Release/v5 (#13)

* Reference JoshPiper/rsync-docker @ 1.1.0 * See: https://github.com/JoshPiper/rsync-docker/tree/1.1.0 * New features: Support passphrase protected keys * supply SSH_PASS (key passphrase) to agent-add Read more about the behavior: https://github.com/JoshPiper/rsync-docker#agent-askpass * add new remote_key_pass config option * Update README.md * Update README.md * 2.0 is EOL * support 5.0, drop 2.0 * default to empty string * reference JoshPiper/rsync-docker @ v1.2.0
2024-11-21 23:13:46 +01:00 · 2021-08-02 21:57:01 +02:00 · 2021-08-02 21:57:01 +02:00 · 342e70b07e
commit 342e70b07e
parent a93a577f3f
5 changed files with 56 additions and 11 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM drinternet/rsync:1.0.1
+FROM drinternet/rsync:v1.2.0

 # Copy entrypoint
 COPY entrypoint.sh /entrypoint.sh
--- a/README.md
+++ b/README.md
@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache))

 - `remote_key`* - The remote ssh key

+- `remote_key_pass` - The remote ssh key passphrase (if any)
+
 ``* = Required``

-## Required secret
+## Required secret(s)

-This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the  `remote_key` input.
+This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the  `remote_key` input.
+
+> Always use secrets when dealing with sensitive inputs!
+
+For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.

 ## Example usage

@ -49,7 +55,7 @@ jobs:
    steps:
    - uses: actions/checkout@v2
    - name: rsync deployments
-      uses: burnett01/rsync-deployments@4.1
+      uses: burnett01/rsync-deployments@5.0
      with:
        switches: -avzr --delete
        path: src/
@ -68,7 +74,7 @@ jobs:
    steps:
    - uses: actions/checkout@v2
    - name: rsync deployments
-      uses: burnett01/rsync-deployments@4.1
+      uses: burnett01/rsync-deployments@5.0
      with:
        switches: -avzr --delete --exclude="" --include="" --filter=""
        path: src/
@ -79,7 +85,7 @@ jobs:
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```

-For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
+For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.

 ```
 jobs:
@ -88,17 +94,50 @@ jobs:
    steps:
    - uses: actions/checkout@v2
    - name: rsync deployments
-      uses: burnett01/rsync-deployments@4.1
+      uses: burnett01/rsync-deployments@5.0
      with:
        switches: -avzr --delete
        path: src/
-        remote_path: /var/www/html/
+        remote_path: ${{ secrets.DEPLOY_PATH }}
        remote_host: ${{ secrets.DEPLOY_HOST }}
        remote_port: ${{ secrets.DEPLOY_PORT }}
        remote_user: ${{ secrets.DEPLOY_USER }}
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```

+If your private key is passphrase protected you should use:
+
+```
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: rsync deployments
+      uses: burnett01/rsync-deployments@5.0
+      with:
+        switches: -avzr --delete
+        path: src/
+        remote_path: ${{ secrets.DEPLOY_PATH }}
+        remote_host: ${{ secrets.DEPLOY_HOST }}
+        remote_port: ${{ secrets.DEPLOY_PORT }}
+        remote_user: ${{ secrets.DEPLOY_USER }}
+        remote_key: ${{ secrets.DEPLOY_KEY }}
+        remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
+```
+---
+
+## Version 4.0 & 4.1
+
+Looking for version 4.0 and 4.1?
+
+Check here: 
+
+- https://github.com/Burnett01/rsync-deployments/tree/4.0
+- https://github.com/Burnett01/rsync-deployments/tree/4.1
+
+Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
+
 ---

 ## Version 3.0
@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
 Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
 based on ``alpine:latest``and heavily optimized for rsync.

-## Version 2.0
+## Version 2.0 (EOL)

 Looking for version 2.0?

--- a/SECURITY.md
+++ b/SECURITY.md
@ -6,10 +6,12 @@ The following versions are currently being supported with security updates:

 | Version | Supported          |
 | ------- | ------------------ |
+| 5.0   | :white_check_mark: |
 | 4.1   | :white_check_mark: |
 | 4.0   | :white_check_mark: |
 | 3.0   | :white_check_mark: |
-| < 2.0   | :x:                |
+| 2.0   | :x:                |
+| 1.0   | :x:                |

 ## Reporting a Vulnerability

--- a/action.yml
+++ b/action.yml
@ -29,6 +29,10 @@ inputs:
  remote_key:
    description: 'The remote key'
    required: true
+  remote_key_pass:
+    description: 'The remote key passphrase'
+    required: false
+    default: ''
 runs:
  using: 'docker'
  image: 'Dockerfile'
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -2,7 +2,7 @@

 # Start the SSH agent and load key.
 source agent-start "$GITHUB_ACTION"
-echo "$INPUT_REMOTE_KEY" | agent-add
+echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add

 # Add strict errors.
 set -eu