Skip to content

Commit 10126b4

Browse files
maelvlsmaelvls
committed
github actions: use the ssh-agent action to handle the deploy key
1 parent 5190b59 commit 10126b4

File tree

2 files changed

+30
-40
lines changed

2 files changed

+30
-40
lines changed

.github/workflows/release-master.yml

Lines changed: 11 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -13,16 +13,16 @@ jobs:
1313
runs-on: ubuntu-22.04
1414
container: golang:1.22
1515
steps:
16-
- run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
1716
- name: "Add GitHub to the SSH known hosts file"
1817
run: |
19-
mkdir -p -m 0700 ~/.ssh
20-
cat <<EOF >~/.ssh/known_hosts
18+
mkdir -p -m 0700 /root/.ssh
19+
cat <<EOF >/root/.ssh/known_hosts
2120
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
2221
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
2322
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
2423
EOF
25-
chmod 600 ~/.ssh/known_hosts
24+
chmod 600 /root/.ssh/known_hosts
25+
touch /root/.ssh/config
2626
- uses: webfactory/[email protected]
2727
with:
2828
ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
@@ -34,20 +34,23 @@ jobs:
3434
runs-on: ubuntu-22.04
3535
container: golang:1.22
3636
steps:
37-
- run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
3837
- name: "Add GitHub to the SSH known hosts file"
3938
run: |
40-
mkdir -p -m 0700 ~/.ssh
41-
cat <<EOF >~/.ssh/known_hosts
39+
mkdir -p -m 0700 /root/.ssh
40+
cat <<EOF >/root/.ssh/known_hosts
4241
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
4342
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
4443
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
4544
EOF
46-
chmod 600 ~/.ssh/known_hosts
45+
chmod 600 /root/.ssh/known_hosts
46+
touch /root/.ssh/config
4747
- uses: webfactory/[email protected]
4848
with:
4949
ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
5050
- uses: actions/checkout@v4
51+
- name: Adding github workspace as safe directory
52+
# See issue https://github.com/actions/checkout/issues/760
53+
run: git config --global --add safe.directory $GITHUB_WORKSPACE
5154
- run: make test
5255
docker_build:
5356
name: docker_build
@@ -67,16 +70,6 @@ jobs:
6770
packages: write
6871
id-token: write
6972
steps:
70-
- run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
71-
- name: "Add GitHub to the SSH known hosts file"
72-
run: |
73-
mkdir -p -m 0700 ~/.ssh
74-
cat <<EOF >~/.ssh/known_hosts
75-
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
76-
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
77-
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
78-
EOF
79-
chmod 600 ~/.ssh/known_hosts
8073
- uses: webfactory/[email protected]
8174
with:
8275
ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}

.github/workflows/test.yml

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -18,47 +18,54 @@ jobs:
1818
runs-on: ubuntu-22.04
1919
container: golang:1.22
2020
steps:
21-
- run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
21+
- uses: actions/checkout@v4
2222
# The only reason we need to configure ~/.ssh/known_hosts is because we are
2323
# using a container-based runner. Non-container runners already have the
2424
# github.com fingerprints in their known_hosts file. We could use `curl
2525
# --silent https://api.github.com/meta` to fetch it but golang:1.22 does not
2626
# have jq installed.
27+
#
28+
# Remember that the container "golang:1.22.0" has two "homes": /root is the
29+
# home returned by getent(), which is what the GitHub Action and SSH will
30+
# use to load .ssh/config and keys under .ssh/, and $HOME is /github/home,
31+
# which is where Git loads ~/.gitconfig from.
2732
- name: "Add GitHub to the SSH known hosts file"
2833
run: |
29-
mkdir -p -m 0700 ~/.ssh
30-
cat <<EOF >~/.ssh/known_hosts
34+
mkdir -p -m 0700 /root/.ssh
35+
cat <<EOF >/root/.ssh/known_hosts
3136
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
3237
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
3338
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
3439
EOF
35-
chmod 600 ~/.ssh/known_hosts
40+
chmod 600 /root/.ssh/known_hosts
41+
touch /root/.ssh/config
3642
- uses: webfactory/[email protected]
3743
with:
3844
ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
39-
- uses: actions/checkout@v4
4045
- run: make vet
4146
shell: bash
4247
test:
4348
name: go test
4449
runs-on: ubuntu-22.04
4550
container: golang:1.22
4651
steps:
47-
- run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
4852
- name: "Add GitHub to the SSH known hosts file"
4953
run: |
50-
mkdir -p -m 0700 ~/.ssh
51-
cat <<EOF >~/.ssh/known_hosts
54+
mkdir -p -m 0700 /root/.ssh
55+
cat <<EOF >/root/.ssh/known_hosts
5256
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
5357
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
5458
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
5559
EOF
56-
chmod 600 ~/.ssh/known_hosts
57-
- run: curl --silent https://api.github.com/meta | jq --raw-output '"github.com "+.ssh_keys[]' >> ~/.ssh/known_hosts
60+
chmod 600 /root/.ssh/known_hosts
61+
touch /root/.ssh/config
5862
- uses: webfactory/[email protected]
5963
with:
6064
ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
6165
- uses: actions/checkout@v4
66+
- name: Adding github workspace as safe directory
67+
# See issue https://github.com/actions/checkout/issues/760
68+
run: git config --global --add safe.directory $GITHUB_WORKSPACE
6269
- run: make test
6370
docker_build:
6471
name: docker_build
@@ -74,21 +81,11 @@ jobs:
7481
DOCKER_DRIVER: overlay
7582
DOCKER_HOST: tcp://localhost:2375
7683
steps:
77-
- run: git config --global [email protected]:jetstack/venafi-connection-lib.insteadOf https://github.com/jetstack/venafi-connection-lib
78-
- name: "Add GitHub to the SSH known hosts file"
79-
run: |
80-
mkdir -p -m 0700 ~/.ssh
81-
cat <<EOF >~/.ssh/known_hosts
82-
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
83-
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
84-
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
85-
EOF
86-
chmod 600 ~/.ssh/known_hosts
84+
- name: Install Tools
85+
run: apk add --update make git jq rsync curl
8786
- uses: webfactory/[email protected]
8887
with:
8988
ssh-private-key: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
90-
- name: Install Tools
91-
run: apk add --update make git jq rsync curl
9289
- name: Adding github workspace as safe directory
9390
# See issue https://github.com/actions/checkout/issues/760
9491
run: git config --global --add safe.directory $GITHUB_WORKSPACE

0 commit comments

Comments
 (0)