mbernson · September 4, 2024 12:03
diff --git a/action.yaml b/action.yaml
 # Put this in `.github/actions/auth-setup/action.yaml`

 name: Setup correct ssh auth
 description: Installs keys, configures .ssh/config
 inputs:
  spm-private-key:
    required: true
    description: The private key to pull private Swift packages
  fastlane-match-private-key:
    required: true
    description: The private key to pull from the Fastlane Match secrets repo
 runs:
  using: "composite"
  steps:
    - name: Fetch github public keys
      id: known-hosts
      shell: bash
      run: |
        echo 'KEYS<<EOF' >> $GITHUB_OUTPUT
        ssh-keyscan github.com >> $GITHUB_OUTPUT
        echo 'EOF' >> $GITHUB_OUTPUT

    - name: Install SSH deploy key for private Swift packages
      uses: shimataro/ssh-key-action@v2
      with:
        key: ${{ inputs.spm-private-key }}
        name: id_rsa
        known_hosts: ${{ steps.known-hosts.outputs.KEYS }}
    - name: Install SSH deploy key for Fastlane Match
      uses: shimataro/ssh-key-action@v2
      with:
        key: ${{ inputs.fastlane-match-private-key }}
        name: id_match
        known_hosts: ${{ steps.known-hosts.outputs.KEYS }}

    - name: Setup ssh config
      shell: bash
      run: |
        cat <<EOF >> ~/.ssh/config
          Host match.github.com
            HostName github.com
            IdentityFile ~/.ssh/id_match
          Host github.com
            IdentityFile ~/.ssh/id_rsa
        EOF
    - name: Validate config
      shell: bash
      run: |
        cat ~/.ssh/config
        ssh -T [email protected] || true
        ssh -T [email protected] || true
diff --git a/pipeline.yaml b/pipeline.yaml
 # Put this in `.github/workflows/pipeline.yaml`

 name: Pipeline

 on:
  push:
    branches: ["main"]

 jobs:
  build:
    name: Build
    runs-on: [self-hosted, macOS]

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup git repo authentication
        uses: "./.github/actions/auth-setup"
        with:
          spm-private-key: ${{ secrets.DEPLOY_KEY_SWIFT_CLIENT }}
          fastlane-match-private-key: ${{ secrets.FASTLANE_MATCH_DEPLOY_KEY }}

      # Rest of the workflow goes here...
	# Put this in `.github/actions/auth-setup/action.yaml`

	name: Setup correct ssh auth
	description: Installs keys, configures .ssh/config
	inputs:
	spm-private-key:
	required: true
	description: The private key to pull private Swift packages
	fastlane-match-private-key:
	required: true
	description: The private key to pull from the Fastlane Match secrets repo
	runs:
	using: "composite"
	steps:
	- name: Fetch github public keys
	id: known-hosts
	shell: bash
	run: \|
	echo 'KEYS<<EOF' >> $GITHUB_OUTPUT
	ssh-keyscan github.com >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Install SSH deploy key for private Swift packages
	uses: shimataro/ssh-key-action@v2
	with:
	key: ${{ inputs.spm-private-key }}
	name: id_rsa
	known_hosts: ${{ steps.known-hosts.outputs.KEYS }}
	- name: Install SSH deploy key for Fastlane Match
	uses: shimataro/ssh-key-action@v2
	with:
	key: ${{ inputs.fastlane-match-private-key }}
	name: id_match
	known_hosts: ${{ steps.known-hosts.outputs.KEYS }}

	- name: Setup ssh config
	shell: bash
	run: \|
	cat <<EOF >> ~/.ssh/config
	Host match.github.com
	HostName github.com
	IdentityFile ~/.ssh/id_match
	Host github.com
	IdentityFile ~/.ssh/id_rsa
	EOF
	- name: Validate config
	shell: bash
	run: \|
	cat ~/.ssh/config
	ssh -T [email protected] \|\| true
	ssh -T [email protected] \|\| true
	# Put this in `.github/workflows/pipeline.yaml`

	name: Pipeline

	on:
	push:
	branches: ["main"]

	jobs:
	build:
	name: Build
	runs-on: [self-hosted, macOS]

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Setup git repo authentication
	uses: "./.github/actions/auth-setup"
	with:
	spm-private-key: ${{ secrets.DEPLOY_KEY_SWIFT_CLIENT }}
	fastlane-match-private-key: ${{ secrets.FASTLANE_MATCH_DEPLOY_KEY }}

	# Rest of the workflow goes here...