kindred/create
1
1
Fork 0
Code Issues 53 Pull Requests Actions Packages Projects 9 Releases 2 Wiki Activity

Use checkout action's ssh-known-hosts parameter

Browse Source 
- Fetch host key with ssh-keyscan and pass to checkout action
- Use ssh-known-hosts and ssh-strict parameters to bypass SSSD
- This ensures the checkout action uses our host key, not system KnownHostsCommand
This commit is contained in:
forbes
2026-01-27 14:37:23 -06:00
parent 528ee6c15c
commit 05c1950c0a
2 changed files with 12 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.gitea/workflows/build.yml
View File

@@ -28,19 +28,12 @@ jobs:
fi
node --version
- name: Setup SSH for Gitea
- name: Get Gitea SSH host key
id: ssh-host-key
shell: bash
run: |
mkdir -p ~/.ssh
ssh-keyscan -H gitea.kindred.internal >> ~/.ssh/known_hosts 2>/dev/null
chmod 600 ~/.ssh/known_hosts
# Override SSSD KnownHostsCommand that interferes with SSH
cat >> ~/.ssh/config << 'EOF'
Host gitea.kindred.internal
StrictHostKeyChecking no
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
HOST_KEY=$(ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal 2>/dev/null | head -1)
echo "host-key=$HOST_KEY" >> $GITHUB_OUTPUT
- name: Checkout repository
uses: https://code.forgejo.org/actions/checkout@v4
@@ -48,6 +41,8 @@ jobs:
submodules: recursive
fetch-depth: 0
ssh-key: ${{ secrets.DEPLOY_KEY }}
ssh-known-hosts: ${{ steps.ssh-host-key.outputs.host-key }}
ssh-strict: false
- name: Install pixi if needed
shell: bash

17
.gitea/workflows/release.yml
View File

@@ -36,19 +36,12 @@ jobs:
fi
node --version
- name: Setup SSH for Gitea
- name: Get Gitea SSH host key
id: ssh-host-key
shell: bash
run: |
mkdir -p ~/.ssh
ssh-keyscan -H gitea.kindred.internal >> ~/.ssh/known_hosts 2>/dev/null
chmod 600 ~/.ssh/known_hosts
# Override SSSD KnownHostsCommand that interferes with SSH
cat >> ~/.ssh/config << 'EOF'
Host gitea.kindred.internal
StrictHostKeyChecking no
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
HOST_KEY=$(ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal 2>/dev/null | head -1)
echo "host-key=$HOST_KEY" >> $GITHUB_OUTPUT
- name: Checkout repository
uses: https://code.forgejo.org/actions/checkout@v4
@@ -57,6 +50,8 @@ jobs:
fetch-depth: 0
fetch-tags: true
ssh-key: ${{ secrets.DEPLOY_KEY }}
ssh-known-hosts: ${{ steps.ssh-host-key.outputs.host-key }}
ssh-strict: false
- name: Install pixi if needed
shell: bash