add sshPublicKeysDirectoryPath and GIT_CONFIG_EXTENSIONS parameters that adds git configs and mounts .ssh/config and public keys to the container, in order to allow multiple sh deploy key trick by webplatform@ssh-agent (#240)

Author: eronnen

action.yml

@@ -36,6 +36,10 @@ inputs:
     required: false
     default: ''
     description: 'SSH Agent path to forward to the container.'
+  sshPublicKeysDirectoryPath:
+    required: false
+    default: ''
+    description: 'Path to a directory containing SSH public keys to forward to the container.'
   gitPrivateToken:
     required: false
     default: ''

dist/entrypoint.sh

@@ -12,6 +12,7 @@ mkdir -p "$ACTIVATE_LICENSE_PATH"
 #
 
 source /steps/activate.sh
+source /steps/set_extra_git_configs.sh
 source /steps/set_gitcredential.sh
 source /steps/run_tests.sh
 source /steps/return_license.sh

dist/index.js

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+if [ -z "${GIT_CONFIG_EXTENSIONS}" ]
+then
+  echo "GIT_CONFIG_EXTENSIONS unset skipping"
+else
+  echo "GIT_CONFIG_EXTENSIONS is set. configuring extra git configs"
+
+  IFS=$'\n'
+  for config in $(echo "${GIT_CONFIG_EXTENSIONS}" | sed 's/\(.*\)=\(.*\)/"\1" "\2"/g'); do
+    if [[ $config =~ \"([^\"]+)\"\ \"([^\"]+)\" ]]; then
+      key="${BASH_REMATCH[1]}"
+      value="${BASH_REMATCH[2]}"
+    else
+      echo "Error parsing config: $config"
+      exit 1
+    fi
+    echo "Adding extra git config: \"$key\" = \"$value\""
+    git config --global --add "$key" "$value"
+  done
+  unset IFS
+
+fi
+
+echo "---------- git config --list -------------"
+git config --list
+
+echo "---------- git config --list --show-origin -------------"
+git config --list --show-origin

dist/index.js.map

@@ -16,6 +16,7 @@ export async function run() {
       artifactsPath,
       useHostNetwork,
       sshAgent,
+      sshPublicKeysDirectoryPath,
       gitPrivateToken,
       githubToken,
       checkName,
@@ -39,6 +40,7 @@ export async function run() {
         artifactsPath,
         useHostNetwork,
         sshAgent,
+        sshPublicKeysDirectoryPath,
         packageMode,
         packageName,
         gitPrivateToken,

dist/steps/set_extra_git_configs.sh

@@ -62,6 +62,7 @@ const Docker = {
       artifactsPath,
       useHostNetwork,
       sshAgent,
+      sshPublicKeysDirectoryPath,
       packageMode,
       packageName,
       gitPrivateToken,
@@ -116,6 +117,7 @@ const Docker = {
                 --env RUNNER_WORKSPACE \
                 --env GIT_PRIVATE_TOKEN="${gitPrivateToken}" \
                 --env CHOWN_FILES_TO="${chownFilesTo}" \
+                --env GIT_CONFIG_EXTENSIONS \
                 ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
                 --volume "${githubHome}:/root:z" \
                 --volume "${githubWorkflow}:/github/workflow:z" \
@@ -126,7 +128,14 @@ const Docker = {
                 --volume "${actionFolder}/unity-config:/usr/share/unity3d/config/:z" \
                 ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
                 ${
-                  sshAgent ? `--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro` : ''
+                  sshAgent && !sshPublicKeysDirectoryPath
+                    ? `--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro`
+                    : ''
+                } \
+                ${
+                  sshPublicKeysDirectoryPath
+                    ? `--volume ${sshPublicKeysDirectoryPath}:/root/.ssh:ro`
+                    : ''
                 } \
                 ${useHostNetwork ? '--net=host' : ''} \
                 ${githubToken ? '--env USE_EXIT_CODE=false' : '--env USE_EXIT_CODE=true'} \

src/main.ts

@@ -13,6 +13,12 @@ const Input = {
     return validFolderName.test(folderName);
   },
 
+  isValidGlobalFolderName(folderName) {
+    const validFolderName = new RegExp(/^(\.|\.\/|\/)?(\.?[\w~]+([ _-]?[\w~]+)*\/?)*$/);
+
+    return validFolderName.test(folderName);
+  },
+
   /**
    * When in package mode, we need to scrape the package's name from its package.json file
    */
@@ -72,6 +78,7 @@ const Input = {
     const rawArtifactsPath = getInput('artifactsPath') || 'artifacts';
     const rawUseHostNetwork = getInput('useHostNetwork') || 'false';
     const sshAgent = getInput('sshAgent') || '';
+    const rawSshPublicKeysDirectoryPath = getInput('sshPublicKeysDirectoryPath') || '';
     const gitPrivateToken = getInput('gitPrivateToken') || '';
     const githubToken = getInput('githubToken') || '';
     const checkName = getInput('checkName') || 'Test Results';
@@ -92,6 +99,10 @@ const Input = {
       throw new Error(`Invalid artifactsPath "${rawArtifactsPath}"`);
     }
 
+    if (!this.isValidGlobalFolderName(rawSshPublicKeysDirectoryPath)) {
+      throw new Error(`Invalid sshPublicKeysDirectoryPath "${rawSshPublicKeysDirectoryPath}"`);
+    }
+
     if (rawUseHostNetwork !== 'true' && rawUseHostNetwork !== 'false') {
       throw new Error(`Invalid useHostNetwork "${rawUseHostNetwork}"`);
     }
@@ -100,6 +111,12 @@ const Input = {
       throw new Error(`Invalid packageMode "${rawPackageMode}"`);
     }
 
+    if (rawSshPublicKeysDirectoryPath !== '' && sshAgent === '') {
+      throw new Error(
+        'sshPublicKeysDirectoryPath is set, but sshAgent is not set. sshPublicKeysDirectoryPath is useful only when using sshAgent.',
+      );
+    }
+
     // sanitize packageMode input and projectPath input since they are needed
     // for input validation
     const packageMode = rawPackageMode === 'true';
@@ -119,6 +136,7 @@ const Input = {
 
     // Sanitise other input
     const artifactsPath = rawArtifactsPath.replace(/\/$/, '');
+    const sshPublicKeysDirectoryPath = rawSshPublicKeysDirectoryPath.replace(/\/$/, '');
     const useHostNetwork = rawUseHostNetwork === 'true';
     const editorVersion =
       unityVersion === 'auto' ? UnityVersionParser.read(projectPath) : unityVersion;
@@ -134,6 +152,7 @@ const Input = {
       artifactsPath,
       useHostNetwork,
       sshAgent,
+      sshPublicKeysDirectoryPath,
       gitPrivateToken,
       githubToken,
       checkName,