0%

白嫖github的workflows通过SSH连接GithubActionsVPS

github的workflows通过SSH连接GithubActionsVPS

QQ群:397745473

准备

  1. github账号 https://github.com/
  2. Ngrok: https://www.ngrok.com/
1
2
3
4
5
6
7
参考文章: https://www.waikey.com/vps-tutorials/github-actions-vps-ssh-benchmark/
https://github.com/rdp-studio/ssh2actions
https://github.com/mxschmitt/action-tmate
https://github.com/P3TERX/ActionsVM (推荐tmate版, 弹出后再用ngrok弹出来再用ssh直连)

MAC OS:
https://github.com/actions/virtual-environments

创建GITHUB仓库

1
2
3
4
5
Secrets -->建两个变量
NGROK_TOKEN
USER_PASS

NGROK_TOKEN 是我们上面从 Ngrok 得到的 Auth Token,USER_PASS 是你的个人密码,将分配给 SSH 账户。

建立bash脚本

创建一个新的 ssh-server.sh 文件到 repo,复制下面的代码并直接复制到 master 分支。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/bin/bash

if [[ -z "$NGROK_TOKEN" ]]; then
echo "Please set 'NGROK_TOKEN'"
exit 2
fi

if [[ -z "$USER_PASS" ]]; then
echo "Please set 'USER_PASS' for user: $USER"
exit 3
fi

wget -q https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-386.zip
unzip ngrok-stable-linux-386.zip
chmod +x ./ngrok

echo -e "$USER_PASS\n$SSH_PASSWORD" | sudo passwd "$USER"

rm -f .ngrok.log
./ngrok authtoken "$NGROK_TOKEN"
./ngrok tcp 22 --log ".ngrok.log" &

sleep 10

HAS_ERRORS=$(grep "command failed" < .ngrok.log)

if [[ -z "$HAS_ERRORS" ]]; then
echo ""
echo "To connect: $(grep -o -E "tcp://(.+)" < .ngrok.log | sed "s/tcp:\/\//ssh $USER@/" | sed "s/:/ -p /")"
echo ""
else
echo "$HAS_ERRORS"
exit 4
fi

创建一个新的工作流

通过 Github Actions 创建一个新的工作流,复制下面的代码并直接提交到 master 分支。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
name: SSH Server
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1

- name: Try Build
run: ./not-exist-file.sh it bloke build

- name: Start SSH via Ngrok
if: ${{ failure() }}
run: curl -sL https://gist.githubusercontent.com/retyui/7115bb6acf151351a143ec8f96a7c561/raw/7099b9db76729dc5761da72aa8525f632d8875c9/debug-github-actions.sh | bash
env:
# After sign up on the https://ngrok.com/
# You can find this token here: https://dashboard.ngrok.com/get-started/setup
NGROK_TOKEN: ${{ secrets.NGROK_TOKEN }}

# This password you will use when authorizing via SSH
USER_PASS: ${{ secrets.USER_PASS }}

- name: Don't kill instace
if: ${{ failure() }}
run: sleep 1h
# Prevent to killing instance after failure

它将在 1 小时后休眠,但您可以在上面的代码中更改时间!现在让我们检查工作流程!

这里我们得到了服务器地址和端口,现在我们可以用SSH客户端登录了!

更多白嫖 Github Action参考

1
https://blog.csdn.net/alex_yangchuansheng/article/details/108313625

mxschmitt/action-tmate[4]

这是第一个实现 tmate[5] 连接 Ac­tions 服务器的 ac­tion ,但此方案在退出连接后不能进行到下一个步骤,所以在实际使用中没有多少价值,只能用于 SSH 连接。不过由于其开天辟地的作用,我决定把它放到第一位。

work­flow 文件示例:

1
2
3
4
5
6
7
8
9
name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup tmate session
uses: mxschmitt/action-tmate@v2

方案二
csexton/debugger-action[6]

此 ac­tion 作者受 mxschmitt/action-tmate[7] 启发,同样是通过 tmate 连接,退出连接后可持续进行下一个步骤,能更好的应用到实际项目中使用。作者可能考虑到为 GitHub 节约资源,默认加了 15 分钟自动断开连接,不过可以通过执行 touch /tmp/keepalive 命令去解除。

work­flow 文件示例:

1
2
3
4
5
6
7
8
9
10
11
12
name: debugger-action
on:
watch:
types: started
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

- name: Setup Debug Session
uses: csexton/debugger-action@master

该方案没有使用 action 来实现,而是另辟蹊径,直接使用 ngrok 来穿透内网,脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash


if [[ -z "$NGROK_TOKEN" ]]; then
echo "Please set 'NGROK_TOKEN'"
exit 2
fi

if [[ -z "$USER_PASS" ]]; then
echo "Please set 'USER_PASS' for user: $USER"
exit 3
fi

echo "### Install ngrok ###"

wget -q https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-386.zip
unzip ngrok-stable-linux-386.zip
chmod +x ./ngrok

echo "### Update user: $USER password ###"
echo -e "$USER_PASS\n$USER_PASS" | sudo passwd "$USER"

echo "### Start ngrok proxy for 22 port ###"


rm -f .ngrok.log
./ngrok authtoken "$NGROK_TOKEN"
./ngrok tcp 22 --log ".ngrok.log" &

sleep 10
HAS_ERRORS=$(grep "command failed" < .ngrok.log)

if [[ -z "$HAS_ERRORS" ]]; then
echo ""
echo "=========================================="
echo "To connect: $(grep -o -E "tcp://(.+)" < .ngrok.log | sed "s/tcp:\/\//ssh $USER@/" | sed "s/:/ -p /")"
echo "=========================================="
else
echo "$HAS_ERRORS"
exit 4
fi

该脚本用来为 SSH 服务建立 TCP 隧道,并打印出通过公网连接远程服务器的命令。

首先需要在 ngrok 的官网[8] 注册一个账户,并生成一个Tunnel Authtoken:https://dashboard.ngrok.com/auth。

然后创建如下的 workflow:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
name: Debugging with SSH
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1

- name: Try Build
run: ./not-exist-file.sh it bloke build

- name: Start SSH via Ngrok
if: ${{ failure() }}
run: curl -sL https://gist.githubusercontent.com/retyui/7115bb6acf151351a143ec8f96a7c561/raw/7099b9db76729dc5761da72aa8525f632d8875c9/debug-github-actions.sh | bash
env:
# After sign up on the https://ngrok.com/
# You can find this token here: https://dashboard.ngrok.com/get-started/setup
NGROK_TOKEN: ${{ secrets.NGROK_TOKEN }}

# This password you will use when authorizing via SSH
USER_PASS: ${{ secrets.USER_PASS }}

- name: Don't kill instace
if: ${{ failure() }}
run: sleep 1h # Prevent to killing instance after failure

服务器存活时间默认是 1 小时,可自行调整。这里面的 TOKEN 和 SSH 登录密码最好采用 workflow 中推荐的方式,先在 GitHub 中创建 Secret,然后在 workflow 中引用 Secret。具体步骤可参考官方文档[9]。

最后再次强调:希望大家以学习研究目的来使用,切勿用作其他恶意用途,切勿滥用!

白嫖MACOS

1
2
3
4
5
6
7
8
9
name: CI
on: [push]
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3

防断

1
2
3
4
5
function ConnectButton(){
console.log("Connect pushed");
document.querySelector("#check-step-4 > summary > div > span").click()
}
setInterval(ConnectButton,60000);

QQ群:397745473

欢迎关注我的其它发布渠道