Skip to content

Latest commit

 

History

History
54 lines (46 loc) · 2.54 KB

README.md

File metadata and controls

54 lines (46 loc) · 2.54 KB

Cloudflared SSH Remote Command Runner

A GitHub Action that runs a Docker container, which lets you SSH into a server behind a Cloudflare Tunnel and run a command

Updates

This repo is forked from npgy/cloudflared-ssh-action

The Dockerfile has been updated to:

  • Pull the latest alpine image tag.
  • Install the latest Cloudflare Tunnel (cloudflared) binary.
  • Utilise service tokens for authentication, for SSH servers secured by Cloudflare Access policies.
  • Utilise Dependabot to alert if this code depends on a package with a security vulnerability.

The updates are intended to

Workflows

Branch protection rules require a PR before code can be merged into main. There are two PR workflows:

  • Dependency review will check upstream base Apline Linux image or Github Actions for updates. If there are High or Critical vulnerabilities found in feature branch, the workflow will fail.
  • Trivy scanner will check the built Docker image for vulnerabilities. If there's a High or Critical CVEs found in the image, the workflow will fail.

A successful merge into main will update the latest release and update the latest tagged container image uploaded to GitHub Packages.

Contributions

Any help keeping this repo healthy and secure would be appreciated!
Remaining in my to-do is automating semantic version releases in case users need to rollback to older, stable versions.
This action is now meeting my project's needs, so I won't be releasing further updates unless required.

Usage

Here is an example deploy.yaml file for the action:

name: Run command on remote server
on:
  pull_request:
    types:
      - closed
jobs:
  ssh_command:
    if: github.event.pull_request.merged == true
    name: Run SSH command
    needs: terraform_apply
    runs-on: ubuntu-latest
    steps:
    - name: Connect and run command on remote server
      uses: nathanjnorris/cloudflared-ssh-action@latest
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USERNAME }}
        private_key_filename: ${{ secrets.SSH_PRIVATE_KEY_FILENAME }}
        private_key_value: ${{ secrets.SSH_PRIVATE_KEY_VALUE }}
        port: ${{ secrets.SSH_PORT }}
        service_token_id: ${{ secrets.SERVICE_TOKEN_ID }}
        service_token_secret: ${{ secrets.SERVICE_TOKEN_SECRET }}
        commands: mkdir hello-world -v