ssh-action/action.yml

name: "SSH Remote Commands"
description: "Executing remote ssh commands"
author: "Bo-Yi Wu"
inputs:
  host:
    description: "SSH host address or IP to connect to."
  port:
    description: "SSH port number for the connection."
    default: "22"
  passphrase:
    description: "Passphrase to decrypt the SSH private key if protected."
  username:
    description: "SSH username for authentication on the remote server."
  password:
    description: "SSH password for authentication (use secrets for sensitive data)."
  protocol:
    description: 'IP protocol version to use. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
    default: "tcp"
  sync:
    description: "When true, executes commands synchronously across multiple hosts (one after another)."
  use_insecure_cipher:
    description: "Enable additional legacy ciphers that might be less secure but more compatible with older systems."
  cipher:
    description: "Specify custom cipher algorithms for encryption. Leave empty to use secure defaults."
  timeout:
    description: "Maximum time to wait when establishing the SSH connection, e.g., '30s', '1m'."
    default: "30s"
  command_timeout:
    description: "Maximum execution time for the remote commands before terminating, e.g., '10m', '1h'."
    default: "10m"
  key:
    description: "Raw content of the SSH private key for authentication (use secrets for sensitive data)."
  key_path:
    description: "Path to the SSH private key file on the runner."
  fingerprint:
    description: "SHA256 fingerprint of the host public key for verification to prevent MITM attacks."
  proxy_host:
    description: "Proxy server hostname or IP if connecting through an SSH jump host."
  proxy_port:
    description: "SSH port number for the proxy connection."
    default: "22"
  proxy_username:
    description: "Username for authentication on the proxy server."
  proxy_password:
    description: "Password for authentication on the proxy server (use secrets for sensitive data)."
  proxy_protocol:
    description: 'IP protocol version for proxy. Options: "tcp" (default), "tcp4" (IPv4 only), or "tcp6" (IPv6 only).'
    default: "tcp"
  proxy_passphrase:
    description: "Passphrase to decrypt the proxy SSH private key if protected."
  proxy_timeout:
    description: "Maximum time to wait when establishing the proxy SSH connection, e.g., '30s', '1m'."
    default: "30s"
  proxy_key:
    description: "Raw content of the SSH proxy private key for authentication (use secrets for sensitive data)."
  proxy_key_path:
    description: "Path to the SSH proxy private key file on the runner."
  proxy_fingerprint:
    description: "SHA256 fingerprint of the proxy host public key for verification."
  proxy_cipher:
    description: "Specify custom cipher algorithms for proxy connection encryption."
  proxy_use_insecure_cipher:
    description: "Enable additional legacy ciphers for proxy connections (less secure but more compatible)."
  script:
    description: "Commands to execute on the remote server (inline script string)."
  script_path:
    description: "Path to a local file containing commands to execute on the remote server."
  envs:
    description: "Environment variables to expose to the remote script, format: key=value,key2=value2."
  envs_format:
    description: "Format specification for environment variable transfer (for advanced usage)."
  debug:
    description: "Set to true to enable verbose logging for troubleshooting connection issues."
  allenvs:
    description: "When true, passes all GitHub Actions environment variables to the remote script."
  request_pty:
    description: "Request a pseudo-terminal from the server (required for interactive commands or sudo)."
  capture_stdout:
    description: "When true, captures and returns standard output from the commands as action output."
    default: "false"

outputs:
  stdout:
    description: "Standard output of the executed commands when capture_stdout is enabled."
    value: ${{ steps.entrypoint.outputs.stdout }}

runs:
  using: "composite"
  steps:
    - name: Set GitHub Path
      run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
      shell: bash
      env:
        GITHUB_ACTION_PATH: ${{ github.action_path }}
    - id: entrypoint
      name: Run entrypoint.sh
      run: entrypoint.sh
      shell: bash
      env:
        GITHUB_ACTION_PATH: ${{ github.action_path }}
        INPUT_HOST: ${{ inputs.host }}
        INPUT_PORT: ${{ inputs.port }}
        INPUT_PROTOCOL: ${{ inputs.protocol }}
        INPUT_USERNAME: ${{ inputs.username }}
        INPUT_PASSWORD: ${{ inputs.password }}
        INPUT_PASSPHRASE: ${{ inputs.passphrase }}
        INPUT_KEY: ${{ inputs.key }}
        INPUT_KEY_PATH: ${{ inputs.key_path }}
        INPUT_FINGERPRINT: ${{ inputs.fingerprint }}
        INPUT_PROXY_HOST: ${{ inputs.proxy_host }}
        INPUT_PROXY_PORT: ${{ inputs.proxy_port }}
        INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }}
        INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }}
        INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }}
        INPUT_PROXY_KEY: ${{ inputs.proxy_key }}
        INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }}
        INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }}
        INPUT_TIMEOUT: ${{ inputs.timeout }}
        INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
        INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
        INPUT_SCRIPT: ${{ inputs.script }}
        INPUT_SCRIPT_FILE: ${{ inputs.script_path }}
        INPUT_ENVS: ${{ inputs.envs }}
        INPUT_ENVS_FORMAT: ${{ inputs.envs_format }}
        INPUT_DEBUG: ${{ inputs.debug }}
        INPUT_ALL_ENVS: ${{ inputs.allenvs }}
        INPUT_REQUEST_PTY: ${{ inputs.request_pty }}
        INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }}
        INPUT_CIPHER: ${{ inputs.cipher }}
        INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
        INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
        INPUT_SYNC: ${{ inputs.sync }}
        INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}

branding:
  icon: "terminal"
  color: "gray-dark"