From 9315d47124578c43362ac2c80885336da6d660ce Mon Sep 17 00:00:00 2001 From: Demitrious Kelly Date: Wed, 25 Mar 2020 14:52:17 -0700 Subject: [PATCH 01/10] attempt to create known_hosts --- dist/index.js | 9 ++++++++- src/main.ts | 10 ++++++++-- src/types.ts | 5 ++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/dist/index.js b/dist/index.js index d40a6ca..eb3e90e 100644 --- a/dist/index.js +++ b/dist/index.js @@ -665,6 +665,12 @@ const exec = __importStar(__webpack_require__(986)); function run() { return __awaiter(this, void 0, void 0, function* () { const userArguments = getUserArguments(); + if ('' !== userArguments.knownHosts) { + yield exec.exec(`mkdir -p /home/runner/.ssh`); + yield exec.exec(`chmod 0700 /home/runner/.ssh`); + yield exec.exec(`echo ${userArguments.knownHosts} > /home/runner/.ssh/known_hosts`); + yield exec.exec(`chmod 0700 /home/runner/.ssh/known_hosts`); + } try { yield syncFiles(userArguments); console.log("✅ Deploy Complete"); @@ -682,7 +688,8 @@ function getUserArguments() { ftp_username: core.getInput("ftp-username", { required: true }), ftp_password: core.getInput("ftp-password", { required: true }), local_dir: withDefault(core.getInput("local-dir"), "./"), - gitFtpArgs: withDefault(core.getInput("git-ftp-args"), "") + gitFtpArgs: withDefault(core.getInput("git-ftp-args"), ""), + knownHosts: withDefault(core.getInput("known-hosts"), "") }; } function withDefault(value, defaultValue) { diff --git a/src/main.ts b/src/main.ts index fbff22f..f6f2638 100644 --- a/src/main.ts +++ b/src/main.ts @@ -4,7 +4,12 @@ import { IActionArguments } from './types'; async function run() { const userArguments = getUserArguments(); - + if ( '' !== userArguments.knownHosts ) { + await exec.exec(`mkdir -p /home/runner/.ssh`); + await exec.exec(`chmod 0700 /home/runner/.ssh`); + await exec.exec(`echo ${userArguments.knownHosts} > /home/runner/.ssh/known_hosts`); + await exec.exec(`chmod 0700 /home/runner/.ssh/known_hosts`); + } try { await syncFiles(userArguments); @@ -25,7 +30,8 @@ function getUserArguments(): IActionArguments { ftp_username: core.getInput("ftp-username", { required: true }), ftp_password: core.getInput("ftp-password", { required: true }), local_dir: withDefault(core.getInput("local-dir"), "./"), - gitFtpArgs: withDefault(core.getInput("git-ftp-args"), "") + gitFtpArgs: withDefault(core.getInput("git-ftp-args"), ""), + knownHosts: withDefault(core.getInput("known-hosts"), "") }; } diff --git a/src/types.ts b/src/types.ts index deb95be..9110ddc 100644 --- a/src/types.ts +++ b/src/types.ts @@ -8,6 +8,9 @@ export interface IActionArguments { /** @default "" */ gitFtpArgs: string | undefined; + + /** @default "" */ + knownHosts: string | undefined; } /** @@ -25,4 +28,4 @@ export enum gitFTPExitCode { NotAGitProject = 8, PreFTPPushHookFailed = 9, LocalFileOperationFailed = 10 -} \ No newline at end of file +} From 2863e02edae0a7a063a5c3043016c0576c9de47d Mon Sep 17 00:00:00 2001 From: Demitrious Kelly Date: Wed, 25 Mar 2020 15:03:56 -0700 Subject: [PATCH 02/10] home? --- dist/index.js | 16 ++++++++++++---- src/main.ts | 14 ++++++++++---- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/dist/index.js b/dist/index.js index eb3e90e..67febc7 100644 --- a/dist/index.js +++ b/dist/index.js @@ -666,10 +666,18 @@ function run() { return __awaiter(this, void 0, void 0, function* () { const userArguments = getUserArguments(); if ('' !== userArguments.knownHosts) { - yield exec.exec(`mkdir -p /home/runner/.ssh`); - yield exec.exec(`chmod 0700 /home/runner/.ssh`); - yield exec.exec(`echo ${userArguments.knownHosts} > /home/runner/.ssh/known_hosts`); - yield exec.exec(`chmod 0700 /home/runner/.ssh/known_hosts`); + try { + yield exec.exec(`mkdir -v -p $HOME/.ssh`); + yield exec.exec(`chmod 700 $HOME/.ssh`); + yield exec.exec(`echo ${userArguments.knownHosts} > $HOME/.ssh/known_hosts`); + yield exec.exec(`chmod 755 $HOME/.ssh/known_hosts`); + console.log("✅ Configured known_hosts"); + } + catch (error) { + console.error("⚠️ Error configuring known_hosts"); + core.setFailed(error.message); + ; + } } try { yield syncFiles(userArguments); diff --git a/src/main.ts b/src/main.ts index f6f2638..64973d9 100644 --- a/src/main.ts +++ b/src/main.ts @@ -5,10 +5,16 @@ import { IActionArguments } from './types'; async function run() { const userArguments = getUserArguments(); if ( '' !== userArguments.knownHosts ) { - await exec.exec(`mkdir -p /home/runner/.ssh`); - await exec.exec(`chmod 0700 /home/runner/.ssh`); - await exec.exec(`echo ${userArguments.knownHosts} > /home/runner/.ssh/known_hosts`); - await exec.exec(`chmod 0700 /home/runner/.ssh/known_hosts`); + try { + await exec.exec(`mkdir -v -p $HOME/.ssh`); + await exec.exec(`chmod 700 $HOME/.ssh`); + await exec.exec(`echo ${userArguments.knownHosts} > $HOME/.ssh/known_hosts`); + await exec.exec(`chmod 755 $HOME/.ssh/known_hosts`); + console.log("✅ Configured known_hosts"); + } catch( error ) { + console.error("⚠️ Error configuring known_hosts") + core.setFailed(error.message);; + } } try { await syncFiles(userArguments); From 034d21096921d84a4fafa4008c8e5b889b002df9 Mon Sep 17 00:00:00 2001 From: Demitrious Kelly Date: Wed, 25 Mar 2020 15:15:12 -0700 Subject: [PATCH 03/10] more spaghetti at the wall --- dist/index.js | 8 ++++---- src/main.ts | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/dist/index.js b/dist/index.js index 67febc7..0ea1a93 100644 --- a/dist/index.js +++ b/dist/index.js @@ -667,10 +667,10 @@ function run() { const userArguments = getUserArguments(); if ('' !== userArguments.knownHosts) { try { - yield exec.exec(`mkdir -v -p $HOME/.ssh`); - yield exec.exec(`chmod 700 $HOME/.ssh`); - yield exec.exec(`echo ${userArguments.knownHosts} > $HOME/.ssh/known_hosts`); - yield exec.exec(`chmod 755 $HOME/.ssh/known_hosts`); + yield exec.exec(`mkdir -v -p ${process.env['HOME']}/.ssh`); + yield exec.exec(`chmod 700 ${process.env['HOME']}/.ssh`); + yield exec.exec(`echo "${userArguments.knownHosts}" > ${process.env['HOME']}/.ssh/known_hosts`); + yield exec.exec(`chmod 755 ${process.env['HOME']}/.ssh/known_hosts`); console.log("✅ Configured known_hosts"); } catch (error) { diff --git a/src/main.ts b/src/main.ts index 64973d9..4011b72 100644 --- a/src/main.ts +++ b/src/main.ts @@ -6,10 +6,10 @@ async function run() { const userArguments = getUserArguments(); if ( '' !== userArguments.knownHosts ) { try { - await exec.exec(`mkdir -v -p $HOME/.ssh`); - await exec.exec(`chmod 700 $HOME/.ssh`); - await exec.exec(`echo ${userArguments.knownHosts} > $HOME/.ssh/known_hosts`); - await exec.exec(`chmod 755 $HOME/.ssh/known_hosts`); + await exec.exec(`mkdir -v -p ${process.env['HOME']}/.ssh`); + await exec.exec(`chmod 700 ${process.env['HOME']}/.ssh`); + await exec.exec(`echo "${userArguments.knownHosts}" > ${process.env['HOME']}/.ssh/known_hosts`); + await exec.exec(`chmod 755 ${process.env['HOME']}/.ssh/known_hosts`); console.log("✅ Configured known_hosts"); } catch( error ) { console.error("⚠️ Error configuring known_hosts") From db3b78d8e7276dbef147f08e5062b227446fc518 Mon Sep 17 00:00:00 2001 From: Demitrious Kelly Date: Wed, 25 Mar 2020 15:28:33 -0700 Subject: [PATCH 04/10] more spaghetti at the wall [2] --- dist/index.js | 17 ++++++++++++++++- src/main.ts | 10 +++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index 0ea1a93..ab6bc08 100644 --- a/dist/index.js +++ b/dist/index.js @@ -659,9 +659,13 @@ var __importStar = (this && this.__importStar) || function (mod) { result["default"] = mod; return result; }; +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(__webpack_require__(470)); const exec = __importStar(__webpack_require__(986)); +const fs_1 = __importDefault(__webpack_require__(747)); function run() { return __awaiter(this, void 0, void 0, function* () { const userArguments = getUserArguments(); @@ -669,7 +673,11 @@ function run() { try { yield exec.exec(`mkdir -v -p ${process.env['HOME']}/.ssh`); yield exec.exec(`chmod 700 ${process.env['HOME']}/.ssh`); - yield exec.exec(`echo "${userArguments.knownHosts}" > ${process.env['HOME']}/.ssh/known_hosts`); + fs_1.default.writeFile(process.env['HOME'] + '/.ssh/known_hosts', userArguments.knownHosts, (err) => { + if (err) + throw err; + console.log('Wrote ' + process.env['HOME'] + '/.ssh/known_hosts'); + }); yield exec.exec(`chmod 755 ${process.env['HOME']}/.ssh/known_hosts`); console.log("✅ Configured known_hosts"); } @@ -1016,6 +1024,13 @@ module.exports = require("path"); /***/ }), +/***/ 747: +/***/ (function(module) { + +module.exports = require("fs"); + +/***/ }), + /***/ 986: /***/ (function(__unusedmodule, exports, __webpack_require__) { diff --git a/src/main.ts b/src/main.ts index 4011b72..8262958 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,5 +1,6 @@ import * as core from '@actions/core'; import * as exec from '@actions/exec'; +import fs from 'fs'; import { IActionArguments } from './types'; async function run() { @@ -8,7 +9,14 @@ async function run() { try { await exec.exec(`mkdir -v -p ${process.env['HOME']}/.ssh`); await exec.exec(`chmod 700 ${process.env['HOME']}/.ssh`); - await exec.exec(`echo "${userArguments.knownHosts}" > ${process.env['HOME']}/.ssh/known_hosts`); + fs.writeFile( + process.env['HOME'] + '/.ssh/known_hosts', + userArguments.knownHosts, + (err) => { + if (err) throw err; + console.log('Wrote ' + process.env['HOME'] + '/.ssh/known_hosts'); + } + ); await exec.exec(`chmod 755 ${process.env['HOME']}/.ssh/known_hosts`); console.log("✅ Configured known_hosts"); } catch( error ) { From af948b80607eb0d13a18a3c2f03d6d238dd8f68e Mon Sep 17 00:00:00 2001 From: Sam Kirkland Date: Mon, 30 Mar 2020 23:20:38 -0500 Subject: [PATCH 05/10] Update main.ts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Code Cleanup changes: - Pulled out this PR into a new function `configureHost` - Placed args.knownHosts empty at the top of the function, this is known as "fail fast" and helps make the code more readable. Instead of wrapping our code in if/else blocks. - Converted fs.writeFile to a awaitable function to make it more readable - Pulled out sshFolder into a const - Removed `console.log('Wrote ' + process.env['HOME'] + '/.ssh/known_hosts');` logging. Probably not needed because we log `✅ Configured known_hosts` just 2 lines later - Small formatting changes Bug fixes: - Converted fs.writeFile to a awaitable function, previously the code continued to execute so this could open up a race condition. Also it's more readable :) - Race condition example: Previously we asked node to write the file `known_hosts` but we never verified the IO operation completed before modifying the files permission, or deploying the site. If this IO operation wasn't immediate the next function would throw or the deploy would error out. - Any exception within the new method was swallowed because we had a catch without a throw. In this case let's end the program run instead of attempting to deploy - --- src/main.ts | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/src/main.ts b/src/main.ts index 8262958..ffb3699 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,30 +1,16 @@ import * as core from '@actions/core'; import * as exec from '@actions/exec'; import fs from 'fs'; +import { promisify } from 'util'; import { IActionArguments } from './types'; +const writeFileAsync = promisify(fs.writeFile); + async function run() { const userArguments = getUserArguments(); - if ( '' !== userArguments.knownHosts ) { - try { - await exec.exec(`mkdir -v -p ${process.env['HOME']}/.ssh`); - await exec.exec(`chmod 700 ${process.env['HOME']}/.ssh`); - fs.writeFile( - process.env['HOME'] + '/.ssh/known_hosts', - userArguments.knownHosts, - (err) => { - if (err) throw err; - console.log('Wrote ' + process.env['HOME'] + '/.ssh/known_hosts'); - } - ); - await exec.exec(`chmod 755 ${process.env['HOME']}/.ssh/known_hosts`); - console.log("✅ Configured known_hosts"); - } catch( error ) { - console.error("⚠️ Error configuring known_hosts") - core.setFailed(error.message);; - } - } + try { + await configureHost(userArguments); await syncFiles(userArguments); console.log("✅ Deploy Complete"); @@ -37,6 +23,26 @@ async function run() { run(); +async function configureHost(args: IActionArguments): Promise { + if (args.knownHosts === "") { + return; + } + + try { + const sshFolder = `${process.env['HOME']}/.ssh`; + + await exec.exec(`mkdir -v -p ${sshFolder}`); + await exec.exec(`chmod 700 ${sshFolder}`); + writeFileAsync(`${sshFolder}/known_hosts`, args.knownHosts); + await exec.exec(`chmod 755 ${sshFolder}/known_hosts`); + + console.log("✅ Configured known_hosts"); + } + catch (error) { + console.error("⚠️ Error configuring known_hosts"); + throw error; + } +} function getUserArguments(): IActionArguments { return { From 4938a6057eb15da5f1e97ef589f83e35cfaae205 Mon Sep 17 00:00:00 2001 From: Demitrious Kelly Date: Tue, 31 Mar 2020 10:00:49 -0700 Subject: [PATCH 06/10] README update, and rebuild of index.js --- README.md | 5 +++++ dist/index.js | 47 +++++++++++++++++++++++++++++------------------ 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index f53bbeb..3677e1b 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ I recommend you store your `ftp-password` as a secret. | `ftp-password` | Yes | CrazyUniquePassword&%123 | | FTP account password | | `local-dir` | No | deploy/ | ./ | Which local folder to deploy, path should be relative to the root and should include trailing slash. `./` is the root of the project | | `git-ftp-args` | No | See `git-ftp-args` section below | | Custom git-ftp arguments, this field is passed through directly into the git-ftp script | +| `known-hosts` | No | ```hostname ssh-rsa AAAAB3NzaC1y...``` | | The desired contents of your .ssh/known_hosts file | #### Advanced options using `git-ftp-args` Custom arguments, this field is passed through directly into the git-ftp script. See [git-ftp's manual](https://github.com/git-ftp/git-ftp/blob/master/man/git-ftp.1.md) for all options. @@ -73,6 +74,10 @@ Below is an incomplete list of commonly used args: | `--insecure` | Don't verify server's certificate | | `--cacert ` | Use as CA certificate store. Useful when a server has a self-signed certificate | +#### SFTP (FTP ovder SSH) +If you are getting a curl error similar to `SSL peer certificate or SSH remote key was not OK` and you are using SFTP (which is different from FTPS) then you need to supply a known_hosts entry via the `known-hosts` configuration option.. + +If you are on Linux, or OSX (using homebrew) you can install the OpenSSH packages and use `ssh-keyscan ` to get the known_hosts value needed for the server you are connecting to. ### Ignore specific files when deploying Add patterns to `.git-ftp-ignore` and all matching file names will be ignored. The patterns are interpreted as shell glob patterns. diff --git a/dist/index.js b/dist/index.js index ab6bc08..c0a4f8d 100644 --- a/dist/index.js +++ b/dist/index.js @@ -666,28 +666,13 @@ Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(__webpack_require__(470)); const exec = __importStar(__webpack_require__(986)); const fs_1 = __importDefault(__webpack_require__(747)); +const util_1 = __webpack_require__(669); +const writeFileAsync = util_1.promisify(fs_1.default.writeFile); function run() { return __awaiter(this, void 0, void 0, function* () { const userArguments = getUserArguments(); - if ('' !== userArguments.knownHosts) { - try { - yield exec.exec(`mkdir -v -p ${process.env['HOME']}/.ssh`); - yield exec.exec(`chmod 700 ${process.env['HOME']}/.ssh`); - fs_1.default.writeFile(process.env['HOME'] + '/.ssh/known_hosts', userArguments.knownHosts, (err) => { - if (err) - throw err; - console.log('Wrote ' + process.env['HOME'] + '/.ssh/known_hosts'); - }); - yield exec.exec(`chmod 755 ${process.env['HOME']}/.ssh/known_hosts`); - console.log("✅ Configured known_hosts"); - } - catch (error) { - console.error("⚠️ Error configuring known_hosts"); - core.setFailed(error.message); - ; - } - } try { + yield configureHost(userArguments); yield syncFiles(userArguments); console.log("✅ Deploy Complete"); } @@ -698,6 +683,25 @@ function run() { }); } run(); +function configureHost(args) { + return __awaiter(this, void 0, void 0, function* () { + if (args.knownHosts === "") { + return; + } + try { + const sshFolder = `${process.env['HOME']}/.ssh`; + yield exec.exec(`mkdir -v -p ${sshFolder}`); + yield exec.exec(`chmod 700 ${sshFolder}`); + writeFileAsync(`${sshFolder}/known_hosts`, args.knownHosts); + yield exec.exec(`chmod 755 ${sshFolder}/known_hosts`); + console.log("✅ Configured known_hosts"); + } + catch (error) { + console.error("⚠️ Error configuring known_hosts"); + throw error; + } + }); +} function getUserArguments() { return { ftp_server: core.getInput("ftp-server", { required: true }), @@ -1024,6 +1028,13 @@ module.exports = require("path"); /***/ }), +/***/ 669: +/***/ (function(module) { + +module.exports = require("util"); + +/***/ }), + /***/ 747: /***/ (function(module) { From 481f9001ff7787a54094d44a4f6dfda2f253bc7a Mon Sep 17 00:00:00 2001 From: apokalyptik Date: Tue, 31 Mar 2020 10:10:10 -0700 Subject: [PATCH 07/10] work on formatting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3677e1b..afb312e 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ I recommend you store your `ftp-password` as a secret. | `ftp-password` | Yes | CrazyUniquePassword&%123 | | FTP account password | | `local-dir` | No | deploy/ | ./ | Which local folder to deploy, path should be relative to the root and should include trailing slash. `./` is the root of the project | | `git-ftp-args` | No | See `git-ftp-args` section below | | Custom git-ftp arguments, this field is passed through directly into the git-ftp script | -| `known-hosts` | No | ```hostname ssh-rsa AAAAB3NzaC1y...``` | | The desired contents of your .ssh/known_hosts file | +| `known-hosts` | No | hostname ssh-rsa AAAAB3NzaC1y ... | | The desired contents of your .ssh/known_hosts file | #### Advanced options using `git-ftp-args` Custom arguments, this field is passed through directly into the git-ftp script. See [git-ftp's manual](https://github.com/git-ftp/git-ftp/blob/master/man/git-ftp.1.md) for all options. From c9f0bcd8782bd90f34d87c2ce839299fdcce2f3d Mon Sep 17 00:00:00 2001 From: apokalyptik Date: Tue, 31 Mar 2020 10:10:56 -0700 Subject: [PATCH 08/10] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afb312e..8f87dbb 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ Below is an incomplete list of commonly used args: | `--insecure` | Don't verify server's certificate | | `--cacert ` | Use as CA certificate store. Useful when a server has a self-signed certificate | -#### SFTP (FTP ovder SSH) +#### SFTP (FTP over SSH) If you are getting a curl error similar to `SSL peer certificate or SSH remote key was not OK` and you are using SFTP (which is different from FTPS) then you need to supply a known_hosts entry via the `known-hosts` configuration option.. If you are on Linux, or OSX (using homebrew) you can install the OpenSSH packages and use `ssh-keyscan ` to get the known_hosts value needed for the server you are connecting to. From b890f82a46148eb46d5dd3863bfec5e73753cb85 Mon Sep 17 00:00:00 2001 From: Sam Kirkland Date: Thu, 2 Apr 2020 00:47:59 -0500 Subject: [PATCH 09/10] Update README.md I tested this out on my host, added commands for windows 10 and moved the docs around a bit --- README.md | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 8f87dbb..139c7aa 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ I recommend you store your `ftp-password` as a secret. | `ftp-password` | Yes | CrazyUniquePassword&%123 | | FTP account password | | `local-dir` | No | deploy/ | ./ | Which local folder to deploy, path should be relative to the root and should include trailing slash. `./` is the root of the project | | `git-ftp-args` | No | See `git-ftp-args` section below | | Custom git-ftp arguments, this field is passed through directly into the git-ftp script | -| `known-hosts` | No | hostname ssh-rsa AAAAB3NzaC1y ... | | The desired contents of your .ssh/known_hosts file | +| `known-hosts` | No | hostname ssh-rsa AAAAB3NzaC1y ... | | The desired contents of your .ssh/known_hosts file. See [known hosts setup](#known-hosts-setup) | #### Advanced options using `git-ftp-args` Custom arguments, this field is passed through directly into the git-ftp script. See [git-ftp's manual](https://github.com/git-ftp/git-ftp/blob/master/man/git-ftp.1.md) for all options. @@ -74,11 +74,6 @@ Below is an incomplete list of commonly used args: | `--insecure` | Don't verify server's certificate | | `--cacert ` | Use as CA certificate store. Useful when a server has a self-signed certificate | -#### SFTP (FTP over SSH) -If you are getting a curl error similar to `SSL peer certificate or SSH remote key was not OK` and you are using SFTP (which is different from FTPS) then you need to supply a known_hosts entry via the `known-hosts` configuration option.. - -If you are on Linux, or OSX (using homebrew) you can install the OpenSSH packages and use `ssh-keyscan ` to get the known_hosts value needed for the server you are connecting to. - ### Ignore specific files when deploying Add patterns to `.git-ftp-ignore` and all matching file names will be ignored. The patterns are interpreted as shell glob patterns. Here are some glob pattern examples: @@ -188,7 +183,7 @@ jobs: Use the legacy FTP over a secure encrypted connection. -Notes about sftp: +Notes about ftps: - Most hosts don't offer FTPS, it's more common on windows/.net hosts and less common on linux hosting - Most hosts don't have a correct certificate setup for ftp domains, [even my host doesn't do it right](https://ftp.samkirkland.com/). This means you'll likely have to add `--insecure` to `git-ftp-args` @@ -224,6 +219,22 @@ Similar in name to FTP but this protocol is entirely new and requires SSH access - You will need to create a **SSH** user to deploy over SFTP. Normally this is your cpanel or hosting providers username and password - Most web hosts change the default port (21), check with your host for your port number + +##### [Setting up `known-hosts` allows you to remove the `--insecure` argument.](#known-hosts-setup) +**Windows** +In powershell run `ssh-keyscan -p ` and copy the hash output +Example for samkirkland.com `ssh-keyscan -p 7822 samkirkland.com` + + +**Linux, or OSX (using homebrew)** +Install the OpenSSH packages and use `ssh-keyscan ` and copy the hash output + +Add the `known-hosts` argument with your hosts hash +Example: `knownhosts: ssh-rsa AAAAB3Nza...H1Q5Spw==` + +*Note: If you receive a `Connection refused` error, you must specify the ssh port to your host* +*Note: You will have to repeat this step when your certificate renews (Let's Encrypt automatically renews every 60 days)* + ```yml on: push name: Publish Website over SFTP @@ -242,7 +253,7 @@ jobs: ftp-server: sftp://ftp.samkirkland.com:7280/ ftp-username: mySFTPUsername ftp-password: ${{ secrets.SFTP_PASSWORD }} - git-ftp-args: --insecure # if your certificate is setup correctly this can be removed + git-ftp-args: --insecure # if your certificate is setup correctly this can be removed (see known-hosts argument) ``` @@ -329,6 +340,9 @@ jobs: * Verify you **don't** have the `--all` git-ftp-args flag set 6. How do I set a upload timeout? * github has a built-in `timeout-minutes` option. Place `timeout-minutes: X` before the `steps:` line. Timeout defaults to 360 minutes. +7. If you are getting a curl error similar to `SSL peer certificate or SSH remote key was not OK` + * **Fix 1:** Whitelist your host via the `known-hosts` configuration option. See [known hosts setup](#known-hosts-setup) in SFTP + * **Fix 2:** Add `--insecure` option ### Debugging locally From 97865be6a0a8ccfe219a34da632e737ce5a80100 Mon Sep 17 00:00:00 2001 From: Sam Kirkland Date: Sat, 4 Apr 2020 15:43:55 -0500 Subject: [PATCH 10/10] Update README.md Removed incorrect information about known_hosts expiring --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 139c7aa..ccde115 100644 --- a/README.md +++ b/README.md @@ -233,7 +233,6 @@ Add the `known-hosts` argument with your hosts hash Example: `knownhosts: ssh-rsa AAAAB3Nza...H1Q5Spw==` *Note: If you receive a `Connection refused` error, you must specify the ssh port to your host* -*Note: You will have to repeat this step when your certificate renews (Let's Encrypt automatically renews every 60 days)* ```yml on: push