Support multiple GitHub SSH deploy keys (#568)

eronnen · web-flow · commit 2190fd566737 · 2023-09-06T23:35:24.000+02:00
* add sshPublicKeysDirectoryPath and GIT_CONFIG_EXTENSIONS parameters that adds git configs and mounts .ssh/config and public keys to the container, in order to allow multiple sh deploy key trick by webplatform@ssh-agent

* remove sshPublicKeysDirectoryPath and GIT_CONFIG_EXTENSIONS from windows runner for now
diff --git a/action.yml b/action.yml
@@ -85,6 +85,10 @@ inputs:
     required: false
     default: ''
     description: 'SSH Agent path to forward to the container'
+  sshPublicKeysDirectoryPath:
+    required: false
+    default: ''
+    description: 'Path to a directory containing SSH public keys to forward to the container.'
   gitPrivateToken:
     required: false
     default: ''
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/dist/platforms/ubuntu/entrypoint.sh b/dist/platforms/ubuntu/entrypoint.sh
@@ -10,6 +10,7 @@ mkdir -p "$ACTIVATE_LICENSE_PATH"
 #
 # Run steps
 #
+source /steps/set_extra_git_configs.sh
 source /steps/set_gitcredential.sh
 source /steps/activate.sh
 source /steps/build.sh
diff --git a/dist/platforms/ubuntu/steps/set_extra_git_configs.sh b/dist/platforms/ubuntu/steps/set_extra_git_configs.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+if [ -z "${GIT_CONFIG_EXTENSIONS}" ]
+then
+  echo "GIT_CONFIG_EXTENSIONS unset skipping"
+else
+  echo "GIT_CONFIG_EXTENSIONS is set configuring extra git configs"
+
+  IFS=$'\n'
+  for config in $(echo "${GIT_CONFIG_EXTENSIONS}" | sed 's/\(.*\)=\(.*\)/"\1" "\2"/g'); do
+    if [[ $config =~ \"([^\"]+)\"\ \"([^\"]+)\" ]]; then
+      key="${BASH_REMATCH[1]}"
+      value="${BASH_REMATCH[2]}"
+    else
+      echo "Error parsing config: $config"
+      exit 1
+    fi
+    echo "Adding extra git config: \"$key\" = \"$value\""
+    git config --global --add "$key" "$value"
+  done
+  unset IFS
+
+fi
+
+echo "---------- git config --list -------------"
+git config --list
+
+echo "---------- git config --list --show-origin -------------"
+git config --list --show-origin
diff --git a/src/model/build-parameters.ts b/src/model/build-parameters.ts
@@ -42,6 +42,7 @@ class BuildParameters {
 
   public customParameters!: string;
   public sshAgent!: string;
+  public sshPublicKeysDirectoryPath!: string;
   public providerStrategy!: string;
   public gitPrivateToken!: string;
   public awsStackName!: string;
@@ -150,6 +151,7 @@ class BuildParameters {
       androidSymbolType: androidSymbolExportType,
       customParameters: Input.customParameters,
       sshAgent: Input.sshAgent,
+      sshPublicKeysDirectoryPath: Input.sshPublicKeysDirectoryPath,
       gitPrivateToken: Input.gitPrivateToken || (await GithubCliReader.GetGitHubAuthToken()),
       chownFilesTo: Input.chownFilesTo,
       providerStrategy: CloudRunnerOptions.providerStrategy,
diff --git a/src/model/docker.ts b/src/model/docker.ts
@@ -40,7 +40,15 @@ class Docker {
     additionalVariables: StringKeyValuePair[] = [],
     entrypointBash: boolean = false,
   ): string {
-    const { workspace, actionFolder, runnerTempPath, sshAgent, gitPrivateToken, dockerWorkspacePath } = parameters;
+    const {
+      workspace,
+      actionFolder,
+      runnerTempPath,
+      sshAgent,
+      sshPublicKeysDirectoryPath,
+      gitPrivateToken,
+      dockerWorkspacePath,
+    } = parameters;
 
     const githubHome = path.join(runnerTempPath, '_github_home');
     if (!existsSync(githubHome)) mkdirSync(githubHome);
@@ -54,6 +62,7 @@ class Docker {
             ${ImageEnvironmentFactory.getEnvVarString(parameters, additionalVariables)} \
             --env UNITY_SERIAL \
             --env GITHUB_WORKSPACE=${dockerWorkspacePath} \
+            --env GIT_CONFIG_EXTENSIONS \
             ${gitPrivateToken ? `--env GIT_PRIVATE_TOKEN="${gitPrivateToken}"` : ''} \
             ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
             --volume "${githubHome}":"/root:z" \
@@ -64,7 +73,12 @@ class Docker {
             --volume "${actionFolder}/platforms/ubuntu/entrypoint.sh:/entrypoint.sh:z" \
             --volume "${actionFolder}/unity-config:/usr/share/unity3d/config/:z" \
             ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
-            ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''} \
+            ${
+              sshAgent && !sshPublicKeysDirectoryPath
+                ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro'
+                : ''
+            } \
+            ${sshPublicKeysDirectoryPath ? `--volume ${sshPublicKeysDirectoryPath}:/root/.ssh:ro` : ''} \
             ${entrypointBash ? `--entrypoint ${commandPrefix}` : ``} \
             ${image} \
             ${entrypointBash ? `-c` : `${commandPrefix} -c`} \
diff --git a/src/model/input.ts b/src/model/input.ts
@@ -178,6 +178,10 @@ class Input {
     return Input.getInput('sshAgent') || '';
   }
 
+  static get sshPublicKeysDirectoryPath(): string {
+    return Input.getInput('sshPublicKeysDirectoryPath') || '';
+  }
+
   static get gitPrivateToken(): string | undefined {
     return Input.getInput('gitPrivateToken');
   }

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ mkdir -p "$ACTIVATE_LICENSE_PATH"`
`10`	`10`	`#`
`11`	`11`	`# Run steps`
`12`	`12`	`#`
	`13`	`+source /steps/set_extra_git_configs.sh`
`13`	`14`	`source /steps/set_gitcredential.sh`
`14`	`15`	`source /steps/activate.sh`
`15`	`16`	`source /steps/build.sh`
Original file line number	Diff line number	Diff line change
`@@ -178,6 +178,10 @@ class Input {`
`178`	`178`	`return Input.getInput('sshAgent') \|\| '';`
`179`	`179`	`}`
`180`	`180`
	`181`	`+ static get sshPublicKeysDirectoryPath(): string {`
	`182`	`+ return Input.getInput('sshPublicKeysDirectoryPath') \|\| '';`
	`183`	`+ }`
	`184`	`+`
`181`	`185`	`static get gitPrivateToken(): string \| undefined {`
`182`	`186`	`return Input.getInput('gitPrivateToken');`
`183`	`187`	`}`