LukeSavefrogs/README.md

## README.md

      
    Raw
  

              README.md
            
          
    POC - Testing SSH using Github Actions

Instructions


Copy the content of test-ssh.yml into ./github/workflows/test-ssh.yml (rename to your liking)
Update the Run tests step accordingly


## test-ssh.yml
name: Run tests

on:
  workflow_dispatch:
    inputs:
      keep-keys:
        description: "Keep SSH keys after setup"
        required: true
        default: false
        type: boolean
  # push:

env:
  # Fake SSH private and public keys for the SSH server service (https://8gwifi.org/sshfunctions.jsp/)
  TEST_PRIVATE_KEY: |
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpAIBAAKCAQEA5XV4VQt/S16JIAYbakh6o9WcqmYtSLwlU+k5ryt3Tl7fyhE5
    ebxiphR4E52ILNSyixHRkbWQNPhN7QA7WlvF88SYXNVdBN6R57c1Jd7JvFXP/ONF
    X/KAemE8RtJd3fZ7w0Xbk6zjoekHaWvbrjM5DH4HyEezSAjC7vtK3sr0nxDAP9Tn
    K+VC9AWG6gyEAf9iQjOg5Iq/Y5dlAN2BLOE+YOhEwbDfpXQLIrtzt2sGwceCY+LJ
    IKi3zHbpLL1eKwa56bUb3Ul86Hwvj7ax1GoRkf0Hs8sU6KPXCLfBwTdLj7N5p9Al
    1+PHQ99rBF6W/UC+SVtlbH2Q+MIiOGvdGF+A0wIDAQABAoIBAC41f+wwiowVF6xZ
    ToAS5I/F3uz58ripGyNQ3osGR9qChLLe0SJQ69TiXmQk312X3/Tdu8SKOeZQ8vB9
    kXZa8PxsZPqdBUSLxfpSDOP5f8rrxRz6b+gon/MFTew9RSYEE1x53wRYVucuVI3I
    aM8mBaEcaFjPB63EBe22sZc4bBb0GOOSKj4sIXTfh3ngCRFmTc0bg6YjJ6O4kFdI
    an0GfvRMARz+b3JgoWQ11+inZvJH0KSY74HuJ79JxeLl1M5UKDV0GEjeQyjaiuVv
    WfX4qmFN6wnWoC1PIFEBnRjeCt1g2vjvtJ+MMJx7PesBZE1Df+RTkirVhHaHXW3h
    31xp7wECgYEA/zufVWq6mZY4j4ZilEjMSVzLLppdpcGBoTslmFl/n40d2FQcjcye
    89sdJVEgN802b9ORqGosvASbnIo6LPEAMN40necP/fs24vpE3JJOrhg35WcDkFgT
    FNxbD7PNwRHLORjidwdSe0WHHpMwpa9VLO1wYWJL2sENZ2LoRxrLcBMCgYEA5iYE
    V/vuk8cRWl0d/TIhxZ4KbztXY8BDOtVWbNoI5kUgony3utiPMGbcuRyPA/4YXgJ0
    0OWz7izEvMZJKZ63JyMVJ6CEwVHyPx9t40aiOpZuz6yHZDZEYX8mOiGt5pl0y491
    Wmn7KXQ98yxBn90SsDQWVr2BSppSsuVa+8ehREECgYEAqmE9wwKFYGPEjCMUiZJz
    NQIJ7KlFnJIpm9zlAuez52mHo9K6YPpYnccGlNOsIzQNg+cDFB8Uj8qvqncn0Lps
    +zJKg6IsrcpWYHzbHTdZ6KPoJG55FZGF42YaL8hCsQDU3d+7xeOQbxQB2Co/zkrW
    HDDA1XGN25EGBp8jGdxMNBsCgYEA3rFuhowZwBhhLCTp/bNihkt0IUk0OCszYlxH
    sjAPaHD/MPqo9TzS4KzHar69i8l0XpLV4cRCJHZhL6BV7tXKty31LFDf5Aec9YM9
    2yrfkv043+47W7Y+2HAl1x37nSRjpQx9Ky1dgDEgOIpcPYm2qZTdALWBw2QsHTpc
    nT//RYECgYAPUTfmiVPMSMazYdh/LvDgzoTi3JAmPBb0TTspESverQHz2t0lyrgB
    vTTo1pYkB22yBwJriyV/sGt6IR4GUWNHwp8aE/GDDyNAg0NlojjxamA8MpNkT6Bi
    LdNFOCi5ZBVnOf8MFkRhFOQAkjXt0pDXuejDdqHSNz1yCmk8crs0Cg==
    -----END RSA PRIVATE KEY-----
  TEST_PUBLIC_KEY:
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDldXhVC39LXokgBhtqSHqj1ZyqZi1IvCVT6TmvK3dOXt/KETl5vGKmFHgTnYgs1LKLEdGRtZA0+E3tADtaW8XzxJhc1V0E3pHntzUl3sm8Vc/840Vf8oB6YTxG0l3d9nvDRduTrOOh6Qdpa9uuMzkMfgfIR7NICMLu+0reyvSfEMA/1Ocr5UL0BYbqDIQB/2JCM6Dkir9jl2UA3YEs4T5g6ETBsN+ldAsiu3O3awbBx4Jj4skgqLfMduksvV4rBrnptRvdSXzofC+PtrHUahGR/QezyxToo9cIt8HBN0uPs3mn0CXX48dD32sEXpb9QL5JW2VsfZD4wiI4a90YX4DT

jobs:
  run-tests:
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: bash
    services:
      ssh-server:
        image: linuxserver/openssh-server
        ports:
          - 2222:2222
        env:
          PASSWORD_ACCESS: true
          SUDO_ACCESS: true
          USER_NAME: "test_user"
          USER_PASSWORD: "test_password"
          TZ: "Etc/UTC"
          PUBLIC_KEY: ${{ env.TEST_PUBLIC_KEY }}
    steps:
      - name: "🛒 Checkout repository"
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: "🔍 Install dependencies"
        run: |
          ( source ./scripts/install.sh )

      - name: "🤡 >> Mock SSH ports"
        run: |
          mkdir -p ~/.ssh;

          # Every SSH connection will be redirected to the SSH
          # server service running on port 2222
          cat <<'EOF' >> ~/.ssh/config
          Host *
            HostName localhost
            Port 2222
          EOF

      - name: "🤡 >> Setup SSH keys"
        run: |
          # Create the SSH keys
          echo "${{ env.TEST_PRIVATE_KEY }}" > ~/.ssh/id_rsa;
          echo "${{ env.TEST_PUBLIC_KEY }}" > ~/.ssh/id_rsa.pub;
          chmod 600 ~/.ssh/id_rsa ~/.ssh/id_rsa.pub;

      - name: "🤡 >> Setup SSH server for testing"
        run: |
          # Do all the setup you need, such as creating files, directories, changing configurations, etc...
          ssh -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null test_user@localhost <<-EOF
            echo "THIS IS A TEST" > /tmp/test-file.txt;

            # Use a temporary script to provide the password to sudo
            printf '#!/bin/bash\n/bin/echo "%s"\n' "test_password" > /tmp/sudo_askpass.sh && chmod +x /tmp/sudo_askpass.sh;
            export SUDO_ASKPASS='/tmp/sudo_askpass.sh';

            # Do something that requires sudo
            echo "127.0.0.1 myself" | sudo -A tee -a /etc/hosts;
          EOF

      - name: "🤡 >> Cleanup SSH keys"
        if: ${{ inputs.keep-keys }} == false
        run: |
          # Remove the SSH keys if the user does not want to keep them
          rm -f ~/.ssh/id_rsa ~/.ssh/id_rsa.pub;

      - name: "🔬 Run tests"
        run: |
          # 1. Access the server using `localhost`
          sshpass -p "test_password" \
            ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
              test_user@localhost "whoami"

          # 2. Access the server with an unknown host name
          sshpass -p "test_password" \
            ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
              test_user@unknown-server "whoami"

          # 3. Access the server using an unknown IP
          sshpass -p "test_password" \
            ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
              test_user@123.123.123.123 "cat /tmp/test-file.txt"
	name: Run tests

	on:
	workflow_dispatch:
	inputs:
	keep-keys:
	description: "Keep SSH keys after setup"
	required: true
	default: false
	type: boolean
	# push:

	env:
	# Fake SSH private and public keys for the SSH server service (https://8gwifi.org/sshfunctions.jsp/)
	TEST_PRIVATE_KEY: \|
	-----BEGIN RSA PRIVATE KEY-----
	MIIEpAIBAAKCAQEA5XV4VQt/S16JIAYbakh6o9WcqmYtSLwlU+k5ryt3Tl7fyhE5
	ebxiphR4E52ILNSyixHRkbWQNPhN7QA7WlvF88SYXNVdBN6R57c1Jd7JvFXP/ONF
	X/KAemE8RtJd3fZ7w0Xbk6zjoekHaWvbrjM5DH4HyEezSAjC7vtK3sr0nxDAP9Tn
	K+VC9AWG6gyEAf9iQjOg5Iq/Y5dlAN2BLOE+YOhEwbDfpXQLIrtzt2sGwceCY+LJ
	IKi3zHbpLL1eKwa56bUb3Ul86Hwvj7ax1GoRkf0Hs8sU6KPXCLfBwTdLj7N5p9Al
	1+PHQ99rBF6W/UC+SVtlbH2Q+MIiOGvdGF+A0wIDAQABAoIBAC41f+wwiowVF6xZ
	ToAS5I/F3uz58ripGyNQ3osGR9qChLLe0SJQ69TiXmQk312X3/Tdu8SKOeZQ8vB9
	kXZa8PxsZPqdBUSLxfpSDOP5f8rrxRz6b+gon/MFTew9RSYEE1x53wRYVucuVI3I
	aM8mBaEcaFjPB63EBe22sZc4bBb0GOOSKj4sIXTfh3ngCRFmTc0bg6YjJ6O4kFdI
	an0GfvRMARz+b3JgoWQ11+inZvJH0KSY74HuJ79JxeLl1M5UKDV0GEjeQyjaiuVv
	WfX4qmFN6wnWoC1PIFEBnRjeCt1g2vjvtJ+MMJx7PesBZE1Df+RTkirVhHaHXW3h
	31xp7wECgYEA/zufVWq6mZY4j4ZilEjMSVzLLppdpcGBoTslmFl/n40d2FQcjcye
	89sdJVEgN802b9ORqGosvASbnIo6LPEAMN40necP/fs24vpE3JJOrhg35WcDkFgT
	FNxbD7PNwRHLORjidwdSe0WHHpMwpa9VLO1wYWJL2sENZ2LoRxrLcBMCgYEA5iYE
	V/vuk8cRWl0d/TIhxZ4KbztXY8BDOtVWbNoI5kUgony3utiPMGbcuRyPA/4YXgJ0
	0OWz7izEvMZJKZ63JyMVJ6CEwVHyPx9t40aiOpZuz6yHZDZEYX8mOiGt5pl0y491
	Wmn7KXQ98yxBn90SsDQWVr2BSppSsuVa+8ehREECgYEAqmE9wwKFYGPEjCMUiZJz
	NQIJ7KlFnJIpm9zlAuez52mHo9K6YPpYnccGlNOsIzQNg+cDFB8Uj8qvqncn0Lps
	+zJKg6IsrcpWYHzbHTdZ6KPoJG55FZGF42YaL8hCsQDU3d+7xeOQbxQB2Co/zkrW
	HDDA1XGN25EGBp8jGdxMNBsCgYEA3rFuhowZwBhhLCTp/bNihkt0IUk0OCszYlxH
	sjAPaHD/MPqo9TzS4KzHar69i8l0XpLV4cRCJHZhL6BV7tXKty31LFDf5Aec9YM9
	2yrfkv043+47W7Y+2HAl1x37nSRjpQx9Ky1dgDEgOIpcPYm2qZTdALWBw2QsHTpc
	nT//RYECgYAPUTfmiVPMSMazYdh/LvDgzoTi3JAmPBb0TTspESverQHz2t0lyrgB
	vTTo1pYkB22yBwJriyV/sGt6IR4GUWNHwp8aE/GDDyNAg0NlojjxamA8MpNkT6Bi
	LdNFOCi5ZBVnOf8MFkRhFOQAkjXt0pDXuejDdqHSNz1yCmk8crs0Cg==
	-----END RSA PRIVATE KEY-----
	TEST_PUBLIC_KEY:
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDldXhVC39LXokgBhtqSHqj1ZyqZi1IvCVT6TmvK3dOXt/KETl5vGKmFHgTnYgs1LKLEdGRtZA0+E3tADtaW8XzxJhc1V0E3pHntzUl3sm8Vc/840Vf8oB6YTxG0l3d9nvDRduTrOOh6Qdpa9uuMzkMfgfIR7NICMLu+0reyvSfEMA/1Ocr5UL0BYbqDIQB/2JCM6Dkir9jl2UA3YEs4T5g6ETBsN+ldAsiu3O3awbBx4Jj4skgqLfMduksvV4rBrnptRvdSXzofC+PtrHUahGR/QezyxToo9cIt8HBN0uPs3mn0CXX48dD32sEXpb9QL5JW2VsfZD4wiI4a90YX4DT

	jobs:
	run-tests:
	runs-on: ubuntu-latest
	defaults:
	run:
	shell: bash
	services:
	ssh-server:
	image: linuxserver/openssh-server
	ports:
	- 2222:2222
	env:
	PASSWORD_ACCESS: true
	SUDO_ACCESS: true
	USER_NAME: "test_user"
	USER_PASSWORD: "test_password"
	TZ: "Etc/UTC"
	PUBLIC_KEY: ${{ env.TEST_PUBLIC_KEY }}
	steps:
	- name: "🛒 Checkout repository"
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: "🔍 Install dependencies"
	run: \|
	( source ./scripts/install.sh )

	- name: "🤡 >> Mock SSH ports"
	run: \|
	mkdir -p ~/.ssh;

	# Every SSH connection will be redirected to the SSH
	# server service running on port 2222
	cat <<'EOF' >> ~/.ssh/config
	Host *
	HostName localhost
	Port 2222
	EOF

	- name: "🤡 >> Setup SSH keys"
	run: \|
	# Create the SSH keys
	echo "${{ env.TEST_PRIVATE_KEY }}" > ~/.ssh/id_rsa;
	echo "${{ env.TEST_PUBLIC_KEY }}" > ~/.ssh/id_rsa.pub;
	chmod 600 ~/.ssh/id_rsa ~/.ssh/id_rsa.pub;

	- name: "🤡 >> Setup SSH server for testing"
	run: \|
	# Do all the setup you need, such as creating files, directories, changing configurations, etc...
	ssh -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null test_user@localhost <<-EOF
	echo "THIS IS A TEST" > /tmp/test-file.txt;

	# Use a temporary script to provide the password to sudo
	printf '#!/bin/bash\n/bin/echo "%s"\n' "test_password" > /tmp/sudo_askpass.sh && chmod +x /tmp/sudo_askpass.sh;
	export SUDO_ASKPASS='/tmp/sudo_askpass.sh';

	# Do something that requires sudo
	echo "127.0.0.1 myself" \| sudo -A tee -a /etc/hosts;
	EOF

	- name: "🤡 >> Cleanup SSH keys"
	if: ${{ inputs.keep-keys }} == false
	run: \|
	# Remove the SSH keys if the user does not want to keep them
	rm -f ~/.ssh/id_rsa ~/.ssh/id_rsa.pub;

	- name: "🔬 Run tests"
	run: \|
	# 1. Access the server using `localhost`
	sshpass -p "test_password" \
	ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
	test_user@localhost "whoami"

	# 2. Access the server with an unknown host name
	sshpass -p "test_password" \
	ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
	test_user@unknown-server "whoami"

	# 3. Access the server using an unknown IP
	sshpass -p "test_password" \
	ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
	test_user@123.123.123.123 "cat /tmp/test-file.txt"