chore: add deprecation notice, move release channels to top

- advise users to always use secrets
- simplified examples
- other adjustments

Dockerfile

@@ -5,7 +5,7 @@ RUN apk update && apk add --no-cache --upgrade rsync openssh openssl busybox
 RUN rm -rf /var/cache/apk/*
 
 COPY docker-rsync/* /bin/
-RUN chmod +x /bin/agent-*
+RUN chmod +x /bin/agent-* /bin/ssh-* /bin/hosts-*
 
 FROM base AS build
 

README.md

@@ -15,8 +15,45 @@ The base-image of this action is very small and based on **Alpine 3.23.0** (no c
 Alpine version: [3.23.0](https://www.alpinelinux.org/posts/Alpine-3.23.0-released.html)
 Rsync version: [3.4.1-r1](https://download.samba.org/pub/rsync/NEWS#3.4.1)
 
+## Current Version: v8 (8.0.2)
+
+### Release channels:
+
+| Version | Purpose          | Immutable  | 
+| ------- | ------------------ | ------------------ | 
+| ``v8`` (recommended)  |  latest MAJOR (pointer to 8.MINOR.PATCH) | no |
+| 8.0.2  | latest MINOR+PATCH | yes |
+| 7.1.0   | previous release ([deprecation notice](https://github.com/Burnett01/rsync-deployments/discussions/96)) | yes |
+
+Check [SECURITY.md](SECURITY.md) for support cycles.
+
 ---
 
+## How it works
+
+```yml
+name: DEPLOY
+on:
+  push:
+    branches:
+    - master
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6
+    - name: rsync deployments
+      uses: burnett01/rsync-deployments@v8
+      with:
+        switches: -avzr --delete
+        path: src/
+        remote_path: ${{ secrets.REMOTE_PATH }} # ex: /var/www/html/
+        remote_host: ${{ secrets.REMOTE_HOST }} # ex: example.com
+        remote_port: ${{ secrets.REMOTE_PORT }} # ex: 22
+        remote_user: ${{ secrets.REMOTE_USER }} # ex: ubuntu
+        remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
+```
+
 ## Inputs
 
 - `debug`* - Whether to enable debug output. ("true" / "false") - Default: "false"
@@ -53,20 +90,10 @@ This action needs secret variables for the ssh private key of your key pair. The
 
 For simplicity, we are using `REMOTE_*` as the secret variables throughout the examples.
 
-## Current Version: v8 (8.0.0)
-
-### Release channels:
-
-| Version | Purpose          | Immutable  | 
-| ------- | ------------------ | ------------------ | 
-| ``v8``  |  latest release (pointer to 8.x.x) | no, points to latest MINOR,PATCH |
-| 8.0.0  | latest major release | yes |
-| 7.1.0   | previous release | yes |
-
-Check [SECURITY.md](SECURITY.md) for support cycles.
-
 ## Example usage
 
+For better **security** always use secrets for remote_host, remote_port, remote_user and remote_path inputs.
+
 Simple:
 
 ```yml
@@ -86,13 +113,14 @@ jobs:
       with:
         switches: -avzr --delete
         path: src/
-        remote_path: /var/www/html/
-        remote_host: example.com
-        remote_user: debian
+        remote_path: ${{ secrets.REMOTE_PATH }} # ex: /var/www/html/
+        remote_host: ${{ secrets.REMOTE_HOST }} # ex: example.com
+        remote_port: ${{ secrets.REMOTE_PORT }} # ex: 22
+        remote_user: ${{ secrets.REMOTE_USER }} # ex: ubuntu
         remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
 ```
 
-Advanced:
+Advanced (with filters etc):
 
 ```yml
 jobs:
@@ -105,30 +133,10 @@ jobs:
       with:
         switches: -avzr --delete --exclude="" --include="" --filter=""
         path: src/
-        remote_path: /var/www/html/
-        remote_host: example.com
-        remote_port: 5555
-        remote_user: debian
-        remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
-```
-
-For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
-
-```yml
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v6
-    - name: rsync deployments
-      uses: burnett01/rsync-deployments@v8
-      with:
-        switches: -avzr --delete
-        path: src/
-        remote_path: ${{ secrets.REMOTE_PATH }}
-        remote_host: ${{ secrets.REMOTE_HOST }}
-        remote_port: ${{ secrets.REMOTE_PORT }}
-        remote_user: ${{ secrets.REMOTE_USER }}
+        remote_path: ${{ secrets.REMOTE_PATH }} # ex: /var/www/html/
+        remote_host: ${{ secrets.REMOTE_HOST }} # ex: example.com
+        remote_port: ${{ secrets.REMOTE_PORT }} # ex: 22
+        remote_user: ${{ secrets.REMOTE_USER }} # ex: ubuntu
         remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
 ```
 
@@ -145,10 +153,10 @@ jobs:
       with:
         switches: -avzr --delete
         path: src/
-        remote_path: ${{ secrets.REMOTE_PATH }}
-        remote_host: ${{ secrets.REMOTE_HOST }}
-        remote_port: ${{ secrets.REMOTE_PORT }}
-        remote_user: ${{ secrets.REMOTE_USER }}
+        remote_path: ${{ secrets.REMOTE_PATH }} # ex: /var/www/html/
+        remote_host: ${{ secrets.REMOTE_HOST }} # ex: example.com
+        remote_port: ${{ secrets.REMOTE_PORT }} # ex: 22
+        remote_user: ${{ secrets.REMOTE_USER }} # ex: ubuntu
         remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
         remote_key_pass: ${{ secrets.REMOTE_PRIVATE_KEY_PASS }}
 ```
@@ -172,10 +180,10 @@ jobs:
         switches: -avzr --delete
         legacy_allow_rsa_hostkeys: "true"
         path: src/
-        remote_path: ${{ secrets.REMOTE_PATH }}
-        remote_host: ${{ secrets.REMOTE_HOST }}
-        remote_port: ${{ secrets.REMOTE_PORT }}
-        remote_user: ${{ secrets.REMOTE_USER }}
+        remote_path: ${{ secrets.REMOTE_PATH }} # ex: /var/www/html/
+        remote_host: ${{ secrets.REMOTE_HOST }} # ex: example.com
+        remote_port: ${{ secrets.REMOTE_PORT }} # ex: 22
+        remote_user: ${{ secrets.REMOTE_USER }} # ex: ubuntu
         remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
 ```
 
@@ -277,6 +285,12 @@ sudo apk add rsync
 
 ## Versions
 
+## Version 8.0.0 (EOL due to regression -> fixed via 8.0.1 & 8.0.2)
+
+Check here: 
+
+- https://github.com/Burnett01/rsync-deployments/tree/8.0.0  (alpine 3.23.0)
+
 ## Version 7.1.0
 
 Check here: 
@@ -358,7 +372,7 @@ Please note that version 1.0 has reached end of life state.
 ## Acknowledgements
 
 + This project is a fork of [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
-+ Base image [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker)
++ docker-rsync [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker)
 
 ---
 

SECURITY.md

@@ -6,19 +6,21 @@ The Docker image and code quality are regularly checked for vulnerabilities and
 
 The following versions are currently being supported with security updates:
 
-| Version | Supported          | Rsync version          | Alpine version          |
-| ------- | ------------------ | ------------------ | ------------------ |
-| 8.0.0  | :white_check_mark: | >= 3.4.1-r1 | 3.23.0 |
-| 7.1.0  | :white_check_mark: | >= 3.4.1-r0 | 3.22.1 |
-| 7.0.2   | :warning: DEPRECATED | >= 3.4.0-r0 | 3.22.1 |
-| 7.0.1   | :x: EOL | < 3.4.0 | 3.22.1 |
-| 7.0.0   | :x: EOL | < 3.4.0| 3.19.1 |
-| 6.x   | :x: EOL |< 3.4.0| 3.17.2 |
-| 5.x   | :x: EOL |< 3.4.0| 3.11 - 3.14.1 - 3.15 - 3.16 - 3.17.2 |
-| 4.x   | :x: EOL |< 3.4.0| 3.11 |
-| 3.0   | :x: EOL |< 3.4.0| N/A |
-| 2.0   | :x: EOL               |< 3.4.0| Ubuntu |
-| 1.0   | :x: EOL               |< 3.4.0| Ubuntu |
+| Version | Supported          | Rsync version          | Alpine version          | Support Until  |
+| ------- | ------------------ | ------------------ | ------------------ | ------------------ | 
+| (``v8``) 8.0.2  | :white_check_mark: | >= 3.4.1-r1 | 3.23.0 | LTS (2026-*) |
+| 8.0.1  | :white_check_mark: | >= 3.4.1-r1 | 3.23.0 | Apr, 1st 2026 |
+| 8.0.0  | :x: EOL (due to regression #90) | >= 3.4.1-r1 | 3.23.0 | † Dec, 6th 2025 |
+| 7.1.0  | :warning: DEPRECATED | >= 3.4.1-r0 | 3.22.1 | June, 1st 2026 ([deprecation notice](https://github.com/Burnett01/rsync-deployments/discussions/96)) |
+| 7.0.2   | :warning: DEPRECATED | >= 3.4.0-r0 | 3.22.1 | June, 1st 2026 ([deprecation notice](https://github.com/Burnett01/rsync-deployments/discussions/96)) |
+| 7.0.1   | :x: EOL | < 3.4.0 | 3.22.1 | † Dec, 6th 2025 |
+| 7.0.0   | :x: EOL | < 3.4.0| 3.19.1 | † Dec, 6th 2025 |
+| 6.x   | :x: EOL |< 3.4.0| 3.17.2 | † 2024 |
+| 5.x   | :x: EOL |< 3.4.0| 3.11 - 3.14.1 - 3.15 - 3.16 - 3.17.2 | † 2024 |
+| 4.x   | :x: EOL |< 3.4.0| 3.11 |  † |
+| 3.0   | :x: EOL |< 3.4.0| N/A | † |
+| 2.0   | :x: EOL               |< 3.4.0| Ubuntu | † |
+| 1.0   | :x: EOL               |< 3.4.0| Ubuntu | † |
 
 ### Terminology
 

docker-rsync/README.md

@@ -0,0 +1,40 @@
+# Scripts
+
+Shell-scripts to help with managing SSH agents and known hosts files.
+
+### SSH Management
+
+#### ssh-init
+This command create the ``$HOME/.ssh`` folder with default permissions ``700``.
+
+### SSH-Agent Management
+
+#### agent-start
+This command starts the SSH agent, if it isn't already started (SSH_AGENT_PID set or ssh agent ID file found).
+It takes one optional argument, for the name of the agent to be started. Defaults to "default".
+This program needs to be source'd to work correctly.
+`source agent-start "default"`
+
+#### agent-stop
+This command stops the SSH agent, if it is started (SSH_AGENT_PID set or ssh agent ID file found).
+It takes one optional argument, for the name of the agent to be stopped. Defaults to "default".
+`agent-stop "my-agent-name"`
+
+#### agent-add
+This command adds a key to the currently running SSH agent. The key is taken from stdin, and the agent used is that in SSH_AGENT_PID.
+
+#### agent-askpass
+This command is called by ssh-add when the [SSH_ASKPASS](https://man.openbsd.org/ssh-add.1#ENVIRONMENT) variable is set active. The command returns the SSH_PASS to [ssh-askpass(1)](https://man.openbsd.org/ssh-askpass.1).
+
+This command is ignored by ssh-add if the key does not require a passphrase.
+
+### known_hosts management
+
+#### hosts-init
+This command creates the known_hosts file (``$HOME/.ssh/known_hosts``) with default permission ``600``.
+
+#### hosts-add
+This command adds an entry to the known hosts file, and ensures its permissions are correct. It takes one argument, which is the new key to add.
+
+#### hosts-clear
+This command truncates the known_hosts file.

docker-rsync/hosts-add

@@ -2,4 +2,4 @@
 
 set -eu
 
-printf '%s\n' "$@" >> $HOME/.ssh/known_hosts
+echo "$@" >> $HOME/.ssh/known_hosts

docker-rsync/hosts-init

@@ -2,5 +2,8 @@
 
 set -eu
 
-touch $HOME/.ssh/known_hosts
+if [ ! -f "$HOME/.ssh/known_hosts" ]; then
+    touch $HOME/.ssh/known_hosts
+fi
+
 chmod 600 $HOME/.ssh/known_hosts

docker-rsync/ssh-init

@@ -2,4 +2,6 @@
 
 set -eu
 
-mkdir -m 700 $HOME/.ssh
+if [ ! -d "$HOME/.ssh" ]; then
+    mkdir -m 700 $HOME/.ssh
+fi

entrypoint.sh

@@ -17,7 +17,7 @@ source hosts-init
 
 # Start the SSH agent and load key.
 source agent-start "$GITHUB_ACTION"
-printf '%s' "$INPUT_REMOTE_KEY" | SSH_PASS="${INPUT_REMOTE_KEY_PASS}" agent-add >/dev/null 2>&1
+echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
 
 # Variables.
 LEGACY_RSA_HOSTKEYS=""