This action modifies the Git and SSH configuration with the specified GitHub deploy keys to access other private repositories on the GitHub-hosted Windows, Linux, and macOS runners.
Note that this action does not use ssh-agent
.
Required Deploy keys of other private repositories.
To create a deploy key available for this action, you need to embed the SSH URL
of the repository into the key comment. For instance, if the SSH URL of the
repository is [email protected]:foo/bar.git
, you can create the deploy key using
the following command: ssh-keygen … -C '[email protected]:foo/bar.git'
.
steps:
- name: Setting up deploy keys
uses: maroontress/deploy-keys@v1
with:
keys: |
${{ secret.BAR_DEPLOY_KEY }}
${{ secret.BAZ_DEPLOY_KEY }}
- name: Clone the private repositories
shell: bash
run: |
git clone --depth 1 [email protected]:foo/bar.git
git clone --depth 1 [email protected]:foo/baz.git
Please use a full-length commit SHA instead of the tag like
v1
. For a more realistic example, see here.
This action assigns a unique fake hostname to each repository in the Git layer,
converts the fake hostname to github.com
in the SSH layer, and associates the
fake host with the SSH key of the corresponding repository.
This action modifies the ~/.gitconfig
file by executing git config
with
url.<base>.instantOf
variables for each deploy key. After
running this action, you can check the configuration with
git config --global --list
, which prints as follows:
[email protected]:foo/[email protected]:foo/bar
[email protected]:foo/[email protected]:foo/baz
This action overwrites ~/.ssh/config
. After running this action, the content
of ~/.ssh/config
will be as follows:
Host fake0.github.com
HostName github.com
IdentityFile C:\Users\runneradmin\.ssh\fake0.github.com
IdentitiesOnly yes
Host fake1.github.com
HostName github.com
IdentityFile C:\Users\runneradmin\.ssh\fake1.github.com
IdentitiesOnly yes
The path of IdentityFile
will vary depending on the platform (the above
example is on the Windows runner).
This action also creates ~/.ssh/known_hosts
containing the SSH public key of
github.com
.
This action creates ~/.ssh/fakeN.github.com
(N
= 0, 1, …) files to save the deploy keys (i.e.,
the SSH private keys). These files are referenced by the IdentityFile
entries
in ~/.ssh/config
.
Don't use this action on the persistent self-hosted runners.
For serious use of this action, to mitigate the security risks, you should:
- Copy (fork) this repository to your organization before using it, and then use your private (or public) repository you copied or
- Pin this action to a full length-commit SHA.
It is also advisable to audit the source code of this action before use.
See Commit, tag, and push your action to GitHub — Creating a JavaScript action.
sudo npm i -g @vercel/ncc
ncc build index.js --license licenses.txt
npx eslint index.js