diff --git a/Dockerfile b/Dockerfile index cf2dca1..bb4a185 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:v1.4.3 +FROM drinternet/rsync:v1.4.4 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh diff --git a/README.md b/README.md index e0aeae9..eb393ec 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folde Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. -The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.17.2 (no cache) which results in fast deployments. +The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments. --- @@ -14,6 +14,8 @@ The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of - `rsh` - Remote shell commands +- `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false") + - `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it - `remote_path`* - The deployment target path @@ -55,7 +57,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete path: src/ @@ -74,7 +76,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -94,7 +96,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete path: src/ @@ -114,7 +116,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete path: src/ @@ -125,9 +127,46 @@ jobs: remote_key: ${{ secrets.DEPLOY_KEY }} remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }} ``` + --- -## Version 5.0, 5.1 & 5.2 +#### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+ + +If your remote OpenSSH Server still uses RSA hostkeys, then you have to +manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``. + +``` +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: rsync deployments + uses: burnett01/rsync-deployments@7.0.0 + with: + switches: -avzr --delete + legacy_allow_rsa_hostkeys: "true" + path: src/ + remote_path: ${{ secrets.DEPLOY_PATH }} + remote_host: ${{ secrets.DEPLOY_HOST }} + remote_port: ${{ secrets.DEPLOY_PORT }} + remote_user: ${{ secrets.DEPLOY_USER }} + remote_key: ${{ secrets.DEPLOY_KEY }} +``` + +See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information. + +--- + +## Version 6.0 (MAINTENANCE) + +Check here: + +- https://github.com/Burnett01/rsync-deployments/tree/6.0 (alpine 3.17.2) + +--- + +## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED) Check here: @@ -136,10 +175,10 @@ Check here: - https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0) - https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.1) - https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2) -- + --- -## Version 4.0 & 4.1 +## Version 4.0 & 4.1 (EOL) Check here: diff --git a/SECURITY.md b/SECURITY.md index 885167c..b85ce16 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,12 +6,13 @@ The following versions are currently being supported with security updates: | Version | Supported | | ------- | ------------------ | -| 6.x | :white_check_mark: | -| 5.x | :white_check_mark: | -| 4.x | :white_check_mark: | -| 3.0 | :x: | -| 2.0 | :x: | -| 1.0 | :x: | +| 7.x | :white_check_mark: | +| 6.x | :information_source: MAINTENANCE | +| 5.x | :warning: DEPRECATED | +| 4.x | :x: EOL | +| 3.0 | :x: EOL | +| 2.0 | :x: EOL | +| 1.0 | :x: EOL | ## Reporting a Vulnerability diff --git a/action.yml b/action.yml index 31eaea8..db35730 100644 --- a/action.yml +++ b/action.yml @@ -9,6 +9,10 @@ inputs: description: 'The remote shell argument' required: false default: '' + legacy_allow_rsa_hostkeys: + description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+' + required: false + default: 'false' path: description: 'The local path' required: false diff --git a/entrypoint.sh b/entrypoint.sh index 2ff103a..b854a54 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -13,8 +13,11 @@ echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add set -eu # Variables. +LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" +LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "") + SWITCHES="$INPUT_SWITCHES" -RSH="ssh -o StrictHostKeyChecking=no -p $INPUT_REMOTE_PORT $INPUT_RSH" +RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH" LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH" DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST"