MokoConsulting/MokoCassiopeia
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 1 Activity

Update repo_health.yml

Browse Source
This commit is contained in:
Jonathan Miller
2025-12-27 02:25:30 -06:00
parent 2e08ffbb32
commit 2415b42e9f
1 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/repo_health.yml vendored
View File

@@ -179,13 +179,13 @@ jobs:
echo "### Guardrails: release configuration" >> "${GITHUB_STEP_SUMMARY}" echo "### Guardrails: release configuration" >> "${GITHUB_STEP_SUMMARY}"
echo "All required release variables present." >> "${GITHUB_STEP_SUMMARY}" echo "All required release variables present." >> "${GITHUB_STEP_SUMMARY}"
- name: Guardrails - SFTP connectivity - name: Guardrails - SFTP connectivity
env: env:
PROFILE_RAW: "${{ github.event.inputs.profile }}" PROFILE_RAW: "${{ github.event.inputs.profile }}"
FTP_HOST: "${{ secrets.FTP_HOST }}" FTP_HOST: "${{ secrets.FTP_HOST }}"
FTP_USER: "${{ secrets.FTP_USER }}" FTP_USER: "${{ secrets.FTP_USER }}"
FTP_KEY: "${{ secrets.FTP_KEY }}" FTP_KEY: "${{ secrets.FTP_KEY }}"
FTP_PASSWORD: "${{ secrets.FTP_PASSWORD }}"
FTP_PORT: "${{ secrets.FTP_PORT }}" FTP_PORT: "${{ secrets.FTP_PORT }}"
run: | run: |
set -euo pipefail set -euo pipefail
@@ -206,15 +206,30 @@ jobs:
mkdir -p "$HOME/.ssh" mkdir -p "$HOME/.ssh"
key_file="$HOME/.ssh/ci_sftp_key" key_file="$HOME/.ssh/ci_sftp_key"
printf '%s\n' "${FTP_KEY}" > "${key_file}" printf '%s
' "${FTP_KEY}" > "${key_file}"
chmod 600 "${key_file}" chmod 600 "${key_file}"
# If FTP_PASSWORD is present, treat it as the private key passphrase and decrypt the key in place.
# If FTP_PASSWORD is empty, the key must already be unencrypted.
if [ -n "${FTP_PASSWORD:-}" ]; then
first_line="$(head -n 1 "${key_file}" || true)"
if printf '%s' "${first_line}" | grep -q '^PuTTY-User-Key-File-'; then
echo "ERROR: FTP_KEY appears to be a PuTTY PPK. Provide an OpenSSH private key to use FTP_PASSWORD decryption." >> "${GITHUB_STEP_SUMMARY}"
exit 1
fi
ssh-keygen -p -P "${FTP_PASSWORD}" -N "" -f "${key_file}" >/dev/null
fi
port="${FTP_PORT:-22}" port="${FTP_PORT:-22}"
echo "### SFTP connectivity test" >> "${GITHUB_STEP_SUMMARY}" echo "### SFTP connectivity test" >> "${GITHUB_STEP_SUMMARY}"
echo "Attempting non-destructive SFTP session (pwd only)." >> "${GITHUB_STEP_SUMMARY}" echo "Attempting non-destructive SFTP session (pwd only)." >> "${GITHUB_STEP_SUMMARY}"
printf 'pwd\nbye\n' | sftp -oBatchMode=yes -oStrictHostKeyChecking=no -P "${port}" -i "${key_file}" "${FTP_USER}@${FTP_HOST}" printf 'pwd
bye
' | sftp -oBatchMode=yes -oStrictHostKeyChecking=no -P "${port}" -i "${key_file}" "${FTP_USER}@${FTP_HOST}"
echo "SFTP connectivity check passed." >> "${GITHUB_STEP_SUMMARY}" echo "SFTP connectivity check passed." >> "${GITHUB_STEP_SUMMARY}"