Create SECURITY.md #376
Open
Create SECURITY.md #376
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mzachky
commented
Apr 3, 2025
- Add a new GitHub workflow file `version.yml` - Define environment variables `FOO` and `BAR` - Add multiple jobs for testing different scenarios - Include steps for SSH actions using different authentication methods - Implement scripts for executing remote SSH commands - Configure SSH key passphrase authentication - Add a job for using insecure cipher - Include a job for executing multiline SSH commands - Implement a job for deployment to multiple hosts with different ports - Add jobs for passing environment variables to scripts - Configure custom environment variables format - Implement a job for passing all ENV variables to a script - Include jobs for cloning private repositories and logging into container registries - Implement a job for switching users and testing IPv6 connectivity Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Remove the `testing06` job related to testing IPv6 from the GitHub Actions workflow. Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* ci: refactor CI workflow and improve robustness - Update GitHub Actions checkout step from version 1 to version 4 in multiple jobs within the CI workflow Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * docs: improve non-interactive shell command handling - Add a Q&A section to the README with information on resolving 'command not found' errors for non-interactive shells - Provide a solution involving editing `/etc/bash.bashrc` to ensure commands are added to the path in non-interactive shells Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * docs: improve documentation and CI robustness - Update acknowledgment for the interactive shell solution in the README.md file Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add example GitHub Actions workflow for executing remote SSH commands using password authentication Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Add a GitHub Action workflow to set up an OpenSSH server using Docker - Add RSA private key for SSH authentication in test data - Add RSA public key for SSH authentication in test data - Add OpenSSH private key for SSH authentication in test data - Add OpenSSH public key for SSH authentication in test data Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a 5-second sleep command to the SSH server workflow Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Remove an empty line in the jobs section - Reduce sleep duration from 5 seconds to 3 seconds - Add a new job `check-ssh-key` to the workflow - Add steps to create a new SSH server using Docker - Add steps to set environment variables for remote host and private key - Add a step to execute remote SSH commands using the `appleboy/ssh-action` GitHub Action Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add steps to set public and private keys in GitHub Actions environment - Replace inline public key assignment with environment variable reference - Remove redundant steps for setting private key in GitHub Actions environment Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Reduce sleep duration from 3 seconds to 2 seconds - Rename SSH job steps for clarity - Change port mapping from 2223 to 2222 Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Correct the name of the SSH job from "ssh by private" to "ssh by private key" - Add a job to test SSH with the correct key but wrong password - Add a job to test SSH with the correct password but wrong key Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a step to stop the script if a command error occurs using `appleboy/ssh-action@v1.0.3` - Configure SSH action with host, username, password, key, port, and other parameters - Add script to create a directory and list its contents Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a new job `support-key-passphrase` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add a step to the new job for running an SSH command with a passphrase - Add a new private SSH key file `id_passphrase` to the test data - Add a new public SSH key file `id_passphrase.pub` to the test data Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a job to handle missing SSH key passphrase with `appleboy/ssh-action` and `continue-on-error` set to true Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a step to execute multiline SSH commands using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add deployment step for multiple hosts with different ports using `appleboy/ssh-action@v1.0.3` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a new job `multiple-server` to the GitHub Actions workflow - Configure the job to run on `ubuntu-latest` - Add steps to checkout code, add public and private keys to environment variables, and create two new SSH servers using Docker - Update the `host` configuration to include both new SSH servers - Remove the `port` configuration - Replace the command `ls -lah` with `whoami` - Remove the `use_insecure_cipher` configuration Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Change port for REMOTE_HOST_02 from `2223` to `2222` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a new job `support-ed25519-key` to the GitHub Actions workflow - Add steps to the new job for checking out code, adding public and private keys to the environment, and creating a new SSH server - Add steps to the new job for testing the `id_ed25519` key using `appleboy/ssh-action` - Add a new private SSH key file `testdata/.ssh/id_ed25519` - Add a new public SSH key file `testdata/.ssh/id_ed25519.pub` Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Add a new job `testing-with-env` to the GitHub Actions workflow - Add steps to set up environment variables for public and private SSH keys - Add a step to create a new SSH server using Docker - Add a step to test the SSH connection using the `id_ed25519` key - Add a step to pass a single environment variable to the SSH action - Add a step to pass multiple environment variables to the SSH action - Add a step to use a custom format for environment variables - Add a step to pass all environment variables to the SSH action Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Remove the execution of `test.sh` from the SSH server workflow Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Change `SUDO_ACCESS` environment variable from `false` to `true` - Add a step to switch to root user using `appleboy/ssh-action@v1.0.3` with specified parameters and commands Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Replace SSH key authentication with password authentication in GitHub workflow Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Remove hardcoded user password from environment variables - Replace hardcoded password with a private key for SSH authentication Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Delete the GitHub Actions workflow file `version.yml` Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Rename workflow from "remote ssh command" to "testing main branch" - Remove environment variables `FOO` and `BAR` - Rename job `testing01` to `default-user-name-password` - Rename step "checkout" to "Checkout code" - Replace step "correct password but wrong key" with "create new ssh server" using Docker - Update SSH connection details to use environment variables for host, username, password, and port - Add new job `check-ssh-key` with steps to add public key to environment and create a new SSH server - Add new job `support-key-passphrase` with steps to add public key to environment and create a new SSH server - Add new job `multiple-server` to create and manage multiple SSH servers - Add new job `support-ed25519-key` with steps to add public key to environment and create a new SSH server - Add new job `testing-with-env` with steps to add public key to environment and create a new SSH server - Remove jobs `testing02`, `testing03`, `testing04`, and `testing05` - Rename workflow in `ssh-server.yml` from "openssh-server" to "testing stable version" Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Add note about the default value of `port` being `22` in the README Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Update drone-ssh Docker image version from `1.7.4` to `1.7.7` - Update DRONE_SSH_VERSION environment variable default from `1.7.4` to `1.7.7` Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a command to print the version of the target before running the main command Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Increase curl retry attempts from 3 to 5 - Add echo statements to display CLI version before and after running the version command Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Remove the `stop script if command error` step from GitHub workflows - Remove the `script_stop` option from the README and its translations - Remove the `script_stop` input from `action.yml` Signed-off-by: appleboy <appleboy.tw@gmail.com>
…ppleboy#351) - Add a new job `testing07` with steps to set environment variables and create an SSH server container - Set a special character password in environment variables - Run a Docker container for an OpenSSH server and capture its IP address - Add steps to SSH into the server using username and password authentication Signed-off-by: appleboy <appleboy.tw@gmail.com>
* ci: add SSH testing job to GitHub Actions workflow appleboy#335 (comment) - Add a new job `testing-script-stop` to the GitHub Actions workflow - Set up an SSH server using a Docker container within the new job - Capture the container's IP address and store it in the GitHub environment - Add a step to run an SSH command with stdout capture - Include a script to test conditional logic within the SSH command - Add a step to check and print the captured stdout from the SSH command Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * ci: improve GitHub Actions workflow with conditional checks - Add conditional checks in GitHub Actions workflow to handle 'True' and 'False' outputs Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * ci: standardize naming and validation of stdout steps - Rename `stdout` step to `stdout01` in the GitHub Actions workflow - Rename `check stdout` step to `check stdout 01` - Update references to `stdout` to `stdout01` in echo and grep commands - Add a new step `stdout02` for SSH command execution with stdout capture - Add a new step `check stdout 02` to validate the output of `stdout02` step Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Add a new job `testing-script-error` to the GitHub Actions workflow - Use `actions/checkout@v4` to check out the code - Create and run a new SSH server container using `lscr.io/linuxserver/openssh-server:latest` - Capture the container's IP address and set it as an environment variable - Add a step to test script errors with `continue-on-error: true` - Configure the test script to connect to the SSH server and run a command that will fail (`ls /nonexistent`) Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
…ion (appleboy#360) - Rename `script_file` to `script_path` in README.md - Rename `script_file` to `script_path` in README.zh-cn.md - Rename `script_file` to `script_path` in README.zh-tw.md Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Change the title format in the bug report template from single quotes to double quotes - Update `appleboy/ssh-action` version from `v1.2.0` to `v1.2.1` in multiple workflow files - Remove unnecessary blank lines in the bug report template Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Fixes appleboy#367 Add a note in the "Input variables" section of `README.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. Add a note in the "输入变量" section of `README.zh-cn.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. Add a note in the "輸入變數" section of `README.zh-tw.md` to mention that users can add `set -e` in their shell script to achieve similar functionality to the removed `script_stop` option. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/appleboy/ssh-action/issues/367?shareId=XXXX-XXXX-XXXX-XXXX).
- Clarify that synchronous execution is enabled if multiple hosts are specified - Specify that sensible defaults are used for allowed cipher algorithms if unspecified - Clarify that environment variables are passed to the shell script Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
- Change "GitHub Action" to "A GitHub Action" for clarity. - Update phrasing from "built using" to "built with" for consistency. - Revise "Make sure to follow the below steps" to "Follow the steps below" for improved readability. - Modify "best practice is create" to "It is best practice to create" for grammatical correctness. - Change "Add newly generated key into Authorized keys" to "Add the newly generated key to the Authorized keys" for clarity. - Update "Copy Private Key content and paste in Github Secrets" to "Copy the Private Key content and paste it into GitHub Secrets" for consistency. - Change "install `clip` command" to "install the `clip` command" for grammatical correctness. - Revise "See the detail information about" to "See detailed information about" for improved readability. - Update "A note from one of our readers" to "Note: Depending on your version of SSH" for clarity. - Change "Make sure that your key algorithm of choice is supported" to "Ensure that your chosen key algorithm is supported" for conciseness. - Revise "Alternatively, `ed25519` keys are accepted by default" to "Alternatively, `ed25519` keys are accepted by default in OpenSSH" for clarity. - Update "if you are running a command in a non interactive shell" to "If you are running a command in a non-interactive shell" for grammatical correctness. Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Add Simplified Chinese as an option in the language selection - Improve the phrasing of sentences for clarity in the GitHub Action description - Update instructions for enabling synchronous execution for multiple hosts - Clarify the default behavior for the cipher option - Change the wording for SSH command execution to enhance readability - Update the username in the example to a specific value - Revise instructions for copying SSH keys to include installation steps for the `clip` command - Adjust the phrasing for security practices regarding private key protection - Update the license statement to specify the MIT license more clearly - Change section titles for better consistency and clarity across languages Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Change the language options to include English as the first option. Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Add instructions for copying the private key to GitHub Secrets in English, Chinese (Simplified), and Chinese (Traditional) versions of the README. ref: appleboy#6 (comment) Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Update the default version of DRONE_SSH from 1.8.0 to 1.8.1 Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Update descriptions for various input parameters to provide clearer guidance on their usage. - Enhance the description for the `capture_stdout` parameter to specify its effect on action output. - Modify the description for the `stdout` output to clarify its relation to the `capture_stdout` setting. Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Update the version of `appleboy/ssh-action` from `v1.2.1` to `v1.2.2` in multiple files - Modify the bug report template to reflect the updated action version - Change the action version in the stable workflow file - Adjust the action version in the README files for consistency across documentation - Ensure the action version is updated in both Chinese language README files Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Update appleboy/ssh-action to use the generic v1 version instead of v1.2.2 for multiple steps within the workflow Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in the README.md file - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-cn.md - Update 'appleboy/ssh-action' version from 'v1.2.2' to 'v1' in various locations in README.zh-tw.md Signed-off-by: appleboy <appleboy.tw@gmail.com>
…ppleboy#374) - Add `log_error` function for error handling - Simplify the detection of client platform and architecture - Use `log_error` for unsupported platform or architecture handling - Use consistent quoting for variable expansions - Improve readability for `curl` and `chmod` commands - Simplify the commands for running and capturing stdout Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Clarify error message for unsupported platforms - Clarify error message for unsupported architectures - Change download message to indicate ongoing action - Expand CLI version header for clarity Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Update changelog order value from `4` to `5` Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Add input parameter `curl_insecure` to `action.yml` with a default value of false - Pass `curl_insecure` input to the action's environment in `action.yml` - Modify `entrypoint.sh` to conditionally add the `--insecure` option to curl if `INPUT_CURL_INSECURE` is true Signed-off-by: appleboy <appleboy.tw@gmail.com>
- Add `curl_insecure` option to README.md - Add `curl_insecure` option to README.zh-cn.md - Add `curl_insecure` option to README.zh-tw.md Signed-off-by: appleboy <appleboy.tw@gmail.com>
](https://github.com/Mzachky/starter-workflows/actions/workflows/sync-ghes.yaml)](./?mortyurl=https%3A%2F%2Fgithub.com%2FMzachky%2Fstarter-workflows%2Factions%2Fworkflows%2Fsync-ghes.yaml%5D%28https%3A%2F%2Fgithub.com%2FMzachky%2Fstarter-workflows%2Factions%2Fworkflows%2Fsync-ghes.yaml%2Fbadge.svg%29%5D%28https%3A%2F%2Fgithub.com%2FMzachky%2Fstarter-workflows%2Factions%2Fworkflows%2Fsync-ghes.yaml%29){kind=link}
|
div id="helioCheckoutContainer"> <script type="module" crossorigin src="https://embed.hel.io/assets/index-v1.js"></script> <script> document.addEventListener("DOMContentLoaded", () => { window.helioCheckout( document.getElementById("helioCheckoutContainer"), { paylinkId: "68206d9176c142eb6335277e", theme: {"themeMode":"dark"}, platform: "magic_eden", primaryColor: "#E42575", neutralColor: "#FFFFFF", } ); }); </script> |
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
|
div id="helioCheckoutContainer"> <script type="module" crossorigin src="https://embed.hel.io/assets/index-v1.js"></script> <script> document.addEventListener("DOMContentLoaded", () => { window.helioCheckout( document.getElementById("helioCheckoutContainer"), { paylinkId: "68206d9176c142eb6335277e", theme: {"themeMode":"dark"}, platform: "magic_eden", primaryColor: "#E42575", neutralColor: "#FFFFFF", } ); }); </script> |
Mzachky
commented
May 15, 2025
| about: Create a report to help us improve | ||
| title: "" | ||
| labels: bug | ||
| assignees: appleboy |
There was a problem hiding this comment.
Suggested change
| assignees: appleboy | |
| assignees: Selene.bio |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: executing remote ssh commands using password | ||
| uses: appleboy/ssh-action@v1.2.2 |
There was a problem hiding this comment.
Suggested change
| uses: appleboy/ssh-action@v1.2.2 | |
| uses: selenebio/ssh-action@v1.2.2 |
| host: ${{ env.REMOTE_HOST }} | ||
| username: linuxserver.io | ||
| password: password | ||
| port: 2222 |
There was a problem hiding this comment.
Suggested change
| port: 2222 | |
| port: 8080 |
| docker run -d \ | ||
| --name=openssh-server \ | ||
| --hostname=openssh-server \ | ||
| -p 2222:2222 \ |
There was a problem hiding this comment.
Suggested change
| -p 2222:2222 \ | |
| -p 8080:8080 \ |
| host: ${{ env.REMOTE_HOST }} | ||
| username: linuxserver.io | ||
| key: ${{ env.PRIVATE_KEY }} | ||
| port: 2222 |
There was a problem hiding this comment.
Suggested change
| port: 2222 | |
| port: 8080 |
| username: linuxserver.io | ||
| password: password | ||
| key: password | ||
| port: 2222 |
There was a problem hiding this comment.
Suggested change
| port: 2222 | |
| port: 8080 |
| docker run -d \ | ||
| --name=openssh-server \ | ||
| --hostname=openssh-server \ | ||
| -p 2222:2222 \ |
There was a problem hiding this comment.
Suggested change
| -p 2222:2222 \ | |
| -p 8080:8080 \ |
| sleep 2 | ||
|
|
||
| - name: ssh key passphrase | ||
| uses: appleboy/ssh-action@v1 |
There was a problem hiding this comment.
Suggested change
| uses: appleboy/ssh-action@v1 | |
| uses: selenebio/ssh-action@v1 |
| host: ${{ env.REMOTE_HOST }} | ||
| username: linuxserver.io | ||
| key: ${{ env.PRIVATE_KEY }} | ||
| port: 2222 |
There was a problem hiding this comment.
Suggested change
| port: 2222 | |
| port: 8080 |
| host: ${{ env.REMOTE_HOST }} | ||
| username: linuxserver.io | ||
| key: ${{ env.PRIVATE_KEY }} | ||
| port: 2222 |
There was a problem hiding this comment.
Suggested change
| port: 2222 | |
| port: 8080 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.