Hostux/github.com_burnett01_rsync-deployments
1
0
Fork 1
mirror of https://github.com/Burnett01/rsync-deployments.git synced 2025-04-19 10:41:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: Hostux:master
Branches Tags
Hostux:master
Hostux:release/7.0.2
Hostux:drinternet-rsync-merge
Hostux:non-release/8.0.0
Hostux:release/7.0.1
Hostux:release/7.0.0
Hostux:release/6.0.0
Hostux:release/5.2.1
Hostux:release/5.3
Hostux:7.0.2
Hostux:7.0.1
Hostux:7.0.0
Hostux:6.0.0
Hostux:5.2.2
Hostux:5.2.1
Hostux:5.2
Hostux:5.1
Hostux:5.0
Hostux:4.1
Hostux:4.0
Hostux:3.0
Hostux:2.0
Hostux:1.0
..
compare: Hostux:4.1
Branches Tags
Hostux:master
Hostux:release/7.0.2
Hostux:drinternet-rsync-merge
Hostux:non-release/8.0.0
Hostux:release/7.0.1
Hostux:release/7.0.0
Hostux:release/6.0.0
Hostux:release/5.2.1
Hostux:release/5.3
Hostux:7.0.2
Hostux:7.0.1
Hostux:7.0.0
Hostux:6.0.0
Hostux:5.2.2
Hostux:5.2.1
Hostux:5.2
Hostux:5.1
Hostux:5.0
Hostux:4.1
Hostux:4.0
Hostux:3.0
Hostux:2.0
Hostux:1.0

No commits in common. "master" and "4.1" have entirely different histories.
master ... 4.1

9 changed files with 28 additions and 268 deletions
Show stats Expand all files Collapse all files

6
.github/dependabot.yml vendored
View file

@ -1,6 +0,0 @@
version: 2
updates:
- package-ecosystem: docker
directory: /
schedule:
interval: monthly

76
CODE_OF_CONDUCT.md
View file

@ -1,76 +0,0 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team via issues. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq

1
CONTRIBUTING.md
View file

@ -1 +0,0 @@
Feel free to contribute to this project.

7
Dockerfile
View file

@ -1,9 +1,4 @@
# drinternet/rsync@v1.4.4
FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
# always force-upgrade rsync to get the latest security fixes
RUN apk update && apk add --no-cache --upgrade rsync
RUN rm -rf /var/cache/apk/*
FROM drinternet/rsync:1.0.1
# Copy entrypoint
COPY entrypoint.sh /entrypoint.sh

4
LICENSE
View file

@ -1,7 +1,7 @@
MIT License
Copyright (c) 2019-2022 Contention
Copyright (c) 2019-2024 Burnett01
Copyright (c) 2019-2020 Contention
Copyright (c) 2019-2020 Burnett01
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

161
README.md
View file

@ -1,13 +1,10 @@
# rsync deployments
This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh.
This GitHub Action deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh.
Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`.
The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
Alpine version: [3.19.1](https://alpinelinux.org/posts/Alpine-3.19.1-released.html)
Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
The underlaying base-image of the docker-image is very small (Alpine (no cache)) which results in fast deployments.
---
@ -17,9 +14,7 @@ Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
- `rsh` - Remote shell commands
- `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false")
- `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it
- `path` - The source path. Defaults to GITHUB_WORKSPACE
- `remote_path`* - The deployment target path
@ -31,25 +26,17 @@ Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
- `remote_key`* - The remote ssh key
- `remote_key_pass` - The remote ssh key passphrase (if any)
``* = Required``
## Required secret(s)
## Required secret
This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.
> Always use secrets when dealing with sensitive inputs!
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
## Current Version: 7.0.2
This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input.
## Example usage
Simple:
```yml
```
name: DEPLOY
on:
push:
@ -60,9 +47,9 @@ jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@7.0.2
uses: burnett01/rsync-deployments@4.1
with:
switches: -avzr --delete
path: src/
@ -74,14 +61,14 @@ jobs:
Advanced:
```yml
```
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@7.0.2
uses: burnett01/rsync-deployments@4.1
with:
switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/
@ -92,118 +79,31 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
```
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
```yml
```
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@7.0.2
uses: burnett01/rsync-deployments@4.1
with:
switches: -avzr --delete
path: src/
remote_path: ${{ secrets.DEPLOY_PATH }}
remote_path: /var/www/html/
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
```
If your private key is passphrase protected you should use:
```yml
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: rsync deployments
uses: burnett01/rsync-deployments@7.0.2
with:
switches: -avzr --delete
path: src/
remote_path: ${{ secrets.DEPLOY_PATH }}
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
```
---
#### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+
## Version 3.0
If your remote OpenSSH Server still uses RSA hostkeys, then you have to
manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
```yml
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: rsync deployments
uses: burnett01/rsync-deployments@7.0.2
with:
switches: -avzr --delete
legacy_allow_rsa_hostkeys: "true"
path: src/
remote_path: ${{ secrets.DEPLOY_PATH }}
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
```
See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information.
---
## Version 7.0.0 & 7.0.1 (DEPRECATED)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/7.0.0 (alpine 3.19.1)
- https://github.com/Burnett01/rsync-deployments/tree/7.0.1 (alpine 3.19.1)
---
## Version 6.0 (EOL)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/6.0 (alpine 3.17.2)
---
## Version 5.0, 5.1 & 5.2 & 5.x (EOL)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/5.0 (alpine 3.11.x)
- https://github.com/Burnett01/rsync-deployments/tree/5.1 (alpine 3.14.1)
- https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0)
- https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.1)
- https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2)
---
## Version 4.0 & 4.1 (EOL)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/4.0
- https://github.com/Burnett01/rsync-deployments/tree/4.1
Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
---
## Version 3.0 (EOL)
Looking for version 3.0?
Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0
@ -211,7 +111,9 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
based on ``alpine:latest``and heavily optimized for rsync.
## Version 2.0 (EOL)
## Version 2.0
Looking for version 2.0?
Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0
@ -220,6 +122,8 @@ Consider upgrading to 3.0 for even faster deployments.
## Version 1.0 (EOL)
Looking for version 1.0?
Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0
Please note that version 1.0 has reached end of life state.
@ -231,23 +135,4 @@ Please note that version 1.0 has reached end of life state.
+ This project is a fork of [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
+ Base image [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker)
---
## Media
This action was featured in multiple blogs across the globe:
> Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
- https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
- https://www.vektor-inc.co.jp/post/github-actions-deploy/
- https://webpick.info/automatiser-avec-github-actions/
- https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
- https://jishuin.proginn.com/p/763bfbd38928
- https://cloud.tencent.com/developer/article/1786522

21
SECURITY.md
View file

@ -1,21 +0,0 @@
# Security Policy
## Supported Versions
The following versions are currently being supported with security updates:
| Version | Supported | Rsync version |
| ------- | ------------------ | ------------------ |
| 7.0.2 | :white_check_mark: | >= 3.4.0 |
| 7.0.1 | :warning: DEPRECATED | < 3.4.0 |
| 7.0.0 | :warning: DEPRECATED | < 3.4.0|
| 6.x | :x: EOL |< 3.4.0|
| 5.x | :x: EOL |< 3.4.0|
| 4.x | :x: EOL |< 3.4.0|
| 3.0 | :x: EOL |< 3.4.0|
| 2.0 | :x: EOL |< 3.4.0|
| 1.0 | :x: EOL |< 3.4.0|
## Reporting a Vulnerability
You can report a vulnerability by creating an issue.

8
action.yml
View file

@ -9,10 +9,6 @@ inputs:
description: 'The remote shell argument'
required: false
default: ''
legacy_allow_rsa_hostkeys:
description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+'
required: false
default: 'false'
path:
description: 'The local path'
required: false
@ -33,10 +29,6 @@ inputs:
remote_key:
description: 'The remote key'
required: true
remote_key_pass:
description: 'The remote key passphrase'
required: false
default: ''
runs:
using: 'docker'
image: 'Dockerfile'

12
entrypoint.sh
View file

@ -1,23 +1,15 @@
#!/bin/sh
if [ -z "$(echo "$INPUT_REMOTE_PATH" | awk '{$1=$1};1')" ]; then
echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44"
exit 1
fi
# Start the SSH agent and load key.
source agent-start "$GITHUB_ACTION"
echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
echo "$INPUT_REMOTE_KEY" | agent-add
# Add strict errors.
set -eu
# Variables.
LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "")
SWITCHES="$INPUT_SWITCHES"
RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH"
RSH="ssh -o StrictHostKeyChecking=no -p $INPUT_REMOTE_PORT $INPUT_RSH"
LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH"
DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST"