Merge pull request #1 from aosus/Tailscale-ssh

FarisZR · web-flow · commit ab8858532fa4 · 2023-02-14T20:18:54.000+01:00
Add Tailscale SSH support
diff --git a/README.md b/README.md
@@ -37,6 +37,10 @@ Docker-compose runtime arguments and options. Below is a common usage example:
 
 Specify Remote Docker host. The input value must be in the following format (user@host)
 
+### `tailscale_ssh`
+Enables Tailscale ssh mode, which uses managed ssh keys from tailscale.
+When enabled, ssh_private_key and ssh_public_key aren't required
+
 ### `ssh_public_key`
 
 Remote Docker SSH public key.
diff --git a/action.yml b/action.yml
@@ -7,10 +7,11 @@ inputs:
     required: true
   ssh_public_key:
     description: Remote Docker SSH public key
-    required: true
   ssh_private_key:
     description: SSH private key used to connect to the docker host
-    required: true
+  tailscale_ssh:
+    description: Use Tailscale SSH to conncet to the server with managed SSH keys
+    default: 'false'
   args:
     description: Deployment command args.
     required: true
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -13,14 +13,21 @@ if [ -z "$INPUT_REMOTE_DOCKER_HOST" ]; then
     exit 1
 fi
 
-if [ -z "$INPUT_SSH_PUBLIC_KEY" ]; then
-    echo "Input ssh_public_key is required!"
-    exit 1
-fi
-
-if [ -z "$INPUT_SSH_PRIVATE_KEY" ]; then
-    echo "Input ssh_private_key is required!"
-    exit 1
+# Ignore SSH keys when using Tailscale SSH
+if "$TAILSCALE_SSH"
+then
+  echo "Tailscale SSH mode enabled, Manual SSH keys not required"
+else
+    echo "Normal SSH mode, checking SSH keys"
+    if [ -z "$INPUT_SSH_PUBLIC_KEY" ]; then
+        echo "Input ssh_public_key is required!"
+        exit 1
+    fi
+
+    if [ -z "$INPUT_SSH_PRIVATE_KEY" ]; then
+        echo "Input ssh_private_key is required!"
+        exit 1
+    fi
 fi
 
 if [ -z "$INPUT_ARGS" ]; then
@@ -37,26 +44,30 @@ if [ -z "$INPUT_SSH_PORT" ]; then
 fi
 
 STACK_FILE=${INPUT_STACK_FILE_NAME}
-DEPLOYMENT_COMMAND_OPTIONS="--host ssh://$INPUT_REMOTE_DOCKER_HOST:$INPUT_SSH_PORT"
-
-DEPLOYMENT_COMMAND="docker-compose -f $STACK_FILE"
+DOCKER_HOST=ssh://${INPUT_REMOTE_DOCKER_HOST}:${INPUT_SSH_PORT}
+DEPLOYMENT_COMMAND="docker compose -f $STACK_FILE"
 
 
 SSH_HOST=${INPUT_REMOTE_DOCKER_HOST#*@}
 
-echo "Registering SSH keys..."
-
-# register the private key with the agent.
-mkdir -p ~/.ssh
-ls ~/.ssh
-printf '%s\n' "$INPUT_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
-chmod 600 ~/.ssh/id_rsa
-printf '%s\n' "$INPUT_SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
-chmod 600 ~/.ssh/id_rsa.pub
-#chmod 600 "~/.ssh"
-eval $(ssh-agent)
-ssh-add ~/.ssh/id_rsa
 
+if "$TAILSCALE_SSH"
+then
+  echo "Using Tailscale SSH, Skipping Manual SSH key registeration"
+  eval $(ssh-agent)
+else
+  echo "Registering SSH keys..."
+  # register the private key with the agent, when not using Tailscale
+  mkdir -p ~/.ssh
+  ls ~/.ssh
+  printf '%s\n' "$INPUT_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+  chmod 600 ~/.ssh/id_rsa
+  printf '%s\n' "$INPUT_SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
+  chmod 600 ~/.ssh/id_rsa.pub
+  #chmod 600 "~/.ssh"
+  eval $(ssh-agent)
+  ssh-add ~/.ssh/id_rsa
+fi
 
 echo "Add known hosts"
 ssh-keyscan -p $INPUT_SSH_PORT "$SSH_HOST" >> ~/.ssh/known_hosts
@@ -73,9 +84,9 @@ if  [ -n "$INPUT_DOCKER_LOGIN_PASSWORD" ] || [ -n "$INPUT_DOCKER_LOGIN_USER" ] |
 fi
 
 echo "Command: ${DEPLOYMENT_COMMAND} pull"
-${DEPLOYMENT_COMMAND} ${DEPLOYMENT_COMMAND_OPTIONS} pull
+${DEPLOYMENT_COMMAND} pull
 
 echo "Command: ${DEPLOYMENT_COMMAND} ${INPUT_ARGS}"
-${DEPLOYMENT_COMMAND} ${DEPLOYMENT_COMMAND_OPTIONS} ${INPUT_ARGS}
+${DEPLOYMENT_COMMAND} ${INPUT_ARGS}
 
 
