Hostux/github.com_burnett01_rsync-deployments
1
0
Fork 1
mirror of https://github.com/Burnett01/rsync-deployments.git synced 2025-04-10 08:31:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: Hostux:7.0.0
Branches Tags
Hostux:master
Hostux:release/7.0.2
Hostux:drinternet-rsync-merge
Hostux:non-release/8.0.0
Hostux:release/7.0.1
Hostux:release/7.0.0
Hostux:release/6.0.0
Hostux:release/5.2.1
Hostux:release/5.3
Hostux:7.0.2
Hostux:7.0.1
Hostux:7.0.0
Hostux:6.0.0
Hostux:5.2.2
Hostux:5.2.1
Hostux:5.2
Hostux:5.1
Hostux:5.0
Hostux:4.1
Hostux:4.0
Hostux:3.0
Hostux:2.0
Hostux:1.0
...
compare: Hostux:master
Branches Tags
Hostux:master
Hostux:release/7.0.2
Hostux:drinternet-rsync-merge
Hostux:non-release/8.0.0
Hostux:release/7.0.1
Hostux:release/7.0.0
Hostux:release/6.0.0
Hostux:release/5.2.1
Hostux:release/5.3
Hostux:7.0.2
Hostux:7.0.1
Hostux:7.0.0
Hostux:6.0.0
Hostux:5.2.2
Hostux:5.2.1
Hostux:5.2
Hostux:5.1
Hostux:5.0
Hostux:4.1
Hostux:4.0
Hostux:3.0
Hostux:2.0
Hostux:1.0

12 commits
7.0.0 ... master

Author SHA1 Message Date
Steven Agyekum
22a7777152
Merge pull request #69 from Burnett01/release/7.0.2 
Release/7.0.2
 2025-01-19 15:36:00 +01:00
Steven Agyekum
3cccb68511
Update SECURITY.md 2025-01-19 15:32:42 +01:00
Steven Agyekum
e642759b84
new version 7.0.2 (with rsync 3.4.0), deprecate old versions, remove dead links 
The latest rsync version 3.4.0 fixes a wide variety of CVE's:

CVE-2024-12084 -⁠ Heap Buffer Overflow in Checksum Parsing.

CVE-2024-12085 -⁠ Info Leak via uninitialized Stack contents defeats ASLR.

CVE-2024-12086 -⁠ Server leaks arbitrary client files.

CVE-2024-12087 -⁠ Server can make client write files outside of destination directory using symbolic links.

CVE-2024-12088 -⁠ -⁠-⁠safe-⁠links Bypass.

CVE-2024-12747 -⁠ symlink race condition.

See their press release: https://download.samba.org/pub/rsync/NEWS#3.4.0

The latest action version 7.0.2 is using rsync 3.4.0, so please use that.
 2025-01-19 15:29:07 +01:00
Steven Agyekum
76404482ea
always force-upgrade rsync to get the latest security upgrades 2025-01-19 15:19:29 +01:00
Steven Agyekum
d19dd4a0be
Merge pull request #68 from ilyabrin/patch-1 
Update README.md
 2024-09-22 11:35:23 +02:00
Ilya Brin
f825a1ed74
Update README.md 
added syntax highlighting
 2024-09-14 14:32:58 +03:00
Steven Agyekum
796cf0d5e4
Merge pull request #61 from Burnett01/release/7.0.1 
- Pin @JoshPiper [drinternet/rsync](https://github.com/JoshPiper/rsync-docker) image by SHA-256 hash rather than version.  (Immutability)
Added via #60 

The docker image of this action is now pinned to the specific SHA-256 hash of the version rather than just the version.
This means for the latest `drinternet/rsync:v1.4.4` the corresponding hash is `drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234`

Check for validation: https://hub.docker.com/layers/drinternet/rsync/v1.4.4/images/sha256-15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234

With that, usage of this action is even more secure due to a consistent dependency chain of trust,
since changes accompanied by a docker image hash are immutable.

Thanks to @XComp
 2024-03-31 18:11:10 +02:00
Steven Agyekum
b2bc75ad2c
Merge pull request #60 from XComp/use-hash-instead-of-version-tag 
Use SHA instead of Docker version tag for base image to allow for consistent code execution.
 2024-03-31 17:50:56 +02:00
Steven Agyekum
93c0d7acae
upd: mention version 7.0.1 2024-03-30 10:49:50 +01:00
Steven Agyekum
13aa4f9f57
update year to 2024 2024-03-30 10:46:13 +01:00
Matthias Pohl
b16614048b
Use SHA instead of Docker version tag for base image to allow for consistent code execution. 2024-03-28 17:53:03 +01:00
Steven Agyekum
e1c5b900e9
Merge pull request #59 from Burnett01/release/7.0.0 
Release/7.0.0
 2024-03-06 15:06:24 +01:00
4 changed files with 44 additions and 36 deletions
Show stats Expand all files Collapse all files

7
Dockerfile
View file

@ -1,4 +1,9 @@
FROM drinternet/rsync:v1.4.4 # drinternet/rsync@v1.4.4
FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
# always force-upgrade rsync to get the latest security fixes
RUN apk update && apk add --no-cache --upgrade rsync
RUN rm -rf /var/cache/apk/*
# Copy entrypoint # Copy entrypoint
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh

2
LICENSE
View file

@ -1,7 +1,7 @@
MIT License MIT License
Copyright (c) 2019-2022 Contention Copyright (c) 2019-2022 Contention
Copyright (c) 2019-2022 Burnett01 Copyright (c) 2019-2024 Burnett01
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

51
README.md
View file

@ -6,6 +6,9 @@ Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPA
The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments. The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
Alpine version: [3.19.1](https://alpinelinux.org/posts/Alpine-3.19.1-released.html)
Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
--- ---
## Inputs ## Inputs
@ -40,11 +43,13 @@ This action needs secret variables for the ssh private key of your key pair. The
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples. For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
## Current Version: 7.0.2
## Example usage ## Example usage
Simple: Simple:
``` ```yml
name: DEPLOY name: DEPLOY
on: on:
push: push:
@ -57,7 +62,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -69,14 +74,14 @@ jobs:
Advanced: Advanced:
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete --exclude="" --include="" --filter="" switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/ path: src/
@ -89,14 +94,14 @@ jobs:
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs. For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -109,14 +114,14 @@ jobs:
If your private key is passphrase protected you should use: If your private key is passphrase protected you should use:
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -135,14 +140,14 @@ jobs:
If your remote OpenSSH Server still uses RSA hostkeys, then you have to If your remote OpenSSH Server still uses RSA hostkeys, then you have to
manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``. manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
legacy_allow_rsa_hostkeys: "true" legacy_allow_rsa_hostkeys: "true"
@ -158,7 +163,16 @@ See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](ht
--- ---
## Version 6.0 (MAINTENANCE) ## Version 7.0.0 & 7.0.1 (DEPRECATED)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/7.0.0 (alpine 3.19.1)
- https://github.com/Burnett01/rsync-deployments/tree/7.0.1 (alpine 3.19.1)
---
## Version 6.0 (EOL)
Check here: Check here:
@ -166,7 +180,7 @@ Check here:
--- ---
## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED) ## Version 5.0, 5.1 & 5.2 & 5.x (EOL)
Check here: Check here:
@ -225,28 +239,15 @@ This action was featured in multiple blogs across the globe:
> Disclaimer: The author & co-authors are not responsible for the content of the site-links below. > Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
- https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions
- https://blog.maniak.co/ci-cd-for-wordpress/
- https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/ - https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
- https://www.vektor-inc.co.jp/post/github-actions-deploy/ - https://www.vektor-inc.co.jp/post/github-actions-deploy/
- https://ews.ink/tech/blog-deploy-2/
- https://webpick.info/automatiser-avec-github-actions/ - https://webpick.info/automatiser-avec-github-actions/
- https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/ - https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
- https://mikael.koutero.me/posts/hugo-github-actions-deploy-rsync/
- https://cdmana.com/2021/02/20210208122400688I.html
- https://jishuin.proginn.com/p/763bfbd38928 - https://jishuin.proginn.com/p/763bfbd38928
- https://cloud.tencent.com/developer/article/1786522 - https://cloud.tencent.com/developer/article/1786522
- http://www.ningco.cn/github_action_deploy_blog/
- https://qdmana.com/2021/01/20210127094413405u.html

20
SECURITY.md
View file

@ -4,15 +4,17 @@
The following versions are currently being supported with security updates: The following versions are currently being supported with security updates:
| Version | Supported | | Version | Supported | Rsync version |
| ------- | ------------------ | | ------- | ------------------ | ------------------ |
| 7.x | :white_check_mark: | | 7.0.2 | :white_check_mark: | >= 3.4.0 |
| 6.x | :information_source: MAINTENANCE | | 7.0.1 | :warning: DEPRECATED | < 3.4.0 |
| 5.x | :warning: DEPRECATED | | 7.0.0 | :warning: DEPRECATED | < 3.4.0|
| 4.x | :x: EOL | | 6.x | :x: EOL |< 3.4.0|
| 3.0 | :x: EOL | | 5.x | :x: EOL |< 3.4.0|
| 2.0 | :x: EOL | | 4.x | :x: EOL |< 3.4.0|
| 1.0 | :x: EOL | | 3.0 | :x: EOL |< 3.4.0|
| 2.0 | :x: EOL |< 3.4.0|
| 1.0 | :x: EOL |< 3.4.0|
## Reporting a Vulnerability ## Reporting a Vulnerability