diff --git a/.github/workflows/check-version.yml b/.github/workflows/check-version.yml new file mode 100644 index 0000000..51042c6 --- /dev/null +++ b/.github/workflows/check-version.yml @@ -0,0 +1,32 @@ +name: Check Script Version + +on: + pull_request: + branches: + - main + +jobs: + check-version: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Extract SCRIPT_VERSION from sync-ssh-keys.sh + id: get_version + run: | + VERSION=$(awk -F'"' '/SCRIPT_VERSION/ {print $2; exit}' sync-ssh-keys.sh) + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Fetch tags + run: git fetch --tags + + - name: Check if version tag exists + run: | + TAG="v${{ steps.get_version.outputs.version }}" + if git tag --list | grep -q "^$TAG$"; then + echo "Error: Tag $TAG already exists. Please bump SCRIPT_VERSION." + exit 1 + else + echo "Tag $TAG does not exist. Good to merge." + fi diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..32a0d24 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,46 @@ +name: Create Release + +on: + push: + branches: + - main + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Extract version from script + id: get_version + run: | + VERSION=$(awk -F'"' '/SCRIPT_VERSION/ {print $2; exit}' sync-ssh-keys.sh) + if [[ ! $VERSION =~ ^[0-9]+(\.[0-9]+)*$ ]]; then + echo "Error: Invalid version format: $VERSION" >&2 + exit 1 + fi + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Create tag if needed + run: | + TAG="v${{ steps.get_version.outputs.version }}" + if git rev-parse "$TAG" >/dev/null 2>&1; then + echo "Tag $TAG already exists." + else + git config user.name "github-actions" + git config user.email "github-actions@github.com" + git tag "$TAG" + git push origin "$TAG" + fi + + - name: Create release zip + run: | + zip ssh-key-sync.zip sync-ssh-keys.sh users.conf + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + tag_name: v${{ steps.get_version.outputs.version }} + generate_release_notes: true + files: ssh-key-sync.zip diff --git a/README.md b/README.md index 9bd68ed..425fdd9 100644 --- a/README.md +++ b/README.md @@ -14,14 +14,15 @@ This Bash script pulls `authorized_keys` files from remote URLs and updates SSH ## ⚙️ Configuration -Edit the `USER_KEYS` associative array in `sync-ssh-keys.sh` to define users and their key sources. +User configuration is stored in a separate `users.conf` file in the same directory as the script. +Edit `users.conf` to define users and their key sources. Each entry uses the format: `["username"]="method:url"` - **raw:** Fetches directly from a public URL. - **api:** Fetches from a private GitHub repo using the GitHub API (requires `GITHUB_TOKEN` environment variable). -**Example:** +**Example `users.conf`:** ```bash declare -A USER_KEYS=( ["ubuntu"]="raw:https://example.com/ssh-keys/ubuntu.authorized_keys" @@ -31,12 +32,16 @@ declare -A USER_KEYS=( ## Usage -1. Edit the `USER_KEYS` array in `sync-ssh-keys.sh` to define users and their key URLs. +1. Edit the `users.conf` file to define users and their key URLs. 2. If using the `api` method, export your GitHub token: ```bash export GITHUB_TOKEN=your_token_here ``` -3. Add to root's crontab: +3. Make sure the script is executable: + ```bash + chmod +x sync-ssh-keys.sh + ``` +4. Add to root's crontab: ```cron */15 * * * * /usr/local/bin/sync-ssh-keys.sh >> /var/log/ssh-key-sync.log 2>&1 @@ -44,6 +49,7 @@ declare -A USER_KEYS=( ## Implementation Notes -- The script uses a helper function `fetch_key_file` to fetch keys using the appropriate method. +- The script sources `users.conf` for configuration. +- Uses a helper function `fetch_key_file` to fetch keys using the appropriate method. - Only updates a user's `authorized_keys` if the remote file has changed. - Logs all actions with timestamps. diff --git a/sync-ssh-keys.sh b/sync-ssh-keys.sh index 52a57f6..8d2c7a1 100644 --- a/sync-ssh-keys.sh +++ b/sync-ssh-keys.sh @@ -1,12 +1,18 @@ #!/bin/bash set -euo pipefail -# === Configuration: user -> remote key file URL === -declare -A USER_KEYS=( - ["ubuntu"]="raw:https://example.com/ssh-keys/ubuntu.authorized_keys" - ["devuser"]="api:https://api.github.com/repos/yourorg/ssh-keys/contents/keys/devuser.authorized_keys?ref=main" - ["admin"]="api:https://api.github.com/repos/yourorg/ssh-keys/contents/keys/admin.authorized_keys?ref=main" -) +SCRIPT_VERSION="0.0.3" + +# === Load user configuration === +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +if [ ! -f "$SCRIPT_DIR/users.conf" ]; then + echo "Error: Configuration file 'users.conf' not found in $SCRIPT_DIR. Halting execution." >&2 + exit 1 +fi +if ! source "$SCRIPT_DIR/users.conf"; then + echo "Error: Failed to load configuration file 'users.conf'. Please check the file for syntax errors. Halting execution." >&2 + exit 1 +fi log_message() { local TIMESTAMP diff --git a/users.conf b/users.conf new file mode 100644 index 0000000..fc21cd7 --- /dev/null +++ b/users.conf @@ -0,0 +1,5 @@ +declare -A USER_KEYS=( + ["ubuntu"]="raw:https://example.com/ssh-keys/ubuntu.authorized_keys" + ["devuser"]="api:https://api.github.com/repos/yourorg/ssh-keys/contents/keys/devuser.authorized_keys?ref=main" + ["admin"]="api:https://api.github.com/repos/yourorg/ssh-keys/contents/keys/admin.authorized_keys?ref=main" +)