feat: replace ssh-private-key with ssh-private-keys and expected input is json with array of {name, key} entries.

[elvinristi]

Background

Module https://github.com/webfactory/ssh-agent exports public keys from private keys under .ssh/ folder and depends only on ssh-agent behaviour on selecting correct cert.

When trying to pass to docker build with action which doesn't support forwarded ssh-agent then while trying to use generated key-* files then we get invalid format - with PEM or non-PEM / reason is that public key can not be used for ssh-git authentication.

Description

With this change we export all passed private keys and use new format for input - Array of {name, key} where name should be "[email protected]:owner/repo.git" and we will use this instead of trying to extract from public key.

Example usage

      - name: Register SSH keys
        uses: vaimo/webfactory-ssh-agent-github@feature/json-private-keys
        with:
          ssh-private-keys: |
            [
              {
                "name": "[email protected]:vaimo/vsf2--test-package.git",
                "key": "${{ secrets.VAIMO_PRIVATE_REPO_TEST }}"
              },
              {
                "name": "[email protected]:vaimo/vsf2_ext-lru-cache-driver",
                "key": "${{ secrets.VAIMO_PRIVATE_REPO_LRU_DRV }}"
              }
            ]

[vaimo-wilko]

Looks good. 1 questions, 1 suggestion (yaml)

[vaimo-wilko]

Could this use yaml instead of text? (i.e. consistent with the rest of the file and validated by the yaml parser, before the action even starts running?)

[elvinristi]

github action doesn't support it. only accepts text as input

from node_modules/@actions/core/lib/core.d.ts :

/**
 * Gets the value of an input.
 * Unless trimWhitespace is set to false in InputOptions, the value is also trimmed.
 * Returns an empty string if the value is not defined.
 *
 * @param     name     name of the input to get
 * @param     options  optional. See InputOptions.
 * @returns   string
 */
export declare function getInput(name: string, options?: InputOptions): string;
/**
 * Gets the values of an multiline input.  Each value is also trimmed.
 *
 * @param     name     name of the input to get
 * @param     options  optional. See InputOptions.
 * @returns   string[]
 *
 */
export declare function getMultilineInput(name: string, options?: InputOptions): string[];
/**
 * Gets the input value of the boolean type in the YAML 1.2 "core schema" specification.
 * Support boolean input list: `true | True | TRUE | false | False | FALSE` .
 * The return value is also in boolean type.
 * ref: https://yaml.org/spec/1.2/spec.html#id2804923
 *
 * @param     name     name of the input to get
 * @param     options  optional. See InputOptions.
 * @returns   boolean
 */
export declare function getBooleanInput(name: string, options?: InputOptions): boolean;

[vaimo-wilko]

Ok. The format feels quite verbose to me. Would the follow perhaps be easier/nicer (use repo name as key)?

  ssh-private-keys: |
    {
      "[email protected]:vaimo/vsf2_ext-lru-cache-driver.git": "${{ secrets.TEST_1_DEPLOY_KEY }}",
      "[email protected]:mpdude/test-2.git": "${{ secrets.TEST_2_DEPLOY_KEY }}"
    }

[elvinristi]

Will think of that, doesn't hurt to refactor it to that way 👍🏻

[vaimo-wilko]

What is this for, given the next step is "Setup node"? Does that next step not work locally and becomes a "no-op" if nodejs is already installed and at the right version?

[elvinristi]

this is "hack" for local container when using with act tool ( only executed when if: ${{ env.ACT }}) - got same error as others with node missing. Some "known" issue with the tool when using following combo:

    runs-on: ubuntu-latest
    container:
      image: ubuntu:latest

This is error without this:

via nektos/act#917 (comment)

[vaimo-wilko]

Aha... so the action to setup node uses node to run :) - how nice.
But yeah, I noticed in an open source project i contributed to that Github's image "ubuntu-latest" is actually different compared to the "ubuntu:latest" and has more things installed already.

Btw, why do you use (overwrite) "ubuntu:latest" as the image and not let act pick the right image for "ubuntu-latest"? act has an image ghcr.io/catthehacker/ubuntu:act-latest - maybe that one contains node already like github's runner image?

[vaimo-wilko]

It seems their image does install node: https://github.com/catthehacker/docker_images/blob/master/linux/ubuntu/scripts/act.sh#L128

[elvinristi]

this was taken from parent fork, to test as container. will see if I have possibility to dig more next week

[elvinristi]

Closed in favor of PR

• feat: replace ssh-private-key with ssh-private-keys and expected input is json with {name: key} entries. #2