 20d5c5bbc9
			
		
	
	20d5c5bbc9
	
	
	
		
			
			- Add input parameter `curl_insecure` to `action.yml` with a default value of false - Pass `curl_insecure` input to the action's environment in `action.yml` - Modify `entrypoint.sh` to conditionally add the `--insecure` option to curl if `INPUT_CURL_INSECURE` is true Signed-off-by: appleboy <appleboy.tw@gmail.com>
		
			
				
	
	
		
			142 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			142 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| name: "SSH Remote Commands"
 | |
| description: "Executing remote ssh commands"
 | |
| author: "Bo-Yi Wu"
 | |
| inputs:
 | |
|   host:
 | |
|     description: "SSH host address or IP to connect to."
 | |
|   port:
 | |
|     description: "SSH port number for the connection."
 | |
|     default: "22"
 | |
|   passphrase:
 | |
|     description: "Passphrase to decrypt the SSH private key if protected."
 | |
|   username:
 | |
|     description: "SSH username for authentication on the remote server."
 | |
|   password:
 | |
|     description: "SSH password for authentication (use secrets for sensitive data)."
 | |
|   protocol:
 | |
|     description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
 | |
|     default: "tcp"
 | |
|   sync:
 | |
|     description: "When true, executes commands synchronously across multiple hosts (one after another)."
 | |
|   use_insecure_cipher:
 | |
|     description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems."
 | |
|   cipher:
 | |
|     description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults."
 | |
|   timeout:
 | |
|     description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'."
 | |
|     default: "30s"
 | |
|   command_timeout:
 | |
|     description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'."
 | |
|     default: "10m"
 | |
|   key:
 | |
|     description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)."
 | |
|   key_path:
 | |
|     description: "Path to the SSH private key file on the runner."
 | |
|   fingerprint:
 | |
|     description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks."
 | |
|   proxy_host:
 | |
|     description: "Proxy server hostname or IP if connecting through an SSH jump host."
 | |
|   proxy_port:
 | |
|     description: "SSH port number for the proxy connection."
 | |
|     default: "22"
 | |
|   proxy_username:
 | |
|     description: "Username for authentication on the proxy server."
 | |
|   proxy_password:
 | |
|     description: "Password for authentication on the proxy server (use secrets for sensitive data)."
 | |
|   proxy_protocol:
 | |
|     description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
 | |
|     default: "tcp"
 | |
|   proxy_passphrase:
 | |
|     description: "Passphrase to decrypt the proxy SSH private key if protected."
 | |
|   proxy_timeout:
 | |
|     description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'."
 | |
|     default: "30s"
 | |
|   proxy_key:
 | |
|     description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)."
 | |
|   proxy_key_path:
 | |
|     description: "Path to the SSH proxy private key file on the runner."
 | |
|   proxy_fingerprint:
 | |
|     description: "SHA256 fingerprint of the proxy host public key for verification."
 | |
|   proxy_cipher:
 | |
|     description: "Specify custom cipher algorithms for proxy connection encryption."
 | |
|   proxy_use_insecure_cipher:
 | |
|     description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)."
 | |
|   script:
 | |
|     description: "Commands to execute on the remote server (inline script string)."
 | |
|   script_path:
 | |
|     description: "Path to a local file containing commands to execute on the remote server."
 | |
|   envs:
 | |
|     description: "Environment variables to expose to the remote script, format: key=value,key2=value2."
 | |
|   envs_format:
 | |
|     description: "Format specification for environment variable transfer (for advanced usage)."
 | |
|   debug:
 | |
|     description: "Set to true to enable verbose logging for troubleshooting connection issues."
 | |
|   allenvs:
 | |
|     description: "When true, passes all GitHub Actions environment variables to the remote script."
 | |
|   request_pty:
 | |
|     description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)."
 | |
|   curl_insecure:
 | |
|     description: "When true, uses the --insecure option with curl for insecure downloads."
 | |
|     default: "false"
 | |
|   capture_stdout:
 | |
|     description: "When true, captures and returns standard output from the commands as action output."
 | |
|     default: "false"
 | |
| 
 | |
| outputs:
 | |
|   stdout:
 | |
|     description: "Standard output of the executed commands when capture_stdout is enabled."
 | |
|     value: ${{ steps.entrypoint.outputs.stdout }}
 | |
| 
 | |
| runs:
 | |
|   using: "composite"
 | |
|   steps:
 | |
|     - name: Set GitHub Path
 | |
|       run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
 | |
|       shell: bash
 | |
|       env:
 | |
|         GITHUB_ACTION_PATH: ${{ github.action_path }}
 | |
|     - id: entrypoint
 | |
|       name: Run entrypoint.sh
 | |
|       run: entrypoint.sh
 | |
|       shell: bash
 | |
|       env:
 | |
|         GITHUB_ACTION_PATH: ${{ github.action_path }}
 | |
|         INPUT_HOST: ${{ inputs.host }}
 | |
|         INPUT_PORT: ${{ inputs.port }}
 | |
|         INPUT_PROTOCOL: ${{ inputs.protocol }}
 | |
|         INPUT_USERNAME: ${{ inputs.username }}
 | |
|         INPUT_PASSWORD: ${{ inputs.password }}
 | |
|         INPUT_PASSPHRASE: ${{ inputs.passphrase }}
 | |
|         INPUT_KEY: ${{ inputs.key }}
 | |
|         INPUT_KEY_PATH: ${{ inputs.key_path }}
 | |
|         INPUT_FINGERPRINT: ${{ inputs.fingerprint }}
 | |
|         INPUT_PROXY_HOST: ${{ inputs.proxy_host }}
 | |
|         INPUT_PROXY_PORT: ${{ inputs.proxy_port }}
 | |
|         INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }}
 | |
|         INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }}
 | |
|         INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }}
 | |
|         INPUT_PROXY_KEY: ${{ inputs.proxy_key }}
 | |
|         INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }}
 | |
|         INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }}
 | |
|         INPUT_TIMEOUT: ${{ inputs.timeout }}
 | |
|         INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
 | |
|         INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
 | |
|         INPUT_SCRIPT: ${{ inputs.script }}
 | |
|         INPUT_SCRIPT_FILE: ${{ inputs.script_path }}
 | |
|         INPUT_ENVS: ${{ inputs.envs }}
 | |
|         INPUT_ENVS_FORMAT: ${{ inputs.envs_format }}
 | |
|         INPUT_DEBUG: ${{ inputs.debug }}
 | |
|         INPUT_ALL_ENVS: ${{ inputs.allenvs }}
 | |
|         INPUT_REQUEST_PTY: ${{ inputs.request_pty }}
 | |
|         INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }}
 | |
|         INPUT_CIPHER: ${{ inputs.cipher }}
 | |
|         INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
 | |
|         INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
 | |
|         INPUT_SYNC: ${{ inputs.sync }}
 | |
|         INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}
 | |
|         INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }}
 | |
| 
 | |
| branding:
 | |
|   icon: "terminal"
 | |
|   color: "gray-dark"
 |