-
-
Notifications
You must be signed in to change notification settings - Fork 612
/
Copy pathaction.yml
141 lines (138 loc) · 6.19 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: "SSH Remote Commands"
description: "Executing remote ssh commands"
author: "Bo-Yi Wu"
inputs:
host:
description: "SSH host address or IP to connect to."
port:
description: "SSH port number for the connection."
default: "22"
passphrase:
description: "Passphrase to decrypt the SSH private key if protected."
username:
description: "SSH username for authentication on the remote server."
password:
description: "SSH password for authentication (use secrets for sensitive data)."
protocol:
description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
default: "tcp"
sync:
description: "When true, executes commands synchronously across multiple hosts (one after another)."
use_insecure_cipher:
description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems."
cipher:
description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults."
timeout:
description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'."
default: "30s"
command_timeout:
description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'."
default: "10m"
key:
description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)."
key_path:
description: "Path to the SSH private key file on the runner."
fingerprint:
description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks."
proxy_host:
description: "Proxy server hostname or IP if connecting through an SSH jump host."
proxy_port:
description: "SSH port number for the proxy connection."
default: "22"
proxy_username:
description: "Username for authentication on the proxy server."
proxy_password:
description: "Password for authentication on the proxy server (use secrets for sensitive data)."
proxy_protocol:
description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
default: "tcp"
proxy_passphrase:
description: "Passphrase to decrypt the proxy SSH private key if protected."
proxy_timeout:
description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'."
default: "30s"
proxy_key:
description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)."
proxy_key_path:
description: "Path to the SSH proxy private key file on the runner."
proxy_fingerprint:
description: "SHA256 fingerprint of the proxy host public key for verification."
proxy_cipher:
description: "Specify custom cipher algorithms for proxy connection encryption."
proxy_use_insecure_cipher:
description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)."
script:
description: "Commands to execute on the remote server (inline script string)."
script_path:
description: "Path to a local file containing commands to execute on the remote server."
envs:
description: "Environment variables to expose to the remote script, format: key=value,key2=value2."
envs_format:
description: "Format specification for environment variable transfer (for advanced usage)."
debug:
description: "Set to true to enable verbose logging for troubleshooting connection issues."
allenvs:
description: "When true, passes all GitHub Actions environment variables to the remote script."
request_pty:
description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)."
curl_insecure:
description: "When true, uses the --insecure option with curl for insecure downloads."
default: "false"
capture_stdout:
description: "When true, captures and returns standard output from the commands as action output."
default: "false"
outputs:
stdout:
description: "Standard output of the executed commands when capture_stdout is enabled."
value: ${{ steps.entrypoint.outputs.stdout }}
runs:
using: "composite"
steps:
- name: Set GitHub Path
run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
shell: bash
env:
GITHUB_ACTION_PATH: ${{ github.action_path }}
- id: entrypoint
name: Run entrypoint.sh
run: entrypoint.sh
shell: bash
env:
GITHUB_ACTION_PATH: ${{ github.action_path }}
INPUT_HOST: ${{ inputs.host }}
INPUT_PORT: ${{ inputs.port }}
INPUT_PROTOCOL: ${{ inputs.protocol }}
INPUT_USERNAME: ${{ inputs.username }}
INPUT_PASSWORD: ${{ inputs.password }}
INPUT_PASSPHRASE: ${{ inputs.passphrase }}
INPUT_KEY: ${{ inputs.key }}
INPUT_KEY_PATH: ${{ inputs.key_path }}
INPUT_FINGERPRINT: ${{ inputs.fingerprint }}
INPUT_PROXY_HOST: ${{ inputs.proxy_host }}
INPUT_PROXY_PORT: ${{ inputs.proxy_port }}
INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }}
INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }}
INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }}
INPUT_PROXY_KEY: ${{ inputs.proxy_key }}
INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }}
INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }}
INPUT_TIMEOUT: ${{ inputs.timeout }}
INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
INPUT_SCRIPT: ${{ inputs.script }}
INPUT_SCRIPT_FILE: ${{ inputs.script_path }}
INPUT_ENVS: ${{ inputs.envs }}
INPUT_ENVS_FORMAT: ${{ inputs.envs_format }}
INPUT_DEBUG: ${{ inputs.debug }}
INPUT_ALL_ENVS: ${{ inputs.allenvs }}
INPUT_REQUEST_PTY: ${{ inputs.request_pty }}
INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }}
INPUT_CIPHER: ${{ inputs.cipher }}
INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
INPUT_SYNC: ${{ inputs.sync }}
INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}
INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }}
branding:
icon: "terminal"
color: "gray-dark"