Feature/authkeys (#1)

* updates

* updates

Author: webdestroya

.github/workflows/release.yml

@@ -0,0 +1,199 @@
+
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "The branch that will be built"
+        required: true
+      version:
+        description: "The version to release (must be prefixed with 'v')"
+        required: true
+
+env:
+  VERSION: ${{ github.event.inputs.version }}
+  GH_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+
+jobs:
+  goreleaser:
+    name: Build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Unshallow
+        run: git fetch
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+
+      # - name: Hook private repo
+      #   run: git config --global url."https://${{ secrets.GORELEASER_GITHUB_TOKEN }}:x-oauth-basic@github.com".insteadOf "https://github.com"
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          version: latest
+          args: release --snapshot --rm-dist --skip-publish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Move build artifacts
+        run: |
+          mkdir ~/artifacts
+          mv $GITHUB_WORKSPACE/dist/remote-shell_linux_amd64.tar.gz ~/artifacts/linux.tar.gz
+          mv $GITHUB_WORKSPACE/dist/remote-shell_darwin_amd64.zip ~/artifacts/darwin.zip
+          
+      - name: List Build Artifacts
+        run: ls -l ~/artifacts
+
+      - name: Save Linux Build Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: build-artifact-linux
+          path: ~/artifacts/linux.tar.gz
+          if-no-files-found: error
+
+      - name: Save MacOS Build Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: build-artifact-darwin
+          path: ~/artifacts/darwin.zip
+          if-no-files-found: error
+  
+  create_release_tag:
+    name: Tag Release
+    needs: [goreleaser]
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Trim asset version prefix and Validate
+        run: |-
+          echo $VERSION
+          trim=${VERSION#"v"}
+          echo $trim
+          if [[ $trim =~  ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
+            echo "Version OK: $trim"
+          else
+            echo "Invalid version: $trim"
+            exit 1
+          fi
+          echo "VERSION=${trim}" >> $GITHUB_ENV
+          
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+
+      - name: Tag Release
+        run: |
+          git config user.name "Cloud87 GitHub Actions Bot"
+          git config user.email noreply@github.com
+          git tag ${{ github.event.inputs.version }}
+          git push origin ${{ github.event.inputs.version }}
+    
+  ensure_branch_in_homebrew:
+    name: Ensure branch exists in homebrew-tap
+    needs: [create_release_tag]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Parse semver string
+        id: semver_parser
+        uses: booxmedialtd/ws-action-parse-semver@v1
+        with:
+          input_string: ${{ github.event.inputs.version }}
+
+      - name: Checkout
+        if: steps.semver_parser.outputs.prerelease == ''
+        uses: actions/checkout@v3
+        with:
+          repository: webdestroya/homebrew-tap
+          token: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+          ref: main
+
+      - name: Delete base branch if exists
+        if: steps.semver_parser.outputs.prerelease == ''
+        run: |
+          git fetch --all
+          git push origin --delete bump-brew
+          git push origin --delete $VERSION
+        continue-on-error: true
+
+      - name: Create base branch
+        if: steps.semver_parser.outputs.prerelease == ''
+        run: |
+          git checkout -b bump-brew
+          git push --set-upstream origin bump-brew
+    
+  create_release:
+    name: Release
+    needs: [create_release_tag, ensure_branch_in_homebrew]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.version }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+    
+
+  create_pr_in_homebrew:
+    name: Create PR in homebrew-tap
+    needs: [ensure_branch_in_homebrew, create_release]
+    runs-on: ubuntu-latest
+    env:
+      Version: ${{ github.event.inputs.version }}
+    steps:
+      - name: Parse semver string
+        id: semver_parser
+        uses: booxmedialtd/ws-action-parse-semver@v1
+        with:
+          input_string: ${{ github.event.inputs.version }}
+
+      - name: Checkout
+        if: steps.semver_parser.outputs.prerelease == ''
+        uses: actions/checkout@v3
+        with:
+          repository: webdestroya/homebrew-tap
+          token: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+          ref: main
+
+      - name: Create a new branch off the base branch
+        if: steps.semver_parser.outputs.prerelease == ''
+        run: |
+          git fetch --all
+          git checkout bump-brew
+          git checkout -b rshell/$VERSION
+          git push --set-upstream origin rshell/$VERSION
+
+      - name: Close pull request if already exists
+        if: steps.semver_parser.outputs.prerelease == ''
+        run: |
+          gh pr close rshell/$VERSION
+        continue-on-error: true
+
+      - name: Create pull request
+        if: steps.semver_parser.outputs.prerelease == ''
+        run: |
+          gh pr create --base main --head rshell/$VERSION --title "[RShell] $Version" --body "Update formula"

.goreleaser.yaml

@@ -1,7 +1,7 @@
 # This is an example .goreleaser.yml file with some sensible defaults.
 # Make sure to check the documentation at https://goreleaser.com
 
-project_name: remote-shell-client
+project_name: remote-shell
 
 before:
   hooks:
@@ -18,7 +18,7 @@ builds:
       - arm64
 
     id: rshell
-    # binary: 'remote-shell'
+    binary: 'remote-shell'
     ldflags:
       - "-s -w -X main.buildVersion={{.Version}} -X main.buildSha={{.Commit}}"
 
@@ -36,6 +36,7 @@ archives:
     - none*
     format: zip
     id: homebrew
+    # name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}_{{ .Version }}"
     name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
     format_overrides:
     - goos: linux
@@ -49,19 +50,14 @@ release:
   draft: true
 changelog:
   skip: true
-  # sort: asc
-  # filters:
-  #   exclude:
-  #     - '^docs:'
-  #     - '^test:'
-
+  
 announce:
   skip: true
 
 brews:
   - ids:
       - homebrew
-    name: cloud87-remote-shell
+    name: remote-shell
     tap:
       owner: webdestroya
       name: homebrew-tap
@@ -71,12 +67,28 @@ brews:
     homepage: "https://github.com/webdestroya/remote-shell-client"
     description: "Allows easy remote access to containerized applications running on Fargate"
     skip_upload: auto
+    license: "MIT"
     install: |-
       bin.install "remote-shell"
 
 universal_binaries:
--
-  id: rshell
-  # name_template: "{{ .ProjectName }}_{{ .Version }}"
-  name_template: "{{ .ProjectName }}"
-  replace: true
+  - id: rshell
+    # name_template: "{{ .ProjectName }}_{{ .Version }}"
+    name_template: "{{ .ProjectName }}"
+    replace: false
+
+nfpms:
+  - id: "rshell"
+    builds: ['rshell']
+    formats:
+      - deb
+      - rpm
+      - apk
+    vendor: "cloud87.io"
+    homepage: "https://github.com/webdestroya/remote-shell-client/"
+    maintainer: "Mitch Dempsey <webdestroya@noreply.github.com>"
+    description: "Allows easy remote access to containerized applications running on Fargate"
+    # file_name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}_{{ .Version }}"
+    file_name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
+    rpm:
+      summary: "Allows easy remote access to containerized applications running on Fargate"

Makefile

@@ -5,7 +5,7 @@ clean:
 
 .PHONY: compile
 compile: clean
-	go build -a -o remote-shell-client -ldflags="-s -w"
+	go build -o remote-shell-client -ldflags="-s -w"
 	stat remote-shell-client
 
 .PHONY: tidy
@@ -29,3 +29,7 @@ lint:
 		exit 1; \
 	}
 	golangci-lint run
+
+.PHONY: test-release
+test-release:
+	goreleaser release --skip-publish --rm-dist --snapshot

README.md

@@ -2,6 +2,18 @@
 
 This program makes it dead simple to launch a task using the [webdestroya/remote-shell](https://github.com/webdestroya/remote-shell) service.
 
+## Installation
+
+
+## Usage
+
+To launch a remote shell session, you only need to know the task definition prefix. By default, it is assumed that your task definition is whatever you enter for the `app` parameter, but with `-console` appended.
+
+If you do not have a console suffix, then add `-exact` to your command.
+
+```
+remote-shell-client -app myapp
+```
 
 ## Task Configuration
 To use this, you must add a docker label to your ECS Task Definition on the container that will be used for the shell.
@@ -15,10 +27,9 @@ The label must be named `cloud87.rshell` and should contain a JSON object with t
 | `security_groups` | Array | List of SecurityGroupIDs to use for the network interface |
 | `port` | Integer | The port that should be used for the SSH service |
 | `public` | Boolean | Whether or not this container will be given a public IP address |
+| `path` | String | Path to the remote-shell binary. If not provided, then `/cloud87/remote-shell` is assumed. |
 
 
-## Usage
-
 
 
 ## AWS Permissions Required

authkeys.go

@@ -0,0 +1,56 @@
+package main
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"strings"
+
+	"golang.org/x/crypto/ssh"
+)
+
+func generateSSHKeypair(bitSize int) (ssh.Signer, string, error) {
+	privKey, err := generatePrivateKey(bitSize)
+	if err != nil {
+		return nil, "", err
+	}
+
+	signer, err := ssh.NewSignerFromKey(privKey)
+	if err != nil {
+		return nil, "", err
+	}
+
+	pubKey, err := generatePublicKey(&privKey.PublicKey)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return signer, pubKey, nil
+
+}
+
+func generatePrivateKey(bitSize int) (*rsa.PrivateKey, error) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, bitSize)
+	if err != nil {
+		return nil, err
+	}
+
+	err = privateKey.Validate()
+	if err != nil {
+		return nil, err
+	}
+
+	return privateKey, nil
+}
+
+func generatePublicKey(pubKey *rsa.PublicKey) (string, error) {
+	publicRsaKey, err := ssh.NewPublicKey(pubKey)
+	if err != nil {
+		return "", err
+	}
+
+	pubKeyBytes := ssh.MarshalAuthorizedKey(publicRsaKey)
+
+	pubKeyString := strings.TrimSuffix(string(pubKeyBytes), "\n")
+
+	return pubKeyString, nil
+}