From 43895f2cd585d373b747690a3e7f9bdcdd09e1cd Mon Sep 17 00:00:00 2001 From: appleboy Date: Wed, 5 Jun 2024 21:55:28 +0800 Subject: [PATCH] ci: refactor SSH testing workflows and job configurations - Rename workflow from "remote ssh command" to "testing main branch" - Remove environment variables `FOO` and `BAR` - Rename job `testing01` to `default-user-name-password` - Rename step "checkout" to "Checkout code" - Replace step "correct password but wrong key" with "create new ssh server" using Docker - Update SSH connection details to use environment variables for host, username, password, and port - Add new job `check-ssh-key` with steps to add public key to environment and create a new SSH server - Add new job `support-key-passphrase` with steps to add public key to environment and create a new SSH server - Add new job `multiple-server` to create and manage multiple SSH servers - Add new job `support-ed25519-key` with steps to add public key to environment and create a new SSH server - Add new job `testing-with-env` with steps to add public key to environment and create a new SSH server - Remove jobs `testing02`, `testing03`, `testing04`, and `testing05` - Rename workflow in `ssh-server.yml` from "openssh-server" to "testing stable version" Signed-off-by: appleboy --- .github/workflows/ci.yml | 504 +++++++++++++++++++++---------- .github/workflows/ssh-server.yml | 2 +- 2 files changed, 348 insertions(+), 158 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a62c774..e4a92da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,75 +1,125 @@ -name: remote ssh command -on: [push] +name: testing main branch -env: - FOO: "BAR" - BAR: "FOO" +on: [push] jobs: - testing01: - name: default flag testing + default-user-name-password: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 - - name: correct password but wrong key - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - key: "1234" - port: ${{ secrets.PORT }} - script: whoami + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 - - name: wrong password but correct key + - name: ssh by username and password uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: "abcdef" - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + port: 2222 script: whoami - - name: executing remote ssh commands using password + check-ssh-key: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_rsa.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_rsa >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_rsa + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: ssh by private key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - - name: executing remote ssh commands using ssh key + - name: wrong password but correct key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: "abcdef" + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: whoami - - name: multiple command + - name: correct password but wrong key uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script: | - whoami - ls -al + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 + script: whoami - name: stop script if command error uses: ./ continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + password: password + key: password + port: 2222 script_stop: true sync: true debug: true @@ -77,83 +127,279 @@ jobs: mkdir abc/def ls -al + support-key-passphrase: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + - name: ssh key passphrase uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH2 }} - port: ${{ secrets.PORT }} - passphrase: ${{ secrets.PASSPHRASE }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script: | whoami ls -al - - name: use insecure cipher + - name: missing ssh key passphrase uses: ./ + continue-on-error: true with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script: | - ls \ - -lah - use_insecure_cipher: true + whoami + ls -al # https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271 - name: Multiline SSH commands interpreted as single lines uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + passphrase: 1234 script_stop: true script: | ls \ -lah use_insecure_cipher: true + multiple-server: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_passphrase.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_passphrase >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_passphrase + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server-01 \ + --hostname=openssh-server-01 \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-01 sh -c "hostname -i" > ip01.txt + echo "REMOTE_HOST_01<> $GITHUB_ENV + cat ip01.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip01.txt + echo "======================================" + + docker run -d \ + --name=openssh-server-02 \ + --hostname=openssh-server-02 \ + -p 2223:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server-02 sh -c "hostname -i" > ip02.txt + echo "REMOTE_HOST_02<> $GITHUB_ENV + cat ip02.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip02.txt + echo "======================================" + + sleep 2 + # https://github.com/appleboy/ssh-action/issues/85 - name: Deployment to multiple hosts with different ports uses: ./ with: - host: "${{ secrets.HOST }}:${{ secrets.PORT }}" - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: 1024 + host: "${{ env.REMOTE_HOST_01 }}:2222,${{ env.REMOTE_HOST_02 }}:2222" + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + passphrase: 1234 script_stop: true script: | - ls \ - -lah - use_insecure_cipher: true + whoami - # - name: SSH ED25519 Private Key - # uses: ./ - # with: - # host: ${{ secrets.TUNNEL_HOST }} - # username: ${{ secrets.TUNNEL_USERNAME }} - # key: ${{ secrets.ID_ED25519 }} - # port: ${{ secrets.TUNNEL_PORT }} - # script: whoami - - testing02: - name: testing with envs + support-ed25519-key: runs-on: ubuntu-latest steps: - - name: checkout + - name: Checkout code uses: actions/checkout@v4 + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=false \ + -e PASSWORD_ACCESS=true \ + -e USER_PASSWORD=password \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + + testing-with-env: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: add public key to env + run: | + echo "PUBLIC_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519.pub >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= public key =========" + cat testdata/.ssh/id_ed25519.pub + echo "============================" + echo "PRIVATE_KEY<> $GITHUB_ENV + cat testdata/.ssh/id_ed25519 >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= private key =========" + cat testdata/.ssh/id_ed25519 + echo "============================" + + - name: create new ssh server + run: | + docker run -d \ + --name=openssh-server \ + --hostname=openssh-server \ + -p 2222:2222 \ + -e PUBLIC_KEY="${{ env.PUBLIC_KEY }}" \ + -e SUDO_ACCESS=true \ + -e PASSWORD_ACCESS=true \ + -e USER_NAME=linuxserver.io \ + --restart unless-stopped \ + lscr.io/linuxserver/openssh-server:latest + docker exec openssh-server sh -c "hostname -i" > ip.txt + echo "REMOTE_HOST<> $GITHUB_ENV + cat ip.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + echo "======= container ip address =========" + cat ip.txt + echo "======================================" + sleep 2 + + - name: testing id_ed25519 key + uses: ./ + with: + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 + script: | + whoami + ls -al + - name: pass environment uses: ./ env: FOO: "BAR" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO script: | echo "I am $FOO, thanks" @@ -167,17 +413,16 @@ jobs: SHA: ${{ github.sha }} PORT: ${{ secrets.PORT }} with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,SHA,PORT script: | echo "I am $FOO, thanks" echo "I am $BAR, thanks" echo "sha: $SHA" echo "port: $PORT" - sh test.sh - name: custom envs format uses: ./ @@ -185,10 +430,10 @@ jobs: FOO: "BAR" AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 envs: FOO,BAR,AAA envs_format: export TEST_{NAME}={VALUE} script: | @@ -203,10 +448,10 @@ jobs: INPUT_FOO: "BAR" INPUT_AAA: "BBB" with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 allenvs: true script: | echo "I am $INPUT_FOO, thanks" @@ -214,68 +459,13 @@ jobs: echo "$GITHUB_BASE_REF" echo "$GITHUB_REF" - testing03: - name: git clone and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: clone private repository - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - git clone https://appleboy:${{ secrets.TEST_TOKEN }}@github.com/go-training/self-runner.git test_repository - rm -rf test_repository - - testing04: - name: docker login and pull - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: login GitHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u github.actor --password-stdin - - - name: login DockerHub Container Registry - uses: ./ - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} - script_stop: true - script: | - echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - testing05: - name: switch user - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - name: switch to root user uses: ./ with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.KEY }} - port: ${{ secrets.PORT }} + host: ${{ env.REMOTE_HOST }} + username: linuxserver.io + key: ${{ env.PRIVATE_KEY }} + port: 2222 script_stop: true request_pty: true command_timeout: 30s diff --git a/.github/workflows/ssh-server.yml b/.github/workflows/ssh-server.yml index 1719cf6..86ab7dc 100644 --- a/.github/workflows/ssh-server.yml +++ b/.github/workflows/ssh-server.yml @@ -1,4 +1,4 @@ -name: openssh-server +name: testing stable version on: [push]