Compare commits
	
		
			31 Commits
		
	
	
		
			v0.1.8
			...
			dd0f09ca07
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | dd0f09ca07 | ||
|   | 1991c553ec | ||
|   | fe44be0b96 | ||
|   | c78141851a | ||
|   | 8a779a5b1a | ||
|   | 9b978f09f2 | ||
|   | 029f5b4aee | ||
|   | d134a26a1f | ||
|   | 2451745138 | ||
|   | 1f3c338936 | ||
|   | 8f94919856 | ||
|   | 2344d97573 | ||
|   | b9f6bf6223 | ||
|   | 4330a1ea48 | ||
|   | 55dabf81b4 | ||
|   | 8d9094f3b1 | ||
|   | 5ac43dd762 | ||
|   | a01d3ea1df | ||
|   | c7d850f6cd | ||
|   | f579d71942 | ||
|   | d87d276960 | ||
|   | 3130c7a2bc | ||
|   | 2b7de38eed | ||
|   | 334f9259f2 | ||
|   | 6268c80dd6 | ||
|   | 5f64c95280 | ||
|   | 3cd1bcf771 | ||
|   | 6a1b59d972 | ||
|   | e4a881008d | ||
|   | 51b83ba474 | ||
|   | 495830820f | 
							
								
								
									
										414
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										414
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							| @@ -6,161 +6,128 @@ env: | ||||
|   BAR: "FOO" | ||||
|  | ||||
| jobs: | ||||
|  | ||||
|   build: | ||||
|     name: Build | ||||
|   testing01: | ||||
|     name: default flag testing | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|     - name: checkout | ||||
|       uses: actions/checkout@v1 | ||||
|       - name: checkout | ||||
|         uses: actions/checkout@v1 | ||||
|  | ||||
|     - name: correct password but wrong key | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         key: "1234" | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: whoami | ||||
|       - name: correct password but wrong key | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           password: ${{ secrets.PASSWORD }} | ||||
|           key: "1234" | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script: whoami | ||||
|  | ||||
|     - name: wrong password but correct key | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: "abcdef" | ||||
|         key: ${{ secrets.KEY }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: whoami | ||||
|       - name: wrong password but correct key | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           password: "abcdef" | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script: whoami | ||||
|  | ||||
|     - name: executing remote ssh commands using password | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: whoami | ||||
|       - name: executing remote ssh commands using password | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           password: ${{ secrets.PASSWORD }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script: whoami | ||||
|  | ||||
|     - name: executing remote ssh commands using ssh key | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         key: ${{ secrets.KEY }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: whoami | ||||
|       - name: executing remote ssh commands using ssh key | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script: whoami | ||||
|  | ||||
|     - name: multiple command | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         key: ${{ secrets.KEY }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: | | ||||
|           whoami | ||||
|           ls -al | ||||
|       - name: multiple command | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script: | | ||||
|             whoami | ||||
|             ls -al | ||||
|  | ||||
|     # - name: stop script if command error | ||||
|     #   if: always() | ||||
|     #   uses: ./ | ||||
|     #   with: | ||||
|     #     host: ${{ secrets.HOST }} | ||||
|     #     username: ${{ secrets.USERNAME }} | ||||
|     #     key: ${{ secrets.KEY }} | ||||
|     #     port: ${{ secrets.PORT }} | ||||
|     #     script_stop: true | ||||
|     #     script: | | ||||
|     #       mkdir abc/def | ||||
|     #       ls -al | ||||
|       - name: stop script if command error | ||||
|         uses: ./ | ||||
|         continue-on-error: true | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script_stop: true | ||||
|           sync: true | ||||
|           debug: true | ||||
|           script: | | ||||
|             mkdir abc/def | ||||
|             ls -al | ||||
|  | ||||
|     - name: pass environment | ||||
|       uses: ./ | ||||
|       env: | ||||
|         FOO: "BAR" | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         key: ${{ secrets.KEY }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         envs: FOO | ||||
|         script: | | ||||
|           echo "I am $FOO, thanks" | ||||
|           echo "I am $BAR, thanks" | ||||
|       - name: ssh key passphrase | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.SSH2 }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           passphrase: ${{ secrets.PASSPHRASE }} | ||||
|           script: | | ||||
|             whoami | ||||
|             ls -al | ||||
|  | ||||
|     - name: pass multiple environment | ||||
|       uses: ./ | ||||
|       env: | ||||
|         FOO: "BAR" | ||||
|         BAR: "FOO" | ||||
|         SHA: ${{ github.sha }} | ||||
|         PORT: ${{ secrets.PORT }} | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         key: ${{ secrets.KEY }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         envs: FOO,BAR,SHA,PORT | ||||
|         script: | | ||||
|           echo "I am $FOO, thanks" | ||||
|           echo "I am $BAR, thanks" | ||||
|           echo "sha: $SHA" | ||||
|           echo "port: $PORT" | ||||
|           sh test.sh | ||||
|  | ||||
|     - name: ssh key passphrase | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         key: ${{ secrets.SSH2 }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         passphrase: ${{ secrets.PASSPHRASE }} | ||||
|         script: | | ||||
|           whoami | ||||
|           ls -al | ||||
|  | ||||
|     - name: use insecure cipher | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: | | ||||
|       - name: use insecure cipher | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           password: ${{ secrets.PASSWORD }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script: | | ||||
|             ls \ | ||||
|               -lah | ||||
|         use_insecure_cipher: true | ||||
|           use_insecure_cipher: true | ||||
|  | ||||
|     # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 | ||||
|     - name: Multiline SSH commands interpreted as single lines | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script_stop: true | ||||
|         script: | | ||||
|       # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 | ||||
|       - name: Multiline SSH commands interpreted as single lines | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           password: ${{ secrets.PASSWORD }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script_stop: true | ||||
|           script: | | ||||
|             ls \ | ||||
|               -lah | ||||
|         use_insecure_cipher: true | ||||
|           use_insecure_cipher: true | ||||
|  | ||||
|     # https://github.com/appleboy/ssh-action/issues/85 | ||||
|     - name: Deployment to multiple hosts with different ports | ||||
|       uses: ./ | ||||
|       with: | ||||
|         host: "${{ secrets.HOST }}:${{ secrets.PORT }}" | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: 1024 | ||||
|         script_stop: true | ||||
|         script: | | ||||
|       # https://github.com/appleboy/ssh-action/issues/85 | ||||
|       - name: Deployment to multiple hosts with different ports | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: "${{ secrets.HOST }}:${{ secrets.PORT }}" | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           password: ${{ secrets.PASSWORD }} | ||||
|           port: 1024 | ||||
|           script_stop: true | ||||
|           script: | | ||||
|             ls \ | ||||
|               -lah | ||||
|         use_insecure_cipher: true | ||||
|           use_insecure_cipher: true | ||||
|  | ||||
|     # - name: SSH ED25519 Private Key | ||||
|     #   uses: ./ | ||||
| @@ -170,3 +137,176 @@ jobs: | ||||
|     #     key: ${{ secrets.ID_ED25519 }} | ||||
|     #     port: ${{ secrets.TUNNEL_PORT }} | ||||
|     #     script: whoami | ||||
|  | ||||
|   testing02: | ||||
|     name: testing with envs | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - name: checkout | ||||
|         uses: actions/checkout@v1 | ||||
|  | ||||
|       - name: pass environment | ||||
|         uses: ./ | ||||
|         env: | ||||
|           FOO: "BAR" | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           envs: FOO | ||||
|           script: | | ||||
|             echo "I am $FOO, thanks" | ||||
|             echo "I am $BAR, thanks" | ||||
|  | ||||
|       - name: pass multiple environment | ||||
|         uses: ./ | ||||
|         env: | ||||
|           FOO: "BAR" | ||||
|           BAR: "FOO" | ||||
|           SHA: ${{ github.sha }} | ||||
|           PORT: ${{ secrets.PORT }} | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           envs: FOO,BAR,SHA,PORT | ||||
|           script: | | ||||
|             echo "I am $FOO, thanks" | ||||
|             echo "I am $BAR, thanks" | ||||
|             echo "sha: $SHA" | ||||
|             echo "port: $PORT" | ||||
|             sh test.sh | ||||
|  | ||||
|       - name: custom envs format | ||||
|         uses: ./ | ||||
|         env: | ||||
|           FOO: "BAR" | ||||
|           AAA: "BBB" | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           envs: FOO,BAR,AAA | ||||
|           envs_format: export TEST_{NAME}={VALUE} | ||||
|           script: | | ||||
|             echo "I am $TEST_FOO, thanks" | ||||
|             echo "I am $TEST_BAR, thanks" | ||||
|             echo "I am $BAR, thanks" | ||||
|             echo "I am $TEST_AAA, thanks" | ||||
|  | ||||
|       - name: pass all ENV variables to script | ||||
|         uses: ./ | ||||
|         env: | ||||
|           INPUT_FOO: "BAR" | ||||
|           INPUT_AAA: "BBB" | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           allenvs: true | ||||
|           script: | | ||||
|             echo "I am $INPUT_FOO, thanks" | ||||
|             echo "I am $INPUT_AAA, thanks" | ||||
|             echo "$GITHUB_BASE_REF" | ||||
|             echo "$GITHUB_REF" | ||||
|  | ||||
|   testing03: | ||||
|     name: git clone and pull | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - name: checkout | ||||
|         uses: actions/checkout@v1 | ||||
|  | ||||
|       - name: clone private repository | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script_stop: true | ||||
|           script: | | ||||
|             git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository | ||||
|             rm -rf test_repository | ||||
|  | ||||
|   testing04: | ||||
|     name: docker login and pull | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - name: checkout | ||||
|         uses: actions/checkout@v1 | ||||
|  | ||||
|       - name: login GitHub Container Registry | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script_stop: true | ||||
|           script: | | ||||
|             echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin | ||||
|  | ||||
|       - name: login DockerHub Container Registry | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script_stop: true | ||||
|           script: | | ||||
|             echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | ||||
|  | ||||
|   testing05: | ||||
|     name: switch user | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - name: checkout | ||||
|         uses: actions/checkout@v1 | ||||
|  | ||||
|       - name: switch to root user | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: ${{ secrets.HOST }} | ||||
|           username: ${{ secrets.USERNAME }} | ||||
|           key: ${{ secrets.KEY }} | ||||
|           port: ${{ secrets.PORT }} | ||||
|           script_stop: true | ||||
|           request_pty: true | ||||
|           command_timeout: 30s | ||||
|           script: | | ||||
|             whoami && echo 'hello world' && touch todo.txt | ||||
|             sudo whoami | ||||
|  | ||||
|   testing06: | ||||
|     name: testing ipv6 | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - name: checkout | ||||
|         uses: actions/checkout@v1 | ||||
|  | ||||
|       - name: Set up WARP | ||||
|         uses: fscarmen/warp-on-actions@v1.1 | ||||
|         with: | ||||
|           stack: dual | ||||
|  | ||||
|       - name: testing ipv6 for command | ||||
|         run: | | ||||
|           curl -m 9 --ipv6 --verbose https://google.com | ||||
|  | ||||
|       - name: testing ipv6 | ||||
|         uses: ./ | ||||
|         with: | ||||
|           host: 2402:1f00:8000:800::2628 | ||||
|           username: ubuntu | ||||
|           password: ${{ secrets.OVH_PASSWORD }} | ||||
|           protocol: tcp6 | ||||
|           port: 22 | ||||
|           command_timeout: 30s | ||||
|           script: | | ||||
|             whoami | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| FROM appleboy/drone-ssh:1.6.10 | ||||
| FROM ghcr.io/appleboy/drone-ssh:1.7.4 | ||||
|  | ||||
| COPY entrypoint.sh /entrypoint.sh | ||||
| RUN chmod +x /entrypoint.sh | ||||
| ENTRYPOINT ["/entrypoint.sh"] | ||||
| COPY entrypoint.sh /bin/entrypoint.sh | ||||
|  | ||||
| ENTRYPOINT ["/bin/entrypoint.sh"] | ||||
|   | ||||
							
								
								
									
										138
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										138
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,5 +1,7 @@ | ||||
| # 🚀 SSH for GitHub Actions | ||||
|  | ||||
| [繁體中文](./README.zh-tw.md) | ||||
|  | ||||
| [GitHub Action](https://github.com/features/actions) for executing remote ssh commands. | ||||
|  | ||||
|  | ||||
| @@ -8,41 +10,46 @@ | ||||
|  | ||||
| **Important**: Only support **Linux** [docker](https://www.docker.com/) container. | ||||
|  | ||||
| This thing is built using [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh). 🚀 | ||||
|  | ||||
| ## Input variables | ||||
|  | ||||
| See [action.yml](./action.yml) for more detailed information. | ||||
|  | ||||
| * `host` - ssh host | ||||
| * `port` - ssh port, default is `22` | ||||
| * `username` - ssh username | ||||
| * `password` - ssh password | ||||
| * `passphrase` - the passphrase is usually to encrypt the private key | ||||
| * `sync` - synchronous execution if multiple hosts, default is false | ||||
| * `timeout` - timeout for ssh to remote host, default is `30s` | ||||
| * `command_timeout` - timeout for ssh command, default is `10m` | ||||
| * `key` - content of ssh private key. ex raw content of ~/.ssh/id_rsa, remember include the BEGIN and END lines  | ||||
| * `key_path` - path of ssh private key | ||||
| * `fingerprint` - fingerprint SHA256 of the host public key, default is to skip verification | ||||
| * `script` - execute commands | ||||
| * `script_stop` - stop script after first failure | ||||
| * `envs` - pass environment variable to shell script | ||||
| * `debug` - enable debug mode | ||||
| * `use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) | ||||
| * `cipher` - the allowed cipher algorithms. If unspecified then a sensible | ||||
|  | ||||
| SSH Proxy Setting: | ||||
|  | ||||
| * `proxy_host` - proxy host | ||||
| * `proxy_port` - proxy port, default is `22` | ||||
| * `proxy_username` - proxy username | ||||
| * `proxy_password` - proxy password | ||||
| * `proxy_passphrase` - the passphrase is usually to encrypt the private key | ||||
| * `proxy_timeout` - timeout for ssh to proxy host, default is `30s` | ||||
| * `proxy_key` - content of ssh proxy private key. | ||||
| * `proxy_key_path` - path of ssh proxy private key | ||||
| * `proxy_fingerprint` - fingerprint SHA256 of the proxy host public key, default is to skip verification | ||||
| * `proxy_use_insecure_cipher` - include more ciphers with use_insecure_cipher (see [#56](https://github.com/appleboy/ssh-action/issues/56)) | ||||
| * `proxy_cipher` - the allowed cipher algorithms. If unspecified then a sensible | ||||
| | Input Parameter           | Description                                                                              | Default Value | | ||||
| |---------------------------|------------------------------------------------------------------------------------------|---------------| | ||||
| | host                      | SSH host address                                                                         |               | | ||||
| | port                      | SSH port number                                                                          | 22            | | ||||
| | passphrase                | SSH key passphrase                                                                       |               | | ||||
| | username                  | SSH username                                                                             |               | | ||||
| | password                  | SSH password                                                                             |               | | ||||
| | protocol                  | SSH protocol version (tcp, tcp4, tcp6)                                                   | tcp           | | ||||
| | sync                      | Enable synchronous execution if multiple hosts                                           | false         | | ||||
| | use_insecure_cipher       | Include more ciphers with use_insecure_cipher                                            | false         | | ||||
| | cipher                    | Allowed cipher algorithms. If unspecified, a sensible default                            |               | | ||||
| | timeout                   | Timeout duration for SSH to host                                                         | 30s           | | ||||
| | command_timeout           | Timeout duration for SSH command                                                         | 10m           | | ||||
| | key                       | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa                           |               | | ||||
| | key_path                  | Path of SSH private key                                                                  |               | | ||||
| | fingerprint               | SHA256 fingerprint of the host public key                                                |               | | ||||
| | proxy_host                | SSH proxy host                                                                           |               | | ||||
| | proxy_port                | SSH proxy port                                                                           | 22            | | ||||
| | proxy_username            | SSH proxy username                                                                       |               | | ||||
| | proxy_password            | SSH proxy password                                                                       |               | | ||||
| | proxy_passphrase          | SSH proxy key passphrase                                                                 |               | | ||||
| | proxy_timeout             | Timeout for SSH to proxy host                                                            | 30s           | | ||||
| | proxy_key                 | Content of SSH proxy private key                                                         |               | | ||||
| | proxy_key_path            | Path of SSH proxy private key                                                            |               | | ||||
| | proxy_fingerprint         | SHA256 fingerprint of the proxy host public key                                          |               | | ||||
| | proxy_cipher              | Allowed cipher algorithms for the proxy                                                  |               | | ||||
| | proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher for the proxy                              | false         | | ||||
| | script                    | Execute commands                                                                         |               | | ||||
| | script_stop               | Stop script after first failure                                                          | false         | | ||||
| | envs                      | Pass environment variables to shell script                                               |               | | ||||
| | envs_format               | Flexible configuration of environment value transfer                                     |               | | ||||
| | debug                     | Enable debug mode                                                                        | false         | | ||||
| | allenvs                   | pass the environment variables with prefix value of `GITHUB_` and `INPUT_` to the script | false         | | ||||
| | request_pty               | Request a pseudo-terminal from the server                                                | false         | | ||||
|  | ||||
| ## Usage | ||||
|  | ||||
| @@ -58,7 +65,7 @@ jobs: | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|     - name: executing remote ssh commands using password | ||||
|       uses: appleboy/ssh-action@v0.1.8 | ||||
|       uses: appleboy/ssh-action@v1.0.3 | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
| @@ -85,76 +92,46 @@ Make sure to follow the below steps while creating SSH Keys and using them. | ||||
| The best practice is create the SSH Keys on local machine not remote machine. | ||||
| Login with username specified in Github Secrets. Generate a RSA Key-Pair: | ||||
|  | ||||
| <details> | ||||
| <summary>rsa</summary> | ||||
| <p> | ||||
| ### Generate rsa key | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t rsa -b 4096 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| <details> | ||||
| <summary>ed25519</summary> | ||||
| <p> | ||||
| ### Generate ed25519 key | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/). | ||||
|  | ||||
| <details> | ||||
| <summary>rsa</summary> | ||||
| <p> | ||||
| ### Add rsa key into Authorized keys | ||||
|  | ||||
| ```bash | ||||
| cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| <details> | ||||
| <summary>ed25519</summary> | ||||
| <p> | ||||
| ### Add ed25519 key into Authorized keys | ||||
|  | ||||
| ```bash | ||||
| cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| Copy Private Key content and paste in Github Secrets. | ||||
|  | ||||
| <details> | ||||
| <summary>rsa</summary> | ||||
| <p> | ||||
| ### Copy rsa Private key | ||||
|  | ||||
| ```bash | ||||
| clip < ~/.ssh/id_rsa | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| <details> | ||||
| <summary>ed25519</summary> | ||||
| <p> | ||||
| ### Copy ed25519 Private key | ||||
|  | ||||
| ```bash | ||||
| clip < ~/.ssh/id_ed25519 | ||||
| ``` | ||||
|  | ||||
| </p> | ||||
| </details> | ||||
|  | ||||
| See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html). | ||||
|  | ||||
| **A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes: | ||||
| @@ -171,8 +148,7 @@ If you are currently using OpenSSH and are getting the following error: | ||||
| ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] | ||||
| ``` | ||||
|  | ||||
| Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under  | ||||
| `/etc/ssh/sshd_config.d/`): | ||||
| Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): | ||||
|  | ||||
| ```bash | ||||
| CASignatureAlgorithms +ssh-rsa | ||||
| @@ -190,7 +166,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
|  | ||||
| ```yaml | ||||
| - name: executing remote ssh commands using password | ||||
|   uses: appleboy/ssh-action@v0.1.8 | ||||
|   uses: appleboy/ssh-action@v1.0.3 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
| @@ -203,7 +179,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
|  | ||||
| ```yaml | ||||
| - name: executing remote ssh commands using ssh key | ||||
|   uses: appleboy/ssh-action@v0.1.8 | ||||
|   uses: appleboy/ssh-action@v1.0.3 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
| @@ -216,7 +192,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
|  | ||||
| ```yaml | ||||
| - name: multiple command | ||||
|   uses: appleboy/ssh-action@v0.1.8 | ||||
|   uses: appleboy/ssh-action@v1.0.3 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
| @@ -233,7 +209,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
|  | ||||
| ```diff | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
| -     host: "foo.com" | ||||
| +     host: "foo.com,bar.com" | ||||
| @@ -249,7 +225,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
|  | ||||
| ```diff | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
| -     host: "foo.com" | ||||
| +     host: "foo.com:1234,bar.com:5678" | ||||
| @@ -264,7 +240,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
|  | ||||
| ```diff | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: "foo.com,bar.com" | ||||
| +     sync: true | ||||
| @@ -280,7 +256,7 @@ ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
|  | ||||
| ```diff | ||||
|   - name: pass environment | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
| +   env: | ||||
| +     FOO: "BAR" | ||||
| +     BAR: "FOO" | ||||
| @@ -305,7 +281,7 @@ _Inside `env` object, you need to pass every environment variable as a string, p | ||||
|  | ||||
| ```diff | ||||
|   - name: stop script if command error | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
| @@ -358,7 +334,7 @@ Host FooServer | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh proxy command | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
| @@ -381,7 +357,7 @@ It is not uncommon for files to leak from backups or decommissioned hardware, an | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh key passphrase | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
| @@ -407,7 +383,7 @@ Now you can adjust you config: | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh key passphrase | ||||
|     uses: appleboy/ssh-action@v0.1.8 | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|   | ||||
							
								
								
									
										393
									
								
								README.zh-tw.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										393
									
								
								README.zh-tw.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,393 @@ | ||||
| # 🚀 用於 GitHub Actions 的 SSH | ||||
|  | ||||
| [GitHub Action](https://github.com/features/actions) for executing remote ssh commands. | ||||
|  | ||||
|  | ||||
|  | ||||
| [](https://github.com/appleboy/ssh-action/actions) | ||||
|  | ||||
| **注意**: 只支援在 **Linux** [docker](https://www.docker.com/) 容器上執行。 | ||||
|  | ||||
| ## 輸入變數 | ||||
|  | ||||
| 更詳細的資訊,請參閱 [action.yml](./action.yml)。 | ||||
|  | ||||
| * `host` - SSH 主機 | ||||
| * `port` - SSH 連接埠,預設為 `22` | ||||
| * `username` - SSH 使用者名稱 | ||||
| * `password` - SSH 密碼 | ||||
| * `passphrase` - 通常用於加密私鑰的 passphrase | ||||
| * `sync` - 同步執行多個主機上的命令,預設為 false | ||||
| * `timeout` - SSH 連接到遠端主機的超時時間,預設為 `30s` | ||||
| * `command_timeout` - SSH 命令超時時間,預設為 10m | ||||
| * `key` - SSH 私鑰的內容,例如 ~/.ssh/id_rsa 的原始內容,請記得包含 BEGIN 和 END 行 | ||||
| * `key_path` - SSH 私鑰的路徑 | ||||
| * `fingerprint` - 主機公鑰的 SHA256 指紋,預設為略過驗證 | ||||
| * `script` - 執行命令 | ||||
| * `script_stop` - 當出現第一個錯誤時停止執行命令 | ||||
| * `envs` - 傳遞環境變數到 shell script | ||||
| * `debug` - 啟用偵錯模式 | ||||
| * `use_insecure_cipher` - 使用不安全的密碼(ciphers)進行加密,參見 [#56](https://github.com/appleboy/ssh-action/issues/56) | ||||
| * `cipher` - 允許使用的密碼(ciphers)演算法。如果未指定,則使用適當的演算法 | ||||
|  | ||||
| SSH 代理設置: | ||||
|  | ||||
| * `proxy_host` - 代理主機 | ||||
| * `proxy_port` - 代理端口,預設為 `22` | ||||
| * `proxy_username` - 代理使用者名稱 | ||||
| * `proxy_password` - 代理密碼 | ||||
| * `proxy_passphrase` - 密碼通常用於加密私有金鑰 | ||||
| * `proxy_timeout` - SSH 連線至代理主機的逾時時間,預設為 `30s` | ||||
| * `proxy_key` - SSH 代理私有金鑰內容 | ||||
| * `proxy_key_path` - SSH 代理私有金鑰路徑 | ||||
| * `proxy_fingerprint` - 代理主機公鑰的 SHA256 指紋,預設為跳過驗證 | ||||
| * `proxy_use_insecure_cipher` - 使用不安全的加密方式,請參閱 [#56](https://github.com/appleboy/ssh-action/issues/56) | ||||
| * `proxy_cipher` - 允許的加密算法。如果未指定,則使用合理的算法 | ||||
|  | ||||
| ## 使用方式 | ||||
|  | ||||
| 執行遠端 SSH 命令 | ||||
|  | ||||
| ```yaml | ||||
| name: remote ssh command | ||||
| on: [push] | ||||
| jobs: | ||||
|  | ||||
|   build: | ||||
|     name: Build | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|     - name: executing remote ssh commands using password | ||||
|       uses: appleboy/ssh-action@v1.0.3 | ||||
|       with: | ||||
|         host: ${{ secrets.HOST }} | ||||
|         username: ${{ secrets.USERNAME }} | ||||
|         password: ${{ secrets.PASSWORD }} | ||||
|         port: ${{ secrets.PORT }} | ||||
|         script: whoami | ||||
| ``` | ||||
|  | ||||
| 畫面輸出 | ||||
|  | ||||
| ```sh | ||||
| ======CMD====== | ||||
| whoami | ||||
| ======END====== | ||||
| out: *** | ||||
| ============================================== | ||||
| ✅ Successfully executed commands to all host. | ||||
| ============================================== | ||||
| ``` | ||||
|  | ||||
| ### 設置 SSH 金鑰 | ||||
|  | ||||
| 請在創建 SSH 金鑰並使用 SSH 金鑰時遵循以下步驟。最佳做法是在本地機器上創建 SSH 金鑰而不是遠端機器上。請使用 Github Secrets 中指定的用戶名登錄。生成 RSA 金鑰: | ||||
|  | ||||
| ### 生成 RSA 金鑰 | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t rsa -b 4096 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| ### 生成 ed25519 金鑰 | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| 將新生成的金鑰添加到已授權的金鑰中。詳細了解已授權的金鑰請點擊[此處](https://www.ssh.com/ssh/authorized_keys/). | ||||
|  | ||||
| ### 將 RSA 金鑰添加到已授權金鑰中 | ||||
|  | ||||
| ```bash | ||||
| cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' | ||||
| ``` | ||||
|  | ||||
| ### 將 ed25519 金鑰添加到已授權金鑰中 | ||||
|  | ||||
| ```bash | ||||
| cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' | ||||
| ``` | ||||
|  | ||||
| 複製私鑰內容,然後將其粘貼到 Github Secrets 中。 | ||||
|  | ||||
| ### 複製 rsa 私鑰內容 | ||||
|  | ||||
| ```bash | ||||
| clip < ~/.ssh/id_rsa | ||||
| ``` | ||||
|  | ||||
| ### 複製 ed25519 私鑰內容 | ||||
|  | ||||
| ```bash | ||||
| clip < ~/.ssh/id_ed25519 | ||||
| ``` | ||||
|  | ||||
| 有關無需密碼登錄 SSH 的詳細信息,請[參見該網站](http://www.linuxproblem.org/art_9.html)。 | ||||
|  | ||||
| **來自讀者的注意事項**: 根據您的 SSH 版本,您可能還需要進行以下更改: | ||||
|  | ||||
| * 將公鑰放在 `.ssh/authorized_keys2` 中 | ||||
| * 將 `.ssh` 的權限更改為700 | ||||
| * 將 `.ssh/authorized_keys2` 的權限更改為640 | ||||
|  | ||||
| ### 如果你使用的是 OpenSSH | ||||
|  | ||||
| 如果您正在使用 OpenSSH,並出現以下錯誤: | ||||
|  | ||||
| ```bash | ||||
| ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] | ||||
| ``` | ||||
|  | ||||
| 請確保您所選擇的密鑰演算法得到支援。在 Ubuntu 20.04 或更高版本上,您必須明確允許使用 SSH-RSA 演算法。請在 OpenSSH 守護進程文件中添加以下行(它可以是 `/etc/ssh/sshd_config` 或 `/etc/ssh/sshd_config.d/` 中的一個附著文件): | ||||
|  | ||||
| ```bash | ||||
| CASignatureAlgorithms +ssh-rsa | ||||
| ``` | ||||
|  | ||||
| 或者,`Ed25519` 密鑰在 OpenSSH 中默認被接受。如果需要,您可以使用它來替代 RSA。 | ||||
|  | ||||
| ```bash | ||||
| ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" | ||||
| ``` | ||||
|  | ||||
| ### Example | ||||
|  | ||||
| #### 使用密碼執行遠端 SSH 命令 | ||||
|  | ||||
| ```yaml | ||||
| - name: executing remote ssh commands using password | ||||
|   uses: appleboy/ssh-action@v1.0.3 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
|     password: ${{ secrets.PASSWORD }} | ||||
|     port: ${{ secrets.PORT }} | ||||
|     script: whoami | ||||
| ``` | ||||
|  | ||||
| #### 使用私鑰 | ||||
|  | ||||
| ```yaml | ||||
| - name: executing remote ssh commands using ssh key | ||||
|   uses: appleboy/ssh-action@v1.0.3 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
|     key: ${{ secrets.KEY }} | ||||
|     port: ${{ secrets.PORT }} | ||||
|     script: whoami | ||||
| ``` | ||||
|  | ||||
| #### 多個命令 | ||||
|  | ||||
| ```yaml | ||||
| - name: multiple command | ||||
|   uses: appleboy/ssh-action@v1.0.3 | ||||
|   with: | ||||
|     host: ${{ secrets.HOST }} | ||||
|     username: ${{ secrets.USERNAME }} | ||||
|     key: ${{ secrets.KEY }} | ||||
|     port: ${{ secrets.PORT }} | ||||
|     script: | | ||||
|       whoami | ||||
|       ls -al | ||||
| ``` | ||||
|  | ||||
|  | ||||
|  | ||||
| #### 多台主機 | ||||
|  | ||||
| ```diff | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
| -     host: "foo.com" | ||||
| +     host: "foo.com,bar.com" | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### 多個不同端口的主機 | ||||
|  | ||||
| ```diff | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
| -     host: "foo.com" | ||||
| +     host: "foo.com:1234,bar.com:5678" | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### 在多個主機上同步執行 | ||||
|  | ||||
| ```diff | ||||
|   - name: multiple host | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: "foo.com,bar.com" | ||||
| +     sync: true | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### 將環境變量傳遞到 Shell 腳本 | ||||
|  | ||||
| ```diff | ||||
|   - name: pass environment | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
| +   env: | ||||
| +     FOO: "BAR" | ||||
| +     BAR: "FOO" | ||||
| +     SHA: ${{ github.sha }} | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     envs: FOO,BAR,SHA | ||||
|       script: | | ||||
|         echo "I am $FOO" | ||||
|         echo "I am $BAR" | ||||
|         echo "sha: $SHA" | ||||
| ``` | ||||
|  | ||||
| _在 `env` 對象中,您需要將每個環境變量作為字符串傳遞,傳遞 `Integer` 數據類型或任何其他類型可能會產生意外結果。_ | ||||
|  | ||||
| #### 在第一次失敗後停止腳本 | ||||
|  | ||||
| > ex: missing `abc` folder | ||||
|  | ||||
| ```diff | ||||
|   - name: stop script if command error | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     script_stop: true | ||||
|       script: | | ||||
|         mkdir abc/def | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| 畫面輸出: | ||||
|  | ||||
| ```sh | ||||
| ======CMD====== | ||||
| mkdir abc/def | ||||
| ls -al | ||||
|  | ||||
| ======END====== | ||||
| 2019/11/21 01:16:21 Process exited with status 1 | ||||
| err: mkdir: cannot create directory ‘abc/def’: No such file or directory | ||||
| ##[error]Docker run failed with exit code 1 | ||||
| ``` | ||||
|  | ||||
| #### 如何使用 `ProxyCommand` 連接遠程服務器? | ||||
|  | ||||
| ```bash | ||||
| +--------+       +----------+      +-----------+ | ||||
| | Laptop | <-->  | Jumphost | <--> | FooServer | | ||||
| +--------+       +----------+      +-----------+ | ||||
| ``` | ||||
|  | ||||
| 在您的 `~/.ssh/config` 文件中,您會看到以下內容。 | ||||
|  | ||||
| ```bash | ||||
| Host Jumphost | ||||
|   HostName Jumphost | ||||
|   User ubuntu | ||||
|   Port 22 | ||||
|   IdentityFile ~/.ssh/keys/jump_host.pem | ||||
|  | ||||
| Host FooServer | ||||
|   HostName FooServer | ||||
|   User ubuntu | ||||
|   Port 22 | ||||
|   ProxyCommand ssh -q -W %h:%p Jumphost | ||||
| ``` | ||||
|  | ||||
| #### 如何將其轉換為 GitHubActions 的 YAML 格式? | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh proxy command | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     proxy_host: ${{ secrets.PROXY_HOST }} | ||||
| +     proxy_username: ${{ secrets.PROXY_USERNAME }} | ||||
| +     proxy_key: ${{ secrets.PROXY_KEY }} | ||||
| +     proxy_port: ${{ secrets.PROXY_PORT }} | ||||
|       script: | | ||||
|         mkdir abc/def | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### 如何保護私鑰? | ||||
|  | ||||
| 密碼短語通常用於加密私鑰。這使得攻擊者無法單獨使用密鑰文件。文件泄露可能來自備份或停用的硬件,黑客通常可以從受攻擊系統中洩露文件。因此,保護私鑰非常重要。 | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh key passphrase | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     passphrase: ${{ secrets.PASSPHRASE }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| #### 使用主機指紋驗證 | ||||
|  | ||||
| 設置 SSH 主機指紋驗證可以幫助防止中間人攻擊。在設置之前,運行以下命令以獲取 SSH 主機指紋。請記得將 `ed25519` 替換為您的適當金鑰類型(`rsa`、 `dsa`等),而 `example.com` 則替換為您的主機。 | ||||
|  | ||||
| 現代 OpenSSH 版本中,需要提取的_默認金鑰_類型是 `rsa`(從版本 5.1 開始)、`ecdsa`(從版本 6.0 開始)和 `ed25519`(從版本 6.7 開始)。 | ||||
|  | ||||
| ```sh | ||||
| ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2 | ||||
| ``` | ||||
|  | ||||
| 現在您可以調整您的配置: | ||||
|  | ||||
| ```diff | ||||
|   - name: ssh key passphrase | ||||
|     uses: appleboy/ssh-action@v1.0.3 | ||||
|     with: | ||||
|       host: ${{ secrets.HOST }} | ||||
|       username: ${{ secrets.USERNAME }} | ||||
|       key: ${{ secrets.KEY }} | ||||
|       port: ${{ secrets.PORT }} | ||||
| +     fingerprint: ${{ secrets.FINGERPRINT }} | ||||
|       script: | | ||||
|         whoami | ||||
|         ls -al | ||||
| ``` | ||||
|  | ||||
| ## 貢獻 | ||||
|  | ||||
| 我們非常希望您為 `appleboy/ssh-action` 做出貢獻,歡迎提交請求! | ||||
|  | ||||
| ## 授權方式 | ||||
|  | ||||
| 本項目中的腳本和文檔采用 [MIT](LICENSE) 許可證 發布。 | ||||
							
								
								
									
										131
									
								
								action.yml
									
									
									
									
									
								
							
							
						
						
									
										131
									
								
								action.yml
									
									
									
									
									
								
							| @@ -1,77 +1,124 @@ | ||||
| name: 'SSH Remote Commands' | ||||
| description: 'Executing remote ssh commands' | ||||
| author: 'Bo-Yi Wu' | ||||
| name: "SSH Remote Commands" | ||||
| description: "Executing remote ssh commands" | ||||
| author: "Bo-Yi Wu" | ||||
| inputs: | ||||
|   host: | ||||
|     description: 'ssh host' | ||||
|     description: "SSH host address." | ||||
|   port: | ||||
|     description: 'ssh port' | ||||
|     default: 22 | ||||
|     description: "SSH port number." | ||||
|     default: "22" | ||||
|   passphrase: | ||||
|     description: 'ssh key passphrase' | ||||
|     description: "Passphrase for the SSH key." | ||||
|   username: | ||||
|     description: 'ssh username' | ||||
|     description: "SSH username." | ||||
|   password: | ||||
|     description: 'ssh password' | ||||
|     description: "SSH password." | ||||
|   protocol: | ||||
|     description: 'The IP protocol to use. Valid values are "tcp". "tcp4" or "tcp6". Default to tcp.' | ||||
|     default: "tcp" | ||||
|   sync: | ||||
|     description: 'synchronous execution if multiple hosts' | ||||
|     default: false | ||||
|     description: "Enable synchronous execution if multiple hosts are involved." | ||||
|   use_insecure_cipher: | ||||
|     description: 'include more ciphers with use_insecure_cipher' | ||||
|     default: false | ||||
|     description: "Include more ciphers by using insecure ciphers." | ||||
|   cipher: | ||||
|     description: 'the allowed cipher algorithms. If unspecified then a sensible' | ||||
|     description: "Allowed cipher algorithms. If unspecified, a sensible default is used." | ||||
|   timeout: | ||||
|     description: 'timeout for ssh to host' | ||||
|     description: "Timeout duration for establishing SSH connection to the host." | ||||
|     default: "30s" | ||||
|   command_timeout: | ||||
|     description: 'timeout for ssh command' | ||||
|     description: "Timeout duration for SSH commands execution." | ||||
|     default: "10m" | ||||
|   key: | ||||
|     description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa' | ||||
|     description: "Content of the SSH private key. For example, the raw content of ~/.ssh/id_rsa." | ||||
|   key_path: | ||||
|     description: 'path of ssh private key' | ||||
|     description: "Path to the SSH private key file." | ||||
|   fingerprint: | ||||
|     description: 'sha256 fingerprint of the host public key' | ||||
|     description: "SHA256 fingerprint of the host public key." | ||||
|   proxy_host: | ||||
|     description: 'ssh proxy host' | ||||
|     description: "SSH proxy host address." | ||||
|   proxy_port: | ||||
|     description: 'ssh proxy port' | ||||
|     default: 22 | ||||
|     description: "SSH proxy port number." | ||||
|     default: "22" | ||||
|   proxy_username: | ||||
|     description: 'ssh proxy username' | ||||
|     description: "SSH proxy username." | ||||
|   proxy_password: | ||||
|     description: 'ssh proxy password' | ||||
|     description: "SSH proxy password." | ||||
|   proxy_passphrase: | ||||
|     description: 'ssh proxy key passphrase' | ||||
|     description: "SSH proxy key passphrase." | ||||
|   proxy_timeout: | ||||
|     description: 'timeout for ssh to proxy host' | ||||
|     description: "Timeout duration for establishing SSH connection to the proxy host." | ||||
|     default: "30s" | ||||
|   proxy_key: | ||||
|     description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa' | ||||
|     description: "Content of the SSH proxy private key. For example, the raw content of ~/.ssh/id_rsa." | ||||
|   proxy_key_path: | ||||
|     description: 'path of ssh proxy private key' | ||||
|     description: "Path to the SSH proxy private key file." | ||||
|   proxy_fingerprint: | ||||
|     description: 'sha256 fingerprint of the proxy host public key' | ||||
|     description: "SHA256 fingerprint of the proxy host public key." | ||||
|   proxy_cipher: | ||||
|     description: 'the allowed cipher algorithms. If unspecified then a sensible' | ||||
|     description: "Allowed cipher algorithms for the proxy. If unspecified, a sensible default is used." | ||||
|   proxy_use_insecure_cipher: | ||||
|     description: 'include more ciphers with use_insecure_cipher' | ||||
|     default: false | ||||
|     description: "Include more ciphers for the proxy by using insecure ciphers." | ||||
|   script: | ||||
|     description: 'execute commands' | ||||
|     description: "Commands to be executed." | ||||
|   script_stop: | ||||
|     description: 'stop script after first failure' | ||||
|     default: false | ||||
|     description: "Stop the script after the first failure." | ||||
|   envs: | ||||
|     description: 'pass environment variable to shell script' | ||||
|     description: "Environment variables to be passed to the shell script." | ||||
|   envs_format: | ||||
|     description: "Flexible configuration for environment value transfer." | ||||
|   debug: | ||||
|     description: 'enable debug mode' | ||||
|     default: false | ||||
|     description: "Enable debug mode." | ||||
|   allenvs: | ||||
|     description: "pass all environment variable to shell script." | ||||
|   request_pty: | ||||
|     description: "Request a pseudo-terminal from the server." | ||||
|  | ||||
| runs: | ||||
|   using: 'docker' | ||||
|   image: 'Dockerfile' | ||||
|   using: "composite" | ||||
|   steps: | ||||
|     - name: Set GitHub Path | ||||
|       run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH | ||||
|       shell: bash | ||||
|       env: | ||||
|         GITHUB_ACTION_PATH: ${{ github.action_path }} | ||||
|     - name: Run entrypoint.sh | ||||
|       run: entrypoint.sh | ||||
|       shell: bash | ||||
|       env: | ||||
|         GITHUB_ACTION_PATH: ${{ github.action_path }} | ||||
|         INPUT_HOST: ${{ inputs.host }} | ||||
|         INPUT_PORT: ${{ inputs.port }} | ||||
|         INPUT_PROTOCOL: ${{ inputs.protocol }} | ||||
|         INPUT_USERNAME: ${{ inputs.username }} | ||||
|         INPUT_PASSWORD: ${{ inputs.password }} | ||||
|         INPUT_PASSPHRASE: ${{ inputs.passphrase }} | ||||
|         INPUT_KEY: ${{ inputs.key }} | ||||
|         INPUT_KEY_PATH: ${{ inputs.key_path }} | ||||
|         INPUT_FINGERPRINT: ${{ inputs.fingerprint }} | ||||
|         INPUT_PROXY_HOST: ${{ inputs.proxy_host }} | ||||
|         INPUT_PROXY_PORT: ${{ inputs.proxy_port }} | ||||
|         INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }} | ||||
|         INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }} | ||||
|         INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }} | ||||
|         INPUT_PROXY_KEY: ${{ inputs.proxy_key }} | ||||
|         INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }} | ||||
|         INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }} | ||||
|         INPUT_TIMEOUT: ${{ inputs.timeout }} | ||||
|         INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }} | ||||
|         INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }} | ||||
|         INPUT_SCRIPT: ${{ inputs.script }} | ||||
|         INPUT_SCRIPT_STOP: ${{ inputs.script_stop }} | ||||
|         INPUT_ENVS: ${{ inputs.envs }} | ||||
|         INPUT_ENVS_FORMAT: ${{ inputs.envs_format }} | ||||
|         INPUT_DEBUG: ${{ inputs.debug }} | ||||
|         INPUT_ALL_ENVS: ${{ inputs.allenvs }} | ||||
|         INPUT_REQUEST_PTY: ${{ inputs.request_pty }} | ||||
|         INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }} | ||||
|         INPUT_CIPHER: ${{ inputs.cipher }} | ||||
|         INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }} | ||||
|         INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }} | ||||
|         INPUT_SYNC: ${{ inputs.sync }} | ||||
|  | ||||
| branding: | ||||
|   icon: 'terminal' | ||||
|   color: 'gray-dark' | ||||
|   icon: "terminal" | ||||
|   color: "gray-dark" | ||||
|   | ||||
| @@ -1,7 +1,66 @@ | ||||
| #!/bin/sh | ||||
| #!/usr/bin/env bash | ||||
|  | ||||
| set -eu | ||||
| set -o errexit | ||||
| set -o nounset | ||||
| set -o pipefail | ||||
|  | ||||
| export GITHUB="true" | ||||
|  | ||||
| sh -c "/bin/drone-ssh $*" | ||||
| GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}" | ||||
| DRONE_SSH_RELEASE_URL="${DRONE_SSH_RELEASE_URL:-https://github.com/appleboy/drone-ssh/releases/download}" | ||||
| DRONE_SSH_VERSION="${DRONE_SSH_VERSION:-1.7.4}" | ||||
|  | ||||
| function detect_client_info() { | ||||
|   if [ -n "${SSH_CLIENT_OS-}" ]; then | ||||
|     CLIENT_PLATFORM="${SSH_CLIENT_OS}" | ||||
|   else | ||||
|     local kernel | ||||
|     kernel="$(uname -s)" | ||||
|     case "${kernel}" in | ||||
|       Darwin) | ||||
|         CLIENT_PLATFORM="darwin" | ||||
|         ;; | ||||
|       Linux) | ||||
|         CLIENT_PLATFORM="linux" | ||||
|         ;; | ||||
|       Windows) | ||||
|         CLIENT_PLATFORM="windows" | ||||
|         ;; | ||||
|       *) | ||||
|         echo "Unknown, unsupported platform: ${kernel}." >&2 | ||||
|         echo "Supported platforms: Linux, Darwin and Windows." >&2 | ||||
|         echo "Bailing out." >&2 | ||||
|         exit 2 | ||||
|     esac | ||||
|   fi | ||||
|  | ||||
|   if [ -n "${SSH_CLIENT_ARCH-}" ]; then | ||||
|     CLIENT_ARCH="${SSH_CLIENT_ARCH}" | ||||
|   else | ||||
|     local machine | ||||
|     machine="$(uname -m)" | ||||
|     case "${machine}" in | ||||
|       x86_64*|i?86_64*|amd64*) | ||||
|         CLIENT_ARCH="amd64" | ||||
|         ;; | ||||
|       aarch64*|arm64*) | ||||
|         CLIENT_ARCH="arm64" | ||||
|         ;; | ||||
|       *) | ||||
|         echo "Unknown, unsupported architecture (${machine})." >&2 | ||||
|         echo "Supported architectures x86_64, i686, arm64." >&2 | ||||
|         echo "Bailing out." >&2 | ||||
|         exit 3 | ||||
|         ;; | ||||
|     esac | ||||
|   fi | ||||
| } | ||||
|  | ||||
| detect_client_info | ||||
| DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}" | ||||
| CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}" | ||||
| TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}" | ||||
| echo "Will download ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}" | ||||
| curl -fL --retry 3 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o ${TARGET} | ||||
| chmod +x ${TARGET} | ||||
| sh -c "${TARGET} $*" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user