ssh client, to use with ci

rsync/entrypoint.sh

@@ -18,11 +18,14 @@ if [ -z "$SSH_KEY" ]; then
     exit 1
 fi
 
+SSH_KEY_CERT="${SSH_KEY_CERT:-${PLUGIN_KEY_CERT}}"
+
 KNOWN_HOSTS="${KNOWN_HOSTS:=${PLUGIN_KNOWN_HOSTS}}"
 
-SOURCE="${SOURCE:-${PLUGIN_SOURCE}}"
-if [ -z "$SOURCE" ]; then
-    echo "'source' must be specified"
+SOURCES="${SOURCES:-${PLUGIN_SOURCES}}"
+SOURCES=$(echo "$SOURCES" | tr ',' ' ')
+if [ -z "$SOURCES" ]; then
+    echo "specify at least one source"
     exit 1
 fi
 
@@ -37,10 +40,19 @@ ARGS=${ARGS:-${PLUGIN_ARGS}}
 # prepare SSH
 
 mkdir -p "$HOME/.ssh"
-keyfile="$HOME/.ssh/id_rsa"
+keyfile="$HOME/.ssh/user_key"
 echo "$SSH_KEY" > "$keyfile"
 chmod 0600 "$keyfile"
 
+echo 'Host *' > "$HOME/.ssh/config"
+echo "  IdentityFile $keyfile" >> "$HOME/.ssh/config"
+
+if [ -n "${SSH_KEY_CERT}" ]; then
+    certfile="$HOME/.ssh/user_key-cert.pub"
+    echo "${SSH_KEY_CERT}" > "$certfile"
+    echo "  CertificateFile $certfile" >> "$HOME/.ssh/config"
+fi
+
 known_hosts_file="${HOME}/.ssh/known_hosts"
 [ -n "${KNOWN_HOSTS}" ] && echo "${KNOWN_HOSTS}" >> "$known_hosts_file"
 [ -f "${known_hosts_file}" ] && chmod 0600 "$known_hosts_file"
@@ -48,4 +60,7 @@ known_hosts_file="${HOME}/.ssh/known_hosts"
 # run rsync
 
 # shellcheck disable=SC2086
-exec rsync $ARGS "${SOURCE}" "${USER}"@"${HOST}":"${TARGET}"
+for SOURCE in $SOURCES; do
+    echo "copying '$SOURCE' to '$TARGET'"
+    rsync $ARGS "${SOURCE}" "${USER}"@"${HOST}":"${TARGET}"
+done

ssh-ci/Dockerfile

@@ -0,0 +1,8 @@
+FROM alpine:3.16
+
+COPY entrypoint.sh /entrypoint
+
+RUN chmod +x /entrypoint && \
+    apk add --no-cache openssh-client
+
+ENTRYPOINT ["/entrypoint"]

ssh-ci/Makefile

@@ -0,0 +1,19 @@
+IMG_NAME=rsync
+REGISTRY=registry.monotremata.xyz
+IMG=$(REGISTRY)/$(IMG_NAME)
+PLATFORMS=linux/amd64,linux/arm64
+
+.PHONY: build push buildx
+
+build: Dockerfile entrypoint.sh
+	docker build -t $(IMG) .
+
+push: build
+	docker image push $(IMG)
+
+buildx: Dockerfile entrypoint.sh
+	docker buildx build \
+		--platform $(PLATFORMS) \
+		--tag $(IMG) \
+		--push \
+		.

ssh-ci/entrypoint.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+# check settings
+
+HOST="${HOST:-${PLUGIN_HOST}}"
+if [ -z "$HOST" ]; then
+    echo "'host' must be specified"
+    exit 1
+fi
+
+USER="${USER:-${PLUGIN_USER:-root}}"
+PORT="${PORT:-${PLUGIN_PORT:-22}}"
+
+SSH_KEY="${SSH_KEY:-${PLUGIN_KEY}}"
+if [ -z "$SSH_KEY" ]; then
+    echo "ssh_key must be specified"
+    exit 1
+fi
+
+SSH_KEY_CERT="${SSH_KEY_CERT:-${PLUGIN_KEY_CERT}}"
+
+KNOWN_HOSTS="${KNOWN_HOSTS:=${PLUGIN_KNOWN_HOSTS}}"
+
+COMMANDS="${COMMANDS:-${PLUGIN_COMMANDS}}"
+if [ -z "$COMMANDS" ]; then
+    echo "specify at least one command to run"
+    exit 1
+fi
+
+ARGS=${ARGS:-${PLUGIN_ARGS}}
+
+# prepare SSH
+
+mkdir -p "$HOME/.ssh"
+keyfile="$HOME/.ssh/user_key"
+echo "$SSH_KEY" > "$keyfile"
+chmod 0600 "$keyfile"
+
+echo 'Host *' > "$HOME/.ssh/config"
+echo "  IdentityFile $keyfile" >> "$HOME/.ssh/config"
+
+if [ -n "${SSH_KEY_CERT}" ]; then
+    certfile="$HOME/.ssh/user_key-cert.pub"
+    echo "${SSH_KEY_CERT}" > "$certfile"
+    echo "  CertificateFile $certfile" >> "$HOME/.ssh/config"
+fi
+
+known_hosts_file="${HOME}/.ssh/known_hosts"
+[ -n "${KNOWN_HOSTS}" ] && echo "${KNOWN_HOSTS}" >> "$known_hosts_file"
+[ -f "${known_hosts_file}" ] && chmod 0600 "$known_hosts_file"
+
+# run commands
+
+IFS=","
+for COMMAND in $COMMANDS; do
+    echo "running '$COMMAND' remotely"
+    # shellcheck disable=SC2086,SC2029
+    ssh -p "${PORT}" $ARGS "$USER"@"${HOST}" "$COMMAND"
+done