capistrano-ssh-authorized-keys-github 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +5 -0
  3. data/README.md +9 -2
  4. data/capistrano-ssh-authorized-keys-github.gemspec +1 -1
  5. data/lib/capistrano/tasks/ssh-authorized-keys-github.cap +11 -8
  6. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 41ee42118dfd41d9d4a887f6eddfca038538c4459bcab645728d0018806e0cca
4
- data.tar.gz: fcbb145178fbed5ad4a2330a077157504241d5d098fcc7644a00e9bfc7b46aca
3
+ metadata.gz: fdeace2093ea8dd5b0326e751fe39daaf0976d9815949063d0a041b579637db4
4
+ data.tar.gz: 5dcd586bbab56363ee751a3379354bfb93861e6dff1e645d78194eb530d86945
5
5
  SHA512:
6
- metadata.gz: 87bbbea33b64d90acc1bf51c838244729e155a2dedd3072cc477456157becbbb7875294b90ddc42ee4636a7882de9457535c12ba61fa0b3ae2f099391b34f6db
7
- data.tar.gz: 6e3ab035c7330d900da7d03aeee4b6d26a5464c6416cb52795372966f723462ea4767ea848625cea5257bbaf10ed1be7d660ee769226d04e332dc464861e292e
6
+ metadata.gz: f5e563b6bcb8f601cb0d31c846869c8d62bff34d2154fd356c0c6596f695ed2238a152abfb3e50871ab1b20b8d581f5e17734a88a9af2770351c58bacc3f4fa5
7
+ data.tar.gz: e740b5181dcf8f7eb9915d9395c7bef55c222249980c3866cb771d2cc151c7ee61ef948b14b081e9562dec467314f21fe5207140b55f298dc359b3a04d5d0fd0
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ before_install:
2
+ - gem install bundler
3
+ rvm:
4
+ - 2.7.0
5
+ - 3
data/README.md CHANGED
@@ -1,7 +1,9 @@
1
- # Capistrano Cloudwatch [![Build Status](https://travis-ci.com/olioex/capistrano-ssh-authorized-keys-github.svg)](https://travis-ci.com/olioex/capistrano-ssh-authorized-keys-github) [![Gem Version](https://badge.fury.io/rb/capistrano-ssh-authorized-keys-github.svg)](http://badge.fury.io/rb/capistrano-ssh-authorized-keys-github)
1
+ # Capistrano Cloudwatch [![Build Status](https://app.travis-ci.com/OLIOEX/capistrano-ssh-authorized-keys-github.svg?branch=main)](https://app.travis-ci.com/olioex/capistrano-ssh-authorized-keys-github) [![Gem Version](https://badge.fury.io/rb/capistrano-ssh-authorized-keys-github.svg)](http://badge.fury.io/rb/capistrano-ssh-authorized-keys-github)
2
2
 
3
3
  Sync organisation SSH public keys to server `authorized_keys` file so they are able to SSH into OS - for [Capistrano v3](https://github.com/capistrano/capistrano).
4
4
 
5
+ Note: The authorized keys file is generated locally before being uploaded to the server(s).
6
+
5
7
  ## Installation
6
8
 
7
9
  Add this line to your application's Gemfile:
@@ -27,6 +29,9 @@ And then set the variables in `config/deploy.rb`:
27
29
  set :github_org, 'olioex'
28
30
  # ...or... (takes priority)
29
31
  set :github_orgs, ['olioex', 'github']
32
+ # Optional for Github rate limits (oauth application)
33
+ set :github_app_id, '12345'
34
+ set :github_app_secret, 'abcdef'
30
35
 
31
36
  The task will run automatically on successful deploy. Alternatively, you can notify of a deploy starting manually by using:
32
37
 
@@ -34,7 +39,9 @@ The task will run automatically on successful deploy. Alternatively, you can not
34
39
 
35
40
  ### Notes
36
41
 
37
- Users in your organisation will need to have their membership public in order for SSH public keys to be sync'd to the server
42
+ Users in your organisation will need to have their membership public in order for SSH public keys to be sync'd to the server.
43
+
44
+ Github rate limits aren't currently respected. They are limited to 60 per hour. if you have a large number of users and are doing regular syncing from an IP address then you will be rate limited.
38
45
 
39
46
  ## Copyright
40
47
 
data/capistrano-ssh-authorized-keys-github.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = 'capistrano-ssh-authorized-keys-github'
7
- spec.version = '1.0.0'
7
+ spec.version = '1.1.0'
8
8
  spec.authors = ['lloydwatkin']
9
9
  spec.email = ['lloyd@olioex.com']
10
10
  spec.summary = %q{Sync Github organisation public SSH keys to `server authorized_keys` file}
data/lib/capistrano/tasks/ssh-authorized-keys-github.cap CHANGED
@@ -8,18 +8,19 @@ NO_ORGANISATION_MEMBER_KEYS_FOUND = 'There are no public members for this Github
8
8
  namespace :security do
9
9
  desc 'Cycle SSH key logins'
10
10
  task :update_ssh_keys do
11
- on roles(:all) do
11
+ on roles(:all) do |host|
12
12
  organisations = fetch(:github_orgs) || fetch(:github_org) || raise(NO_GITHUB_ORGANISATION_PROVIDED)
13
13
  keys = ""
14
- user = `whoami`.chomp
14
+ authentication = ''
15
+ if fetch(:github_app_id) && fetch(:github_app_secret)
16
+ authentication = "#{fetch(:github_app_id)}:#{fetch(:github_app_secret)}@"
17
+ end
15
18
 
16
19
  [*organisations].each do |organisation|
17
- url = URI("https://api.github.com/orgs/#{organisation}")
20
+ url = URI("https://#{authentication}api.github.com/orgs/#{organisation}")
18
21
  organisation_details = JSON.parse(Net::HTTP.get_response(url).body, symbolize_names: true)
19
- puts organisation_details
20
- members_url = URI(organisation_details[:members_url].gsub("{/member}", ""))
22
+ members_url = URI(organisation_details[:members_url].gsub("{/member}", "").gsub('https://', "https://#{authentication}"))
21
23
  members = JSON.parse(Net::HTTP.get_response(members_url).body, symbolize_names: true)
22
- puts members
23
24
  keys += " #
24
25
  # #{organisation_details[:name]} keys
25
26
  # #{members_url}
@@ -29,7 +30,7 @@ namespace :security do
29
30
  "
30
31
  member_details = members.map { |member| member[:login].downcase }.sort
31
32
  member_details.each do |member|
32
- member_keys = URI("https://github.com/#{member}.keys")
33
+ member_keys = URI("https://#{authentication}github.com/#{member}.keys")
33
34
  info = " #
34
35
  # @#{member}
35
36
  # #{member_keys}
@@ -40,9 +41,11 @@ namespace :security do
40
41
  end
41
42
 
42
43
  if keys.scan(/ssh-(rsa|ed25519)/).count > 0
43
- File.open("/home/#{user}/.ssh/authorized_keys", "w") do |f|
44
+ File.open("./tmp/authorized_keys", "w") do |f|
44
45
  f.write(keys)
45
46
  end
47
+ upload! './tmp/authorized_keys', "/tmp/authorized_keys"
48
+ execute :mv, "/tmp/authorized_keys", "~/.ssh/authorized_keys"
46
49
  else
47
50
  raise NO_ORGANISATION_MEMBER_KEYS_FOUND
48
51
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-ssh-authorized-keys-github
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - lloydwatkin
@@ -75,6 +75,7 @@ extensions: []
75
75
  extra_rdoc_files: []
76
76
  files:
77
77
  - ".gitignore"
78
+ - ".travis.yml"
78
79
  - Gemfile
79
80
  - LICENSE
80
81
  - README.md