diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index c0db5282..0793d565 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -20,4 +20,5 @@ jobs: with: provider: 'github' token: ${{ secrets.GITHUB_TOKEN }} + ssh_private_key: '' jekyll_src: './test_site' diff --git a/action.yml b/action.yml index 0c1a6e05..9f23bddb 100644 --- a/action.yml +++ b/action.yml @@ -8,6 +8,9 @@ inputs: token: description: 'The deploy token' required: false + ssh_private_key: + description: 'The SSH private key for deployment' + required: false repository: description: 'The deploy repository' required: false diff --git a/entrypoint.sh b/entrypoint.sh index af5fceb8..e810888f 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,6 +8,7 @@ WORKING_DIR=${PWD} # Initial default value PROVIDER=${INPUT_PROVIDER:=github} TOKEN=${INPUT_TOKEN} +SSH_PRIVATE_KEY=${INPUT_SSH_PRIVATE_KEY} ACTOR=${INPUT_ACTOR} REPOSITORY=${INPUT_REPOSITORY} BRANCH=${INPUT_BRANCH} @@ -121,14 +122,31 @@ build_jekyll || { build_jekyll } +# Pre-handle SSH private key +if [[ -n "${SSH_PRIVATE_KEY}" ]]; then + echo "Pre-handle SSH private key file" + SSH_PRIVATE_KEY_PATH=$(mktemp /tmp/ssh-priv-key.XXXXXX) + echo "${SSH_PRIVATE_KEY}" > ${SSH_PRIVATE_KEY_PATH} + # To prevent from permissions are too open issue, the key can be + # only readable by self + chmod 400 ${SSH_PRIVATE_KEY_PATH} +fi + cd ${WORKING_DIR}/build # Check if deploy on the same repository branch +PROVIDER_EXIT_CODE=0 if [[ "${PROVIDER}" == "github" ]]; then source "${SCRIPT_DIR}/providers/github.sh" else echo "${PROVIDER} is an unsupported provider." - exit 1 + PROVIDER_EXIT_CODE=1 +fi + +# Post-handle SSH private key +if [[ -n "${SSH_PRIVATE_KEY}" ]]; then + echo "Post-handle SSH private key file" + rm -f ${SSH_PRIVATE_KEY_PATH} fi -exit $? +exit ${PROVIDER_EXIT_CODE} diff --git a/providers/github.sh b/providers/github.sh index 02b5cee1..04775f9f 100755 --- a/providers/github.sh +++ b/providers/github.sh @@ -1,9 +1,9 @@ -#!/bin/sh +#!/bin/bash set -e # Check if deploy to same branch -if [ "${REPOSITORY}" = "${GITHUB_REPOSITORY}" ]; then - if [ "${GITHUB_REF}" = "refs/heads/${BRANCH}" ]; then +if [[ "${REPOSITORY}" = "${GITHUB_REPOSITORY}" ]]; then + if [[ "${GITHUB_REF}" = "refs/heads/${BRANCH}" ]]; then echo "It's conflicted to deploy on same branch ${BRANCH}" exit 1 fi @@ -11,21 +11,29 @@ fi # Tell GitHub Pages not to run Jekyll touch .nojekyll -[ -n "$INPUT_CNAME" ] && echo "$INPUT_CNAME" > CNAME +[[ -n "$INPUT_CNAME" ]] && echo "$INPUT_CNAME" > CNAME + +# Prefer to use SSH approach when SSH private key is provided +if [[ -n "${SSH_PRIVATE_KEY}" ]]; then + export GIT_SSH_COMMAND="ssh -i ${SSH_PRIVATE_KEY_PATH} \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null" + REMOTE_REPO="git@github.com:${REPOSITORY}.git" +else + REMOTE_REPO="https://${ACTOR}:${TOKEN}@github.com/${REPOSITORY}.git" +fi echo "Deploying to ${REPOSITORY} on branch ${BRANCH}" -echo "Deploying to https://${ACTOR}:${TOKEN}@github.com/${REPOSITORY}.git" +echo "Deploying to ${REMOTE_REPO}" -REMOTE_REPO="https://${ACTOR}:${TOKEN}@github.com/${REPOSITORY}.git" && \ - git config --global http.postBuffer 524288000 && \ - git config --global init.defaultBranch main && \ +git config --global init.defaultBranch main && \ git init && \ git config user.name "${ACTOR}" && \ git config user.email "${ACTOR}@users.noreply.github.com" && \ git add . && \ git commit -m "jekyll build from Action ${GITHUB_SHA}" && \ git push --force $REMOTE_REPO main:$BRANCH && \ - fuser -k .git || rm -rf .git && \ + (fuser -k .git || rm -rf .git) && \ cd .. -exit $? +PROVIDER_EXIT_CODE=$? diff --git a/script/init_environment.sh b/script/init_environment.sh index 51c1812a..b6c3f5a0 100755 --- a/script/init_environment.sh +++ b/script/init_environment.sh @@ -6,6 +6,9 @@ pacman -Syu --noconfirm # Installing git package pacman -S --noconfirm git +# Installing openssh package +pacman -S --noconfirm openssh + # Installing ruby libraries pacman -S --noconfirm ruby2.7 ruby-bundler