Expand ~ in SSH paths to fix know_hosts read bug

lampbristol · Oct 19, 2022 · 512ec9f · 512ec9f
1 parent 71cd8f5
commit 512ec9f
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -16,6 +16,7 @@ GIT_PUSH_ARGS=${INPUT_GIT_PUSH_ARGS:-"--tags --force --prune"}
 GIT_SSH_NO_VERIFY_HOST=${INPUT_GIT_SSH_NO_VERIFY_HOST}
 GIT_SSH_KNOWN_HOSTS=${INPUT_GIT_SSH_KNOWN_HOSTS}
 HAS_CHECKED_OUT="$(git rev-parse --is-inside-work-tree 2>/dev/null || /bin/true)"
+SSH_DIR="$(realpath ~)/.ssh"
 
 if [[ "${HAS_CHECKED_OUT}" != "true" ]]; then
     echo "WARNING: repo not checked out; attempting checkout" > /dev/stderr
@@ -37,25 +38,25 @@ git config --global credential.username "${GIT_USERNAME}"
 
 
 if [[ "${GIT_SSH_PRIVATE_KEY}" != "" ]]; then
-    mkdir -p ~/.ssh
-    chmod 700 ~/.ssh
-    echo "${GIT_SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
+    mkdir -p ${SSH_DIR}
+    chmod 700 ${SSH_DIR}
+    echo "${GIT_SSH_PRIVATE_KEY}" > ${SSH_DIR}/id_rsa
     if [[ "${GIT_SSH_PUBLIC_KEY}" != "" ]]; then
-        echo "${GIT_SSH_PUBLIC_KEY}" > ~/.ssh/id_rsa.pub
-        chmod 600 ~/.ssh/id_rsa.pub
+        echo "${GIT_SSH_PUBLIC_KEY}" > ${SSH_DIR}/id_rsa.pub
+        chmod 600 ${SSH_DIR}/id_rsa.pub
     fi
-    chmod 600 ~/.ssh/id_rsa
+    chmod 600 ${SSH_DIR}/id_rsa
     if [[ "${GIT_SSH_KNOWN_HOSTS}" != "" ]]; then
-      echo "${GIT_SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts
-      git config --global core.sshCommand "ssh -i ~/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=~/.ssh/known_hosts"
+      echo "${GIT_SSH_KNOWN_HOSTS}" > ${SSH_DIR}/known_hosts
+      git config --global core.sshCommand "ssh -i ${SSH_DIR}/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=${SSH_DIR}/known_hosts"
     else
       if [[ "${GIT_SSH_NO_VERIFY_HOST}" != "true" ]]; then
         echo "WARNING: no known_hosts set and host verification is enabled (the default)"
         echo "WARNING: this job will fail due to host verification issues"
         echo "Please either provide the GIT_SSH_KNOWN_HOSTS or GIT_SSH_NO_VERIFY_HOST inputs"
         exit 1
       else
-        git config --global core.sshCommand "ssh -i ~/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+        git config --global core.sshCommand "ssh -i ${SSH_DIR}/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
       fi
     fi
 else