Support multiple GitHub SSH deploy keys (#568)

* add sshPublicKeysDirectoryPath and GIT_CONFIG_EXTENSIONS parameters that adds git configs and mounts .ssh/config and public keys to the container, in order to allow multiple sh deploy key trick by webplatform@ssh-agent * remove sshPublicKeysDirectoryPath and GIT_CONFIG_EXTENSIONS from windows runner for now
2025-07-04 12:25:19 -04:00 · 2023-09-07 00:35:24 +03:00 · 2023-09-07 00:35:24 +03:00 · 2190fd5667
commit 2190fd5667
parent a073719c29
8 changed files with 56 additions and 2 deletions
--- a/action.yml
+++ b/action.yml
@ -85,6 +85,10 @@ inputs:
    required: false
    default: ''
    description: 'SSH Agent path to forward to the container'
+  sshPublicKeysDirectoryPath:
+    required: false
+    default: ''
+    description: 'Path to a directory containing SSH public keys to forward to the container.'
  gitPrivateToken:
    required: false
    default: ''
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/platforms/ubuntu/entrypoint.sh
+++ b/dist/platforms/ubuntu/entrypoint.sh
@ -10,6 +10,7 @@ mkdir -p "$ACTIVATE_LICENSE_PATH"
 #
 # Run steps
 #
+source /steps/set_extra_git_configs.sh
 source /steps/set_gitcredential.sh
 source /steps/activate.sh
 source /steps/build.sh
--- a/dist/platforms/ubuntu/steps/set_extra_git_configs.sh
+++ b/dist/platforms/ubuntu/steps/set_extra_git_configs.sh
@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+if [ -z "${GIT_CONFIG_EXTENSIONS}" ]
+then
+  echo "GIT_CONFIG_EXTENSIONS unset skipping"
+else
+  echo "GIT_CONFIG_EXTENSIONS is set configuring extra git configs"
+
+  IFS=$'\n'
+  for config in $(echo "${GIT_CONFIG_EXTENSIONS}" | sed 's/\(.*\)=\(.*\)/"\1" "\2"/g'); do
+    if [[ $config =~ \"([^\"]+)\"\ \"([^\"]+)\" ]]; then
+      key="${BASH_REMATCH[1]}"
+      value="${BASH_REMATCH[2]}"
+    else
+      echo "Error parsing config: $config"
+      exit 1
+    fi
+    echo "Adding extra git config: \"$key\" = \"$value\""
+    git config --global --add "$key" "$value"
+  done
+  unset IFS
+
+fi
+
+echo "---------- git config --list -------------"
+git config --list
+
+echo "---------- git config --list --show-origin -------------"
+git config --list --show-origin
--- a/src/model/build-parameters.ts
+++ b/src/model/build-parameters.ts
@ -42,6 +42,7 @@ class BuildParameters {

  public customParameters!: string;
  public sshAgent!: string;
+  public sshPublicKeysDirectoryPath!: string;
  public providerStrategy!: string;
  public gitPrivateToken!: string;
  public awsStackName!: string;
@ -150,6 +151,7 @@ class BuildParameters {
      androidSymbolType: androidSymbolExportType,
      customParameters: Input.customParameters,
      sshAgent: Input.sshAgent,
+      sshPublicKeysDirectoryPath: Input.sshPublicKeysDirectoryPath,
      gitPrivateToken: Input.gitPrivateToken || (await GithubCliReader.GetGitHubAuthToken()),
      chownFilesTo: Input.chownFilesTo,
      providerStrategy: CloudRunnerOptions.providerStrategy,
--- a/src/model/docker.ts
+++ b/src/model/docker.ts
@ -40,7 +40,15 @@ class Docker {
    additionalVariables: StringKeyValuePair[] = [],
    entrypointBash: boolean = false,
  ): string {
-    const { workspace, actionFolder, runnerTempPath, sshAgent, gitPrivateToken, dockerWorkspacePath } = parameters;
+    const {
+      workspace,
+      actionFolder,
+      runnerTempPath,
+      sshAgent,
+      sshPublicKeysDirectoryPath,
+      gitPrivateToken,
+      dockerWorkspacePath,
+    } = parameters;

    const githubHome = path.join(runnerTempPath, '_github_home');
    if (!existsSync(githubHome)) mkdirSync(githubHome);
@ -54,6 +62,7 @@ class Docker {
            ${ImageEnvironmentFactory.getEnvVarString(parameters, additionalVariables)} \
            --env UNITY_SERIAL \
            --env GITHUB_WORKSPACE=${dockerWorkspacePath} \
+            --env GIT_CONFIG_EXTENSIONS \
            ${gitPrivateToken ? `--env GIT_PRIVATE_TOKEN="${gitPrivateToken}"` : ''} \
            ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
            --volume "${githubHome}":"/root:z" \
@ -64,7 +73,12 @@ class Docker {
            --volume "${actionFolder}/platforms/ubuntu/entrypoint.sh:/entrypoint.sh:z" \
            --volume "${actionFolder}/unity-config:/usr/share/unity3d/config/:z" \
            ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
-            ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''} \
+            ${
+              sshAgent && !sshPublicKeysDirectoryPath
+                ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro'
+                : ''
+            } \
+            ${sshPublicKeysDirectoryPath ? `--volume ${sshPublicKeysDirectoryPath}:/root/.ssh:ro` : ''} \
            ${entrypointBash ? `--entrypoint ${commandPrefix}` : ``} \
            ${image} \
            ${entrypointBash ? `-c` : `${commandPrefix} -c`} \
--- a/src/model/input.ts
+++ b/src/model/input.ts
@ -178,6 +178,10 @@ class Input {
    return Input.getInput('sshAgent') || '';
  }

+  static get sshPublicKeysDirectoryPath(): string {
+    return Input.getInput('sshPublicKeysDirectoryPath') || '';
+  }
+
  static get gitPrivateToken(): string | undefined {
    return Input.getInput('gitPrivateToken');
  }