micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: support base64 SSH private keys in workflows
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 17s
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-02-28 18:13:56 +00:00
parent 2d9d6cdcd5
commit 3ee5cfa823
3 changed files with 63 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
.gitea/workflows/kubeadm-bootstrap.yml
View File

@@ -32,19 +32,35 @@ jobs:
- name: Create SSH key
run: |
install -m 0700 -d ~/.ssh
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -z "$KEY_CONTENT" ]; then
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
KEY_SOURCE=""
KEY_CONTENT=""
KEY_B64="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE_BASE64 }}")"
if [ -n "$KEY_B64" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE_BASE64"
KEY_CONTENT="$(printf '%s' "$KEY_B64" | base64 -d)"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -n "$KEY_CONTENT" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
KEY_SOURCE="KUBEADM_SSH_PRIVATE_KEY"
fi
fi
if [ -z "$KEY_CONTENT" ]; then
echo "Missing SSH private key secret. Set KUBEADM_SSH_PRIVATE_KEY or SSH_KEY_PRIVATE."
echo "Missing SSH private key secret. Set SSH_KEY_PRIVATE_BASE64, SSH_KEY_PRIVATE, or KUBEADM_SSH_PRIVATE_KEY."
exit 1
fi
KEY_CONTENT="$KEY_CONTENT" python3 -c 'import os, pathlib; key=os.environ.get("KEY_CONTENT", "").replace("\r", ""); key=key.replace("\\n", "\n") if "\\n" in key and "\n" not in key else key; pathlib.Path.home().joinpath(".ssh", "id_ed25519").write_text(key if key.endswith("\n") else key + "\n")'
KEY_CONTENT="$KEY_CONTENT" python3 -c 'import os, pathlib; key=os.environ.get("KEY_CONTENT", "").replace("\r", "").strip(); key=key[1:-1] if len(key) > 2 and ((key[0] == "\"" and key[-1] == "\"") or (key[0] == "\'" and key[-1] == "\'")) else key; key=key.replace("\\n", "\n") if "\\n" in key and "\n" not in key else key; pathlib.Path.home().joinpath(".ssh", "id_ed25519").write_text(key if key.endswith("\n") else key + "\n")'
chmod 0600 ~/.ssh/id_ed25519
if ! ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null 2>&1; then
echo "Invalid private key content from $KEY_SOURCE"
exit 1
fi
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:

26
.gitea/workflows/kubeadm-reset.yml
View File

@@ -32,19 +32,35 @@ jobs:
- name: Create SSH key
run: |
install -m 0700 -d ~/.ssh
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -z "$KEY_CONTENT" ]; then
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
KEY_SOURCE=""
KEY_CONTENT=""
KEY_B64="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE_BASE64 }}")"
if [ -n "$KEY_B64" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE_BASE64"
KEY_CONTENT="$(printf '%s' "$KEY_B64" | base64 -d)"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -n "$KEY_CONTENT" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
KEY_SOURCE="KUBEADM_SSH_PRIVATE_KEY"
fi
fi
if [ -z "$KEY_CONTENT" ]; then
echo "Missing SSH private key secret. Set KUBEADM_SSH_PRIVATE_KEY or SSH_KEY_PRIVATE."
echo "Missing SSH private key secret. Set SSH_KEY_PRIVATE_BASE64, SSH_KEY_PRIVATE, or KUBEADM_SSH_PRIVATE_KEY."
exit 1
fi
KEY_CONTENT="$KEY_CONTENT" python3 -c 'import os, pathlib; key=os.environ.get("KEY_CONTENT", "").replace("\r", ""); key=key.replace("\\n", "\n") if "\\n" in key and "\n" not in key else key; pathlib.Path.home().joinpath(".ssh", "id_ed25519").write_text(key if key.endswith("\n") else key + "\n")'
KEY_CONTENT="$KEY_CONTENT" python3 -c 'import os, pathlib; key=os.environ.get("KEY_CONTENT", "").replace("\r", "").strip(); key=key[1:-1] if len(key) > 2 and ((key[0] == "\"" and key[-1] == "\"") or (key[0] == "\'" and key[-1] == "\'")) else key; key=key.replace("\\n", "\n") if "\\n" in key and "\n" not in key else key; pathlib.Path.home().joinpath(".ssh", "id_ed25519").write_text(key if key.endswith("\n") else key + "\n")'
chmod 0600 ~/.ssh/id_ed25519
if ! ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null 2>&1; then
echo "Invalid private key content from $KEY_SOURCE"
exit 1
fi
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:

26
.gitea/workflows/terraform-apply.yml
View File

@@ -75,19 +75,35 @@ jobs:
- name: Create SSH key
run: |
install -m 0700 -d ~/.ssh
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -z "$KEY_CONTENT" ]; then
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
KEY_SOURCE=""
KEY_CONTENT=""
KEY_B64="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE_BASE64 }}")"
if [ -n "$KEY_B64" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE_BASE64"
KEY_CONTENT="$(printf '%s' "$KEY_B64" | base64 -d)"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -n "$KEY_CONTENT" ]; then
KEY_SOURCE="SSH_KEY_PRIVATE"
else
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
KEY_SOURCE="KUBEADM_SSH_PRIVATE_KEY"
fi
fi
if [ -z "$KEY_CONTENT" ]; then
echo "Missing SSH private key secret. Set KUBEADM_SSH_PRIVATE_KEY or SSH_KEY_PRIVATE."
echo "Missing SSH private key secret. Set SSH_KEY_PRIVATE_BASE64, SSH_KEY_PRIVATE, or KUBEADM_SSH_PRIVATE_KEY."
exit 1
fi
KEY_CONTENT="$KEY_CONTENT" python3 -c 'import os, pathlib; key=os.environ.get("KEY_CONTENT", "").replace("\r", ""); key=key.replace("\\n", "\n") if "\\n" in key and "\n" not in key else key; pathlib.Path.home().joinpath(".ssh", "id_ed25519").write_text(key if key.endswith("\n") else key + "\n")'
KEY_CONTENT="$KEY_CONTENT" python3 -c 'import os, pathlib; key=os.environ.get("KEY_CONTENT", "").replace("\r", "").strip(); key=key[1:-1] if len(key) > 2 and ((key[0] == "\"" and key[-1] == "\"") or (key[0] == "\'" and key[-1] == "\'")) else key; key=key.replace("\\n", "\n") if "\\n" in key and "\n" not in key else key; pathlib.Path.home().joinpath(".ssh", "id_ed25519").write_text(key if key.endswith("\n") else key + "\n")'
chmod 0600 ~/.ssh/id_ed25519
if ! ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null 2>&1; then
echo "Invalid private key content from $KEY_SOURCE"
exit 1
fi
- name: Verify SSH keypair match
run: |
if ! ssh-keygen -y -f ~/.ssh/id_ed25519 >/tmp/key.pub 2>/tmp/key.err; then