GitHub Actions CI triggered by PRs by others fails

[tats-u]

Encrypted secrets in GitHub Actions are not passed to builds triggered by forked repositories (PRs from others).
https://docs.github.com/ja/free-pro-team@latest/actions/reference/encrypted-secrets#%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%95%E3%82%8C%E3%81%9F%E3%82%B7%E3%83%BC%E3%82%AF%E3%83%AC%E3%83%83%E3%83%88%E3%81%AE%E3%83%AF%E3%83%BC%E3%82%AF%E3%83%95%E3%83%AD%E3%83%BC%E5%86%85%E3%81%A7%E3%81%AE%E5%88%A9%E7%94%A8 (Japanese)
This makes Connect to github.com and Connect to github.com with name and config for PRs fail.

Take /.github/workflows/verify-on-ubuntu-2004.yml as an example.

ssh-key-action/.github/workflows/verify-on-ubuntu-2004.yml

Lines 11 to 20 in 66374ea

	name: Connect to github.com
	runs-on: ubuntu-20.04
	steps:
	- name: Checkout source codes
	uses: actions/checkout@v2
	- name: Install SSH key
	uses: ./.
	with:
	key: ${{ secrets.SSH_KEY }}
	known_hosts: ${{ secrets.KNOWN_HOSTS }}

In this configuration, key and known_hosts are ignored in PRs (except for yours). Options passed to builds for my PR are:

Run ./.
  with:
    name: id_rsa
Error: Input required and not supplied: key

name: id_rsa is the default option, so you can see those 2 options are missing.

It may be fixed by changing the SSH target to one created by Docker (you do not have to apply it to builds for develop branch).

---

Image candidate: https://github.com/linuxserver/docker-openssh-server

[tats-u]

#143 must be fixed before using https://github.com/linuxserver/docker-openssh-server because its host key changes every after containers created

[shimataro]

It may be fixed by changing the SSH target to one created by Docker

I think it cannot be tested on Windows/macOS if I use Docker service container... 🤔

[tats-u]

Windows can be tested because Docker is installed.
macOS is similar to Linux, and most bugs in PRs are supposed to be common in all OSes because configurations, keys, and options of ssh are the same ones in all OSes.

[shimataro]

@tats-u
Do you mean using Docker directly, not as service container?
It might work on Windows, but won't on macOS.

macOS is similar to Linux, and most bugs in PRs are supposed to be common in all OSes because configurations, keys, and options of ssh are the same ones in all OSes.

I want to guarantee this action to work on all available virtual machines definitely. It is tested on various versions of Ubuntu for that.
So, it must be tested on real macOS, not "macOS-like OS".

I will consider using Docker when macOS supports it. Until then, I handle PRs in the same way as #156 / #163.
Thank you.

[tats-u]

@shimataro
Thank you for the information. It seems great and an alternative to Docker in GitHub Actions.