RubyGems - capistrano-ssh-authorized-keys-github - Versions diffs - 1.0.1 → 1.1.0 - Mend

capistrano-ssh-authorized-keys-github 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/README.md +5 -0
data/capistrano-ssh-authorized-keys-github.gemspec +1 -1
data/lib/capistrano/tasks/ssh-authorized-keys-github.cap +11 -6
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 407a32cd53e70eaf8ec1386ec9f47700abe3c66a63d0ea60bd5655a2b5c1cadf
-  data.tar.gz: a81a938c7be2f821ec6f140f4c2a6141f9b9f09df478ca9b8385784c1ee97be0
+  metadata.gz: fdeace2093ea8dd5b0326e751fe39daaf0976d9815949063d0a041b579637db4
+  data.tar.gz: 5dcd586bbab56363ee751a3379354bfb93861e6dff1e645d78194eb530d86945
 SHA512:
-  metadata.gz: 1935e81a7b66aeb1a99b8ccef18e9c1d21887a5e6f5634ba6a3239ac24e2fa189e9ec16be395a731af691c72945935ffa30b5dd281af9c047b5e92ec638ccbc2
-  data.tar.gz: 0a6441bd065bc4a313b743faf03cd038afa92a0ba4e7657312ff7bf5e16707b02cc3a4f5cfcfc356363791d7a2c74e947fb8119c6d6c58a6ce4e4b42a6ddb071
+  metadata.gz: f5e563b6bcb8f601cb0d31c846869c8d62bff34d2154fd356c0c6596f695ed2238a152abfb3e50871ab1b20b8d581f5e17734a88a9af2770351c58bacc3f4fa5
+  data.tar.gz: e740b5181dcf8f7eb9915d9395c7bef55c222249980c3866cb771d2cc151c7ee61ef948b14b081e9562dec467314f21fe5207140b55f298dc359b3a04d5d0fd0

data/README.md CHANGED Viewed

@@ -2,6 +2,8 @@
 Sync organisation SSH public keys to server `authorized_keys` file so they are able to SSH into OS - for [Capistrano v3](https://github.com/capistrano/capistrano).
+Note: The authorized keys file is generated locally before being uploaded to the server(s).
 ## Installation
 Add this line to your application's Gemfile:
@@ -27,6 +29,9 @@ And then set the variables in `config/deploy.rb`:
     set :github_org, 'olioex'
     # ...or... (takes priority)
     set :github_orgs, ['olioex', 'github']
+    # Optional for Github rate limits (oauth application)
+    set :github_app_id, '12345'
+    set :github_app_secret, 'abcdef'
 The task will run automatically on successful deploy. Alternatively, you can notify of a deploy starting manually by using:

data/capistrano-ssh-authorized-keys-github.gemspec CHANGED Viewed

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 Gem::Specification.new do |spec|
   spec.name          = 'capistrano-ssh-authorized-keys-github'
-  spec.version       = '1.0.1'
+  spec.version       = '1.1.0'
   spec.authors       = ['lloydwatkin']
   spec.email         = ['lloyd@olioex.com']
   spec.summary       = %q{Sync Github organisation public SSH keys to `server authorized_keys` file}

data/lib/capistrano/tasks/ssh-authorized-keys-github.cap CHANGED Viewed

@@ -8,15 +8,18 @@ NO_ORGANISATION_MEMBER_KEYS_FOUND = 'There are no public members for this Github
 namespace :security do
   desc 'Cycle SSH key logins'
   task :update_ssh_keys do
-    on roles(:all) do
+    on roles(:all) do |host|
       organisations = fetch(:github_orgs) || fetch(:github_org) || raise(NO_GITHUB_ORGANISATION_PROVIDED)
       keys = ""
-      user = `whoami`.chomp
+      authentication = ''
+      if fetch(:github_app_id) && fetch(:github_app_secret)
+        authentication = "#{fetch(:github_app_id)}:#{fetch(:github_app_secret)}@"
+      end
       [*organisations].each do |organisation|
-        url = URI("https://api.github.com/orgs/#{organisation}")
+        url = URI("https://#{authentication}api.github.com/orgs/#{organisation}")
         organisation_details = JSON.parse(Net::HTTP.get_response(url).body, symbolize_names: true)
-        members_url = URI(organisation_details[:members_url].gsub("{/member}", ""))
+        members_url = URI(organisation_details[:members_url].gsub("{/member}", "").gsub('https://', "https://#{authentication}"))
         members = JSON.parse(Net::HTTP.get_response(members_url).body, symbolize_names: true)
         keys += "      #
         # #{organisation_details[:name]} keys
@@ -27,7 +30,7 @@ namespace :security do
         "
         member_details = members.map { |member| member[:login].downcase }.sort
         member_details.each do |member|
-          member_keys = URI("https://github.com/#{member}.keys")
+          member_keys = URI("https://#{authentication}github.com/#{member}.keys")
           info = "      #
       # @#{member}
       # #{member_keys}
@@ -38,9 +41,11 @@ namespace :security do
       end
       if keys.scan(/ssh-(rsa|ed25519)/).count > 0
-        File.open("/home/#{user}/.ssh/authorized_keys", "w") do |f|
+        File.open("./tmp/authorized_keys", "w") do |f|
           f.write(keys)
         end
+        upload! './tmp/authorized_keys', "/tmp/authorized_keys"
+        execute :mv, "/tmp/authorized_keys", "~/.ssh/authorized_keys"
       else
         raise NO_ORGANISATION_MEMBER_KEYS_FOUND
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: capistrano-ssh-authorized-keys-github
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - lloydwatkin