support forgejo actions
Some checks failed
/ deployment_keys_demo (macOS-latest) (push) Has been cancelled
/ deployment_keys_demo (ubuntu-latest) (push) Has been cancelled
/ deployment_keys_demo (windows-latest) (push) Has been cancelled
/ docker_demo (push) Has been cancelled

This commit is contained in:
Seaswimmer 2024-10-20 10:09:00 -04:00
parent dc588b651f
commit e296b8a627
Signed by: cswimr
GPG key ID: A9C162E867C851FA
6 changed files with 53744 additions and 4251 deletions

View file

@ -4,6 +4,19 @@ inputs:
ssh-private-key: ssh-private-key:
description: 'Private SSH key to register in the SSH agent' description: 'Private SSH key to register in the SSH agent'
required: true required: true
instance-urls:
description: |-
URL(s) of the Forgejo instance to use. Due to limitations with Forgejo Actions inputs, this is specified as a string.
You can specify multiple instance URLs by putting each one on a separate line.
```yaml
secrets: |-
forgejo.org
codeberg.org
```
required: false
default: 'forgejo.org'
ssh-auth-sock: ssh-auth-sock:
description: 'Where to place the SSH Agent auth socket' description: 'Where to place the SSH Agent auth socket'
log-public-key: log-public-key:

28911
dist/cleanup.js vendored

File diff suppressed because one or more lines are too long

29082
dist/index.js vendored

File diff suppressed because one or more lines are too long

View file

@ -6,6 +6,7 @@ const { homePath, sshAgentCmdDefault, sshAddCmdDefault, gitCmdDefault } = requir
try { try {
const privateKey = core.getInput('ssh-private-key'); const privateKey = core.getInput('ssh-private-key');
const instanceUrls = core.getInput('instance-urls', { required: true });
const logPublicKey = core.getBooleanInput('log-public-key', {default: true}); const logPublicKey = core.getBooleanInput('log-public-key', {default: true});
const sshAgentCmdInput = core.getInput('ssh-agent-cmd'); const sshAgentCmdInput = core.getInput('ssh-agent-cmd');
@ -53,12 +54,17 @@ try {
console.log('Configuring deployment key(s)'); console.log('Configuring deployment key(s)');
const instanceUrlsArray = instanceUrls.split(/\r?\n/);
instanceUrlsArray.forEach(instanceUrl => {
const urlPattern = new RegExp(`\\b${instanceUrl.replace(/\./g, '\\.')}[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)`, 'i');
child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) { child_process.execFileSync(sshAddCmd, ['-L']).toString().trim().split(/\r?\n/).forEach(function(key) {
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); const parts = key.match(urlPattern);
if (!parts) { if (!parts) {
if (logPublicKey) { if (logPublicKey) {
console.log(`Comment for (public) key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`); console.log(`Comment for (public) key '${key}' does not match ${instanceUrl} URL pattern. Not treating it as a deploy key for ${instanceUrl}.`);
} }
return; return;
} }
@ -68,19 +74,22 @@ try {
fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' }); fs.writeFileSync(`${homeSsh}/key-${sha256}`, key + "\n", { mode: '600' });
child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`); const keyHostname = `key-${sha256}.${instanceUrl}`;
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "git@github.com:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://git@github.com/${ownerAndRepo}"`);
const sshConfig = `\nHost key-${sha256}.github.com\n` child_process.execSync(`${gitCmd} config --global --replace-all url."git@${keyHostname}:${ownerAndRepo}".insteadOf "https://${instanceUrl}/${ownerAndRepo}"`);
+ ` HostName github.com\n` child_process.execSync(`${gitCmd} config --global --add url."git@${keyHostname}:${ownerAndRepo}".insteadOf "git@${instanceUrl}:${ownerAndRepo}"`);
child_process.execSync(`${gitCmd} config --global --add url."git@${keyHostname}:${ownerAndRepo}".insteadOf "ssh://git@${instanceUrl}/${ownerAndRepo}"`);
const sshConfig = `\nHost ${keyHostname}\n`
+ ` HostName ${instanceUrl}\n`
+ ` IdentityFile ${homeSsh}/key-${sha256}\n` + ` IdentityFile ${homeSsh}/key-${sha256}\n`
+ ` IdentitiesOnly yes\n`; + ` IdentitiesOnly yes\n`;
fs.appendFileSync(`${homeSsh}/config`, sshConfig); fs.appendFileSync(`${homeSsh}/config`, sshConfig);
console.log(`Added deploy-key mapping: Use identity '${homeSsh}/key-${sha256}' for GitHub repository ${ownerAndRepo}`); console.log(`Added deploy-key mapping: Use identity '${homeSsh}/key-${sha256}' for ${instanceUrl} repository ${ownerAndRepo}`);
}); });
});
} catch (error) { } catch (error) {

View file

@ -1,6 +1,6 @@
{ {
"name": "webfactory-action-ssh-agent", "name": "webfactory-action-ssh-agent",
"repository": "git@github.com:webfactory/ssh-agent.git", "repository": "git@www.coastalcommits.com:actions/ssh-agent.git",
"description": "GitHub Action to set up ssh-agent with a private SSH key", "description": "GitHub Action to set up ssh-agent with a private SSH key",
"version": "0.7.0", "version": "0.7.0",
"main": "index.js", "main": "index.js",
@ -8,7 +8,7 @@
"license": "MIT", "license": "MIT",
"devDependencies": { "devDependencies": {
"@actions/core": "^1.9.1", "@actions/core": "^1.9.1",
"@zeit/ncc": "^0.20.5" "@vercel/ncc": "^0.38.2"
}, },
"scripts": { "scripts": {
"build": "node scripts/build.js" "build": "node scripts/build.js"

View file

@ -3,31 +3,51 @@
"@actions/core@^1.9.1": "@actions/core@^1.9.1":
"integrity" "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==" version "1.11.1"
"resolved" "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz" resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.11.1.tgz#ae683aac5112438021588030efb53b1adb86f172"
"version" "1.9.1" integrity sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==
dependencies: dependencies:
"@actions/exec" "^1.1.1"
"@actions/http-client" "^2.0.1" "@actions/http-client" "^2.0.1"
"uuid" "^8.3.2"
"@actions/exec@^1.1.1":
version "1.1.1"
resolved "https://registry.yarnpkg.com/@actions/exec/-/exec-1.1.1.tgz#2e43f28c54022537172819a7cf886c844221a611"
integrity sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==
dependencies:
"@actions/io" "^1.0.1"
"@actions/http-client@^2.0.1": "@actions/http-client@^2.0.1":
"integrity" "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==" version "2.2.3"
"resolved" "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz" resolved "https://registry.yarnpkg.com/@actions/http-client/-/http-client-2.2.3.tgz#31fc0b25c0e665754ed39a9f19a8611fc6dab674"
"version" "2.0.1" integrity sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==
dependencies: dependencies:
"tunnel" "^0.0.6" tunnel "^0.0.6"
undici "^5.25.4"
"@zeit/ncc@^0.20.5": "@actions/io@^1.0.1":
"integrity" "sha512-XU6uzwvv95DqxciQx+aOLhbyBx/13ky+RK1y88Age9Du3BlA4mMPCy13BGjayOrrumOzlq1XV3SD/BWiZENXlw==" version "1.1.3"
"resolved" "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.20.5.tgz" resolved "https://registry.yarnpkg.com/@actions/io/-/io-1.1.3.tgz#4cdb6254da7962b07473ff5c335f3da485d94d71"
"version" "0.20.5" integrity sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==
"tunnel@^0.0.6": "@fastify/busboy@^2.0.0":
"integrity" "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==" version "2.1.1"
"resolved" "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz" resolved "https://registry.yarnpkg.com/@fastify/busboy/-/busboy-2.1.1.tgz#b9da6a878a371829a0502c9b6c1c143ef6663f4d"
"version" "0.0.6" integrity sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==
"uuid@^8.3.2": "@vercel/ncc@^0.38.2":
"integrity" "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" version "0.38.2"
"resolved" "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz" resolved "https://registry.yarnpkg.com/@vercel/ncc/-/ncc-0.38.2.tgz#d35c3a74c671699ccf316f74bf0ecab6b60e312b"
"version" "8.3.2" integrity sha512-3yel3jaxUg9pHBv4+KeC9qlbdZPug+UMtUOlhvpDYCMSgcNSrS2Hv1LoqMsOV7hf2lYscx+BESfJOIla1WsmMQ==
tunnel@^0.0.6:
version "0.0.6"
resolved "https://registry.yarnpkg.com/tunnel/-/tunnel-0.0.6.tgz#72f1314b34a5b192db012324df2cc587ca47f92c"
integrity sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==
undici@^5.25.4:
version "5.28.4"
resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068"
integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==
dependencies:
"@fastify/busboy" "^2.0.0"