Skip to content
Build

added option to specify a network interface to use for the reverse ss… #186

Sign in to view logs

added option to specify a network interface to use for the reverse ss…

added option to specify a network interface to use for the reverse ss… #186

Workflow file for this run

.github/workflows/build.yml at dacbdaa
on:
release:
types:
- created
- edited # can remove once CI is confirmed working
push:
pull_request:
branches: [ main, master ]
name: Build
jobs:
lint:
name: Lint
runs-on: [ubuntu-20.04]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
- uses: pre-commit/action@v3.0.0
env:
# skip the check that throws on `main` branch
SKIP: no-commit-to-branch
build-deb:
name: Build Debian Package
# building a deb is super slow, but we're a public repo now, so it's free!!
runs-on: [ubuntu-20.04]
strategy:
matrix:
distribution: [focal]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Make cache dir
# needed because otherwise actions/cache throws a permission error
run: sudo mkdir --mode a=rwx --parents /var/cache/pbuilder
- name: Cache pbuilder base
id: cache-pbuilder-base
uses: actions/cache@v2
with:
path: |
/var/cache/pbuilder/base.tgz
key: ${{ runner.os }}-${{ matrix.distribution }}
- name: Install dependencies
run: |
sudo apt-get update && sudo apt-get install pbuilder debhelper -y
- name: Setup pdebuilderrc for cross-compiling
env:
PBUILDER_RC: |
# Faster than default, and is requried if we want to do cross-compiling
PBUILDERSATISFYDEPENDSCMD="/usr/lib/pbuilder/pbuilder-satisfydepends-apt"
run: |
echo "$PBUILDER_RC" | sudo tee -a /etc/pbuilderrc
- name: Build pbuilder base.tgz
if: steps.cache-pbuilder-base.outputs.cache-hit != 'true'
run: |
sudo pbuilder create --distribution ${{ matrix.distribution }} --debootstrapopts --variant=buildd
- name: Build .deb
run: |
mkdir -p '${{ runner.temp }}/pbuilder/result'
pdebuild --buildresult '${{ runner.temp }}/pbuilder/result' --debbuildopts "-us -uc" -- --distribution ${{ matrix.distribution }}
- name: Archive built debs
uses: actions/upload-artifact@v2
with:
name: built-debs
retention-days: 7
path: |
${{ runner.temp }}/pbuilder/result/*.deb
- name: Upload debs as Release Assets
# only run action if this is being run from a GitHub Release
if: ${{ github.event_name == 'release' }}
uses: actions/github-script@v5
env:
PBUILDER_RESULT_DIR: '${{ runner.temp }}/pbuilder/result'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const fs = require('fs').promises;
const {basename, join} = require("path");
const globber = await glob.create(join(process.env.PBUILDER_RESULT_DIR, "*.deb"));
const files = await globber.glob();
for (const filePath of files) {
console.log(`Uploading ${filePath}`);
const filePromise = fs.readFile(filePath);
// Determine content-length for header to upload asset
const {size: contentLength} = await fs.stat(filePath);
// Setup headers for API call, see Octokit Documentation:
// https://octokit.github.io/rest.js/#octokit-routes-repos-upload-release-asset for more information
const headers = {
'content-type': "application/vnd.debian.binary-package",
'content-length': contentLength,
};
// Upload a release asset
// API Documentation: https://developer.github.com/v3/repos/releases/#upload-a-release-asset
// Octokit Documentation: https://octokit.github.io/rest.js/v18#repos-upload-release-asset
try {
const uploadAssetResponse = await github.rest.repos.uploadReleaseAsset({
url: context.payload.release.upload_url,
headers,
name: basename(filePath),
data: await filePromise,
});
} catch (error) {
// upload errors are usually since the file already exists
console.error(`[skipped] Uploading ${basename(filePath)} failed: ${error}`);
}
}
test-deb:
name: Test Debian Package
needs: build-deb
runs-on: [ubuntu-20.04]
steps:
- uses: actions/download-artifact@v2
with:
name: built-debs
- name: Install ssh-legion from .deb
run: |
sudo apt-get install ./ssh-legion_*_all.deb -y
- name: Create config
env:
ssh_tunnel_config: |
Host ssh-server
Port 2222
HostName localhost
User linuxserver.io
IdentityFile ./key_from_github
StrictHostKeyChecking=no
run: |
ssh-keygen -t ed25519 -N "" -C "$(id -u -n)@$(uname -n)" -f key_from_github
echo "${ssh_tunnel_config}" > local-ssh-legion.config
- name: Create Docker image
env:
dockerfile: |
FROM lscr.io/linuxserver/openssh-server:latest
# Enable SSH tunneling (remote only)
RUN sed -i 's/^.*AllowTcpForwarding .*$/AllowTcpForwarding remote/g' /etc/ssh/sshd_config
run: |
echo "${dockerfile}" | podman build --file="-" --tag=reverse-ssh-legion-server
- name: Run Local SSH Server in background
id: start-podman-ssh-server
run: |
podman stop reverse-ssh-legion-server || true
podman run --rm --detach \
--name=reverse-ssh-legion-server \
--publish 2222:2222 \
--env PUBLIC_KEY="$(cat ./key_from_github.pub)" \
reverse-ssh-legion-server
# linuxserver/openssh-server doesn't have a healthcheck command
# so we just wait a few seconds for the server to start
sleep 5
- name: Run ssh-legion check
timeout-minutes: 1
run: |
ssh-legion --check --config local-ssh-legion.config --destination ssh-server
- name: Test for user@hostname:<port>+disconnected file
run: |
# ~ and * are quoted since they're expanded on the server, not locally
ssh -F local-ssh-legion.config ssh-server test -f "~/connections/$(whoami)@$(hostname):*+disconnected"
- name: Stop Podman SSH Server
if: ${{ always() && steps.start-podman-ssh-server.conclusion == 'success' }}
run: podman stop reverse-ssh-legion-server