Conversation
Pike
left a comment
There was a problem hiding this comment.
I found that you added the same signature for knownhosts twice, the one I pasted should be OK.
GH only uses the ssh-rsa one in https://github.com/actions/checkout/blob/5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f/src/git-auth-helper.ts#L227, so that should be enough, I guess?
src/ssh.ts
Outdated
| await mkdirP(sshDirectory) | ||
|
|
||
| appendFileSync(sshKnownHostsDirectory, sshGitHubKnownHostRsa) | ||
| appendFileSync(sshKnownHostsDirectory, sshGitHubKnownHostDss) |
There was a problem hiding this comment.
Would this be a problem for folks using the js module api? No idea if that and ssh and messing with the user's knownhosts file would be bad?
There was a problem hiding this comment.
It could be yeah. I wonder what a good alternative would be?
Perhaps we always sshToken to be a string or true, and make the boolean skip the token setup and just allow it to context switch to using the ssh endpoints like before? I'd prefer to not have sshKey and ssh to keep things simpler.
There was a problem hiding this comment.
Sounds good to me. That would also make the push action re-use ssh auth setups from the checkout action, I guess?
That was another scenario I had in mind.
Co-authored-by: Axel Hecht <[email protected]>
Pike
left a comment
There was a problem hiding this comment.
I found a nit on the readme.
Also, the integration tests need an update?
|
@Pike Issues should be resolved! Although for some reason I'm getting an error trying to resolve a unit test as it is flagging on |
I think #421aa39 was on the right track. |
Codecov Report
@@ Coverage Diff @@
## dev-v4 #569 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 6 7 +1
Lines 175 200 +25
Branches 48 50 +2
=========================================
+ Hits 175 200 +25
Continue to review full report at Codecov.
|
Should be good to go now |
Pike
left a comment
There was a problem hiding this comment.
lgtm.
Should we have an integration test to reuse the ssh key from, say, a checkout action? Might be also OK as a follow-up, I guess.
|
Good call, I'll add those before I merge this. Hoping to do it after work today. I'll also cut a new beta release with all of the changes so it can be properly tested prior to release. |
* Stop checking out workspace (#515) * Stop checking out base branch before deployment, drop option. * Don't check out default branch, as we don't check out base branch, drop option. * Don't stash/unstash as we don't update the workdir, drop preserve option. * Don't init the workspace * Only fetch the remote branch if it exists, only with depth 1. * Rely on previous checkouts to have handled lfs files correctly, drop option. * Update README, action.yml, integration tests * Set up eslint for test files. (#517) * Add DRY_RUN option, passing --dry-run to git push. (#526) See #499 for the proposal. * Simplifies Token Setup (#530) * Token simplification * Access Token / Github Token -> Token * Oops * Typos * Update README.md * Update README.md * Update action.yml Co-authored-by: Axel Hecht <[email protected]> * Update README.md Co-authored-by: Axel Hecht <[email protected]> * Update README.md Co-authored-by: Axel Hecht <[email protected]> * Adjust codeql action to latest recommendations (#540) Also, add the dev and release branches, and drop master. * Add workflow to update build and node_modules on release branches (#541) * Stores username/email in secrets * Removing stale bot integration * Test current code base as an integration test for PRs and pushes (#505) * Add a build step to create lib and node_modules artifact * Run integration test with built dist and current SHA as base For pull requests, the github.sha is the sha of the merge to the target branch, not the head of the PR. Special case that. * Use v2 checkout, and DRY_RUN for the integration test. I also made the branches more generic, as there are now more of them. * Fix #536, don't push at all on dryRun Also add tests for dryRun and singleCommit and generateBranch code flows. * Try to fix dryRun on new remote branches, refactor fetch * Try to fix dryRun, only fetch if origin branch exists * Refactor worktree setup to include branch generation and setup for singleCommit This is a continuation of the no-checkout work, and sadly suggested pretty intensive changes. * Set up git config to fix tests, also make debugging easier * Add matrix for existing and non-existing branch * Add matrix for singleCommit and not * Drop GITHUB_TOKEN, add DRY_RUN to action.yml * When deploying existing branch, add a modifcation and deploy again * Force branch checkout to work in redeployment scenarios * Make singleCommit easier to see in job descriptions * Review comments * Add a test-only property to action to test code paths with remote branch. * Introduce TestFlag enum to signal different test scenarios to unit tests * Fix util.test.ts * Update worktree.ts * Fix a few nits in tests and automation. Don't try to wordcount ls-rem… (#546) * Fix a few nits in tests and automation. Don't try to wordcount ls-remote. Nits in tests are around undoing changes made to the environment, and to not modify the checkout. * Describe suite with empty SHA * Lowercase Inputs (#547) * Lowercases inputs * Adjusts workflow tests and deployment_status * Use multi-line string for clean-exclude patterns. (#553) As this change is subtle, I'm taking the opportunity to change the underscore for the hyphen, which makes it less likely that users of this action will just pass in an old json array. * Hyphenate inputs and outputs, add step output, fix #558 (#559) * Hyphenate inputs and outputs, add step output, fix #558 I've also tried to make the clean docs a bit clearer, and consistent about clean being on my default. Still not totally happy with the intro of the docs there, though. * Add testing of step outputs to build integration tests * Security Docs * Integration tests * Revert "Integration tests" This reverts commit 639ff53. * Native SSH Key Support (#569) * SSH Key Support 🔑 * Update ssh.ts * Update src/ssh.ts Co-authored-by: Axel Hecht <[email protected]> * README fixes/etc * Unit Tests & README * ssh key * Update README.md * Update ssh.test.ts * Update ssh.test.ts * Update ssh.test.ts * Update ssh.test.ts * Update ssh.test.ts * Update ssh.test.ts * Update integration.yml Co-authored-by: Axel Hecht <[email protected]> * Deployment Issues (#583) * Update git.ts * Tests * Update git.ts * Formatting * Update src/git.ts Co-authored-by: Axel Hecht <[email protected]> * TestFlag * Logging * Update git.ts Co-authored-by: Axel Hecht <[email protected]> * Codespace Support (#584) * Add files via upload * Update README.md * Add files via upload * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * SSH Issues (#588) * Unsets Persisted Credentials (#587) * Persist * Config Setup/Tests * Assets * Update git.ts * Spacing * Update integration.yml * Update README.md Co-authored-by: Axel Hecht <[email protected]>
Description
Implements SSH key support natively to the project.
Testing Instructions
ssh-keygen -t rsa -m pem -b 4096 -C "[email protected]" -N ""ssh-keyinput.Additional Notes
There's a few things that need to be wrapped up, but I wanted to get this to PR sooner as I've been holding up v4 with this.
ssh.ts.