change the permissions of `.ssh/authorized_keys2` to 640
### If you are using OpenSSH
If you are currently using OpenSSH and are getting the following error:
```bash
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
```
Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`):
```bash
CASignatureAlgorithms +ssh-rsa
```
Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:
```bash
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```
### Example
Executing remote ssh commands using password.
#### Executing remote ssh commands using password
```yaml
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
@@ -85,11 +175,11 @@ Executing remote ssh commands using password.
script: whoami
```
Using private key
#### Using private key
```yaml
- name: executing remote ssh commands using ssh key
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
@@ -98,11 +188,11 @@ Using private key
script: whoami
```
Multiple Commands
#### Multiple Commands
```yaml
- name: multiple command
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
@@ -115,11 +205,11 @@ Multiple Commands
![result](./images/output-result.png)
Multiple Hosts
#### Multiple Hosts
```diff
- name: multiple host
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
- host: "foo.com"
+ host: "foo.com,bar.com"
@@ -131,30 +221,67 @@ Multiple Hosts
ls -al
```
Pass environment variable to shell script
#### Multiple hosts with different port
```diff
- name: multiple host
uses: appleboy/ssh-action@v1.0.3
with:
- host: "foo.com"
+ host: "foo.com:1234,bar.com:5678"
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
script: |
whoami
ls -al
```
#### Synchronous execution on multiple hosts
```diff
- name: multiple host
uses: appleboy/ssh-action@v1.0.3
with:
host: "foo.com,bar.com"
+ sync: true
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
```
#### Pass environment variable to shell script
```diff
- name: pass environment
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
+ env:
+ FOO: "BAR"
+ BAR: "FOO"
+ SHA: ${{ github.sha }}
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ envs: FOO,BAR
+ envs: FOO,BAR,SHA
script: |
echo "I am $FOO"
echo "I am $BAR"
echo "sha: $SHA"
```
Stop script after first failure. ex: missing `abc` folder
_Inside `env` object, you need to pass every environment variable as a string, passing `Integer` data type or any other may output unexpected results._
#### Stop script after first failure
> ex: missing `abc` folder
```diff
- name: stop script if command error
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
@@ -179,7 +306,7 @@ err: mkdir: cannot create directory abc/def: No such file or directory
##[error]Docker run failed with exit code 1
```
How to connect remote server using `ProxyCommand`?
#### How to connect remote server using `ProxyCommand`?
```bash
+--------+ +----------+ +-----------+
@@ -203,11 +330,11 @@ Host FooServer
ProxyCommand ssh -q -W %h:%p Jumphost
```
How to convert to YAML format of GitHubActions.
#### How to convert to YAML format of GitHubActions
```diff
- name: ssh proxy command
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
@@ -222,11 +349,15 @@ How to convert to YAML format of GitHubActions.
ls -al
```
Protecting a Private Key. The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.
#### Protecting a Private Key
The purpose of the passphrase is usually to encrypt the private key.
This makes the key file by itself useless to an attacker.
It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.
```diff
- name: ssh key passphrase
uses: appleboy/ssh-action@master
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
@@ -237,3 +368,37 @@ Protecting a Private Key. The purpose of the passphrase is usually to encrypt th
whoami
ls -al
```
#### Using host fingerprint verification
Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace `ed25519` with your appropriate key type (`rsa`, `dsa`, etc.) that your server is using and `example.com` with your host.
In modern OpenSSH releases, the _default_ key types to be fetched are `rsa` (since version 5.1), `ecdsa` (since version 6.0), and `ed25519` (since version 6.7).
```sh
ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
```
Now you can adjust you config:
```diff
- name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ fingerprint: ${{ secrets.FINGERPRINT }}
script: |
whoami
ls -al
```
## Contributing
We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome!
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE)

393
README.zh-tw.md Normal file
View File

@@ -0,0 +1,393 @@
# 🚀 用於 GitHub Actions 的 SSH
[GitHub Action](https://github.com/features/actions) for executing remote ssh commands.
![ssh workflow](./images/ssh-workflow.png)
[![Actions Status](https://github.com/appleboy/ssh-action/workflows/remote%20ssh%20command/badge.svg)](https://github.com/appleboy/ssh-action/actions)
**注意** 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。
## 輸入變數
更詳細的資訊,請參閱 [action.yml](./action.yml)。
* `host` - SSH 主機
* `port` - SSH 連接埠,預設為 `22`
* `username` - SSH 使用者名稱
* `password` - SSH 密碼
* `passphrase` - 通常用於加密私鑰的 passphrase
* `sync` - 同步執行多個主機上的命令,預設為 false
* `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s`
* `command_timeout` - SSH 命令超時時間,預設為 10m
* `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行
* `key_path` - SSH 私鑰的路徑
* `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證
* `script` - 執行命令
* `script_stop` - 當出現第一個錯誤時停止執行命令
* `envs` - 傳遞環境變數到 shell script
* `debug` - 啟用偵錯模式
* `use_insecure_cipher` - 使用不安全的密碼ciphers進行加密參見 [#56](https://github.com/appleboy/ssh-action/issues/56)
* `cipher` - 允許使用的密碼ciphers演算法。如果未指定則使用適當的演算法
SSH 代理設置:
* `proxy_host` - 代理主機
* `proxy_port` - 代理端口,預設為 `22`
* `proxy_username` - 代理使用者名稱
* `proxy_password` - 代理密碼
* `proxy_passphrase` - 密碼通常用於加密私有金鑰
* `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s`
* `proxy_key` - SSH 代理私有金鑰內容
* `proxy_key_path` - SSH 代理私有金鑰路徑
* `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證
* `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56)
* `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法
## 使用方式
執行遠端 SSH 命令
```yaml
name: remote ssh command
on: [push]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
```
畫面輸出
```sh
======CMD======
whoami
======END======
out: ***
==============================================
✅ Successfully executed commands to all host.
==============================================
```
### 設置 SSH 金鑰
請在創建 SSH 金鑰並使用 SSH 金鑰時遵循以下步驟。最佳做法是在本地機器上創建 SSH 金鑰而不是遠端機器上。請使用 Github Secrets 中指定的用戶名登錄。生成 RSA 金鑰:
### 生成 RSA 金鑰
```bash
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
### 生成 ed25519 金鑰
```bash
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```
將新生成的金鑰添加到已授權的金鑰中。詳細了解已授權的金鑰請點擊[此處](https://www.ssh.com/ssh/authorized_keys/).
### 將 RSA 金鑰添加到已授權金鑰中
```bash
cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
```
### 將 ed25519 金鑰添加到已授權金鑰中
```bash
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
```
複製私鑰內容,然後將其粘貼到 Github Secrets 中。
### 複製 rsa 私鑰內容
```bash
clip < ~/.ssh/id_rsa
```
### 複製 ed25519 私鑰內容
```bash
clip < ~/.ssh/id_ed25519
```
有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。
**來自讀者的注意事項** 根據您的 SSH 版本,您可能還需要進行以下更改:
* 將公鑰放在 `.ssh/authorized_keys2`
*`.ssh` 的權限更改為700
*`.ssh/authorized_keys2` 的權限更改為640
### 如果你使用的是 OpenSSH
如果您正在使用 OpenSSH並出現以下錯誤
```bash
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
```
請確保您所選擇的密鑰演算法得到支援。在 Ubuntu 20.04 或更高版本上,您必須明確允許使用 SSH-RSA 演算法。請在 OpenSSH 守護進程文件中添加以下行(它可以是 `/etc/ssh/sshd_config``/etc/ssh/sshd_config.d/` 中的一個附著文件):
```bash
CASignatureAlgorithms +ssh-rsa
```
或者,`Ed25519` 密鑰在 OpenSSH 中默認被接受。如果需要,您可以使用它來替代 RSA。
```bash
ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
```
### Example
#### 使用密碼執行遠端 SSH 命令
```yaml
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
```
#### 使用私鑰
```yaml
- name: executing remote ssh commands using ssh key
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: whoami
```
#### 多個命令
```yaml
- name: multiple command
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
```
![result](./images/output-result.png)
#### 多台主機
```diff
- name: multiple host
uses: appleboy/ssh-action@v1.0.3
with:
- host: "foo.com"
+ host: "foo.com,bar.com"
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
```
#### 多個不同端口的主機
```diff
- name: multiple host
uses: appleboy/ssh-action@v1.0.3
with:
- host: "foo.com"
+ host: "foo.com:1234,bar.com:5678"
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
script: |
whoami
ls -al
```
#### 在多個主機上同步執行
```diff
- name: multiple host
uses: appleboy/ssh-action@v1.0.3
with:
host: "foo.com,bar.com"
+ sync: true
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
script: |
whoami
ls -al
```
#### 將環境變量傳遞到 Shell 腳本
```diff
- name: pass environment
uses: appleboy/ssh-action@v1.0.3
+ env:
+ FOO: "BAR"
+ BAR: "FOO"
+ SHA: ${{ github.sha }}
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ envs: FOO,BAR,SHA
script: |
echo "I am $FOO"
echo "I am $BAR"
echo "sha: $SHA"
```
_在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_
#### 在第一次失敗後停止腳本
> ex: missing `abc` folder
```diff
- name: stop script if command error
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ script_stop: true
script: |
mkdir abc/def
ls -al
```
畫面輸出:
```sh
======CMD======
mkdir abc/def
ls -al
======END======
2019/11/21 01:16:21 Process exited with status 1
err: mkdir: cannot create directory abc/def: No such file or directory
##[error]Docker run failed with exit code 1
```
#### 如何使用 `ProxyCommand` 連接遠程服務器?
```bash
+--------+ +----------+ +-----------+
| Laptop | <--> | Jumphost | <--> | FooServer |
+--------+ +----------+ +-----------+
```
在您的 `~/.ssh/config` 文件中,您會看到以下內容。
```bash
Host Jumphost
HostName Jumphost
User ubuntu
Port 22
IdentityFile ~/.ssh/keys/jump_host.pem
Host FooServer
HostName FooServer
User ubuntu
Port 22
ProxyCommand ssh -q -W %h:%p Jumphost
```
#### 如何將其轉換為 GitHubActions 的 YAML 格式?
```diff
- name: ssh proxy command
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ proxy_host: ${{ secrets.PROXY_HOST }}
+ proxy_username: ${{ secrets.PROXY_USERNAME }}
+ proxy_key: ${{ secrets.PROXY_KEY }}
+ proxy_port: ${{ secrets.PROXY_PORT }}
script: |
mkdir abc/def
ls -al
```
#### 如何保護私鑰?
密碼短語通常用於加密私鑰。這使得攻擊者無法單獨使用密鑰文件。文件泄露可能來自備份或停用的硬件,黑客通常可以從受攻擊系統中洩露文件。因此,保護私鑰非常重要。
```diff
- name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ passphrase: ${{ secrets.PASSPHRASE }}
script: |
whoami
ls -al
```
#### 使用主機指紋驗證
設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa``dsa`等),而 `example.com` 則替換為您的主機。
現代 OpenSSH 版本中需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。
```sh
ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
```
現在您可以調整您的配置:
```diff
- name: ssh key passphrase
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
port: ${{ secrets.PORT }}
+ fingerprint: ${{ secrets.FINGERPRINT }}
script: |
whoami
ls -al
```
## 貢獻
我們非常希望您為 `appleboy/ssh-action` 做出貢獻,歡迎提交請求!
## 授權方式
本項目中的腳本和文檔采用 [MIT](LICENSE) 許可證 發布。

View File

@@ -1,60 +1,124 @@
name: 'SSH Remote Commands'
description: 'Executing remote ssh commands'
author: 'Bo-Yi Wu'
name: "SSH Remote Commands"
description: "Executing remote ssh commands"
author: "Bo-Yi Wu"
inputs:
host:
description: 'ssh remote host'
description: "SSH host address."
port:
description: 'ssh remote port'
default: 22
description: "SSH port number."
default: "22"
passphrase:
description: 'ssh key passphrase'
description: "Passphrase for the SSH key."
username:
description: 'ssh username'
description: "SSH username."
password:
description: 'ssh password'
description: "SSH password."
protocol:
description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.'
default: "tcp"
sync:
description: "Enable synchronous execution if multiple hosts are involved."
use_insecure_cipher:
description: "Include more ciphers by using insecure ciphers."
cipher:
description: "Allowed cipher algorithms. If unspecified, a sensible default is used."
timeout:
description: 'timeout for ssh to remote host'
description: "Timeout duration for establishing SSH connection to the host."
default: "30s"
command_timeout:
description: 'timeout for ssh command'
description: "Timeout duration for SSH commands execution."
default: "10m"
key:
description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa'
description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa."
key_path:
description: 'path of ssh private key'
description: "Path to the SSH private key file."
fingerprint:
description: "SHA256 fingerprint of the host public key."
proxy_host:
description: 'ssh proxy remote host'
description: "SSH proxy host address."
proxy_port:
description: 'ssh proxy remote port'
default: 22
description: "SSH proxy port number."
default: "22"
proxy_username:
description: 'ssh proxy username'
description: "SSH proxy username."
proxy_password:
description: 'ssh proxy password'
description: "SSH proxy password."
proxy_passphrase:
description: 'ssh proxy key passphrase'
description: "SSH proxy key passphrase."
proxy_timeout:
description: 'timeout for ssh to proxy host'
description: "Timeout duration for establishing SSH connection to the proxy host."
default: "30s"
proxy_key:
description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa'
description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa."
proxy_key_path:
description: 'path of ssh proxy private key'
description: "Path to the SSH proxy private key file."
proxy_fingerprint:
description: "SHA256 fingerprint of the proxy host public key."
proxy_cipher:
description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used."
proxy_use_insecure_cipher:
description: "Include more ciphers for the proxy by using insecure ciphers."
script:
description: 'execute commands'
description: "Commands to be executed."
script_stop:
description: 'stop script after first failure'
default: false
description: "Stop the script after the first failure."
envs:
description: 'pass environment variable to shell script'
description: "Environment variables to be passed to the shell script."
envs_format:
description: "Flexible configuration for environment value transfer."
debug:
description: 'enable debug mode'
default: false
description: "Enable debug mode."
allenvs:
description: "pass all environment variable to shell script."
request_pty:
description: "Request a pseudo-terminal from the server."
runs:
using: 'docker'
image: 'Dockerfile'
using: "composite"
steps:
- name: Set GitHub Path
run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
shell: bash
env:
GITHUB_ACTION_PATH: ${{ github.action_path }}
- name: Run entrypoint.sh
run: entrypoint.sh
shell: bash
env:
GITHUB_ACTION_PATH: ${{ github.action_path }}
INPUT_HOST: ${{ inputs.host }}
INPUT_PORT: ${{ inputs.port }}
INPUT_PROTOCOL: ${{ inputs.protocol }}
INPUT_USERNAME: ${{ inputs.username }}
INPUT_PASSWORD: ${{ inputs.password }}
INPUT_PASSPHRASE: ${{ inputs.passphrase }}
INPUT_KEY: ${{ inputs.key }}
INPUT_KEY_PATH: ${{ inputs.key_path }}
INPUT_FINGERPRINT: ${{ inputs.fingerprint }}
INPUT_PROXY_HOST: ${{ inputs.proxy_host }}
INPUT_PROXY_PORT: ${{ inputs.proxy_port }}
INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }}
INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }}
INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }}
INPUT_PROXY_KEY: ${{ inputs.proxy_key }}
INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }}
INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }}
INPUT_TIMEOUT: ${{ inputs.timeout }}
INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
INPUT_SCRIPT: ${{ inputs.script }}
INPUT_SCRIPT_STOP: ${{ inputs.script_stop }}
INPUT_ENVS: ${{ inputs.envs }}
INPUT_ENVS_FORMAT: ${{ inputs.envs_format }}
INPUT_DEBUG: ${{ inputs.debug }}
INPUT_ALL_ENVS: ${{ inputs.allenvs }}
INPUT_REQUEST_PTY: ${{ inputs.request_pty }}
INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }}
INPUT_CIPHER: ${{ inputs.cipher }}
INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
INPUT_SYNC: ${{ inputs.sync }}
branding:
icon: 'terminal'
color: 'gray-dark'
icon: "terminal"
color: "gray-dark"

View File

@@ -1,7 +1,66 @@
#!/bin/sh
#!/usr/bin/env bash
set -eu
set -o errexit
set -o nounset
set -o pipefail
export GITHUB="true"
sh -c "/bin/drone-ssh $*"
GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}"
DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}"
DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}"
function detect_client_info() {
if [ -n "${SSH_CLIENT_OS-}" ]; then
CLIENT_PLATFORM="${SSH_CLIENT_OS}"
else
local kernel
kernel="$(uname -s)"
case "${kernel}" in
Darwin)
CLIENT_PLATFORM="darwin"
;;
Linux)
CLIENT_PLATFORM="linux"
;;
Windows)
CLIENT_PLATFORM="windows"
;;
*)
echo "Unknown, unsupported platform: ${kernel}." >&2
echo "Supported platforms: Linux, Darwin and Windows." >&2
echo "Bailing out." >&2
exit 2
esac
fi
if [ -n "${SSH_CLIENT_ARCH-}" ]; then
CLIENT_ARCH="${SSH_CLIENT_ARCH}"
else
local machine
machine="$(uname -m)"
case "${machine}" in
x86_64*|i?86_64*|amd64*)
CLIENT_ARCH="amd64"
;;
aarch64*|arm64*)
CLIENT_ARCH="arm64"
;;
*)
echo "Unknown, unsupported architecture (${machine})." >&2
echo "Supported architectures x86_64, i686, arm64." >&2
echo "Bailing out." >&2
exit 3
;;
esac
fi
}
detect_client_info
DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}"
CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}"
TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}"
echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}"
curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET}
chmod +x ${TARGET}
sh -c "${TARGET} $*"