Hostux/github.com_burnett01_rsync-deployments
1
0
Fork 1
mirror of https://github.com/Burnett01/rsync-deployments.git synced 2025-04-10 08:31:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: Hostux:7.0.1
Branches Tags
Hostux:master
Hostux:release/7.0.2
Hostux:drinternet-rsync-merge
Hostux:non-release/8.0.0
Hostux:release/7.0.1
Hostux:release/7.0.0
Hostux:release/6.0.0
Hostux:release/5.2.1
Hostux:release/5.3
Hostux:7.0.2
Hostux:7.0.1
Hostux:7.0.0
Hostux:6.0.0
Hostux:5.2.2
Hostux:5.2.1
Hostux:5.2
Hostux:5.1
Hostux:5.0
Hostux:4.1
Hostux:4.0
Hostux:3.0
Hostux:2.0
Hostux:1.0
...
compare: Hostux:master
Branches Tags
Hostux:master
Hostux:release/7.0.2
Hostux:drinternet-rsync-merge
Hostux:non-release/8.0.0
Hostux:release/7.0.1
Hostux:release/7.0.0
Hostux:release/6.0.0
Hostux:release/5.2.1
Hostux:release/5.3
Hostux:7.0.2
Hostux:7.0.1
Hostux:7.0.0
Hostux:6.0.0
Hostux:5.2.2
Hostux:5.2.1
Hostux:5.2
Hostux:5.1
Hostux:5.0
Hostux:4.1
Hostux:4.0
Hostux:3.0
Hostux:2.0
Hostux:1.0

6 commits
7.0.1 ... master

Author SHA1 Message Date
Steven Agyekum
22a7777152
Merge pull request #69 from Burnett01/release/7.0.2 
Release/7.0.2
 2025-01-19 15:36:00 +01:00
Steven Agyekum
3cccb68511
Update SECURITY.md 2025-01-19 15:32:42 +01:00
Steven Agyekum
e642759b84
new version 7.0.2 (with rsync 3.4.0), deprecate old versions, remove dead links 
The latest rsync version 3.4.0 fixes a wide variety of CVE's:

CVE-2024-12084 -⁠ Heap Buffer Overflow in Checksum Parsing.

CVE-2024-12085 -⁠ Info Leak via uninitialized Stack contents defeats ASLR.

CVE-2024-12086 -⁠ Server leaks arbitrary client files.

CVE-2024-12087 -⁠ Server can make client write files outside of destination directory using symbolic links.

CVE-2024-12088 -⁠ -⁠-⁠safe-⁠links Bypass.

CVE-2024-12747 -⁠ symlink race condition.

See their press release: https://download.samba.org/pub/rsync/NEWS#3.4.0

The latest action version 7.0.2 is using rsync 3.4.0, so please use that.
 2025-01-19 15:29:07 +01:00
Steven Agyekum
76404482ea
always force-upgrade rsync to get the latest security upgrades 2025-01-19 15:19:29 +01:00
Steven Agyekum
d19dd4a0be
Merge pull request #68 from ilyabrin/patch-1 
Update README.md
 2024-09-22 11:35:23 +02:00
Ilya Brin
f825a1ed74
Update README.md 
added syntax highlighting
 2024-09-14 14:32:58 +03:00
3 changed files with 40 additions and 35 deletions
Show stats Expand all files Collapse all files

4
Dockerfile
View file

@ -1,6 +1,10 @@
# drinternet/rsync@v1.4.4 # drinternet/rsync@v1.4.4
FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234 FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
# always force-upgrade rsync to get the latest security fixes
RUN apk update && apk add --no-cache --upgrade rsync
RUN rm -rf /var/cache/apk/*
# Copy entrypoint # Copy entrypoint
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh

51
README.md
View file

@ -6,6 +6,9 @@ Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPA
The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments. The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
Alpine version: [3.19.1](https://alpinelinux.org/posts/Alpine-3.19.1-released.html)
Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
--- ---
## Inputs ## Inputs
@ -40,13 +43,13 @@ This action needs secret variables for the ssh private key of your key pair. The
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples. For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
## Current Version: 7.0.1 ## Current Version: 7.0.2
## Example usage ## Example usage
Simple: Simple:
``` ```yml
name: DEPLOY name: DEPLOY
on: on:
push: push:
@ -59,7 +62,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.1 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -71,14 +74,14 @@ jobs:
Advanced: Advanced:
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.1 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete --exclude="" --include="" --filter="" switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/ path: src/
@ -91,14 +94,14 @@ jobs:
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs. For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.1 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -111,14 +114,14 @@ jobs:
If your private key is passphrase protected you should use: If your private key is passphrase protected you should use:
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.1 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -137,14 +140,14 @@ jobs:
If your remote OpenSSH Server still uses RSA hostkeys, then you have to If your remote OpenSSH Server still uses RSA hostkeys, then you have to
manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``. manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
``` ```yml
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.1 uses: burnett01/rsync-deployments@7.0.2
with: with:
switches: -avzr --delete switches: -avzr --delete
legacy_allow_rsa_hostkeys: "true" legacy_allow_rsa_hostkeys: "true"
@ -160,7 +163,16 @@ See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](ht
--- ---
## Version 6.0 (MAINTENANCE) ## Version 7.0.0 & 7.0.1 (DEPRECATED)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/7.0.0 (alpine 3.19.1)
- https://github.com/Burnett01/rsync-deployments/tree/7.0.1 (alpine 3.19.1)
---
## Version 6.0 (EOL)
Check here: Check here:
@ -168,7 +180,7 @@ Check here:
--- ---
## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED) ## Version 5.0, 5.1 & 5.2 & 5.x (EOL)
Check here: Check here:
@ -227,28 +239,15 @@ This action was featured in multiple blogs across the globe:
> Disclaimer: The author & co-authors are not responsible for the content of the site-links below. > Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
- https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions
- https://blog.maniak.co/ci-cd-for-wordpress/
- https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/ - https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
- https://www.vektor-inc.co.jp/post/github-actions-deploy/ - https://www.vektor-inc.co.jp/post/github-actions-deploy/
- https://ews.ink/tech/blog-deploy-2/
- https://webpick.info/automatiser-avec-github-actions/ - https://webpick.info/automatiser-avec-github-actions/
- https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/ - https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
- https://mikael.koutero.me/posts/hugo-github-actions-deploy-rsync/
- https://cdmana.com/2021/02/20210208122400688I.html
- https://jishuin.proginn.com/p/763bfbd38928 - https://jishuin.proginn.com/p/763bfbd38928
- https://cloud.tencent.com/developer/article/1786522 - https://cloud.tencent.com/developer/article/1786522
- http://www.ningco.cn/github_action_deploy_blog/
- https://qdmana.com/2021/01/20210127094413405u.html

20
SECURITY.md
View file

@ -4,15 +4,17 @@
The following versions are currently being supported with security updates: The following versions are currently being supported with security updates:
| Version | Supported | | Version | Supported | Rsync version |
| ------- | ------------------ | | ------- | ------------------ | ------------------ |
| 7.x | :white_check_mark: | | 7.0.2 | :white_check_mark: | >= 3.4.0 |
| 6.x | :information_source: MAINTENANCE | | 7.0.1 | :warning: DEPRECATED | < 3.4.0 |
| 5.x | :warning: DEPRECATED | | 7.0.0 | :warning: DEPRECATED | < 3.4.0|
| 4.x | :x: EOL | | 6.x | :x: EOL |< 3.4.0|
| 3.0 | :x: EOL | | 5.x | :x: EOL |< 3.4.0|
| 2.0 | :x: EOL | | 4.x | :x: EOL |< 3.4.0|
| 1.0 | :x: EOL | | 3.0 | :x: EOL |< 3.4.0|
| 2.0 | :x: EOL |< 3.4.0|
| 1.0 | :x: EOL |< 3.4.0|
## Reporting a Vulnerability ## Reporting a Vulnerability