From d7e6dd8c635644a4ce20d32091f6b9c0354c0964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 19:53:53 +0100 Subject: [PATCH 01/24] feat: Add pull request workflow with SSH host validation and deployment checks - Created `.github/workflows/pull_request.yml` to handle pull request events on the `main` branch. - Integrated matrix strategy to test across macOS, Ubuntu, and Windows platforms. - Added `check.sh` to verify the existence of a populated `known_hosts` file before deployment. - Added `post_check.sh` to ensure the `known_hosts` file is removed after the job for security. - Included test deployment of a `whoami` container to validate Docker host setup. - Utilized `pyTooling/Actions/with-post-step` to streamline pre- and post-check scripts. - Added support for private SSH keys and `known_hosts` configuration using the custom SSH action. --- .github/workflows/pull_request.yml | 39 ++++++++++++++++++++++++++++++ check.sh | 7 ++++++ post_check.sh | 7 ++++++ 3 files changed, 53 insertions(+) create mode 100644 .github/workflows/pull_request.yml create mode 100755 check.sh create mode 100755 post_check.sh diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 0000000..b19c6f4 --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,39 @@ +on: + pull_request: + branches: + - main +jobs: + test: + strategy: + fail-fast: false + matrix: + os: + - macos-15 + - ubuntu-24.04 + - windows-2025 + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Setup SSH key + uses: ./ + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }} + log-public-key: false + - name: Check known hosts + uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1 + with: + main: | + ./check.sh + post: | + ./post_check.sh + - name: Deploy over SSH + shell: bash + env: + DOCKER_HOST: ${{ secrets.DOCKER_HOST }} + run: | + # renovate: datasource=docker depname=traefik/whoami versioning=docker + WHOAMI_VERSION="v1.10" + docker run -d -P --name whoami traefik/whoami:v1.10 + docker stop whoami + docker rm whoami \ No newline at end of file diff --git a/check.sh b/check.sh new file mode 100755 index 0000000..019903d --- /dev/null +++ b/check.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +if [ ! -s ~/.ssh/known_hosts ]; then + echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ +~/.ssh/known_hosts is missing or empty." + exit 1 +fi \ No newline at end of file diff --git a/post_check.sh b/post_check.sh new file mode 100755 index 0000000..a5451ab --- /dev/null +++ b/post_check.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +if [ -s ~/.ssh/known_hosts ]; then + echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ +~/.ssh/known_hosts file should not exist after the job." + exit 1 +fi \ No newline at end of file From 9b635de3b0a8dfbad12b8a5b6211cccf68b96379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 20:18:49 +0100 Subject: [PATCH 02/24] fix: Update Docker image version reference in pull_request workflow - Changed `WHOAMI_VERSION` to use the full SHA256 hash instead of a simple version tag. - Adjusted `docker run` command to reference the updated `$WHOAMI_VERSION` variable. --- .github/workflows/pull_request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index b19c6f4..369be0e 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -33,7 +33,7 @@ jobs: DOCKER_HOST: ${{ secrets.DOCKER_HOST }} run: | # renovate: datasource=docker depname=traefik/whoami versioning=docker - WHOAMI_VERSION="v1.10" - docker run -d -P --name whoami traefik/whoami:v1.10 + WHOAMI_VERSION="43a68d10b9dfcfc3ffbfe4dd42100dc9aeaf29b3a5636c856337a5940f1b4f1c" # v1.10 + docker run -d -P --name whoami traefik/whoami:"$WHOAMI_VERSION" docker stop whoami docker rm whoami \ No newline at end of file From 3816620844ccdbcb8724986429b100c93ab42417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 20:21:20 +0100 Subject: [PATCH 03/24] fix: Update `docker run` command in pull_request workflow - Replaced shorthand `-d -P` options with explicit `--detach --publish-all` flags. - Ensured `${WHOAMI_VERSION}` is used for clarity and consistency in variable referencing. --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 369be0e..08c7d1a 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -34,6 +34,6 @@ jobs: run: | # renovate: datasource=docker depname=traefik/whoami versioning=docker WHOAMI_VERSION="43a68d10b9dfcfc3ffbfe4dd42100dc9aeaf29b3a5636c856337a5940f1b4f1c" # v1.10 - docker run -d -P --name whoami traefik/whoami:"$WHOAMI_VERSION" + docker run --detach --publish-all --name whoami traefik/whoami:"${WHOAMI_VERSION}" docker stop whoami docker rm whoami \ No newline at end of file From 90ef56d30f47e84fcd2f5245520b4ddd145eeb44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 20:58:53 +0100 Subject: [PATCH 04/24] fix: Ensure known_hosts directory exists before writing - Added `mkdir -p` command to create the directory for `SSH_KNOWN_HOSTS_FILE` if it does not exist. - Prevents errors when attempting to write to a non-existent directory. --- action.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/action.sh b/action.sh index ed17dfa..ddff506 100755 --- a/action.sh +++ b/action.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +mkdir -p "$(dirname "${SSH_KNOWN_HOSTS_FILE}")" + if [ -z "${SSH_HOST}" ] && [ -z "${SSH_KNOWN_HOSTS}" ]; then echo ":error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Input validation::\ One of the input, 'ssh-host' or 'ssh-known-hosts' must be set. Please update your workflow inputs." From 9756bf16bf41c6d07d484905de02f2781662a4f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 21:38:12 +0100 Subject: [PATCH 05/24] fix: Add Docker installation step for macOS runners - Introduced a conditional step to install Docker on macOS runners. - Utilized `brew` for Docker installation and `colima` for environment setup. --- .github/workflows/pull_request.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 08c7d1a..ab94c42 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -27,6 +27,11 @@ jobs: ./check.sh post: | ./post_check.sh + - name: Install docker (Missing on MacOS) + if: runner.os == 'macos' + shell: bash + run: | + brew install docker - name: Deploy over SSH shell: bash env: From 017b2063b5f76e7d69263490e090db3d11e339ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 21:49:48 +0100 Subject: [PATCH 06/24] fix: Streamline SSH known hosts setup in pull request workflow - Added a pre-setup step for SSH known hosts using a post-check mechanism. - Updated `check.sh` execution to occur in a dedicated shell step. - Optimized logic for Docker installation on macOS. --- .github/workflows/pull_request.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index ab94c42..bbde057 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -14,19 +14,24 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Setup post check known hosts + uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1 + with: + main: | + # Do nothing + exit 0 + post: | + ./post_check.sh - name: Setup SSH key uses: ./ with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }} log-public-key: false - - name: Check known hosts - uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1 - with: - main: | - ./check.sh - post: | - ./post_check.sh + - name: Setup post check known hosts + shell: bash + run: | + ./check.sh - name: Install docker (Missing on MacOS) if: runner.os == 'macos' shell: bash From f31073c39e7f6e780fa1115e1951d4cf7517086a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 21:55:28 +0100 Subject: [PATCH 07/24] fix: Enhance error handling and notices in SSH setup scripts - Added `set -e` to `action.sh` for immediate exit on error. - Improved log notices for created known hosts files. - Adjusted conditional checks in `check.sh` and `post_check.sh` to use `[[` for better compatibility. --- action.sh | 4 ++++ check.sh | 2 +- post_check.sh | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/action.sh b/action.sh index ddff506..221dc51 100755 --- a/action.sh +++ b/action.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -e + mkdir -p "$(dirname "${SSH_KNOWN_HOSTS_FILE}")" if [ -z "${SSH_HOST}" ] && [ -z "${SSH_KNOWN_HOSTS}" ]; then @@ -13,6 +15,7 @@ else Both 'ssh-host' and 'ssh-known-hosts' inputs are set. Using 'ssh-known-hosts'." fi echo "${SSH_KNOWN_HOSTS}" >> "${SSH_KNOWN_HOSTS_FILE}" + echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::${SSH_KNOWN_HOSTS_FILE} has been created." else echo "::warning file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Security risk::\ If an ssh_known_hosts file is constructed using ssh-keyscan without verifying the keys, \ @@ -33,5 +36,6 @@ Failed to scan SSH host keys for ${SSH_HOST}" exit 1 fi fi + echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::${SSH_KNOWN_HOSTS_FILE} has been created." fi fi diff --git a/check.sh b/check.sh index 019903d..f54bbd6 100755 --- a/check.sh +++ b/check.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -if [ ! -s ~/.ssh/known_hosts ]; then +if [[ ! -s ~/.ssh/known_hosts ]]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ ~/.ssh/known_hosts is missing or empty." exit 1 diff --git a/post_check.sh b/post_check.sh index a5451ab..75b9488 100755 --- a/post_check.sh +++ b/post_check.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -if [ -s ~/.ssh/known_hosts ]; then +if [[ -s ~/.ssh/known_hosts ]]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ ~/.ssh/known_hosts file should not exist after the job." exit 1 From 93ed533832c947d94879e3013b17a9fd2cad9214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 22:07:30 +0100 Subject: [PATCH 08/24] fix: Set secure permissions for SSH known hosts file - Added `chmod 600` to `action.sh` to secure the `known_hosts` file by restricting access permissions. --- action.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/action.sh b/action.sh index 221dc51..3144f1a 100755 --- a/action.sh +++ b/action.sh @@ -39,3 +39,5 @@ Failed to scan SSH host keys for ${SSH_HOST}" echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::${SSH_KNOWN_HOSTS_FILE} has been created." fi fi + +chmod 600 "${SSH_KNOWN_HOSTS_FILE}" \ No newline at end of file From 294d76a242d23e1c6451a5e57991c1766dd9389e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 22:12:44 +0100 Subject: [PATCH 09/24] chore(ci): rename workflow step for host key validation Renamed the workflow step Setup post check known hosts to Check known hosts in .github/workflows/pull_request.yml for improved clarity and alignment with the task performed by the check.sh script. --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index bbde057..207b129 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -28,7 +28,7 @@ jobs: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }} log-public-key: false - - name: Setup post check known hosts + - name: Check known hosts shell: bash run: | ./check.sh From d5847cdef10c947e72c670fc36a5aa41fedbde97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 23:18:41 +0100 Subject: [PATCH 10/24] fix: remove default SSH key type from inputs Removed the default value rsa for the ssh-key-type input in action.yml to ensure explicit specification of key types when using the action. This change allows greater flexibility and avoids assumptions about the default SSH key type. --- action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/action.yml b/action.yml index b2a000c..d9552aa 100644 --- a/action.yml +++ b/action.yml @@ -9,7 +9,6 @@ inputs: Specify the type of the key to fetch from the scanned hosts. The possible values are “ecdsa”, “ed25519”, “ecdsa-sk”, “ed25519-sk”, or “rsa”. Multiple values may be specified by separating them with commas. The default is to fetch all the above key types. required: false - default: 'rsa' ssh-known-hosts: description: 'Predefined known hosts to be added directly.' required: false From 6ab1366c98ec9a2c3fa6a79a4e873f97ca02459f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 23:47:19 +0100 Subject: [PATCH 11/24] chore(action.yml): reorder steps for ssh-agent setup Moved the ssh-agent setup step earlier in the workflow to ensure SSH credentials are available before invoking subsequent scripts. Removed redundant ssh-agent step at the end of the workflow to streamline execution. --- action.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/action.yml b/action.yml index d9552aa..0369936 100644 --- a/action.yml +++ b/action.yml @@ -35,6 +35,14 @@ inputs: runs: using: 'composite' steps: + - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + with: + ssh-private-key: ${{ inputs.ssh-private-key }} + ssh-auth-sock: ${{ inputs.ssh-auth-sock }} + log-public-key: ${{ inputs.log-public-key }} + ssh-agent-cmd: ${{ inputs.ssh-agent-cmd }} + ssh-add-cmd: ${{ inputs.ssh-add-cmd }} + git-cmd: ${{ inputs.git-cmd }} - uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1 env: SSH_HOST: ${{ inputs.ssh-host }} @@ -46,12 +54,4 @@ runs: ./action.sh post: | ./post_action.sh - - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 - with: - ssh-private-key: ${{ inputs.ssh-private-key }} - ssh-auth-sock: ${{ inputs.ssh-auth-sock }} - log-public-key: ${{ inputs.log-public-key }} - ssh-agent-cmd: ${{ inputs.ssh-agent-cmd }} - ssh-add-cmd: ${{ inputs.ssh-add-cmd }} - git-cmd: ${{ inputs.git-cmd }} From c80cd9403f84d7cace72820ad926ab23892b2da8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Thu, 2 Jan 2025 23:58:14 +0100 Subject: [PATCH 12/24] =?UTF-8?q?refactor(workflow):=20standardize=20scrip?= =?UTF-8?q?t=20execution=20and=20modularize=20deployment=20=09=E2=80=A2=09?= =?UTF-8?q?Replaced=20direct=20script=20executions=20with=20sh=20for=20con?= =?UTF-8?q?sistency=20across=20different=20environments.=20=09=E2=80=A2=09?= =?UTF-8?q?Introduced=20deploy.sh=20to=20encapsulate=20deployment=20logic,?= =?UTF-8?q?=20improving=20maintainability=20and=20reusability.=20=09?= =?UTF-8?q?=E2=80=A2=09Removed=20inline=20deployment=20commands=20from=20t?= =?UTF-8?q?he=20workflow=20to=20streamline=20and=20declutter=20the=20YAML?= =?UTF-8?q?=20file.=20=09=E2=80=A2=09Enhanced=20readability=20and=20consis?= =?UTF-8?q?tency=20across=20all=20script=20invocations=20in=20the=20workfl?= =?UTF-8?q?ow.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/pull_request.yml | 10 +++------- action.yml | 4 ++-- deploy.sh | 7 +++++++ 3 files changed, 12 insertions(+), 9 deletions(-) create mode 100755 deploy.sh diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 207b129..e435a07 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -21,7 +21,7 @@ jobs: # Do nothing exit 0 post: | - ./post_check.sh + sh post_check.sh - name: Setup SSH key uses: ./ with: @@ -31,7 +31,7 @@ jobs: - name: Check known hosts shell: bash run: | - ./check.sh + sh check.sh - name: Install docker (Missing on MacOS) if: runner.os == 'macos' shell: bash @@ -42,8 +42,4 @@ jobs: env: DOCKER_HOST: ${{ secrets.DOCKER_HOST }} run: | - # renovate: datasource=docker depname=traefik/whoami versioning=docker - WHOAMI_VERSION="43a68d10b9dfcfc3ffbfe4dd42100dc9aeaf29b3a5636c856337a5940f1b4f1c" # v1.10 - docker run --detach --publish-all --name whoami traefik/whoami:"${WHOAMI_VERSION}" - docker stop whoami - docker rm whoami \ No newline at end of file + sh deploy.sh \ No newline at end of file diff --git a/action.yml b/action.yml index 0369936..2cfc32c 100644 --- a/action.yml +++ b/action.yml @@ -51,7 +51,7 @@ runs: SSH_KNOWN_HOSTS_FILE: '~/.ssh/known_hosts' with: main: | - ./action.sh + sh action.sh post: | - ./post_action.sh + sh post_action.sh diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..4a387d2 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +# renovate: datasource=docker depname=traefik/whoami versioning=docker +WHOAMI_VERSION="43a68d10b9dfcfc3ffbfe4dd42100dc9aeaf29b3a5636c856337a5940f1b4f1c" # v1.10 +docker run --detach --publish-all --name whoami traefik/whoami:"${WHOAMI_VERSION}" +docker stop whoami +docker rm whoami \ No newline at end of file From b068c35777ec232955013f2c144be11eaa3cd72a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 00:03:15 +0100 Subject: [PATCH 13/24] =?UTF-8?q?refactor(workflow):=20modularize=20no-ope?= =?UTF-8?q?ration=20step=20=09=E2=80=A2=09Replaced=20inline=20exit=200=20w?= =?UTF-8?q?ith=20a=20dedicated=20noop.sh=20script=20for=20better=20modular?= =?UTF-8?q?ity=20and=20readability.=20=09=E2=80=A2=09Updated=20workflow=20?= =?UTF-8?q?configuration=20to=20call=20noop.sh,=20ensuring=20consistency?= =?UTF-8?q?=20in=20no-operation=20handling.=20=09=E2=80=A2=09Improved=20ma?= =?UTF-8?q?intainability=20by=20isolating=20no-operation=20logic=20in=20a?= =?UTF-8?q?=20separate=20file.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/pull_request.yml | 3 +-- noop.sh | 3 +++ 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100755 noop.sh diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index e435a07..bd73ea9 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -18,8 +18,7 @@ jobs: uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1 with: main: | - # Do nothing - exit 0 + sh noop.sh post: | sh post_check.sh - name: Setup SSH key diff --git a/noop.sh b/noop.sh new file mode 100755 index 0000000..2806a9b --- /dev/null +++ b/noop.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env sh + +exit 0 \ No newline at end of file From e0f59f8dfa4eedfb298af912153a081b4f66d935 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 00:05:29 +0100 Subject: [PATCH 14/24] =?UTF-8?q?refactor(scripts):=20switch=20from=20bash?= =?UTF-8?q?=20to=20sh=20for=20enhanced=20portability=20=09=E2=80=A2=09Upda?= =?UTF-8?q?ted=20all=20scripts=20(action.sh,=20check.sh,=20deploy.sh,=20po?= =?UTF-8?q?st=5Faction.sh,=20post=5Fcheck.sh)=20to=20use=20sh=20instead=20?= =?UTF-8?q?of=20bash.=20=09=E2=80=A2=09Ensured=20compatibility=20across=20?= =?UTF-8?q?environments=20by=20replacing=20bash-specific=20syntax=20with?= =?UTF-8?q?=20POSIX-compliant=20alternatives.=20=09=E2=80=A2=09Improved=20?= =?UTF-8?q?maintainability=20by=20standardizing=20the=20shebang=20to=20#!/?= =?UTF-8?q?usr/bin/env=20sh.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- action.sh | 2 +- check.sh | 4 ++-- deploy.sh | 2 +- post_action.sh | 2 +- post_check.sh | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/action.sh b/action.sh index 3144f1a..216f33e 100755 --- a/action.sh +++ b/action.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh set -e diff --git a/check.sh b/check.sh index f54bbd6..d22aa0d 100755 --- a/check.sh +++ b/check.sh @@ -1,6 +1,6 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh -if [[ ! -s ~/.ssh/known_hosts ]]; then +if [ ! -s ~/.ssh/known_hosts ]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ ~/.ssh/known_hosts is missing or empty." exit 1 diff --git a/deploy.sh b/deploy.sh index 4a387d2..f4d07f9 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh # renovate: datasource=docker depname=traefik/whoami versioning=docker WHOAMI_VERSION="43a68d10b9dfcfc3ffbfe4dd42100dc9aeaf29b3a5636c856337a5940f1b4f1c" # v1.10 diff --git a/post_action.sh b/post_action.sh index 9ef0fe0..6de2d17 100755 --- a/post_action.sh +++ b/post_action.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh if [ -z "${SSH_KNOWN_HOSTS_FILE}" ]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ diff --git a/post_check.sh b/post_check.sh index 75b9488..5671bf2 100755 --- a/post_check.sh +++ b/post_check.sh @@ -1,6 +1,6 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh -if [[ -s ~/.ssh/known_hosts ]]; then +if [ -s ~/.ssh/known_hosts ]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ ~/.ssh/known_hosts file should not exist after the job." exit 1 From ff1af96a425a116591aef54f5635ab356dd4b63b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 00:14:29 +0100 Subject: [PATCH 15/24] =?UTF-8?q?fix(scripts):=20use=20$HOME=20variable=20?= =?UTF-8?q?for=20known=5Fhosts=20path=20=09=E2=80=A2=09Replaced=20hardcode?= =?UTF-8?q?d=20~/.ssh/known=5Fhosts=20with=20${HOME}/.ssh/known=5Fhosts=20?= =?UTF-8?q?in=20check.sh=20and=20post=5Fcheck.sh.=20=09=E2=80=A2=09Ensures?= =?UTF-8?q?=20compatibility=20with=20environments=20where=20$HOME=20may=20?= =?UTF-8?q?differ=20from=20the=20default=20user=20directory.=20=09?= =?UTF-8?q?=E2=80=A2=09Maintains=20clarity=20and=20consistency=20across=20?= =?UTF-8?q?script=20file=20path=20handling.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- check.sh | 2 +- post_check.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/check.sh b/check.sh index d22aa0d..5d6d82a 100755 --- a/check.sh +++ b/check.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -if [ ! -s ~/.ssh/known_hosts ]; then +if [ ! -s "${HOME}/.ssh/known_hosts" ]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ ~/.ssh/known_hosts is missing or empty." exit 1 diff --git a/post_check.sh b/post_check.sh index 5671bf2..ea22248 100755 --- a/post_check.sh +++ b/post_check.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -if [ -s ~/.ssh/known_hosts ]; then +if [ -s "${HOME}/.ssh/known_hosts" ]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ ~/.ssh/known_hosts file should not exist after the job." exit 1 From b3c467c50e6ace03af85c27d9967b3a78b774336 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 00:32:56 +0100 Subject: [PATCH 16/24] =?UTF-8?q?refactor(ssh):=20improve=20known=5Fhosts?= =?UTF-8?q?=20handling=20and=20cleanup=20=09=E2=80=A2=09Defined=20SSH=5FKN?= =?UTF-8?q?OWN=5FHOSTS=5FFILE=20in=20action.sh=20to=20explicitly=20use=20$?= =?UTF-8?q?{HOME}/.ssh/known=5Fhosts.=20=09=E2=80=A2=09Removed=20hardcoded?= =?UTF-8?q?=20references=20to=20SSH=5FKNOWN=5FHOSTS=5FFILE=20in=20action.y?= =?UTF-8?q?ml=20and=20ensured=20dynamic=20handling=20in=20action.sh.=20=09?= =?UTF-8?q?=E2=80=A2=09Commented=20out=20the=20removal=20of=20known=5Fhost?= =?UTF-8?q?s=20in=20post=5Faction.sh=20and=20post=5Fcheck.sh=20for=20furth?= =?UTF-8?q?er=20review=20and=20potential=20debugging.=20=09=E2=80=A2=09Imp?= =?UTF-8?q?roved=20cleanup=20logic=20by=20unsetting=20SSH=5FKNOWN=5FHOSTS?= =?UTF-8?q?=5FFILE=20in=20action.sh=20to=20avoid=20lingering=20environment?= =?UTF-8?q?=20variables.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- action.sh | 6 +++++- action.yml | 1 - post_action.sh | 6 +++--- post_check.sh | 6 +++--- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/action.sh b/action.sh index 216f33e..c3a0df4 100755 --- a/action.sh +++ b/action.sh @@ -2,6 +2,8 @@ set -e +SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts" + mkdir -p "$(dirname "${SSH_KNOWN_HOSTS_FILE}")" if [ -z "${SSH_HOST}" ] && [ -z "${SSH_KNOWN_HOSTS}" ]; then @@ -40,4 +42,6 @@ Failed to scan SSH host keys for ${SSH_HOST}" fi fi -chmod 600 "${SSH_KNOWN_HOSTS_FILE}" \ No newline at end of file +chmod 600 "${SSH_KNOWN_HOSTS_FILE}" + +unset SSH_KNOWN_HOSTS_FILE \ No newline at end of file diff --git a/action.yml b/action.yml index 2cfc32c..8df59cb 100644 --- a/action.yml +++ b/action.yml @@ -48,7 +48,6 @@ runs: SSH_HOST: ${{ inputs.ssh-host }} SSH_KEY_TYPE: ${{ inputs.ssh-key-type }} SSH_KNOWN_HOSTS: ${{ inputs.ssh-known-hosts }} - SSH_KNOWN_HOSTS_FILE: '~/.ssh/known_hosts' with: main: | sh action.sh diff --git a/post_action.sh b/post_action.sh index 6de2d17..49cc664 100755 --- a/post_action.sh +++ b/post_action.sh @@ -4,7 +4,7 @@ if [ -z "${SSH_KNOWN_HOSTS_FILE}" ]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ ${SSH_KNOWN_HOSTS_FILE} environment variable must be set." else - rm -rf "${SSH_KNOWN_HOSTS_FILE}" - echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ -${SSH_KNOWN_HOSTS_FILE} has been removed." + # rm -rf "${SSH_KNOWN_HOSTS_FILE}" + #echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ +#${SSH_KNOWN_HOSTS_FILE} has been removed." fi \ No newline at end of file diff --git a/post_check.sh b/post_check.sh index ea22248..cc6bbcf 100755 --- a/post_check.sh +++ b/post_check.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh if [ -s "${HOME}/.ssh/known_hosts" ]; then - echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ -~/.ssh/known_hosts file should not exist after the job." - exit 1 + #echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ +#~/.ssh/known_hosts file should not exist after the job." + #exit 1 fi \ No newline at end of file From 7d9f6fb5d6a225cc99618320d08fe65eca80add3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 00:36:28 +0100 Subject: [PATCH 17/24] =?UTF-8?q?refactor(deploy):=20simplify=20WHOAMI=5FV?= =?UTF-8?q?ERSION=20variable=20=09=E2=80=A2=09Updated=20WHOAMI=5FVERSION?= =?UTF-8?q?=20to=20use=20the=20semantic=20version=20v1.10=20instead=20of?= =?UTF-8?q?=20the=20hash-based=20identifier.=20=09=E2=80=A2=09Ensured=20co?= =?UTF-8?q?nsistent=20formatting=20for=20ease=20of=20understanding=20and?= =?UTF-8?q?=20maintainability.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.sh b/deploy.sh index f4d07f9..571e754 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh # renovate: datasource=docker depname=traefik/whoami versioning=docker -WHOAMI_VERSION="43a68d10b9dfcfc3ffbfe4dd42100dc9aeaf29b3a5636c856337a5940f1b4f1c" # v1.10 +WHOAMI_VERSION="v1.10" docker run --detach --publish-all --name whoami traefik/whoami:"${WHOAMI_VERSION}" docker stop whoami docker rm whoami \ No newline at end of file From e90d822308e750c6e180b92d80f28641f339e761 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 00:39:10 +0100 Subject: [PATCH 18/24] =?UTF-8?q?refactor(deploy,=20post=5Faction):=20enha?= =?UTF-8?q?nce=20container=20management=20and=20streamline=20post-cleanup?= =?UTF-8?q?=20logic=20=09=E2=80=A2=09deploy.sh:=20=09=E2=80=A2=09Parameter?= =?UTF-8?q?ized=20container=20naming=20using=20${RUNNER=5FOS}=20for=20clar?= =?UTF-8?q?ity=20in=20multi-platform=20scenarios.=20=09=E2=80=A2=09Added?= =?UTF-8?q?=20unset=20for=20WHOAMI=5FVERSION=20and=20CONTAINER=5FNAME=20to?= =?UTF-8?q?=20ensure=20no=20residual=20environment=20variables.=20=09?= =?UTF-8?q?=E2=80=A2=09post=5Faction.sh:=20=09=E2=80=A2=09Commented=20out?= =?UTF-8?q?=20unnecessary=20rm=20and=20related=20notices,=20retaining=20pl?= =?UTF-8?q?aceholder=20for=20future=20cleanup=20logic.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These changes improve maintainability, adaptability for diverse environments, and ensure clean execution contexts. --- deploy.sh | 10 +++++++--- post_action.sh | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/deploy.sh b/deploy.sh index 571e754..694cb94 100755 --- a/deploy.sh +++ b/deploy.sh @@ -2,6 +2,10 @@ # renovate: datasource=docker depname=traefik/whoami versioning=docker WHOAMI_VERSION="v1.10" -docker run --detach --publish-all --name whoami traefik/whoami:"${WHOAMI_VERSION}" -docker stop whoami -docker rm whoami \ No newline at end of file +CONTAINER_NAME="${RUNNER_OS}-whoami" +docker run --detach --publish-all --name "${CONTAINER_NAME}" traefik/whoami:"${WHOAMI_VERSION}" +docker stop "${CONTAINER_NAME}" +docker rm "${CONTAINER_NAME}" + +unset WHOAMI_VERSION +unset CONTAINER_NAME \ No newline at end of file diff --git a/post_action.sh b/post_action.sh index 49cc664..b5f1536 100755 --- a/post_action.sh +++ b/post_action.sh @@ -3,7 +3,7 @@ if [ -z "${SSH_KNOWN_HOSTS_FILE}" ]; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ ${SSH_KNOWN_HOSTS_FILE} environment variable must be set." -else +#else # rm -rf "${SSH_KNOWN_HOSTS_FILE}" #echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ #${SSH_KNOWN_HOSTS_FILE} has been removed." From 1c9dbd0b4ca26fbb0543894b10f821f16ba0525a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 00:40:33 +0100 Subject: [PATCH 19/24] x --- post_check.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/post_check.sh b/post_check.sh index cc6bbcf..9df103c 100755 --- a/post_check.sh +++ b/post_check.sh @@ -1,6 +1,7 @@ #!/usr/bin/env sh if [ -s "${HOME}/.ssh/known_hosts" ]; then + echo "ok" #echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ #~/.ssh/known_hosts file should not exist after the job." #exit 1 From b7b542a6a011c7469393b0f8935755e6666e289d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 11:02:28 +0100 Subject: [PATCH 20/24] refactor(action, workflows): optimize known hosts handling and remove noop script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit action.sh: • Improved SSH keyscan logic to filter comments from known hosts. • Removed redundant chmod as it’s handled implicitly. • Ensured unset for SSH_KNOWN_HOSTS_FILE for cleanup. post_action.sh: • Introduced logic to clean up the last entry in known_hosts. • Improved clarity and consistency with explicit unset for temporary variables. post_check.sh: • Added a check to validate known_hosts does not retain specific SSH fingerprints post-execution. • pull_request.yml: • Simplified steps by merging noop logic into the post-check script. • Removed noop.sh, ensuring streamlined workflow execution. These updates enhance security, maintain clean execution contexts, and reduce redundant scripting. --- .github/workflows/pull_request.yml | 20 +++++++++----------- action.sh | 6 ++---- noop.sh | 3 --- post_action.sh | 18 ++++++++++-------- post_check.sh | 15 +++++++++------ 5 files changed, 30 insertions(+), 32 deletions(-) delete mode 100755 noop.sh diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index bd73ea9..6d1a33a 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -14,23 +14,21 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Setup post check known hosts - uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1 - with: - main: | - sh noop.sh - post: | - sh post_check.sh - name: Setup SSH key uses: ./ with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }} log-public-key: false - - name: Check known hosts - shell: bash - run: | - sh check.sh + - name: Check known hosts file + uses: pyTooling/Actions/with-post-step@9ceefdbf5dceae8c441fc393ed82344c7ca8bbdb # v3.1.1 + env: + SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} + with: + main: | + sh check.sh + post: | + sh post_check.sh - name: Install docker (Missing on MacOS) if: runner.os == 'macos' shell: bash diff --git a/action.sh b/action.sh index c3a0df4..33ea4fa 100755 --- a/action.sh +++ b/action.sh @@ -26,13 +26,13 @@ ssh-keyscan can help in the detection of tampered keyfiles or man in the middle the ssh_known_hosts file was created." if [ -z "${SSH_KEY_TYPE}" ]; then - if ! ssh-keyscan "${SSH_HOST}" >> "${SSH_KNOWN_HOSTS_FILE}"; then + if ! ssh-keyscan "${SSH_HOST} | grep -o '^[^#]*'" >> "${SSH_KNOWN_HOSTS_FILE}"; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=SSH Keyscan Failed::\ Failed to scan SSH host keys for ${SSH_HOST}" exit 1 fi else - if ! ssh-keyscan -t "${SSH_KEY_TYPE}" "${SSH_HOST}" >> "${SSH_KNOWN_HOSTS_FILE}"; then + if ! ssh-keyscan -t "${SSH_KEY_TYPE}" "${SSH_HOST}" | grep -o '^[^#]*' >> "${SSH_KNOWN_HOSTS_FILE}"; then echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=SSH Keyscan Failed::\ Failed to scan SSH host keys for ${SSH_HOST}" exit 1 @@ -42,6 +42,4 @@ Failed to scan SSH host keys for ${SSH_HOST}" fi fi -chmod 600 "${SSH_KNOWN_HOSTS_FILE}" - unset SSH_KNOWN_HOSTS_FILE \ No newline at end of file diff --git a/noop.sh b/noop.sh deleted file mode 100755 index 2806a9b..0000000 --- a/noop.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env sh - -exit 0 \ No newline at end of file diff --git a/post_action.sh b/post_action.sh index b5f1536..477485f 100755 --- a/post_action.sh +++ b/post_action.sh @@ -1,10 +1,12 @@ #!/usr/bin/env sh -if [ -z "${SSH_KNOWN_HOSTS_FILE}" ]; then - echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ -${SSH_KNOWN_HOSTS_FILE} environment variable must be set." -#else - # rm -rf "${SSH_KNOWN_HOSTS_FILE}" - #echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ -#${SSH_KNOWN_HOSTS_FILE} has been removed." -fi \ No newline at end of file +TEMP_FILE="/tmp/718f4157-5493-43b2-837b-3ccb27f78e7b" + +head --lines=-1 "${SSH_KNOWN_HOSTS_FILE}" > "${TEMP_FILE}" +cat "${TEMP_FILE}" > "${SSH_KNOWN_HOSTS_FILE}" +rm -rf "${TEMP_FILE}" + +echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ +${SSH_KNOWN_HOSTS_FILE} has been cleaned." + +unset TEMP_FILE \ No newline at end of file diff --git a/post_check.sh b/post_check.sh index 9df103c..d8c7dc5 100755 --- a/post_check.sh +++ b/post_check.sh @@ -1,8 +1,11 @@ #!/usr/bin/env sh -if [ -s "${HOME}/.ssh/known_hosts" ]; then - echo "ok" - #echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ -#~/.ssh/known_hosts file should not exist after the job." - #exit 1 -fi \ No newline at end of file +SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts" + +if ! grep -q "${SSH_KNOWN_HOSTS}" "${SSH_KNOWN_HOSTS_FILE}" ; then + echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\ +${SSH_KNOWN_HOSTS_FILE} file should not contain the ssh fingerprint after the job." + exit 1 +fi + +unset SSH_KNOWN_HOSTS_FILE \ No newline at end of file From fad31a4a82fc04d731da25f231431939e24faf96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 11:06:04 +0100 Subject: [PATCH 21/24] =?UTF-8?q?fix(post=5Faction):=20ensure=20consistent?= =?UTF-8?q?=20variable=20definition=20for=20known=20hosts=20=09=E2=80=A2?= =?UTF-8?q?=09Defined=20SSH=5FKNOWN=5FHOSTS=5FFILE=20explicitly=20in=20pos?= =?UTF-8?q?t=5Faction.sh=20for=20clarity=20and=20consistency.=20=09?= =?UTF-8?q?=E2=80=A2=09Maintained=20existing=20temporary=20file=20logic=20?= =?UTF-8?q?for=20truncating=20the=20last=20line=20from=20the=20known=5Fhos?= =?UTF-8?q?ts=20file.=20=09=E2=80=A2=09Improved=20readability=20by=20ensur?= =?UTF-8?q?ing=20all=20required=20variables=20are=20explicitly=20initializ?= =?UTF-8?q?ed=20within=20the=20script.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- post_action.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/post_action.sh b/post_action.sh index 477485f..a0ebfd9 100755 --- a/post_action.sh +++ b/post_action.sh @@ -1,5 +1,6 @@ #!/usr/bin/env sh +SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts" TEMP_FILE="/tmp/718f4157-5493-43b2-837b-3ccb27f78e7b" head --lines=-1 "${SSH_KNOWN_HOSTS_FILE}" > "${TEMP_FILE}" @@ -9,4 +10,5 @@ rm -rf "${TEMP_FILE}" echo "::notice file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Notice::\ ${SSH_KNOWN_HOSTS_FILE} has been cleaned." +unset SSH_KNOWN_HOSTS_FILE unset TEMP_FILE \ No newline at end of file From 1f08d0fbd2018cc6674e446c0e8bc1f44e7a0d72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 11:11:00 +0100 Subject: [PATCH 22/24] =?UTF-8?q?fix(post=5Faction):=20replace=20head=20wi?= =?UTF-8?q?th=20sed=20for=20removing=20last=20line=20=09=E2=80=A2=09Replac?= =?UTF-8?q?ed=20head=20--lines=3D-1=20with=20sed=20'$=20d'=20to=20remove?= =?UTF-8?q?=20the=20last=20line=20from=20SSH=5FKNOWN=5FHOSTS=5FFILE.=20=09?= =?UTF-8?q?=E2=80=A2=09Ensured=20compatibility=20and=20consistency=20in=20?= =?UTF-8?q?processing=20the=20known=5Fhosts=20file.=20=09=E2=80=A2=09Simpl?= =?UTF-8?q?ified=20command=20usage=20while=20maintaining=20functionality.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- post_action.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post_action.sh b/post_action.sh index a0ebfd9..dcf7cfc 100755 --- a/post_action.sh +++ b/post_action.sh @@ -3,7 +3,7 @@ SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts" TEMP_FILE="/tmp/718f4157-5493-43b2-837b-3ccb27f78e7b" -head --lines=-1 "${SSH_KNOWN_HOSTS_FILE}" > "${TEMP_FILE}" +sed '$ d' file "${SSH_KNOWN_HOSTS_FILE}" > "${TEMP_FILE}" cat "${TEMP_FILE}" > "${SSH_KNOWN_HOSTS_FILE}" rm -rf "${TEMP_FILE}" From 7406251ff05ebc44026b9e04c695f19316d93fde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 11:13:22 +0100 Subject: [PATCH 23/24] =?UTF-8?q?fix(post=5Faction):=20correct=20sed=20syn?= =?UTF-8?q?tax=20for=20removing=20the=20last=20line=20=09=E2=80=A2=09Remov?= =?UTF-8?q?ed=20unnecessary=20file=20argument=20in=20the=20sed=20command.?= =?UTF-8?q?=20=09=E2=80=A2=09Ensured=20the=20correct=20syntax=20is=20used?= =?UTF-8?q?=20for=20processing=20the=20SSH=5FKNOWN=5FHOSTS=5FFILE.=20=09?= =?UTF-8?q?=E2=80=A2=09Improved=20reliability=20and=20accuracy=20of=20the?= =?UTF-8?q?=20script=20by=20properly=20handling=20file=20processing.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- post_action.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post_action.sh b/post_action.sh index dcf7cfc..09ca77f 100755 --- a/post_action.sh +++ b/post_action.sh @@ -3,7 +3,7 @@ SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts" TEMP_FILE="/tmp/718f4157-5493-43b2-837b-3ccb27f78e7b" -sed '$ d' file "${SSH_KNOWN_HOSTS_FILE}" > "${TEMP_FILE}" +sed '$ d' "${SSH_KNOWN_HOSTS_FILE}" > "${TEMP_FILE}" cat "${TEMP_FILE}" > "${SSH_KNOWN_HOSTS_FILE}" rm -rf "${TEMP_FILE}" From 533bb397ef882d93926ffb2ddf2808c4dd68f2d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Varga?= Date: Fri, 3 Jan 2025 11:36:44 +0100 Subject: [PATCH 24/24] diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 6d1a33a..f3dfaf1 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -33,7 +33,7 @@ jobs: if: runner.os == 'macos' shell: bash run: | - brew install docker + brew install --cask docker - name: Deploy over SSH shell: bash env: --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 6d1a33a..f3dfaf1 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -33,7 +33,7 @@ jobs: if: runner.os == 'macos' shell: bash run: | - brew install docker + brew install --cask docker - name: Deploy over SSH shell: bash env: