search

nektos / act

Run your GitHub Actions locally 🚀
https://nektosact.com
MIT License
55.34k stars 1.38k forks source link

Issue: .ssh directory not parity with Github Actions #554

Closed justindoody closed 3 years ago

justindoody commented 3 years ago

Act version

act version 0.2.20

Expected behaviour

Typically and on github actions ssh will read files such as config, known_hosts, etc from ~/.ssh/ directory.

Actual behaviour

When using act these files are only read from /root/.ssh. This likely has something to do with act modifying the $HOME directory in some order or timing differently than github actions. SSH does not necessarily read the current $HOME/.ssh if home has been modified. See https://serverfault.com/a/951783 for additional context.

Steps to reproduce

Expected to work and works on github actions but fails on act with host verification failed because ssh is not picking up the known_hosts file:

 jobs:
  ssh_test:
    runs-on: ubuntu-latest
    steps:
      -
        name: SSH Agent
        uses: webfactory/ssh-agent@v0.5.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
      -
        name: Setup SSH Known Hosts
        run: |
          mkdir -p -m 0700 ~/.ssh

          echo "Add domain to known hosts"
          ssh-keyscan -t rsa -p 22 <domain or ip> > ~/.ssh/known_hosts
          chmod 600 ~/.ssh/known_hosts
      -
        name: Test ssh
        run: ssh <domain or ip> ps

Works on act but fails on github actions:

jobs:
  ssh_test:
    runs-on: ubuntu-latest
    steps:
      -
        name: SSH Agent
        uses: webfactory/ssh-agent@v0.5.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
      -
        name: Setup SSH Known Hosts
        run: |
          mkdir -p -m 0700 /root/.ssh

          echo "Add domain to known hosts"
          ssh-keyscan -t rsa -p 22 <domain or ip> > /root/.ssh/known_hosts
          chmod 600 /root/.ssh/known_hosts
      -
        name: Test ssh
        run: ssh <domain or ip> ps

This breaks most usage of ssh on act and in such a way that is quite painful and not obvious to debug as the overwhelming online references around ssh assume ~/.ssh/ is going to get picked up.

catthehacker commented 3 years ago

Correct, HOME is modified here: https://github.com/nektos/act/blob/8de7b956b781bd4bb97bf6136d30e789501b17b4/pkg/runner/run_context.go#L578

catthehacker commented 3 years ago

@justindoody could you check if the issue is still present using -P ubuntu-latest=catthehacker/ubuntu:act-dev?

irealva commented 3 years ago

I'm having this problem too. Would be great to hear about a solution.

catthehacker commented 3 years ago

Hi @irealva, proper solution will be removing below line and implementing #398 https://github.com/nektos/act/blob/8de7b956b781bd4bb97bf6136d30e789501b17b4/pkg/runner/run_context.go#L578

But workaround have been added in catthehacker/ubuntu:act-dev image.

irealva commented 3 years ago

So you mean I should be able to run act -P ubuntu-18.04=catthehacker/ubuntu:act-dev without the "SSH Agent" and "Setup SSH Known Hosts" steps? That doesn't seem to work for me either.

Thanks again!

catthehacker commented 3 years ago

@irealva ssh agent and known hosts are required since it's not viable to included known hosts in docker image because it would get outdated.

irealva commented 3 years ago

Got it, I misunderstood you. For others then I also solved the original poster's question with the act standard image by using continue-on-error: 

name: Copy Known Hosts
    continue-on-error: true
    run: |
       mkdir -p -m 0700 /root/.ssh
       echo "Add domain to known hosts"
       ssh-keyscan github.com > /root/.ssh/known_hosts
       chmod 600 /root/.ssh/known_hosts