Merge 50eb1df62e into f60b28c08a

2025-10-30 22:10:55 +00:00 · 2024-11-04 14:45:21 +11:00 · 2024-11-04 14:45:21 +11:00 · fdd73b06b0
commit fdd73b06b0
parent f60b28c08a 50eb1df62e
3 changed files with 56 additions and 6 deletions
--- a/action.yaml
+++ b/action.yaml
@ -33,6 +33,11 @@ inputs:
    default: ''
    description: Content of `~/.ssh/known_hosts` file.

+  disable-strict-host-checking:
+    required: false
+    default: 'true'
+    description: Disable Strict Host Checking if no known_hosts are provided
+
  ssh-config:
    required: false
    default: ''
@ -71,6 +76,7 @@ inputs:
 runs:
  using: 'node20'
  main: 'index.js'
+  post: 'cleanup.js'

 branding:
  color: blue
--- a/cleanup.js
+++ b/cleanup.js
@ -0,0 +1,22 @@
+import core from '@actions/core'
+import { $ } from 'zx'
+
+void (async function main() {
+  try {
+    await cleanup()
+  } catch (err) {
+    core.setFailed(err.message)
+  }
+})()
+
+async function cleanup() {
+  if (core.getBooleanInput('skip-ssh-setup')) {
+    return
+  }
+
+  const sshAgentPid = core.getState('ssh-agent-pid')
+
+  // Remove all keys from ssh-agent and kill process
+  await $`ssh-add -D`
+  await $`kill ${sshAgentPid}`
+}
--- a/index.js
+++ b/index.js
@ -15,15 +15,35 @@ async function ssh() {
    return
  }

-  let sshHomeDir = `${process.env['HOME']}/.ssh`
+  const sshHomeDir = `${process.env['HOME']}/.ssh`

  if (!fs.existsSync(sshHomeDir)) {
    fs.mkdirSync(sshHomeDir)
  }

-  let authSock = '/tmp/ssh-auth.sock'
-  await $`ssh-agent -a ${authSock}`
-  core.exportVariable('SSH_AUTH_SOCK', authSock)
+  // Unfortunately running the output into bash or eval-ing it does
+  // not persist the exported environment variables, so instead we
+  // parse out the variables via regex, not ideal but works a treat.
+  const sshAgentOutput = await $`ssh-agent`
+
+  const sshAgentSocket = sshAgentOutput
+    .stdout
+    .match(/SSH_AUTH_SOCK=(?<path>.*); export SSH_AUTH_SOCK;/)
+    ?.groups['path'] ?? null;
+
+  const sshAgentProcessId = sshAgentOutput
+    .stdout
+    .match(/SSH_AGENT_PID=(?<pid>\d+); export SSH_AGENT_PID;/)
+    ?.groups['pid'] ?? null;
+
+  if (!sshAgentSocket || !sshAgentProcessId) {
+    throw new Error('Failed to start ssh-agent')
+  }
+
+  core.exportVariable('SSH_AUTH_SOCK', sshAgentSocket.trim())
+  core.exportVariable('SSH_AGENT_PID', sshAgentProcessId.trim())
+
+  core.saveState('ssh-agent-pid', sshAgentProcessId.trim())

  let privateKey = core.getInput('private-key')
  if (privateKey !== '') {
@ -39,8 +59,10 @@ async function ssh() {
    fs.appendFileSync(`${sshHomeDir}/known_hosts`, knownHosts)
    fs.chmodSync(`${sshHomeDir}/known_hosts`, '600')
  } else {
-    fs.appendFileSync(`${sshHomeDir}/config`, `StrictHostKeyChecking no`)
-    fs.chmodSync(`${sshHomeDir}/config`, '600')
+    if (core.getBooleanInput('disable-strict-host-checking')) {
+      fs.appendFileSync(`${sshHomeDir}/config`, `StrictHostKeyChecking no`)
+      fs.chmodSync(`${sshHomeDir}/config`, '600')
+    }
  }

  let sshConfig = core.getInput('ssh-config')