Setup opkssh GitHub Action

This GitHub Action downloads and sets up opkssh with GitHub login support.

Usage

- name: Setup opkssh
  uses: openpubkey/setup-opkssh@v1
  with:
    version: 'latest' # Optional: specific version or 'latest' (default)
    ssh-hosts-to-scan: 'host1.example.com' # Optional: space-separated list of hosts to scan

Inputs

version

Optional Version of opkssh to install. Defaults to latest.

Examples: 'latest', 'v0.1.0', 'v0.2.0-beta'

ssh-hosts-to-scan

Optional Space-separated list of SSH hosts to scan and add to ~/.ssh/known_hosts.

Example: 'host1.example.com host2.example.com'

Example workflow

name: Deploy with opkssh
on: [push]

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Setup opkssh
        uses: openpubkey/setup-opkssh@v1
        with:
          ssh-hosts-to-scan: 'example.com'
      
      - name: Deploy via SSH
        run: |
          ssh user@example.com 'echo "Deployed!"'

What it does

1. Downloads the specified (or latest) opkssh binary for your platform
2. Runs opkssh login github to authenticate
3. Optionally scans SSH host keys and adds them to ~/.ssh/known_hosts

Setup on your connecting Server

Make sure you have added GitHub Actions to your /etc/opk/providers file like:

https://token.actions.githubusercontent.com github oidc

and added your repository to /etc/opk/auth_id to be allowed to authenticate with GitHub Actions.

deploy repo:openpubkey/setup-opkssh:ref:refs/heads/main https://token.actions.githubusercontent.com

The format is: <linux-user-to-authenticate> <repo:owner/repo:ref:branch> <provider-url>

If you use environments in GitHub Actions, the subject will be: repo:openpubkey/setup-opkssh:environment:production (repo:owner/repo:environment:environment-name).

Development

This project uses Bun as the package manager and build tool.

# Install dependencies
bun install

# Build the action
bun run build