-
Notifications
You must be signed in to change notification settings - Fork 1
195 lines (173 loc) · 8.08 KB
/
ssh-lite.yml
File metadata and controls
195 lines (173 loc) · 8.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
name: Ubuntu Linux SSH - lite
on:
workflow_dispatch:
inputs:
SSH_MAX_TIME:
description: "SSH session max duration (1–6 hrs)"
required: true
default: "2h"
type: choice
options:
- "1h"
- "2h"
- "3h"
- "4h"
- "5h"
- "5h45m"
NGROK_AUTH_TOKEN:
description: "ngrok API auth token"
required: false
default: ""
SWAP_SIZE:
description: "add Swap/virtual RAM in GBs"
required: false
default: 16
START_MINISERVE:
description: "Enable miniserve HTTP file server"
type: boolean
default: true
START_CLEAN_UP:
description: "Run disk cleanup (~78GB→125GB free, ~4min)"
type: boolean
default: false
jobs:
github-ssh:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Prepare environment
id: prepare
env:
NGROK_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
run: |
NGROK_AUTH_TOKEN=$(jq -r '.inputs.NGROK_AUTH_TOKEN' $GITHUB_EVENT_PATH)
echo ::add-mask::$NGROK_AUTH_TOKEN
if [ -n "$NGROK_AUTH_TOKEN" ]; then
NGROK_TOKEN="$NGROK_AUTH_TOKEN"
fi
echo NGROK_TOKEN=$NGROK_TOKEN >> $GITHUB_ENV
if [ -n "$NGROK_TOKEN" ] && [ "$NGROK_TOKEN" != "null" ]; then
echo "ngrok_token_not_empty=true" >> $GITHUB_OUTPUT
else
echo "ngrok_token_not_empty=false" >> $GITHUB_OUTPUT
fi
RAW_SLEEP_TIME="${{ github.event.inputs.SSH_MAX_TIME }}"
case "$RAW_SLEEP_TIME" in
1h) SLEEP_TIME=$((1 * 3600)) ;;
2h) SLEEP_TIME=$((2 * 3600)) ;;
3h) SLEEP_TIME=$((3 * 3600)) ;;
4h) SLEEP_TIME=$((4 * 3600)) ;;
5h) SLEEP_TIME=$((5 * 3600)) ;;
5h45m) SLEEP_TIME=$((5 * 3600 + 45 * 60)) ;;
esac
END_TIME=$((START_TIME + SLEEP_TIME))
echo "RAW_SLEEP_TIME=$RAW_SLEEP_TIME" >> $GITHUB_ENV
echo "SLEEP_TIME=$SLEEP_TIME" >> $GITHUB_ENV
mkdir -p /tmp/logs/miniserve/
mkdir -p /tmp/logs/cloudflared/
mkdir -p /tmp/logs/ngrok/
sudo apt update
sudo apt install -y jq
- name: Checkout
uses: actions/checkout@v4
- name: Clean-up
if: ${{ github.event.inputs.START_CLEAN_UP == 'true' }}
uses: rokibhasansagar/slimhub_actions@main
with:
retain: "nodejs_npm"
- name: Swap Setup
if: ${{ github.event.inputs.SWAP_SIZE > 0 }}
uses: pierotofy/set-swap-space@master
with:
swap-size-gb: ${{ github.event.inputs.SWAP_SIZE }}
- name: Install ngrok
continue-on-error: true
if: ${{ steps.prepare.outputs.ngrok_token_not_empty == 'true' }}
run: |
echo "test: $NGROK_TOKEN"
curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null
echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list
sudo apt update && sudo apt install -y ngrok
- name: Install cloudflared
continue-on-error: true
run: |
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared noble main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt update && sudo apt install -y cloudflared
- name: Setup SSH server
run: |
sudo apt install -y openssh-server
sudo mkdir -p /var/run/sshd
sudo useradd -m -s /bin/bash debuguser
echo "debuguser:password" | sudo chpasswd
sudo mkdir -p /home/debuguser/.ssh
echo "${{ secrets.SSH_PUBLIC_KEY }}" | sudo tee /home/debuguser/.ssh/authorized_keys
sudo chown -R debuguser:debuguser /home/debuguser/.ssh
sudo chmod 600 /home/debuguser/.ssh/authorized_keys
echo "debuguser ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/debuguser
sudo service ssh start
- name: Start miniserve
if: ${{ github.event.inputs.START_MINISERVE == 'true' }}
run: |
wget -q -nc https://github.com/svenstaro/miniserve/releases/download/v0.33.0/miniserve-0.33.0-x86_64-unknown-linux-gnu
chmod +x ./miniserve-0.33.0-x86_64-unknown-linux-gnu
nohup sudo ./miniserve-0.33.0-x86_64-unknown-linux-gnu / \
-p 8080 \
-i 0.0.0.0 \
--hidden \
--upload-files \
--mkdir \
--show-symlink-info \
--index index.html \
--header "Access-Control-Allow-Origin: *" \
--verbose \
> /tmp/logs/miniserve/latest.log 2>&1 &
- name: Start ngrok
if: ${{ steps.prepare.outputs.ngrok_token_not_empty == 'true' }}
continue-on-error: true
run: |
cd $GITHUB_WORKSPACE
pwd
chmod +x gen_ngrok_config.sh
./gen_ngrok_config.sh "$NGROK_TOKEN"
nohup ngrok start --all --config=./ngrok.yml > /tmp/logs/ngrok/latest.log &
sleep 5
echo "⏳ sleep for 5 seconds"
ngrok_dashboard_url=$(curl -s localhost:4040/api/tunnels | jq -r '.tunnels[] | select(.name=="dashboard" and .proto=="https") | .public_url')
ngrok_ssh_url=$(curl -s localhost:4040/api/tunnels | jq -r '.tunnels[] | select(.name=="ssh_server") | .public_url')
ngrok_miniserve_url=$(curl -s localhost:4040/api/tunnels | jq -r '.tunnels[] | select(.name=="miniserve" and .proto=="https") | .public_url')
ngrok_ssh_host=$(echo "$ngrok_ssh_url" | sed -E 's#^tcp://([^:]+):.*#\1#')
ngrok_ssh_port=$(echo "$ngrok_ssh_url" | sed -E 's#^tcp://[^:]+:(.*)$#\1#')
echo "🌐 Miniserve available at: $ngrok_miniserve_url"
echo "🔑 Connect with: ssh debuguser@$ngrok_ssh_host -p $ngrok_ssh_port"
echo "🔑 Connect with: sshpass -p 'password' ssh -o StrictHostKeyChecking=no debuguser@$ngrok_ssh_host -p $ngrok_ssh_port"
echo "👤 Default username: debuguser"
echo "🔑 Default password: password"
echo "TUNNEL: $ngrok_ssh_url"
- name: Start cloudflared
continue-on-error: true
run: |
nohup cloudflared tunnel --url http://localhost:80 2> /tmp/logs/cloudflared/dashboard.log &
nohup cloudflared tunnel --url http://localhost:8080 2> /tmp/logs/cloudflared/miniserve.log &
nohup cloudflared tunnel --url ssh://localhost:22 2> /tmp/logs/cloudflared/ssh.log &
sleep 10
echo "⏳ sleep for 10 seconds"
cloudflared_dashboard_url=$(grep -m1 -oE "https?://[a-zA-Z0-9.-]+\.trycloudflare\.com" /tmp/logs/cloudflared/dashboard.log)
cloudflared_miniserve_url=$(grep -m1 -oE "https?://[a-zA-Z0-9.-]+\.trycloudflare\.com" /tmp/logs/cloudflared/miniserve.log)
cloudflared_ssh_url=$(grep -m1 -oE "https?://[a-zA-Z0-9.-]+\.trycloudflare\.com" /tmp/logs/cloudflared/ssh.log)
cloudflared_ssh_host=$(echo "$cloudflared_ssh_url" | sed -E 's#https?://##')
echo "🌐 Miniserve available at: $cloudflared_miniserve_url"
echo "🔑 Connect with: ssh -o ProxyCommand=\"cloudflared access ssh --hostname %h\" debuguser@$cloudflared_ssh_host"
echo "🔑 Connect with: sshpass -p 'password' ssh -o StrictHostKeyChecking=no -o ProxyCommand=\"cloudflared access ssh --hostname %h\" debuguser@$cloudflared_ssh_host"
echo "👤 Default username: debuguser"
echo "🔑 Default password: password"
echo "TUNNEL: $cloudflared_ssh_url"
- name: Keep session alive
run: |
trap '' SIGINT SIGTERM
cd $GITHUB_WORKSPACE/backend
echo "⏳ Keeping SSH session alive for $RAW_TIME ($SLEEP_TIME seconds)"
echo "🔗 Updates available at: https://github.com/chunix64/github-action-ssh"
sleep "$SLEEP_TIME" || true