feat: add configurable curl insecure flag to GitHub action

- Add input parameter `curl_insecure` to `action.yml` with a default value of false
- Pass `curl_insecure` input to the action's environment in `action.yml`
- Modify `entrypoint.sh` to conditionally add the `--insecure` option to curl if `INPUT_CURL_INSECURE` is true

Signed-off-by: appleboy <appleboy.tw@gmail.com>

action.yml

@@ -75,6 +75,9 @@ inputs:
     description: "When true, passes all GitHub Actions environment variables to the remote script."
   request_pty:
     description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)."
+  curl_insecure:
+    description: "When true, uses the --insecure option with curl for insecure downloads."
+    default: "false"
   capture_stdout:
     description: "When true, captures and returns standard output from the commands as action output."
     default: "false"
@@ -131,6 +134,7 @@ runs:
         INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
         INPUT_SYNC: ${{ inputs.sync }}
         INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}
+        INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }}
 
 branding:
   icon: "terminal"

entrypoint.sh

@@ -36,7 +36,12 @@ DOWNLOAD_URL_PREFIX="${DRONE_SSH_RELEASE_URL}/v${DRONE_SSH_VERSION}"
 CLIENT_BINARY="drone-ssh-${DRONE_SSH_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}"
 TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}"
 echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}"
-curl -fsSL --retry 5 --keepalive-time 2 "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}"
+INSECURE_OPTION=""
+if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then
+  INSECURE_OPTION="--insecure"
+fi
+
+curl -fsSL --retry 5 --keepalive-time 2 ${INSECURE_OPTION} "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}"
 chmod +x "${TARGET}"
 
 echo "======= CLI Version Information ======="