mirror of
https://github.com/Burnett01/rsync-deployments.git
synced 2024-11-21 23:13:46 +01:00
Release/v5 (#13)
* Reference JoshPiper/rsync-docker @ 1.1.0 * See: https://github.com/JoshPiper/rsync-docker/tree/1.1.0 * New features: Support passphrase protected keys * supply SSH_PASS (key passphrase) to agent-add Read more about the behavior: https://github.com/JoshPiper/rsync-docker#agent-askpass * add new remote_key_pass config option * Update README.md * Update README.md * 2.0 is EOL * support 5.0, drop 2.0 * default to empty string * reference JoshPiper/rsync-docker @ v1.2.0
This commit is contained in:
parent
a93a577f3f
commit
342e70b07e
5 changed files with 56 additions and 11 deletions
|
@ -1,4 +1,4 @@
|
||||||
FROM drinternet/rsync:1.0.1
|
FROM drinternet/rsync:v1.2.0
|
||||||
|
|
||||||
# Copy entrypoint
|
# Copy entrypoint
|
||||||
COPY entrypoint.sh /entrypoint.sh
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
|
|
55
README.md
55
README.md
|
@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache))
|
||||||
|
|
||||||
- `remote_key`* - The remote ssh key
|
- `remote_key`* - The remote ssh key
|
||||||
|
|
||||||
|
- `remote_key_pass` - The remote ssh key passphrase (if any)
|
||||||
|
|
||||||
``* = Required``
|
``* = Required``
|
||||||
|
|
||||||
## Required secret
|
## Required secret(s)
|
||||||
|
|
||||||
This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input.
|
This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.
|
||||||
|
|
||||||
|
> Always use secrets when dealing with sensitive inputs!
|
||||||
|
|
||||||
|
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
|
||||||
|
|
||||||
## Example usage
|
## Example usage
|
||||||
|
|
||||||
|
@ -49,7 +55,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: rsync deployments
|
- name: rsync deployments
|
||||||
uses: burnett01/rsync-deployments@4.1
|
uses: burnett01/rsync-deployments@5.0
|
||||||
with:
|
with:
|
||||||
switches: -avzr --delete
|
switches: -avzr --delete
|
||||||
path: src/
|
path: src/
|
||||||
|
@ -68,7 +74,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: rsync deployments
|
- name: rsync deployments
|
||||||
uses: burnett01/rsync-deployments@4.1
|
uses: burnett01/rsync-deployments@5.0
|
||||||
with:
|
with:
|
||||||
switches: -avzr --delete --exclude="" --include="" --filter=""
|
switches: -avzr --delete --exclude="" --include="" --filter=""
|
||||||
path: src/
|
path: src/
|
||||||
|
@ -79,7 +85,7 @@ jobs:
|
||||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
remote_key: ${{ secrets.DEPLOY_KEY }}
|
||||||
```
|
```
|
||||||
|
|
||||||
For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
|
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
|
||||||
|
|
||||||
```
|
```
|
||||||
jobs:
|
jobs:
|
||||||
|
@ -88,17 +94,50 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: rsync deployments
|
- name: rsync deployments
|
||||||
uses: burnett01/rsync-deployments@4.1
|
uses: burnett01/rsync-deployments@5.0
|
||||||
with:
|
with:
|
||||||
switches: -avzr --delete
|
switches: -avzr --delete
|
||||||
path: src/
|
path: src/
|
||||||
remote_path: /var/www/html/
|
remote_path: ${{ secrets.DEPLOY_PATH }}
|
||||||
remote_host: ${{ secrets.DEPLOY_HOST }}
|
remote_host: ${{ secrets.DEPLOY_HOST }}
|
||||||
remote_port: ${{ secrets.DEPLOY_PORT }}
|
remote_port: ${{ secrets.DEPLOY_PORT }}
|
||||||
remote_user: ${{ secrets.DEPLOY_USER }}
|
remote_user: ${{ secrets.DEPLOY_USER }}
|
||||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
remote_key: ${{ secrets.DEPLOY_KEY }}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If your private key is passphrase protected you should use:
|
||||||
|
|
||||||
|
```
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: rsync deployments
|
||||||
|
uses: burnett01/rsync-deployments@5.0
|
||||||
|
with:
|
||||||
|
switches: -avzr --delete
|
||||||
|
path: src/
|
||||||
|
remote_path: ${{ secrets.DEPLOY_PATH }}
|
||||||
|
remote_host: ${{ secrets.DEPLOY_HOST }}
|
||||||
|
remote_port: ${{ secrets.DEPLOY_PORT }}
|
||||||
|
remote_user: ${{ secrets.DEPLOY_USER }}
|
||||||
|
remote_key: ${{ secrets.DEPLOY_KEY }}
|
||||||
|
remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
|
||||||
|
```
|
||||||
|
---
|
||||||
|
|
||||||
|
## Version 4.0 & 4.1
|
||||||
|
|
||||||
|
Looking for version 4.0 and 4.1?
|
||||||
|
|
||||||
|
Check here:
|
||||||
|
|
||||||
|
- https://github.com/Burnett01/rsync-deployments/tree/4.0
|
||||||
|
- https://github.com/Burnett01/rsync-deployments/tree/4.1
|
||||||
|
|
||||||
|
Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Version 3.0
|
## Version 3.0
|
||||||
|
@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
|
||||||
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
|
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
|
||||||
based on ``alpine:latest``and heavily optimized for rsync.
|
based on ``alpine:latest``and heavily optimized for rsync.
|
||||||
|
|
||||||
## Version 2.0
|
## Version 2.0 (EOL)
|
||||||
|
|
||||||
Looking for version 2.0?
|
Looking for version 2.0?
|
||||||
|
|
||||||
|
|
|
@ -6,10 +6,12 @@ The following versions are currently being supported with security updates:
|
||||||
|
|
||||||
| Version | Supported |
|
| Version | Supported |
|
||||||
| ------- | ------------------ |
|
| ------- | ------------------ |
|
||||||
|
| 5.0 | :white_check_mark: |
|
||||||
| 4.1 | :white_check_mark: |
|
| 4.1 | :white_check_mark: |
|
||||||
| 4.0 | :white_check_mark: |
|
| 4.0 | :white_check_mark: |
|
||||||
| 3.0 | :white_check_mark: |
|
| 3.0 | :white_check_mark: |
|
||||||
| < 2.0 | :x: |
|
| 2.0 | :x: |
|
||||||
|
| 1.0 | :x: |
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,10 @@ inputs:
|
||||||
remote_key:
|
remote_key:
|
||||||
description: 'The remote key'
|
description: 'The remote key'
|
||||||
required: true
|
required: true
|
||||||
|
remote_key_pass:
|
||||||
|
description: 'The remote key passphrase'
|
||||||
|
required: false
|
||||||
|
default: ''
|
||||||
runs:
|
runs:
|
||||||
using: 'docker'
|
using: 'docker'
|
||||||
image: 'Dockerfile'
|
image: 'Dockerfile'
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
# Start the SSH agent and load key.
|
# Start the SSH agent and load key.
|
||||||
source agent-start "$GITHUB_ACTION"
|
source agent-start "$GITHUB_ACTION"
|
||||||
echo "$INPUT_REMOTE_KEY" | agent-add
|
echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
|
||||||
|
|
||||||
# Add strict errors.
|
# Add strict errors.
|
||||||
set -eu
|
set -eu
|
||||||
|
|
Loading…
Reference in a new issue