How do you output Private Key stored in secret as file?

Hi, I want to use git-ftp-action with SSH

And we need to include a path to private key like this:

git-ftp push --key /path/to/private_key ...

Since my key is inside a secret, do I need to output it as file first?

I found a guide on how to output the file like this:

    - run: 'echo "$SSH_KEY" > key'
      shell: bash
      env:
        SSH_KEY: ${{secrets.SSH_KEY}}

But where is that file placed at? I tried --key key or --key /key and doesn’t work.

Thanks

Hi @hrsetyono,

git-ftp needs absolute refs to the key file.
Please remove single quote for your command.

    - run: echo "$SSH_KEY" > key    # remove single quote
      shell: bash
      env:
        SSH_KEY: ${{secrets.SSH_KEY}}

The key file exists in GITHUB_WORKSPACE, please try to use ‘–key ${{ github.workspace }}/key’.

Thanks

Hi, thanks for the reply

Now the error become

fatal:  Can't access remote 'sftp://***:***@123.45.67.89'.
Failed to log in. Correct user and password? exiting...

But I already confirmed that the private key works by testing it locally.

So there’s something wrong with the echoing process. Below is my workflow, is there something wrong in it?

name: Deploy via git-ftp
on: push
jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - shell: bash
      run: echo "$SSH_KEY" > the_key
      env:
        SSH_KEY: ${{ secrets.SSH_KEY }}
    - name: git-ftp push
      uses: sebastianpopp/git-ftp-action@fix-ssl-issue
      with:
        url: "sftp://123.45.67.89/mysite"
        user: ${{ secrets.DO_USERNAME }}
        password: false
        options: "--key ${{ github.workspace }}/the_key --auto-init --insecure"

Hi @hrsetyono,

Thanks for your reply!
The password is needed in the action metatada file, but you set it as ‘false’, and in the entrypoint.sh, it’s still needed as below:

#!/bin/sh -l

git-ftp push \
  --syncroot $INPUT_SYNCROOT \
  --user $INPUT_USER \
  --passwd $INPUT_PASSWORD \
  $INPUT_OPTIONS \
  $INPUT_URL

As action author mentioned here, you need to handle the missing parameter:

  1. Fork the action, change password: required to false in action.yaml. Then you can ignore password for the action in yaml setting.
  2. Edit the entrypiont.sh, change the command.(remove --password $INPUT_PASSWORD? I’m not quite sure)
  3. Use your own action instead.

Thanks

Hi Weide,

Thanks for your help so far. After like 100+ failed tries, I decided to simply not use Key and revert back to password.

Just in case someone else googled this problem, here’s my workflow with password:

name: Deploy via git-ftp
on: push
jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: git-ftp push
      uses: sebastianpopp/git-ftp-action@fix-ssl-issue
      with:
        url: "sftp://123.45.67.89/~/path/"
        user: ${{ secrets.DO_USERNAME }}
        password: ${{ secrets.DO_PASSWORD }}
        options: "--auto-init --insecure"

If your DigitalOcean is set to “Key Only”, you can change that here https://www.digitalocean.com/community/questions/enable-both-password-and-key-file-to-ssh-logon-in