Revise Media section and add new pingback links

Updated section title and added media links.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,33 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Action version**
+eg. 7.0.1
+
+**Runner OS+Version**
+eg. ubuntu-latest
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/workflows/ci-validating-linting-testing.yml

@@ -0,0 +1,165 @@
+# GitHub Actions CI workflow for rsync-deployments
+# This workflow validates the action on every push and pull request by:
+# - Running BATS tests for the entrypoint script
+# - Validating the action.yml definition
+# - Building and testing the Docker image
+# - Checking file structure and permissions
+# - Linting shell scripts
+# - Running a final integration check
+
+name: CI - Validating, Linting, Testing
+permissions:
+  contents: read
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Test BATS Suite
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install BATS
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y bats
+
+    - name: Run BATS tests
+      run: bats test/entrypoint.bats
+
+  validate-action:
+    runs-on: ubuntu-latest
+    name: Validate Action Definition
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Validate action.yml
+      run: |
+        # Check if action.yml exists and has required fields
+        if [ ! -f "action.yml" ]; then
+          echo "Error: action.yml not found"
+          exit 1
+        fi
+        
+        # Basic validation that action.yml contains required fields
+        python3 -c "
+        import yaml
+        import sys
+        
+        with open('action.yml', 'r') as f:
+            action = yaml.safe_load(f)
+        
+        required_fields = ['name', 'description', 'inputs', 'runs']
+        for field in required_fields:
+            if field not in action:
+                print(f'Missing required field: {field}')
+                sys.exit(1)
+        
+        # Check required inputs exist
+        required_inputs = ['switches', 'remote_path', 'remote_host', 'remote_user', 'remote_key']
+        for input_name in required_inputs:
+            if input_name not in action['inputs']:
+                print(f'Missing required input: {input_name}')
+                sys.exit(1)
+            if not action['inputs'][input_name].get('required', False):
+                print(f'Input {input_name} should be marked as required')
+                sys.exit(1)
+        
+        print('Action definition is valid')
+        "
+
+  docker-build:
+    runs-on: ubuntu-latest
+    name: Build Docker Image
+    needs: [validate-action, action-structure]
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Build Docker image
+      run: |
+        echo "Building Docker image..."
+        docker build -t rsync-deployments . --no-cache
+        echo "Docker image built successfully"
+
+  action-structure:
+    runs-on: ubuntu-latest
+    name: Validate Action Structure
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Check required files
+      run: |
+        echo "Checking required files exist..."
+        
+        # Check all required files exist
+        required_files=("action.yml" "Dockerfile" "entrypoint.sh")
+        for file in "${required_files[@]}"; do
+          if [ ! -f "$file" ]; then
+            echo "Error: Required file $file not found"
+            exit 1
+          fi
+          echo "✓ $file exists"
+        done
+        
+        # Check entrypoint is executable
+        if [ ! -x "entrypoint.sh" ]; then
+          echo "Error: entrypoint.sh is not executable"
+          exit 1
+        fi
+        echo "✓ entrypoint.sh is executable"
+        
+        # Check basic script syntax
+        bash -n entrypoint.sh
+        echo "✓ entrypoint.sh has valid syntax"
+        
+        echo "All structure checks passed!"
+
+  lint-shell:
+    runs-on: ubuntu-latest
+    name: Lint Shell Scripts
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install ShellCheck
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y shellcheck
+
+    - name: Lint entrypoint.sh
+      run: |
+        echo "Linting shell scripts..."
+        # Run shellcheck with exclusions for Docker-specific dependencies
+        shellcheck -e SC1091 -e SC3046 entrypoint.sh || {
+          echo "ShellCheck found issues, but running with Docker-specific exclusions..."
+          shellcheck -e SC1091 -e SC3046 entrypoint.sh
+        }
+        echo "Shell script linting completed"
+
+  integration-check:
+    runs-on: ubuntu-latest
+    name: Integration Check
+    needs: [test, validate-action, docker-build, action-structure, lint-shell]
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Final integration check
+      run: |
+        echo "All CI jobs completed successfully!"
+        echo "✅ BATS tests passed"
+        echo "✅ Action definition validated"
+        echo "✅ Docker image built and tested"
+        echo "✅ File structure validated"
+        echo "✅ Shell scripts linted"
+        echo ""
+        echo "🎉 rsync-deployments action is ready for use!"

.github/workflows/snyk-docker-vulnerability-scan.yml

@@ -0,0 +1,36 @@
+name: Snyk Docker Vulnerability Scan
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '39 13 * * 4'
+
+permissions:
+  contents: read
+
+jobs:
+  snyk:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build a Docker image
+      run: docker build -t burnett01/rsync-deployments .
+    - name: Run Snyk to check Docker image for vulnerabilities
+      continue-on-error: true
+      uses: snyk/actions/docker@master
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        image: burnett01/rsync-deployments
+        args: --file=Dockerfile
+    - name: Upload result to GitHub Code Scanning
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: snyk.sarif

Dockerfile

@@ -1,5 +1,9 @@
-# drinternet/rsync@v1.4.4
-FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
+# drinternet/rsync@v1.5.1
+FROM drinternet/rsync@sha256:e61f4047577b566872764fa39299092adeab691efb3884248dbd6495dc926527
+
+# always force-upgrade rsync to get the latest security fixes
+RUN apk update && apk add --no-cache --upgrade rsync
+RUN rm -rf /var/cache/apk/*
 
 # Copy entrypoint
 COPY entrypoint.sh /entrypoint.sh

LICENSE

@@ -1,7 +1,7 @@
 MIT License
 
 Copyright (c) 2019-2022 Contention
-Copyright (c) 2019-2024 Burnett01
+Copyright (c) 2019-2025 Burnett01
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,10 +1,19 @@
 # rsync deployments
 
+[![CI - Validating, Linting, Testing](https://github.com/Burnett01/rsync-deployments/actions/workflows/ci-validating-linting-testing.yml/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/ci-validating-linting-testing.yml) 
+[![Snyk Docker Vulnerability Scan](https://github.com/Burnett01/rsync-deployments/actions/workflows/snyk-docker-vulnerability-scan.yml/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/snyk-docker-vulnerability-scan.yml) 
+[![CodeQL](https://github.com/Burnett01/rsync-deployments/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/github-code-scanning/codeql) 
+[![Dependabot Updates](https://github.com/Burnett01/rsync-deployments/actions/workflows/dependabot/dependabot-updates/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/dependabot/dependabot-updates)
+
+
 This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh. 
 
 Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`.
 
-The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
+The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.22.1 (no cache) which results in fast deployments.
+
+Alpine version: [3.22.1](https://alpinelinux.org/posts/Alpine-3.19.8-3.20.7-3.21.4-3.22.1-released.html)
+Rsync version: [3.4.1-r0](https://download.samba.org/pub/rsync/NEWS#3.4.1)
 
 ---
 
@@ -40,13 +49,13 @@ This action needs secret variables for the ssh private key of your key pair. The
 
 For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
 
-## Current Version: 7.0.1
+## Current Version: 7.1.0
 
 ## Example usage
 
 Simple:
 
-```
+```yml
 name: DEPLOY
 on:
   push:
@@ -59,7 +68,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.1
+      uses: burnett01/rsync-deployments@7.1.0
       with:
         switches: -avzr --delete
         path: src/
@@ -71,14 +80,14 @@ jobs:
 
 Advanced:
 
-```
+```yml
 jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.1
+      uses: burnett01/rsync-deployments@7.1.0
       with:
         switches: -avzr --delete --exclude="" --include="" --filter=""
         path: src/
@@ -91,14 +100,14 @@ jobs:
 
 For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
 
-```
+```yml
 jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.1
+      uses: burnett01/rsync-deployments@7.1.0
       with:
         switches: -avzr --delete
         path: src/
@@ -111,14 +120,14 @@ jobs:
 
 If your private key is passphrase protected you should use:
 
-```
+```yml
 jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.1
+      uses: burnett01/rsync-deployments@7.1.0
       with:
         switches: -avzr --delete
         path: src/
@@ -137,14 +146,14 @@ jobs:
 If your remote OpenSSH Server still uses RSA hostkeys, then you have to
 manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
 
-```
+```yml
 jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.1
+      uses: burnett01/rsync-deployments@7.1.0
       with:
         switches: -avzr --delete
         legacy_allow_rsa_hostkeys: "true"
@@ -160,7 +169,24 @@ See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](ht
 
 ---
 
-## Version 6.0 (MAINTENANCE)
+## Version 7.0.2
+
+Check here: 
+
+- https://github.com/Burnett01/rsync-deployments/tree/7.0.2  (alpine 3.19.1)
+  
+---
+
+## Version 7.0.0 & 7.0.1 (DEPRECATED)
+
+Check here: 
+
+- https://github.com/Burnett01/rsync-deployments/tree/7.0.0  (alpine 3.19.1)
+- https://github.com/Burnett01/rsync-deployments/tree/7.0.1  (alpine 3.19.1)
+  
+---
+
+## Version 6.0 (EOL)
 
 Check here: 
 
@@ -168,7 +194,7 @@ Check here:
 
 ---
 
-## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED)
+## Version 5.0, 5.1 & 5.2 & 5.x (EOL)
 
 Check here: 
 
@@ -221,34 +247,29 @@ Please note that version 1.0 has reached end of life state.
 
 ---
 
-## Media
+## Media & Pingback
 
 This action was featured in multiple blogs across the globe:
 
 > Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
 
-- https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions
+- https://hosting.xyz/wiki/hosting/other/github-actions/
 
-- https://blog.maniak.co/ci-cd-for-wordpress/
+- https://www.alexander-palm.de/2025/07/22/sichere-rsync-deployments-mit-github-actions-und-rrsync/
+
+- https://lab.uberspace.de/howto_automatic-deployment/
+
+- https://blog.devops.dev/setting-up-an-ubuntu-instance-for-nodejs-apps-in-ovh-cloud-using-nginx-pm2-github-actions-7618c768d081
 
 - https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
 
 - https://www.vektor-inc.co.jp/post/github-actions-deploy/
 
-- https://ews.ink/tech/blog-deploy-2/
-
 - https://webpick.info/automatiser-avec-github-actions/
 
 - https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
 
-- https://mikael.koutero.me/posts/hugo-github-actions-deploy-rsync/
-
-- https://cdmana.com/2021/02/20210208122400688I.html
-
 - https://jishuin.proginn.com/p/763bfbd38928
 
 - https://cloud.tencent.com/developer/article/1786522
 
-- http://www.ningco.cn/github_action_deploy_blog/
-
-- https://qdmana.com/2021/01/20210127094413405u.html

SECURITY.md

@@ -4,15 +4,18 @@
 
 The following versions are currently being supported with security updates:
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 7.x   | :white_check_mark: |
-| 6.x   | :information_source: MAINTENANCE |
-| 5.x   | :warning: DEPRECATED |
-| 4.x   | :x: EOL |
-| 3.0   | :x: EOL |
-| 2.0   | :x: EOL               |
-| 1.0   | :x: EOL               |
+| Version | Supported          | Rsync version          |
+| ------- | ------------------ | ------------------ |
+| 7.1.0  | :white_check_mark: | >= 3.4.1 |
+| 7.0.2   | :white_check_mark: | >= 3.4.0 |
+| 7.0.1   | :warning: DEPRECATED | < 3.4.0 |
+| 7.0.0   | :warning: DEPRECATED | < 3.4.0|
+| 6.x   | :x: EOL |< 3.4.0|
+| 5.x   | :x: EOL |< 3.4.0|
+| 4.x   | :x: EOL |< 3.4.0|
+| 3.0   | :x: EOL |< 3.4.0|
+| 2.0   | :x: EOL               |< 3.4.0|
+| 1.0   | :x: EOL               |< 3.4.0|
 
 ## Reporting a Vulnerability
 

test/entrypoint.bats

@@ -0,0 +1,65 @@
+#!/usr/bin/env bats
+
+setup() {
+    # Create a dummy ssh agent and agent-add for sourcing
+    echo 'echo "agent started"' > agent-start
+    echo 'echo "key added"' > agent-add
+    chmod +x agent-start agent-add
+
+    # Create a dummy rsync to capture its arguments
+    echo 'echo "rsync $@"' > rsync
+    chmod +x rsync
+
+    PATH="$PWD:$PATH"
+}
+
+teardown() {
+    rm -f agent-start agent-add rsync
+}
+
+@test "fails if INPUT_REMOTE_PATH is empty" {
+    export INPUT_REMOTE_PATH=" "
+    run ./entrypoint.sh
+    [ "$status" -eq 1 ]
+    [[ "${output}" == *"can not be empty"* ]]
+}
+
+@test "includes legacy RSA switches when allowed" {
+    export INPUT_LEGACY_ALLOW_RSA_HOSTKEYS="true"
+    export INPUT_REMOTE_PATH="remote/"
+    export INPUT_REMOTE_KEY="dummy"
+    export INPUT_REMOTE_KEY_PASS="dummy"
+    export GITHUB_ACTION="dummy"
+    export INPUT_SWITCHES="-avz"
+    export INPUT_REMOTE_PORT="22"
+    export INPUT_RSH=""
+    export INPUT_PATH=""
+    export INPUT_REMOTE_USER="user"
+    export INPUT_REMOTE_HOST="host"
+    export GITHUB_WORKSPACE="/tmp"
+    export DSN="user@host"
+    export LOCAL_PATH="/tmp/"
+
+    run ./entrypoint.sh
+    [[ "${output}" == *"HostKeyAlgorithms=+ssh-rsa"* ]]
+}
+
+@test "does not include legacy RSA switches when not allowed" {
+    export INPUT_LEGACY_ALLOW_RSA_HOSTKEYS="false"
+    export INPUT_REMOTE_PATH="remote/"
+    export INPUT_REMOTE_KEY="dummy"
+    export INPUT_REMOTE_KEY_PASS="dummy"
+    export GITHUB_ACTION="dummy"
+    export INPUT_SWITCHES="-avz"
+    export INPUT_REMOTE_PORT="22"
+    export INPUT_RSH=""
+    export INPUT_PATH=""
+    export INPUT_REMOTE_USER="user"
+    export INPUT_REMOTE_HOST="host"
+    export GITHUB_WORKSPACE="/tmp"
+    export DSN="user@host"
+    export LOCAL_PATH="/tmp/"
+
+    run ./entrypoint.sh
+    [[ "${output}" != *"HostKeyAlgorithms=+ssh-rsa"* ]]
+}