Merge pull request #19 from Apreche/host_key_checking

Add support for SSH Host Key Checking
2024-10-21 21:56:08 -06:00 · 2021-04-04 23:29:36 +02:00 · 2021-04-04 23:29:36 +02:00 · 212713722b
commit 212713722b
parent aad578fcdd d45b74f42d
4 changed files with 32 additions and 2 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -65,11 +65,15 @@ jobs:
            Subsystem sftp /usr/lib/openssh/sftp-server
          EOF
          sudo systemctl restart sshd
          echo 'SSH_KNOWN_HOSTS<<EOF' >> $GITHUB_ENV
          echo $(ssh-keyscan localhost) >> $GITHUB_ENV
          echo 'EOF' >> $GITHUB_ENV
      - name: With everything
        uses: ./
        with:
          playbook: playbook.yml
          key: ${{env.SSH_PRIVATE_KEY}}
          known_hosts: ${{env.SSH_KNOWN_HOSTS}}
          directory: test
          vault_password: test
          requirements: requirements.yml
--- a/action.yml
+++ b/action.yml
@ -22,6 +22,9 @@ inputs:
  vault_password:
    description: The password used for decrypting vaulted files
    required: false
  known_hosts:
    description: Contents of SSH known_hosts file
    required: false
  options:
    description: Extra options that should be passed to ansible-playbook command
    required: false
--- a/main.js
+++ b/main.js
@ -12,6 +12,7 @@ async function main() {
        const key = core.getInput("key")
        const inventory = core.getInput("inventory")
        const vaultPassword = core.getInput("vault_password")
        const knownHosts = core.getInput("known_hosts")
        const options = core.getInput("options")
        let cmd = ["ansible-playbook", playbook]
@ -63,10 +64,27 @@ async function main() {
            cmd.push(vaultPasswordFile)
        }
-        process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
+        if (knownHosts) {
            const knownHostsFile = ".ansible_known_hosts"
            fs.writeFileSync(knownHostsFile, knownHosts, { mode: 0600 })
            core.saveState("knownHostsFile", knownHostsFile)
            let known_hosts_param = [
                "--ssh-common-args=",
                "\"",
                "-o UserKnownHostsFile=",
                knownHostsFile,
                "\""
            ].join('')
            cmd.push(known_hosts_param)
            process.env.ANSIBLE_HOST_KEY_CHECKING = "True"
        } else {
            process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
        }
        process.env.ANSIBLE_FORCE_COLOR = "True"
-        await exec.exec(cmd.join(" "))
+        await exec.exec(cmd.join(' '))
    } catch (error) {
        core.setFailed(error.message)
    }
--- a/post.js
+++ b/post.js
@ -14,6 +14,7 @@ async function main() {
        const keyFile = core.getState("keyFile")
        const inventoryFile = core.getState("inventoryFile")
        const vaultPasswordFile = core.getState("vaultPasswordFile")
        const knownHostsFile = core.getState("knownHostsFile")
        if (directory)
            process.chdir(directory)
@ -26,6 +27,10 @@ async function main() {
        if (vaultPasswordFile)
            rm(vaultPasswordFile)
        if (knownHostsFile)
            rm(knownHostsFile)
    } catch (error) {
        core.setFailed(error.message)
    }