GitHub - coder/wush-action: SSH into GitHub Actions

1 min read Original article ↗

Wush Action

SSH into GitHub Actions using wush. Debug workflows as if they were running on your machine.

wush-action

Usage

  1. Add coder/wush-action to a GitHub Actions workflow:
jobs:
  wush:
    steps:
      ...

      - uses: coder/wush-action@v1.0.0
        timeout-minutes: 30

      ...
  1. Install wush on your local machine:
curl -fsSL https://github.com/coder/wush/raw/refs/heads/main/install.sh | sh
  1. Copy the authentication key from GitHub Actions logs:
Screenshot 2025-07-26 at 21 00 22
  1. Run wush ssh, and paste the key.
Screenshot 2025-07-26 at 21 02 39 1
  1. You're in!
Screenshot 2025-07-26 at 21 04 11

Supported platforms

  • Linux (x86_64 and arm64)
  • Windows (x86_64 and arm64)
  • macOS (x86_64 and arm64)

How it works

Wush establishes a WireGuard tunnel between your local machine and a GitHub Actions runner - traffic is E2E-encrypted. It doesn't require you to trust any 3rd party authentication or relay servers, instead using x25519 keys to authenticate connections.

For more information, see wush's README and source code.

Usage tips

To run coder/wush-action regardless of whether a job succeeds or fails, consider using ${{ !cancelled() }} instead of ${{ always() }}:

jobs:
  wush:
    steps:
      ...

      - name: Run wush
        if: ${{ !cancelled() }}
        uses: coder/wush-action@v1.0.0

always() is immune to cancellation, so you won't be able to stop wush by cancelling the workflow. Instead, you'll need to SSH into GitHub Actions and kill the wush process manually.