micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: micqdf:a8195f97dc01e8504067db19da664530fc18a15e
Branches Tags
micqdf:master micqdf:stage micqdf:destroy
micqdf:destroy/now
...
compare: micqdf:8b363497b7f8fcd9fc0e183fed040204a05fdece
Branches Tags
micqdf:master micqdf:stage micqdf:destroy
micqdf:destroy/now

2 Commits
a8195f97dc ... 8b363497b7

Author SHA1 Message Date
micqdf
8b363497b7 Merge pull request 'fix: prefer SSH_KEY_PRIVATE and validate keypair fingerprint' (#48) from stage into master
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 5m8s
Details 
Reviewed-on: #48
 2026-02-28 17:50:47 +00:00
MichaelFisher1997
03fff813ac fix: prefer SSH_KEY_PRIVATE and validate keypair fingerprint
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 13s
Details
2026-02-28 17:40:25 +00:00
3 changed files with 19 additions and 6 deletions
Expand all files Collapse all files

4
.gitea/workflows/kubeadm-bootstrap.yml
View File

@@ -32,9 +32,9 @@ jobs:
- name: Create SSH key - name: Create SSH key
run: | run: |
install -m 0700 -d ~/.ssh install -m 0700 -d ~/.ssh
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")" KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -z "$KEY_CONTENT" ]; then if [ -z "$KEY_CONTENT" ]; then
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")" KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
fi fi
if [ -z "$KEY_CONTENT" ]; then if [ -z "$KEY_CONTENT" ]; then

4
.gitea/workflows/kubeadm-reset.yml
View File

@@ -32,9 +32,9 @@ jobs:
- name: Create SSH key - name: Create SSH key
run: | run: |
install -m 0700 -d ~/.ssh install -m 0700 -d ~/.ssh
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")" KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -z "$KEY_CONTENT" ]; then if [ -z "$KEY_CONTENT" ]; then
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")" KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
fi fi
if [ -z "$KEY_CONTENT" ]; then if [ -z "$KEY_CONTENT" ]; then

17
.gitea/workflows/terraform-apply.yml
View File

@@ -75,9 +75,9 @@ jobs:
- name: Create SSH key - name: Create SSH key
run: | run: |
install -m 0700 -d ~/.ssh install -m 0700 -d ~/.ssh
KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")" KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")"
if [ -z "$KEY_CONTENT" ]; then if [ -z "$KEY_CONTENT" ]; then
KEY_CONTENT="$(printf '%s' "${{ secrets.SSH_KEY_PRIVATE }}")" KEY_CONTENT="$(printf '%s' "${{ secrets.KUBEADM_SSH_PRIVATE_KEY }}")"
fi fi
if [ -z "$KEY_CONTENT" ]; then if [ -z "$KEY_CONTENT" ]; then
@@ -88,6 +88,19 @@ jobs:
printf '%s\n' "$KEY_CONTENT" | tr -d '\r' > ~/.ssh/id_ed25519 printf '%s\n' "$KEY_CONTENT" | tr -d '\r' > ~/.ssh/id_ed25519
chmod 0600 ~/.ssh/id_ed25519 chmod 0600 ~/.ssh/id_ed25519
- name: Verify SSH keypair match
run: |
PRIV_FP="$(ssh-keygen -y -f ~/.ssh/id_ed25519 | ssh-keygen -lf - | awk '{print $2}')"
PUB_FP="$(printf '%s\n' "${{ secrets.SSH_KEY_PUBLIC }}" | tr -d '\r' | ssh-keygen -lf - | awk '{print $2}')"
echo "private fingerprint: $PRIV_FP"
echo "public fingerprint: $PUB_FP"
if [ "$PRIV_FP" != "$PUB_FP" ]; then
echo "SSH_KEY_PRIVATE does not match SSH_KEY_PUBLIC. Update secrets with the same keypair."
exit 1
fi
- name: Create kubeadm inventory from Terraform outputs - name: Create kubeadm inventory from Terraform outputs
env: env:
KUBEADM_SSH_USER: ${{ secrets.KUBEADM_SSH_USER }} KUBEADM_SSH_USER: ${{ secrets.KUBEADM_SSH_USER }}