capistrano-ssh-authorized-keys-github 1.0.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 407a32cd53e70eaf8ec1386ec9f47700abe3c66a63d0ea60bd5655a2b5c1cadf
-  data.tar.gz: a81a938c7be2f821ec6f140f4c2a6141f9b9f09df478ca9b8385784c1ee97be0
+  metadata.gz: 6775ce8d8eac1a2c278c71435aba2e616f684bad6038d3c7313082545e9c1a7e
+  data.tar.gz: 46d20cb800aefd3fe294f0c19f262afb5a1e5396fa86ba44af40c6ff9a723d50
 SHA512:
-  metadata.gz: 1935e81a7b66aeb1a99b8ccef18e9c1d21887a5e6f5634ba6a3239ac24e2fa189e9ec16be395a731af691c72945935ffa30b5dd281af9c047b5e92ec638ccbc2
-  data.tar.gz: 0a6441bd065bc4a313b743faf03cd038afa92a0ba4e7657312ff7bf5e16707b02cc3a4f5cfcfc356363791d7a2c74e947fb8119c6d6c58a6ce4e4b42a6ddb071
+  metadata.gz: 4813997a4c8330e160109eb041c0363642ee4c89090f87bd327094b3901d482a5ea5d783c783334d5f0dbbded9c69e79e9401c30e31e8b52b0beead17ba078f4
+  data.tar.gz: f4c4e6b67257f8232c427f02803d4b2d520b10f123d61b212003c2a3af17ee39ef4eb0535ede0d284fb1f5b24c9cb799bed797781bfd22486e226d747628bc54

data/README.md

@@ -2,6 +2,8 @@
 
 Sync organisation SSH public keys to server `authorized_keys` file so they are able to SSH into OS - for [Capistrano v3](https://github.com/capistrano/capistrano).
 
+Note: The authorized keys file is generated locally before being uploaded to the server(s).
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -27,6 +29,9 @@ And then set the variables in `config/deploy.rb`:
     set :github_org, 'olioex'
     # ...or... (takes priority)
     set :github_orgs, ['olioex', 'github']
+    # Optional for Github rate limits (oauth application)
+    set :github_app_id, '12345'
+    set :github_app_secret, 'abcdef'
 
 The task will run automatically on successful deploy. Alternatively, you can notify of a deploy starting manually by using:
 

data/capistrano-ssh-authorized-keys-github.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = 'capistrano-ssh-authorized-keys-github'
-  spec.version       = '1.0.1'
+  spec.version       = '1.2.0'
   spec.authors       = ['lloydwatkin']
   spec.email         = ['lloyd@olioex.com']
   spec.summary       = %q{Sync Github organisation public SSH keys to `server authorized_keys` file}

data/lib/capistrano/tasks/ssh-authorized-keys-github.cap

@@ -8,41 +8,49 @@ NO_ORGANISATION_MEMBER_KEYS_FOUND = 'There are no public members for this Github
 namespace :security do
   desc 'Cycle SSH key logins'
   task :update_ssh_keys do
-    on roles(:all) do
+    run_locally do
       organisations = fetch(:github_orgs) || fetch(:github_org) || raise(NO_GITHUB_ORGANISATION_PROVIDED)
       keys = ""
-      user = `whoami`.chomp
+      authentication = ''
+      if fetch(:github_app_id) && fetch(:github_app_secret)
+        authentication = "#{fetch(:github_app_id)}:#{fetch(:github_app_secret)}@"
+      end
 
       [*organisations].each do |organisation|
-        url = URI("https://api.github.com/orgs/#{organisation}")
+        info "Fetching keys for #{organisation}"
+        url = URI("https://#{authentication}api.github.com/orgs/#{organisation}")
         organisation_details = JSON.parse(Net::HTTP.get_response(url).body, symbolize_names: true)
-        members_url = URI(organisation_details[:members_url].gsub("{/member}", ""))
-        members = JSON.parse(Net::HTTP.get_response(members_url).body, symbolize_names: true)
-        keys += "      #
-        # #{organisation_details[:name]} keys
-        # #{members_url}
-        #
-        # --
-
-        "
+        members_url = URI(organisation_details[:members_url].gsub("{/member}", "").gsub('https://', "https://#{authentication}"))
+        response = Net::HTTP.get_response(members_url)
+        raise response.body unless response.kind_of? Net::HTTPSuccess
+        members = JSON.parse(response.body, symbolize_names: true)
+        keys += "\n#\n"\
+          "# #{organisation_details[:name]} keys\n"\
+          "# #{members_url}\n"\
+          "#\n"
         member_details = members.map { |member| member[:login].downcase }.sort
         member_details.each do |member|
-          member_keys = URI("https://github.com/#{member}.keys")
-          info = "      #
-      # @#{member}
-      # #{member_keys}
-      #
-"
-          keys += info + Net::HTTP.get_response(member_keys).body.gsub(/\r\n?/, "\n")
+          info "   - Downloading keys for #{member}"
+          member_keys = URI("https://#{authentication}github.com/#{member}.keys")
+          info = "\n      #\n"\
+            "      # @#{member}\n"\
+            "      # #{member_keys}\n"\
+            "      #\n"
+          response = Net::HTTP.get_response(member_keys)
+          raise response.body unless response.kind_of? Net::HTTPSuccess
+          keys += info + response.body.gsub(/\r\n?/, "\n")
         end
       end
+      raise raise NO_ORGANISATION_MEMBER_KEYS_FOUND unless keys.scan(/ssh-(rsa|ed25519)/).count > 0
+      info "Writing authorized_keys file to ./tmp"
+      File.open("./tmp/authorized_keys", "w") do |f|
+        f.write(keys)
+      end
 
-      if keys.scan(/ssh-(rsa|ed25519)/).count > 0
-        File.open("/home/#{user}/.ssh/authorized_keys", "w") do |f|
-          f.write(keys)
-        end
-      else
-        raise NO_ORGANISATION_MEMBER_KEYS_FOUND
+      info "Uploading updated authorized_keys to servers"
+      on roles(:all) do |host|
+        upload! './tmp/authorized_keys', "/tmp/authorized_keys"
+        execute :mv, "/tmp/authorized_keys", "~/.ssh/authorized_keys"
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: capistrano-ssh-authorized-keys-github
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.2.0
 platform: ruby
 authors:
 - lloydwatkin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-28 00:00:00.000000000 Z
+date: 2022-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capistrano