Merge branch 'main' into renovate/all-minor-patch

README.md

@@ -18,16 +18,22 @@ Supported authentication methods:
 - Client certificate auth
 - Both of them
 
-| Name           | Description                                   | Required when           | 
-|----------------|-----------------------------------------------|-------------------------|
-| `username`     | Username                                      | Username-password auth  |
-| `password`     | Password                                      | Username-password auth  |
-| `client_key`   | Local peer's private key                      | Client certificate auth |
-| `tls_auth_key` | Pre-shared secret for TLS-auth HMAC signature | Optional                |
-
-**Note: It is strongly recommended that you provide all credentials
+| Name               | Description                        | Required when           | 
+|--------------------|------------------------------------|-------------------------|
+| `username`         | Username                           | Username-password auth  |
+| `password`         | Password                           | Username-password auth  |
+| `client_key`       | Local peer's private key           | Client certificate auth |
+| `tls_auth_key`     | Pre-shared group key for TLS Auth  | Optional                |
+| `tls_crypt_key`    | Pre-shared group key for TLS Crypt | Optional                |
+| `tls_crypt_v2_key` | Per-client key for TLS Crypt V2    | Optional                |
+
+> **Note: It is strongly recommended that you provide all credentials
 via [encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets).**
 
+When providing TLS keys, you should provide *only one of* either `tls_auth_key`, `tls_crypt_key` or `tls_crypt_v2_key`.
+You can determine which by checking the value of your key and looking in the header line. 
+[See the docs for more info about TLS in OpenVPN](https://openvpn.net/vpn-server-resources/tls-control-channel-security-in-openvpn-access-server)
+
 ## Usage
 
 - Create client configuration file based on

action.yml

@@ -14,7 +14,13 @@ inputs:
     description: "Password"
     required: false
   tls_auth_key:
-    description: "Pre-shared secret for TLS-auth HMAC signature"
+    description: "Pre-shared group key for TLS Auth"
+    required: false
+  tls_crypt_key:
+    description: "Pre-shared group key for TLS Crypt"
+    required: false
+  tls_crypt_v2_key:
+    description: "Per-client key for TLS Crypt V2"
     required: false
   client_key:
     description: "Local peer's private key"

dist/index.js

@@ -2007,8 +2007,12 @@ class Tail extends events.EventEmitter {
      */
     getPositionAtNthLine(nLines) {
         const { size } = fs.statSync(this.filename);
-        const fd = fs.openSync(this.filename, 'r');
 
+        if (size === 0) {
+            return 0;
+        }
+
+        const fd = fs.openSync(this.filename, 'r');
         // Start from the end of the file and work backwards in specific chunks
         let currentReadPosition = size;
         const chunkSizeBytes = Math.min(1024, size);
@@ -3172,6 +3176,8 @@ const run = (callback) => {
   const password = core.getInput("password");
   const clientKey = core.getInput("client_key");
   const tlsAuthKey = core.getInput("tls_auth_key");
+  const tlsCryptKey = core.getInput("tls_crypt_key");
+  const tlsCryptV2Key = core.getInput("tls_crypt_v2_key");
 
   if (!fs.existsSync(configFile)) {
     throw new Error(`config file '${configFile}' not found`);
@@ -3197,6 +3203,16 @@ const run = (callback) => {
     fs.appendFileSync(configFile, "tls-auth ta.key 1\n");
     fs.writeFileSync("ta.key", tlsAuthKey, { mode: 0o600 });
   }
+
+  if (tlsCryptKey) {
+    fs.appendFileSync(configFile, "tls-crypt tc.key 1\n");
+    fs.writeFileSync("tc.key", tlsCryptKey, { mode: 0o600 });
+  }
+
+  if (tlsCryptV2Key) {
+    fs.appendFileSync(configFile, "tls-crypt-v2 tcv2.key 1\n");
+    fs.writeFileSync("tcv2.key", tlsCryptV2Key, { mode: 0o600 });
+  }
 
   core.info("========== begin configuration ==========");
   core.info(fs.readFileSync(configFile, "utf8"));

package.json

@@ -1,8 +1,11 @@
 {
   "name": "github-openvpn-connect-action",
-  "version": "2.0.2",
+  "version": "2.1.0",
   "description": "GitHub Action for connecting to OpenVPN server",
-  "keywords": ["github", "actions"],
+  "keywords": [
+    "github",
+    "actions"
+  ],
   "homepage": "https://github.com/kota65535/github-openvpn-connect-action#readme",
   "bugs": {
     "url": "https://github.com/kota65535/github-openvpn-connect-action/issues"
@@ -32,6 +35,6 @@
     "eslint-config-prettier": "8.10.0",
     "eslint-config-standard": "17.1.0",
     "husky": "8.0.3",
-    "prettier": "2.8.8"
+    "prettier": "3.0.3"
   }
 }

src/main.js

@@ -9,6 +9,8 @@ const run = (callback) => {
   const password = core.getInput("password");
   const clientKey = core.getInput("client_key");
   const tlsAuthKey = core.getInput("tls_auth_key");
+  const tlsCryptKey = core.getInput("tls_crypt_key");
+  const tlsCryptV2Key = core.getInput("tls_crypt_v2_key");
 
   if (!fs.existsSync(configFile)) {
     throw new Error(`config file '${configFile}' not found`);
@@ -34,6 +36,16 @@ const run = (callback) => {
     fs.appendFileSync(configFile, "tls-auth ta.key 1\n");
     fs.writeFileSync("ta.key", tlsAuthKey, { mode: 0o600 });
   }
+
+  if (tlsCryptKey) {
+    fs.appendFileSync(configFile, "tls-crypt tc.key 1\n");
+    fs.writeFileSync("tc.key", tlsCryptKey, { mode: 0o600 });
+  }
+
+  if (tlsCryptV2Key) {
+    fs.appendFileSync(configFile, "tls-crypt-v2 tcv2.key 1\n");
+    fs.writeFileSync("tcv2.key", tlsCryptV2Key, { mode: 0o600 });
+  }
 
   core.info("========== begin configuration ==========");
   core.info(fs.readFileSync(configFile, "utf8"));