Bump webfactory/ssh-agent from 0.7.0 to 0.8.0

[dependabot[bot]]

Bumps webfactory/ssh-agent from 0.7.0 to 0.8.0.

Release notes

Sourced from webfactory/ssh-agent's releases.

SSH host keys no longer managed – read below 👇

Starting with this release, this action no longer writes GitHub's SSH host keys into the known_hosts SSH config file upon start.

GitHub changed their host keys on short notice this morning, see https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/. We took this as an opportunity to stop maintaining GH SSH keys in the code shipped with this action (#171).

What you need to do:

• On GitHub hosted runners, nothing. ✔︎ These runners ship with SSH host keys (for github.com) maintained by directly by GitHub.
• On self-hosted runners, review and fix your SSH known_hosts file:
  • First, you'll find it bloated with redundant entries for github.com, as described in #106. Remove these entries.
  • Review https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/. You probably removed the old (invalid) SSH key in the previous step.
  • Configure GitHub's current SSH keys as documented on https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
  • As long as versions before v0.8.0 of this action here are run on the self-hosted runner, the old entries will come back. Keep an eye on it, possibly you'll have to rinse & repeat.

Other code changes in this release

• Update to actions/checkout@v3 by @​mpdude in webfactory/ssh-agent#143
• Allow the user to override the commands for git, ssh-agent, and ssh-add by @​DilumAluthge in webfactory/ssh-agent#154

New Contributors

• @​prhiggins made their first contribution in webfactory/ssh-agent#153
• @​kjarkur made their first contribution in webfactory/ssh-agent#147
• @​DilumAluthge made their first contribution in webfactory/ssh-agent#154

Full Changelog: https://github.com/webfactory/ssh-agent/compare/v0.7.0...v0.8.0

Changelog

Sourced from webfactory/ssh-agent's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Commits

• d4b9b8f Stop adding GitHub SSH keys (#171)
• ea17a05 Add missing semicolons (#159)
• 9fbc246 Clarify usage for Docker build processes, especially with deployment keys (#145)
• 6f828cc Allow the user to override the commands for git, ssh-agent, and ssh-add...
• 209e2d7 Fix a typo in the README.md (#146)
• 18ff706 Update README.md (#147)
• 2996779 Replace 0.6.0 references with 0.7.0 in README.md (#153)
• 4512be8 Update to actions/checkout@v3 (#143)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)