From 4a43ab51ff94c9f92138307d635e43fcec8730e0 Mon Sep 17 00:00:00 2001
From: "J.P. Krauss" <jkrauss@asymworks.com>
Date: Thu, 14 Aug 2025 07:46:08 -0700
Subject: [PATCH] fix: update Docker image to pass initial checks

---
 Dockerfile    |  4 +++-
 action.yml    |  3 +++
 entrypoint.sh | 11 ++++++-----
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 232301a..dafe3e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,9 @@
 FROM alpine:3.22
 RUN apk update && \
-  apk add ansible bash openssh-client py3-pip step-cli
+  apk add ansible bash git openssh-client py3-pip step-cli
 
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
+
+WORKDIR /workspace
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/action.yml b/action.yml
index 6d556d4..5b37fbe 100644
--- a/action.yml
+++ b/action.yml
@@ -34,6 +34,9 @@ inputs:
   vault_password:
     description: The password used for decrypting vaulted files
     required: false
+  remote_user:
+    description: The username to use when connecting to remote hosts (defaults to 'ansible')
+    required: false
   become:
     description: Set to "true" if root is required for running your playbook
     required: false
diff --git a/entrypoint.sh b/entrypoint.sh
index 8e0449d..6e04abd 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -39,7 +39,7 @@ echo "Bootstrapped PKI at ${INPUT_PKI_CA_URL}"
 
 # Obtain the Host Certificate
 [ ! -d ~/.ssh ] && mkdir ~/.ssh
-echo "@cert-authority *.kraussnet.com $(step ssh config --host --roots)" > ~/.ssh/known_hosts
+echo "@cert-authority * $(step ssh config --host --roots)" > ~/.ssh/known_hosts
 echo "Obtained SSH Host Certificate Authority"
 
 # Obtain a User Certificate for Ansible
@@ -55,7 +55,7 @@ ssh-keygen -L -f ~/.ssh/id_ecdsa-cert.pub
 
 # Process the inventory parameter
 inventory=""
-if [ "${INPUT_INVENTORY}" =~ $'\n' ] ; then
+if [[ "${INPUT_INVENTORY}" =~ $'\n' ]] ; then
     echo "${INPUT_INVENTORY}" > /tmp/inventory
     inventory="/tmp/inventory"
 else
@@ -70,7 +70,7 @@ if [ ! -z "${INPUT_REQUIREMENTS:-}" ] ; then
 fi
 
 # Change the working directory
-if [ ! - z "${INPUT_DIRECTORY:-}" ] ; then
+if [ ! -z "${INPUT_DIRECTORY:-}" ] ; then
     cd "${INPUT_DIRECTORY}"
     echo "Changed working directory to $(pwd)"
 fi
@@ -87,10 +87,11 @@ if [ ! -z "${INPUT_CONFIGURATION:-}" ] ; then
 fi
 
 # Setup and Run Ansible Playbook
-cmd=""
 become="${INPUT_BECOME:-false}"
 check_mode="${INPUT_CHECK_MODE:-false}"
+remote_user="${INPUT_REMOTE_USER:-ansible}"
 
+cmd="-u ${remote_user}"
 if [ "${become,,}" == "true" ] ; then
     cmd="${cmd} -b"
 fi
@@ -105,6 +106,6 @@ if [ ! -z "${INPUT_VAULT_PASSWORD:-}" ] ; then
 fi
 
 cmd="${cmd} --inventory ${inventory} ${INPUT_PLAYBOOK}"
-print "Ansible Command: ansible-playbook ${cmd}"
+echo "Ansible Command: ansible-playbook ${cmd}"
 
 ansible-playbook $cmd