feat: start working on better self hosted runner support

essentially attempt to spawn ssh agent independently and kill it when the action is over
2025-04-01 19:06:35 +00:00 · 2024-09-19 13:18:38 +10:00 · 2024-09-19 13:18:38 +10:00 · dca1d5d96c
commit dca1d5d96c
parent 280404946f
3 changed files with 43 additions and 6 deletions
--- a/action.yaml
+++ b/action.yaml
@ -33,6 +33,11 @@ inputs:
    default: ''
    description: Content of `~/.ssh/known_hosts` file.

+  disable-strict-host-checking:
+    required: false
+    default: 'true'
+    description: Disable Strict Host Checking if no known_hosts are provided
+
  ssh-config:
    required: false
    default: ''
@ -71,6 +76,7 @@ inputs:
 runs:
  using: 'node20'
  main: 'index.js'
+  post: 'cleanup.js'

 branding:
  color: blue
--- a/cleanup.js
+++ b/cleanup.js
@ -0,0 +1,20 @@
+import core from '@actions/core'
+import { $ } from 'zx'
+
+void (async function main() {
+  try {
+    await cleanup()
+  } catch (err) {
+    core.setFailed(err.message)
+  }
+})()
+
+async function cleanup() {
+  if (core.getBooleanInput('skip-ssh-setup')) {
+    return
+  }
+
+  // Remove all keys from ssh-agent and kill process
+  await $`ssh-add -D`
+  await $`kill \$SSH_AGENT_PID`
+}
--- a/index.js
+++ b/index.js
@ -15,15 +15,24 @@ async function ssh() {
    return
  }

-  let sshHomeDir = `${process.env['HOME']}/.ssh`
+  const sshHomeDir = `${process.env['HOME']}/.ssh`

  if (!fs.existsSync(sshHomeDir)) {
    fs.mkdirSync(sshHomeDir)
  }

-  let authSock = '/tmp/ssh-auth.sock'
-  await $`ssh-agent -a ${authSock}`
-  core.exportVariable('SSH_AUTH_SOCK', authSock)
+  await $`eval \`ssh-agent\``
+
+  const sshAgentSocket = await $`echo \$SSH_AUTH_SOCKET`
+
+  const sshAgentProcessId = await $`echo \$SSH_AGENT_PID`
+
+  if (!sshAgentSocket || !sshAgentProcessId) {
+    throw new Error('Failed to start ssh-agent')
+  }
+
+  core.exportVariable('SSH_AUTH_SOCK', sshAgentSocket.trim())
+  core.exportVariable('SSH_AGENT_PID', sshAgentProcessId.trim())

  let privateKey = core.getInput('private-key')
  if (privateKey !== '') {
@ -39,8 +48,10 @@ async function ssh() {
    fs.appendFileSync(`${sshHomeDir}/known_hosts`, knownHosts)
    fs.chmodSync(`${sshHomeDir}/known_hosts`, '600')
  } else {
-    fs.appendFileSync(`${sshHomeDir}/config`, `StrictHostKeyChecking no`)
-    fs.chmodSync(`${sshHomeDir}/config`, '600')
+    if (core.getBooleanInput('disable-strict-host-checking')) {
+      fs.appendFileSync(`${sshHomeDir}/config`, `StrictHostKeyChecking no`)
+      fs.chmodSync(`${sshHomeDir}/config`, '600')
+    }
  }

  let sshConfig = core.getInput('ssh-config')