would it be possible to set up Action worker nodes in a way that we already have the SSH Host Keys for GitHub services (repos, Gists) etc. available in either /etc/ssh/ssh_known_hosts or ~/.ssh/known_hosts?
That would make workflows somewhat more straightforward when we e. g. need to fetch dependencies.
Also, it would be more secure than having to run ssh-keyscan and just accept whatever keys we find. You should be in the best position to always provide the correct and up-to-date keys .
Hey @tonyarnold. Are you able to run Swift package tests with private dependencies? If so can you please share your approach since I can’t make it work for some reason GitHub runner do not use the package’s local .ssh folder and always fails to fetch dependencies. There is a related topic. Thanks!
- name: "Set up SSH agent"
uses: webfactory/ssh-agent@v0.1.1
with:
ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY }}
- name: "Add GitHub to the SSH known hosts file"
run: |
for ip in $(dig @8.8.8.8 github.com +short); do \
ssh-keyscan github.com,$ip; \
ssh-keyscan $ip; \
done 2>/dev/null >> ~/.ssh/known_hosts
There is one other change you need to make if you’re using Xcode directly, rather than Swift Package Manager, and that is to pass the -usePackageSupportBuiltinSCM flag to xcodebuild.
Finding your post, and your comment in regards to the -usePackageSupportBuiltinSCM flag for xcodebuild finally resolved a huge headache with GitHub Actions.