-
Notifications
You must be signed in to change notification settings - Fork 1
225 lines (198 loc) · 8.03 KB
/
shell.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
name: shell
# 此Actions将创建一个虚拟机,并自动注册到Jumpserver,用于提供一个shell环境。
# 它受Actions运行时的约束,最长运行时间为5h 50min,超时后将自动关闭。
# 最后10min将取消注册,Tailscale和Jumpserver的连接将断开。
#
# 为了保证虚拟机的安全,您需要在Settings->Secrets中设置以下变量:
# TAILSCALE_AUTH_KEY: Tailscale认证密钥
# JUMPSERVER_HOST: Jumpserver的地址
# JUMPSERVER_PTOKEN: Jumpserver的PTOKEN
# SHELL_USERNAME: 注册到Jumpserver的用户名
# SHELL_PASSWORD: 注册到Jumpserver的用户密码
#
# 需要做Settings->Environment中设置以下变量:
# JUMPSERVER_CREATE_HOSTS_TEMPLATE: 创建主机的模板,其中包含以下变量:
# __GITHUB_HOSTNAME__: 用于在Jumpserver中显示的主机名
# __ADDRESS__: 用于在Jumpserver中显示的主机地址
# __JUMP_USERNAME__: 用于在Jumpserver中显示的主机用户名
on:
# 允许您从Actions选项卡手动运行此工作流
workflow_dispatch:
inputs:
hostname:
description: 'HostName'
required: false
default: ''
load_secret:
description: 'Load Secret'
required: false
default: 'false'
jobs:
shell:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v3
- name: Install Tailscale
uses: tailscale/github-action@ce41a99162202a647a4b24c30c558a567b926709
with:
authkey: ${{ secrets.TAILSCALE_AUTH_KEY }}
- name: Change Passwd
run: |
echo '${{secrets.SHELL_USERNAME}}:${{ secrets.SHELL_PASSWORD }}' |sudo chpasswd
echo success.
- name: add Public Key to runner
run: |
git clone https://gist.github.com/lee-cq/ed0f7e2bf9e039f1797c5b700ba118ec
mkdir -p ~/.ssh
cd ed0f7e2bf9e039f1797c5b700ba118ec || exit 1
chmod +x setup.sh && ./setup.sh
- name: Update Server
run: |
sudo ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
sudo cp actions/shell/self_shell.sh /etc/profile.d/
git config --global user.email "[email protected]"
git config --global user.name "Lee CQ"
echo ${{secrets.GH_P_TOKEN}} |gh auth login --with-token
echo Success.
- name: Load RClone
if: ${{ github.event.inputs.load_secret == 'true' }}
run: |
echo 'Load RClone'
curl https://rclone.org/install.sh | sudo bash
rclone version
mkdir -p ~/.config/rclone
cat << EOF > ~/.config/rclone/rclone.conf
${{ secrets.RCLONE_CONFIG }}
EOF
if [ $(rclone listremotes) ]; then
echo "Rclone Config is OK"
else
echo "Rclone Config is Error"
exit 1
fi
echo success.
- name: Load Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'
- run: |
if [ -f requirements.txt ]; then
pip install -r requirements.txt
fi
- name: Verify SSHD
run: |
if [ -z "$(sudo netstat -ntlp |grep -v grep |grep :22 |grep sshd)" ]; then
echo "sshd is not running."
if [ ! -f /lib/systemd/system/ssh.service ]; then
echo sshd is not installed. will install ...
sudo apt-get update;
sudo apt-get install -y openssh-server;
fi
echo "starting sshd ..."
sudo systemctl restart sshd
fi
- name: Upload Host To Jumpserver
run: |
cat > update_data.json << EOF
{
"platform": {
"pk": 1
},
"nodes": [
{
"pk": "84327184-bd01-4a78-9765-b3748a7ec94d"
}
],
"protocols": [
{
"name": "ssh",
"port": 22,
"primary": true,
"default": false,
"required": false,
"secret_types": [
"password",
"ssh_key"
],
"setting": {
"console": false,
"security": "any",
"sftp_enabled": true,
"sftp_home": "/tmp",
"autofill": "basic",
"username_selector": "",
"password_selector": "",
"submit_selector": "",
"script": [],
"auth_username": false
}
}
],
"labels": [],
"is_active": true,
"name": "__GITHUB_HOSTNAME__",
"address": "__ADDRESS__",
"accounts": [
{
"name": "__SHELL_USERNAME__",
"username": "__SHELL_USERNAME__",
"secret_type": "password",
"spec_info": {},
"comment": "",
"has_secret": true,
"privileged": true,
"is_active": true,
"secret": "__SHELL_PASSWORD__"
}
]
}
EOF
tailscale_ip=$(tailscale ip |grep -v ':')
github_hostname="github-$(hostname)"
if [ -z "$tailscale_ip" ]; then
echo "tailscale ip is empty."
exit 1
fi
sed -i "s/__GITHUB_HOSTNAME__/${github_hostname}/g" update_data.json
sed -i "s/__ADDRESS__/${tailscale_ip}/g" update_data.json
sed -i "s/__SHELL_USERNAME__/${{secrets.SHELL_USERNAME}}/g" update_data.json
sed -i 's/__SHELL_PASSWORD__/${{secrets.SHELL_PASSWORD}}/g' update_data.json
echo 'Update Data ----->';
cat update_data.json
echo 'Update Data End <-----';
curl --location --request POST '${{ secrets.JUMPSERVER_HOST }}/api/v1/assets/hosts/' \
-H 'Content-Type: application/json' \
-H 'Authorization: Token ${{ secrets.JUMPSERVER_PTOKEN }}' \
-H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002' \
--data-binary @update_data.json
- name: Debugger
run: |
touch /tmp/keepalive
echo 'created keepalive file.'
echo 'timeout 21000s(5h 50m).'
timeout 21000 bash -c 'stopout=21000; while true;do echo $((stopout=$stopout-3)) > /tmp/stopout ; test -f /tmp/keepalive || break; sleep 3; done ' || echo Timeouted.
echo 'The VM will be shutdown in 10 minutes.'
- name: Clear tailscale
run: |
if [ -f /usr/bin/tailscale ]; then
sudo tailscale down
sudo tailscale logout
fi
echo down.
- name: Clear Jumpserver
run: |
curl --location -sSLf --request GET '${{ secrets.JUMPSERVER_HOST }}/api/v1/assets/hosts/' \
-H 'Authorization: Token ${{ secrets.JUMPSERVER_PTOKEN }}' \
-H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002' \
-o hosts.json
echo 'Hosts Info Saved .'
github_hostname="github-$(hostname)"
host_id=$(cat hosts.json |jq -r ".[] | select(.name==\"${github_hostname}\") | .id")
echo "host_name: ${github_hostname}"
echo "host_id: ${host_id}"
curl --location --request DELETE "${{secrets.JUMPSERVER_HOST}}/api/v1/assets/assets/${host_id}/" \
-H 'Authorization: Token ${{ secrets.JUMPSERVER_PTOKEN }}' \
-H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002'
echo "shutdown now"