From 2389fc691e3cbe7d97f7bbb35dc1190443f282c4 Mon Sep 17 00:00:00 2001
From: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
Date: Thu, 3 Apr 2025 11:14:33 -0400
Subject: [PATCH] Common action for setup ssh agent in GHA (#15902)

---
 .github/actions/awx_devel_image/action.yml | 21 ++--------------
 .github/actions/setup-ssh-agent/action.yml | 29 ++++++++++++++++++++++
 .github/workflows/ci.yml                   | 24 +++---------------
 .github/workflows/devel_images.yml         | 20 ++-------------
 .github/workflows/upload_schema.yml        | 20 ++-------------
 5 files changed, 39 insertions(+), 75 deletions(-)
 create mode 100644 .github/actions/setup-ssh-agent/action.yml

diff --git a/.github/actions/awx_devel_image/action.yml b/.github/actions/awx_devel_image/action.yml
index eb7276472e..c2c9ba8ffb 100644
--- a/.github/actions/awx_devel_image/action.yml
+++ b/.github/actions/awx_devel_image/action.yml
@@ -26,26 +26,9 @@ runs:
       run: |
         echo "${{ inputs.github-token }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
-    - name: Generate placeholder SSH private key if SSH auth for private repos is not needed
-      id: generate_key
-      shell: bash
-      run: |
-        if [[ -z "${{ inputs.private-github-key }}" ]]; then
-          ssh-keygen -t ed25519 -C "github-actions" -N "" -f ~/.ssh/id_ed25519
-          echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-          cat ~/.ssh/id_ed25519 >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-        else
-          echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-          echo "${{ inputs.private-github-key }}" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-        fi
-
-    - name: Add private GitHub key to SSH agent
-      uses: webfactory/ssh-agent@v0.9.0
+    - uses: ./.github/actions/setup-ssh-agent
       with:
-        ssh-private-key: ${{ steps.generate_key.outputs.SSH_PRIVATE_KEY }}
-
+        ssh-private-key: ${{ inputs.private-github-key }}
 
     - name: Pre-pull latest devel image to warm cache
       shell: bash
diff --git a/.github/actions/setup-ssh-agent/action.yml b/.github/actions/setup-ssh-agent/action.yml
new file mode 100644
index 0000000000..6c816b4ffd
--- /dev/null
+++ b/.github/actions/setup-ssh-agent/action.yml
@@ -0,0 +1,29 @@
+name: 'Setup SSH for GitHub'
+description: 'Configure SSH for private repository access'
+inputs:
+  ssh-private-key:
+    description: 'SSH private key for repository access'
+    required: false
+    default: ''
+runs:
+  using: composite
+  steps:
+    - name: Generate placeholder SSH private key if SSH auth for private repos is not needed
+      id: generate_key
+      shell: bash
+      run: |
+        if [[ -z "${{ inputs.ssh-private-key }}" ]]; then
+          ssh-keygen -t ed25519 -C "github-actions" -N "" -f ~/.ssh/id_ed25519
+          echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
+          cat ~/.ssh/id_ed25519 >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+        else
+          echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
+          echo "${{ inputs.ssh-private-key }}" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Add private GitHub key to SSH agent
+      uses: webfactory/ssh-agent@v0.9.0
+      with:
+        ssh-private-key: ${{ steps.generate_key.outputs.SSH_PRIVATE_KEY }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e09eddbb13..53d51b55b0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -161,6 +161,10 @@ jobs:
           show-progress: false
           path: awx
 
+      - uses: ./awx/.github/actions/setup-ssh-agent
+        with:
+          ssh-private-key: ${{ secrets.PRIVATE_GITHUB_KEY }}
+
       - name: Checkout awx-operator
         uses: actions/checkout@v4
         with:
@@ -181,26 +185,6 @@ jobs:
         run: |
           python3 -m pip install docker
 
-      - name: Generate placeholder SSH private key if SSH auth for private repos is not needed
-        id: generate_key
-        shell: bash
-        run: |
-          if [[ -z "${{ secrets.PRIVATE_GITHUB_KEY }}" ]]; then
-            ssh-keygen -t ed25519 -C "github-actions" -N "" -f ~/.ssh/id_ed25519
-            echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-            cat ~/.ssh/id_ed25519 >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITHUB_OUTPUT
-          else
-            echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-            echo "${{ secrets.PRIVATE_GITHUB_KEY }}" >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Add private GitHub key to SSH agent
-        uses: webfactory/ssh-agent@v0.9.0
-        with:
-          ssh-private-key: ${{ steps.generate_key.outputs.SSH_PRIVATE_KEY }}
-
       - name: Build AWX image
         working-directory: awx
         run: |
diff --git a/.github/workflows/devel_images.yml b/.github/workflows/devel_images.yml
index b6b9d4f16a..39941e7774 100644
--- a/.github/workflows/devel_images.yml
+++ b/.github/workflows/devel_images.yml
@@ -73,25 +73,9 @@ jobs:
           make ui
         if: matrix.build-targets.image-name == 'awx'
 
-      - name: Generate placeholder SSH private key if SSH auth for private repos is not needed
-        id: generate_key
-        shell: bash
-        run: |
-          if [[ -z "${{ secrets.PRIVATE_GITHUB_KEY }}" ]]; then
-            ssh-keygen -t ed25519 -C "github-actions" -N "" -f ~/.ssh/id_ed25519
-            echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-            cat ~/.ssh/id_ed25519 >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITHUB_OUTPUT
-          else
-            echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-            echo "${{ secrets.PRIVATE_GITHUB_KEY }}" >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Add private GitHub key to SSH agent
-        uses: webfactory/ssh-agent@v0.9.0
+      - uses: ./.github/actions/setup-ssh-agent
         with:
-          ssh-private-key: ${{ steps.generate_key.outputs.SSH_PRIVATE_KEY }}
+          ssh-private-key: ${{ secrets.PRIVATE_GITHUB_KEY }}
 
       - name: Build and push AWX devel images
         run: |
diff --git a/.github/workflows/upload_schema.yml b/.github/workflows/upload_schema.yml
index 7d8fb5c35f..09d9860c94 100644
--- a/.github/workflows/upload_schema.yml
+++ b/.github/workflows/upload_schema.yml
@@ -35,25 +35,9 @@ jobs:
         run: |
           echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
-      - name: Generate placeholder SSH private key if SSH auth for private repos is not needed
-        id: generate_key
-        shell: bash
-        run: |
-          if [[ -z "${{ secrets.PRIVATE_GITHUB_KEY }}" ]]; then
-            ssh-keygen -t ed25519 -C "github-actions" -N "" -f ~/.ssh/id_ed25519
-            echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-            cat ~/.ssh/id_ed25519 >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITHUB_OUTPUT
-          else
-            echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
-            echo "${{ secrets.PRIVATE_GITHUB_KEY }}" >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Add private GitHub key to SSH agent
-        uses: webfactory/ssh-agent@v0.9.0
+      - uses: ./.github/actions/setup-ssh-agent
         with:
-          ssh-private-key: ${{ steps.generate_key.outputs.SSH_PRIVATE_KEY }}
+          ssh-private-key: ${{ secrets.PRIVATE_GITHUB_KEY }}
 
       - name: Pre-pull image to warm build cache
         run: |