Doesn't work for self-hosted runners that are nobodies (no passwd entry)

[javbit]

The use of os.userInfo().homedir depends on a /etc/passwd entry, which in some hardened setups may not exist. os.homedir(), which just depends on $HOME, is more more likely to be right.

For example, it thinks my user's home is / which is breaking things when my runtime home is actually /run/github-runner/runner-2.

[javbit]

I'm working on a PR to handle this issue, will link when ready.

[javbit]

I made a PR, and it solves the immediate failure case. However, I'm now seeing the following error:

Run git clone [email protected]:javbit/foo.git
  shell: /bin/bash -e {0}
  env:
    SSH_AUTH_SOCK: /tmp/ssh-XXXXXX9t0fhl/agent.561530
    SSH_AGENT_PID: 561531
Cloning into 'foo'...
ssh: Could not resolve hostname key-fd80f028b988cd54b2c736f6496796d4d46383315756a21b9cbba1b1b7928385.github.com: Name or service not known
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Error: Process completed with exit code 128.

(Edited slightly for clarity and confidentiality. Namely condensed list of private repositories to the single foo.)

I've added the GitHub host key to my ssh known hosts before running this step, so I think that should be good.

      - run: >
          echo github.com
          ssh-ed25519
          AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
          >> "$HOME/.ssh/known_hosts"

I only set ED25519 deploy keys so I didn't add the other host keys.

Any idea what's going on? Name resolution seems fine when I ping github.com, but doesn't work for the key-*.github.com one, both on my CI machine and my local.

Seems to be caused by this:

ssh-agent/index.js

Lines 71 to 73 in d4b9b8f

	child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`);
	child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "[email protected]:${ownerAndRepo}"`);
	child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://[email protected]/${ownerAndRepo}"`);

[javbit]

Never mind, I missed this important section right after!

ssh-agent/index.js

Lines 71 to 78 in d4b9b8f

	child_process.execSync(`${gitCmd} config --global --replace-all url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "https://github.com/${ownerAndRepo}"`);
	child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "[email protected]:${ownerAndRepo}"`);
	child_process.execSync(`${gitCmd} config --global --add url."git@key-${sha256}.github.com:${ownerAndRepo}".insteadOf "ssh://[email protected]/${ownerAndRepo}"`);
	const sshConfig = `\nHost key-${sha256}.github.com\n`
	+ ` HostName github.com\n`
	+ ` IdentityFile ${homeSsh}/key-${sha256}\n`
	+ ` IdentitiesOnly yes\n`;

I see what's going on now, and am trying to figure out why ssh isn't picking this config up.

[javbit]

Resolution was to manually set the Git SSH command to reference the config file that was generated. I'll add this to my PR.

git config --global core.sshCommand "ssh -F $HOME/.ssh//config"