-
Notifications
You must be signed in to change notification settings - Fork 1
244 lines (217 loc) · 9.98 KB
/
ssh.yml
File metadata and controls
244 lines (217 loc) · 9.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
name: Ubuntu Linux SSH
on:
workflow_dispatch:
inputs:
SSH_MAX_TIME:
description: "SSH session max duration (1–6 hrs)"
required: true
default: "2h"
type: choice
options:
- "1h"
- "2h"
- "3h"
- "4h"
- "5h"
- "5h45m"
NGROK_AUTH_TOKEN:
description: "ngrok API auth token"
required: false
default: ""
SWAP_SIZE:
description: "add Swap/virtual RAM in GBs"
required: false
default: 16
START_MINISERVE:
description: "Enable miniserve HTTP file server"
type: boolean
default: true
START_CLEAN_UP:
description: "Run disk cleanup (~78GB→125GB free, ~4min)"
type: boolean
default: false
jobs:
github-ssh:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Prepare environment
id: prepare
env:
NGROK_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
run: |
START_TIME=$(date +%s)
NGROK_AUTH_TOKEN=$(jq -r '.inputs.NGROK_AUTH_TOKEN' $GITHUB_EVENT_PATH)
echo ::add-mask::$NGROK_AUTH_TOKEN
if [ -n "$NGROK_AUTH_TOKEN" ]; then
NGROK_TOKEN="$NGROK_AUTH_TOKEN"
fi
echo NGROK_TOKEN=$NGROK_TOKEN >> $GITHUB_ENV
if [ -n "$NGROK_TOKEN" ] && [ "$NGROK_TOKEN" != "null" ]; then
echo "ngrok_token_not_empty=true" >> $GITHUB_OUTPUT
else
echo "ngrok_token_not_empty=false" >> $GITHUB_OUTPUT
fi
RAW_SLEEP_TIME="${{ github.event.inputs.SSH_MAX_TIME }}"
case "$RAW_SLEEP_TIME" in
1h) SLEEP_TIME=$((1 * 3600)) ;;
2h) SLEEP_TIME=$((2 * 3600)) ;;
3h) SLEEP_TIME=$((3 * 3600)) ;;
4h) SLEEP_TIME=$((4 * 3600)) ;;
5h) SLEEP_TIME=$((5 * 3600)) ;;
5h45m) SLEEP_TIME=$((5 * 3600 + 45 * 60)) ;;
esac
END_TIME=$((START_TIME + SLEEP_TIME))
echo "START_TIME=$START_TIME" >> $GITHUB_ENV
echo "RAW_SLEEP_TIME=$RAW_SLEEP_TIME" >> $GITHUB_ENV
echo "SLEEP_TIME=$SLEEP_TIME" >> $GITHUB_ENV
echo "END_TIME=$END_TIME" >> $GITHUB_ENV
mkdir -p /tmp/logs/dashboard/
mkdir -p /tmp/logs/miniserve/
mkdir -p /tmp/logs/cloudflared/
mkdir -p /tmp/logs/ngrok/
sudo apt update
sudo apt install -y jq curl
- name: Checkout
uses: actions/checkout@v4
- name: Clean-up
if: ${{ github.event.inputs.START_CLEAN_UP == 'true' }}
uses: rokibhasansagar/slimhub_actions@main
with:
retain: "nodejs_npm"
- name: Swap Setup
if: ${{ github.event.inputs.SWAP_SIZE > 0 }}
uses: pierotofy/set-swap-space@master
with:
swap-size-gb: ${{ github.event.inputs.SWAP_SIZE }}
- name: Setup github-action-ssh dashboard
run: |
cd $GITHUB_WORKSPACE/frontend
npm i
VITE_API_PORT=80 npm run build
cd $GITHUB_WORKSPACE/backend
npm i
nohup sudo node src/index.js --session-start-timestamp=$START_TIME --session-end-timestamp=$END_TIME --exit-on-session-end > /tmp/logs/dashboard/latest.log 2>&1 &
echo "DASHBOARD_PID=$!" >> $GITHUB_ENV
- name: Install ngrok
continue-on-error: true
if: ${{ steps.prepare.outputs.ngrok_token_not_empty == 'true' }}
run: |
echo "test: $NGROK_TOKEN"
curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null
echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list
sudo apt update && sudo apt install -y ngrok
- name: Install cloudflared
continue-on-error: true
run: |
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared noble main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt update && sudo apt install -y cloudflared
- name: Setup SSH server
run: |
sudo apt install -y openssh-server
sudo mkdir -p /var/run/sshd
sudo useradd -m -s /bin/bash debuguser
echo "debuguser:password" | sudo chpasswd
sudo mkdir -p /home/debuguser/.ssh
echo "${{ secrets.SSH_PUBLIC_KEY }}" | sudo tee /home/debuguser/.ssh/authorized_keys
sudo chown -R debuguser:debuguser /home/debuguser/.ssh
sudo chmod 600 /home/debuguser/.ssh/authorized_keys
echo "debuguser ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/debuguser
sudo service ssh start
- name: Start miniserve
if: ${{ github.event.inputs.START_MINISERVE == 'true' }}
run: |
wget -q -nc https://github.com/svenstaro/miniserve/releases/download/v0.33.0/miniserve-0.33.0-x86_64-unknown-linux-gnu
chmod +x ./miniserve-0.33.0-x86_64-unknown-linux-gnu
nohup sudo ./miniserve-0.33.0-x86_64-unknown-linux-gnu / \
-p 8080 \
-i 0.0.0.0 \
--hidden \
--upload-files \
--mkdir \
--show-symlink-info \
--index index.html \
--header "Access-Control-Allow-Origin: *" \
--verbose \
> /tmp/logs/miniserve/latest.log 2>&1 &
- name: Start ngrok
if: ${{ steps.prepare.outputs.ngrok_token_not_empty == 'true' }}
continue-on-error: true
run: |
cd $GITHUB_WORKSPACE
pwd
chmod +x gen_ngrok_config.sh
./gen_ngrok_config.sh "$NGROK_TOKEN"
nohup ngrok start --all --config=./ngrok.yml > /tmp/logs/ngrok/latest.log &
sleep 5
echo "⏳ sleep for 5 seconds"
ngrok_dashboard_url=$(curl -s localhost:4040/api/tunnels | jq -r '.tunnels[] | select(.name=="dashboard" and .proto=="https") | .public_url')
ngrok_ssh_url=$(curl -s localhost:4040/api/tunnels | jq -r '.tunnels[] | select(.name=="ssh_server") | .public_url')
ngrok_miniserve_url=$(curl -s localhost:4040/api/tunnels | jq -r '.tunnels[] | select(.name=="miniserve" and .proto=="https") | .public_url')
ngrok_ssh_host=$(echo "$ngrok_ssh_url" | sed -E 's#^tcp://([^:]+):.*#\1#')
ngrok_ssh_port=$(echo "$ngrok_ssh_url" | sed -E 's#^tcp://[^:]+:(.*)$#\1#')
echo "🖥️ Dashboard available at: $ngrok_dashboard_url"
echo "🌐 Miniserve available at: $ngrok_miniserve_url"
echo "🔑 Connect with: ssh debuguser@$ngrok_ssh_host -p $ngrok_ssh_port"
echo "🔑 Connect with: sshpass -p 'password' ssh -o StrictHostKeyChecking=no debuguser@$ngrok_ssh_host -p $ngrok_ssh_port"
echo "👤 Default username: debuguser"
echo "🔑 Default password: password"
echo "TUNNEL: $ngrok_ssh_url"
payload=$(jq -n \
--arg dashboard "$ngrok_dashboard_url" \
--arg miniserve "$ngrok_miniserve_url" \
--arg host "$ngrok_ssh_host" \
--argjson port "$ngrok_ssh_port" \
'{
provider: "Ngrok",
dashboard: [{ url: $dashboard, port: 80 }],
ssh: [{ url: $host, port: $port, tcp: true }],
miniserve: [{ url: $miniserve, port: 80 }],
others: []
}')
curl -X POST http://localhost:80/api/v1/session/tunnels \
-H "Content-Type: application/json" \
-d "$payload" \
> /tmp/logs/ngrok/dashboard.log 2>&1
- name: Start cloudflared
continue-on-error: true
run: |
nohup cloudflared tunnel --url http://localhost:80 2> /tmp/logs/cloudflared/dashboard.log &
nohup cloudflared tunnel --url http://localhost:8080 2> /tmp/logs/cloudflared/miniserve.log &
nohup cloudflared tunnel --url ssh://localhost:22 2> /tmp/logs/cloudflared/ssh.log &
sleep 10
echo "⏳ sleep for 10 seconds"
cloudflared_dashboard_url=$(grep -m1 -oE "https?://[a-zA-Z0-9.-]+\.trycloudflare\.com" /tmp/logs/cloudflared/dashboard.log)
cloudflared_miniserve_url=$(grep -m1 -oE "https?://[a-zA-Z0-9.-]+\.trycloudflare\.com" /tmp/logs/cloudflared/miniserve.log)
cloudflared_ssh_url=$(grep -m1 -oE "https?://[a-zA-Z0-9.-]+\.trycloudflare\.com" /tmp/logs/cloudflared/ssh.log)
cloudflared_ssh_host=$(echo "$cloudflared_ssh_url" | sed -E 's#https?://##')
echo "🖥️ Dashboard available at: $cloudflared_dashboard_url"
echo "🌐 Miniserve available at: $cloudflared_miniserve_url"
echo "🔑 Connect with: ssh -o ProxyCommand=\"cloudflared access ssh --hostname %h\" debuguser@$cloudflared_ssh_host"
echo "🔑 Connect with: sshpass -p 'password' ssh -o StrictHostKeyChecking=no -o ProxyCommand=\"cloudflared access ssh --hostname %h\" debuguser@$cloudflared_ssh_host"
echo "👤 Default username: debuguser"
echo "🔑 Default password: password"
echo "TUNNEL: $cloudflared_ssh_url"
payload=$(jq -n \
--arg dashboard "$cloudflared_dashboard_url" \
--arg miniserve "$cloudflared_miniserve_url" \
--arg host "$cloudflared_ssh_host" \
'{
provider: "Cloudflare",
dashboard: [{ url: $dashboard, port: 80 }],
ssh: [{ url: $host, port: 22, tcp: true }],
miniserve: [{ url: $miniserve, port: 80 }],
others: []
}')
curl -X POST http://localhost:80/api/v1/session/tunnels \
-H "Content-Type: application/json" \
-d "$payload" \
> /tmp/logs/cloudflared/dashboard.log 2>&1
- name: Keep session alive
run: |
trap '' SIGINT SIGTERM
cd $GITHUB_WORKSPACE/backend
tail -f /tmp/logs/dashboard/latest.log --pid=$DASHBOARD_PID