Release/v5 (#13)

* Reference JoshPiper/rsync-docker @ 1.1.0

* See: https://github.com/JoshPiper/rsync-docker/tree/1.1.0
* New features: Support passphrase protected keys

* supply SSH_PASS (key passphrase) to agent-add

Read more about the behavior: https://github.com/JoshPiper/rsync-docker#agent-askpass

* add new remote_key_pass config option

* Update README.md

* Update README.md

* 2.0 is EOL

* support 5.0, drop 2.0

* default to empty string

* reference JoshPiper/rsync-docker @ v1.2.0
This commit is contained in:
Steven Agyekum 2021-08-02 21:57:01 +02:00 committed by GitHub
parent a93a577f3f
commit 342e70b07e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 56 additions and 11 deletions

View file

@ -1,4 +1,4 @@
FROM drinternet/rsync:1.0.1
FROM drinternet/rsync:v1.2.0
# Copy entrypoint
COPY entrypoint.sh /entrypoint.sh

View file

@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache))
- `remote_key`* - The remote ssh key
- `remote_key_pass` - The remote ssh key passphrase (if any)
``* = Required``
## Required secret
## Required secret(s)
This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input.
This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.
> Always use secrets when dealing with sensitive inputs!
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
## Example usage
@ -49,7 +55,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@4.1
uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete
path: src/
@ -68,7 +74,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@4.1
uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/
@ -79,7 +85,7 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
```
For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
```
jobs:
@ -88,17 +94,50 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@4.1
uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete
path: src/
remote_path: /var/www/html/
remote_path: ${{ secrets.DEPLOY_PATH }}
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
```
If your private key is passphrase protected you should use:
```
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete
path: src/
remote_path: ${{ secrets.DEPLOY_PATH }}
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
```
---
## Version 4.0 & 4.1
Looking for version 4.0 and 4.1?
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/4.0
- https://github.com/Burnett01/rsync-deployments/tree/4.1
Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
---
## Version 3.0
@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
based on ``alpine:latest``and heavily optimized for rsync.
## Version 2.0
## Version 2.0 (EOL)
Looking for version 2.0?

View file

@ -6,10 +6,12 @@ The following versions are currently being supported with security updates:
| Version | Supported |
| ------- | ------------------ |
| 5.0 | :white_check_mark: |
| 4.1 | :white_check_mark: |
| 4.0 | :white_check_mark: |
| 3.0 | :white_check_mark: |
| < 2.0 | :x: |
| 2.0 | :x: |
| 1.0 | :x: |
## Reporting a Vulnerability

View file

@ -29,6 +29,10 @@ inputs:
remote_key:
description: 'The remote key'
required: true
remote_key_pass:
description: 'The remote key passphrase'
required: false
default: ''
runs:
using: 'docker'
image: 'Dockerfile'

View file

@ -2,7 +2,7 @@
# Start the SSH agent and load key.
source agent-start "$GITHUB_ACTION"
echo "$INPUT_REMOTE_KEY" | agent-add
echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
# Add strict errors.
set -eu