Skip to content
/ cloudflared-ssh-action Public
forked from and-fm/cloudflared-ssh-action

A GitHub Action that lets you SSH into a server behind a Cloudflare Tunnel

License

Apache-2.0 license
0 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nathanjnorris/cloudflared-ssh-action

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

105 Commits
.github
.github
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

Cloudflared SSH Remote Command Runner

A GitHub Action that runs a Docker container, which lets you SSH into a server behind a Cloudflare Tunnel and run a command

Updates

This repo is forked from npgy/cloudflared-ssh-action

The Dockerfile has been updated to:

  • Pull the latest alpine image tag.
  • Install the latest Cloudflare Tunnel (cloudflared) binary.
  • Utilise service tokens for authentication, for SSH servers secured by Cloudflare Access policies.
  • Utilise Dependabot to alert if this code depends on a package with a security vulnerability.

The updates are intended to

Workflows

Branch protection rules require a PR before code can be merged into main. There are two PR workflows:

  • Dependency review will check upstream base Apline Linux image or Github Actions for updates. If there are High or Critical vulnerabilities found in feature branch, the workflow will fail.
  • Trivy scanner will check the built Docker image for vulnerabilities. If there's a High or Critical CVEs found in the image, the workflow will fail.

A successful merge into main will update the latest release and update the latest tagged container image uploaded to GitHub Packages.

Contributions

Any help keeping this repo healthy and secure would be appreciated!
Remaining in my to-do is automating semantic version releases in case users need to rollback to older, stable versions.
This action is now meeting my project's needs, so I won't be releasing further updates unless required.

Usage

Here is an example deploy.yaml file for the action:

name: Run command on remote server
on:
  pull_request:
    types:
      - closed
jobs:
  ssh_command:
    if: github.event.pull_request.merged == true
    name: Run SSH command
    needs: terraform_apply
    runs-on: ubuntu-latest
    steps:
    - name: Connect and run command on remote server
      uses: nathanjnorris/cloudflared-ssh-action@latest
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USERNAME }}
        private_key_filename: ${{ secrets.SSH_PRIVATE_KEY_FILENAME }}
        private_key_value: ${{ secrets.SSH_PRIVATE_KEY_VALUE }}
        port: ${{ secrets.SSH_PORT }}
        service_token_id: ${{ secrets.SERVICE_TOKEN_ID }}
        service_token_secret: ${{ secrets.SERVICE_TOKEN_SECRET }}
        commands: mkdir hello-world -v

About

A GitHub Action that lets you SSH into a server behind a Cloudflare Tunnel

Topics

docker ssh cloudflare github-actions cloudflare-tunnel

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

Latest build Latest
Oct 10, 2024

Packages

No packages published

Languages

  • Dockerfile 54.4%
  • Shell 45.6%