refactor(workflow): enhance SSH setup and cleanup logic (#11)

- Reorganized the workflow to improve clarity and maintainability: - Added a new `noop.sh` script for setup post-check of known hosts. - Moved the `Setup SSH key` step after `Check known hosts file` for better sequence. - Improved the `check.sh` script: - Validates the presence of expected SSH fingerprints in the `known_hosts` file. - Updated the `post_action.sh` script: - Simplified removal of the `known_hosts` file instead of line-by-line cleanup. - Adjusted `post_check.sh` to ensure the `known_hosts` file is completely removed. - Updated `action.yml` to include corrected paths and a reordering of the steps.
apter-tech · Jan 3, 2025 · 286a349 · 286a349
1 parent 6a9ff81
commit 286a349
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 27 deletions.
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -14,21 +14,25 @@ jobs:
     runs-on: ${{ matrix.os }}      
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Setup SSH key
-        uses: ./
-        with:
-          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
-          ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
-          log-public-key: false
-      - name: Check known hosts file
+      - name: Setup post check of known hosts file
         uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1
         env:
           SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
         with:
           main: |
-            sh check.sh
+            sh noop.sh
           post: |
             sh post_check.sh
+      - name: Setup SSH key
+        uses: ./
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
+          log-public-key: false
+      - name: Check known hosts file
+        shell: sh
+        run: |
+          sh check.sh
       - name: Install docker (Missing on MacOS)
         if: runner.os == 'macos'
         shell: bash

diff --git a/action.yml b/action.yml
@@ -35,14 +35,6 @@ inputs:
 runs:
   using: 'composite'
   steps:
-    - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
-      with:
-        ssh-private-key: ${{ inputs.ssh-private-key }}
-        ssh-auth-sock: ${{ inputs.ssh-auth-sock }}
-        log-public-key: ${{ inputs.log-public-key }}
-        ssh-agent-cmd: ${{ inputs.ssh-agent-cmd }}
-        ssh-add-cmd: ${{ inputs.ssh-add-cmd }}
-        git-cmd: ${{ inputs.git-cmd }}
     - uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1
       env:
         SSH_HOST: ${{ inputs.ssh-host }}
@@ -53,6 +45,14 @@ runs:
           sh "${{ github.action_path }}/action.sh"
         post: |
           sh "${{ github.action_path }}/post_action.sh"
+    - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      with:
+        ssh-private-key: ${{ inputs.ssh-private-key }}
+        ssh-auth-sock: ${{ inputs.ssh-auth-sock }}
+        log-public-key: ${{ inputs.log-public-key }}
+        ssh-agent-cmd: ${{ inputs.ssh-agent-cmd }}
+        ssh-add-cmd: ${{ inputs.ssh-add-cmd }}
+        git-cmd: ${{ inputs.git-cmd }}
 branding:
   icon: loader
   color: 'purple'
diff --git a/check.sh b/check.sh
@@ -1,7 +1,11 @@
 #!/usr/bin/env sh
 
-if [ ! -s "${HOME}/.ssh/known_hosts" ]; then
+SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts"
+
+if ! grep -q "${SSH_KNOWN_HOSTS}" "${SSH_KNOWN_HOSTS_FILE}"; then
     echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\
-~/.ssh/known_hosts is missing or empty."
+${SSH_KNOWN_HOSTS_FILE} file should contain the ssh fingerprint."
     exit 1
-fi
+fi
+
+unset SSH_KNOWN_HOSTS_FILE
diff --git a/noop.sh b/noop.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+exit 0
diff --git a/post_action.sh b/post_action.sh
@@ -1,14 +1,10 @@
 #!/usr/bin/env sh
 
 SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts"
-TEMP_FILE="/tmp/718f4157-5493-43b2-837b-3ccb27f78e7b"
 
-sed '$ d' "${SSH_KNOWN_HOSTS_FILE}" > "${TEMP_FILE}"
-cat "${TEMP_FILE}" > "${SSH_KNOWN_HOSTS_FILE}"
-rm -rf "${TEMP_FILE}"
+rm -rf "${SSH_KNOWN_HOSTS_FILE}"
 
 echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\
-${SSH_KNOWN_HOSTS_FILE} has been cleaned."
+${SSH_KNOWN_HOSTS_FILE} has been removed."
 
 unset SSH_KNOWN_HOSTS_FILE
-unset TEMP_FILE
diff --git a/post_check.sh b/post_check.sh
@@ -2,9 +2,9 @@
 
 SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts"
 
-if ! grep -q "${SSH_KNOWN_HOSTS}" "${SSH_KNOWN_HOSTS_FILE}" ; then
+if [ -s "${SSH_KNOWN_HOSTS_FILE}" ] ; then
     echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\
-${SSH_KNOWN_HOSTS_FILE} file should not contain the ssh fingerprint after the job."
+${SSH_KNOWN_HOSTS_FILE} file should be removed."
     exit 1
 fi