Hostux/github.com_burnett01_rsync-deployments
1
0
Fork 1
mirror of https://github.com/Burnett01/rsync-deployments.git synced 2025-09-19 15:50:38 +02:00
Code Issues Projects Releases Packages Wiki Activity
Mirror of https://github.com/Burnett01/rsync-deployments
132 commits 9 branches 15 tags 337 KiB
Shell 87.7%
Dockerfile 12.3%
Find a file
Copilot f1607ccbba
Add comprehensive SSH troubleshooting section with documentation links and improved secret naming to README (#83) 
* chore: Add comprehensive SSH troubleshooting section to README

* chore: Enhance README with rsync documentation link, SSH key guide

* chore: further enrich readme with more troubleshooting + change secrets name from DEPLOY_* to REMOTE_*

* chore: Added a new section for versions and updated heading formatting.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Burnett01 <1208707+Burnett01@users.noreply.github.com>
Co-authored-by: sovetski
2025-09-19 15:40:13 +02:00
.github Rename CI workflow file to ci-validating-linting-testing.yml 2025-09-01 12:34:44 +02:00
test Add bats tests (#76) 2025-08-29 22:50:40 +02:00
action.yml feat: configuarable legacy RSA hostkeys support 2024-03-06 12:20:39 +01:00
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md 2020-06-27 15:55:31 +02:00
CONTRIBUTING.md Create CONTRIBUTING.md 2020-06-27 15:55:57 +02:00
Dockerfile Release/7.1.0 (#72) 2025-08-29 20:57:37 +02:00
entrypoint.sh feat: Make usage of legacy rsa hostkeys conditional 2024-03-06 12:16:35 +01:00
LICENSE Release/7.1.0 (#72) 2025-08-29 20:57:37 +02:00
README.md Add comprehensive SSH troubleshooting section with documentation links and improved secret naming to README (#83) 2025-09-19 15:40:13 +02:00
SECURITY.md Release/7.1.0 (#72) 2025-08-29 20:57:37 +02:00

README.md

rsync deployments

CI - Validating, Linting, Testing Snyk Docker Vulnerability Scan CodeQL Dependabot Updates

This GitHub Action (amd64) deploys files in GITHUB_WORKSPACE to a remote folder via rsync over ssh.

Use this action in a CD workflow which leaves deployable code in GITHUB_WORKSPACE.

The base-image drinternet/rsync of this action is very small and is based on Alpine 3.22.1 (no cache) which results in fast deployments.

Alpine version: 3.22.1 Rsync version: 3.4.1-r0

Inputs

  • switches* - The first is for any initial/required rsync flags, eg: -avzr --delete

  • rsh - Remote shell commands

  • legacy_allow_rsa_hostkeys - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false")

  • path - The source path. Defaults to GITHUB_WORKSPACE and is relative to it

  • remote_path* - The deployment target path

  • remote_host* - The remote host

  • remote_port - The remote port. Defaults to 22

  • remote_user* - The remote user

  • remote_key* - The remote ssh private key

  • remote_key_pass - The remote ssh private key passphrase (if any)

* = Required

Required secret(s)

This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the remote_key input.

Always use secrets when dealing with sensitive inputs!

For simplicity, we are using REMOTE_* as the secret variables throughout the examples.

Current Version: 7.1.0

Example usage

Simple:

name: DEPLOY
on:
  push:
    branches:
    - master

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.1.0
      with:
        switches: -avzr --delete
        path: src/
        remote_path: /var/www/html/
        remote_host: example.com
        remote_user: debian
        remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}

Advanced:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.1.0
      with:
        switches: -avzr --delete --exclude="" --include="" --filter=""
        path: src/
        remote_path: /var/www/html/
        remote_host: example.com
        remote_port: 5555
        remote_user: debian
        remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}

For better security, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.1.0
      with:
        switches: -avzr --delete
        path: src/
        remote_path: ${{ secrets.REMOTE_PATH }}
        remote_host: ${{ secrets.REMOTE_HOST }}
        remote_port: ${{ secrets.REMOTE_PORT }}
        remote_user: ${{ secrets.REMOTE_USER }}
        remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}

If your private key is passphrase protected you should use:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.1.0
      with:
        switches: -avzr --delete
        path: src/
        remote_path: ${{ secrets.REMOTE_PATH }}
        remote_host: ${{ secrets.REMOTE_HOST }}
        remote_port: ${{ secrets.REMOTE_PORT }}
        remote_user: ${{ secrets.REMOTE_USER }}
        remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
        remote_key_pass: ${{ secrets.REMOTE_PRIVATE_KEY_PASS }}

Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+

If your remote OpenSSH Server still uses RSA hostkeys, then you have to manually enable legacy support for this by using legacy_allow_rsa_hostkeys: "true".

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.1.0
      with:
        switches: -avzr --delete
        legacy_allow_rsa_hostkeys: "true"
        path: src/
        remote_path: ${{ secrets.REMOTE_PATH }}
        remote_host: ${{ secrets.REMOTE_HOST }}
        remote_port: ${{ secrets.REMOTE_PORT }}
        remote_user: ${{ secrets.REMOTE_USER }}
        remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}

See #49 and #24 for more information.

Note: Only use this if necessary. It's recommended to upgrade your remote OpenSSH server instead.

--

Advanced Rsync switches/flags/options

For advanced rsync configuration options and switches, refer to the rsync manual.

Troubleshooting

SSH Permission Denied Errors

If you encounter "Permission denied (publickey,password)" errors, here are the most common solutions:

1. SSH Key Setup

Ensure your SSH key pair is correctly generated and configured:

# Generate a new SSH key pair (recommended: Ed25519 or RSA 4096-bit)
ssh-keygen -t ed25519 -C "deploy@yourproject" -f ~/.ssh/deploy_yourproject -N ""
# OR for RSA:
ssh-keygen -t rsa -b 4096 -C "deploy@yourproject" -f ~/.ssh/deploy_yourproject -N ""

Important Steps:

  • Add the public key (.pub file) to your server's ~/.ssh/authorized_keys
  • Add the private key (without .pub extension) to GitHub Secrets as REMOTE_PRIVATE_KEY
  • Ensure correct file permissions on your server: 
    chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

For detailed information on creating and managing SSH keys, see GitHub's SSH Key Guide.

2. remote_path permissions

Make sure the remote_user has write access to remote_path.

See: https://github.com/Burnett01/rsync-deployments/issues/81#issuecomment-3308152891

3. Firewall / GitHub Actions IP Restrictions

If your remote server has firewall restrictions:

  • Option A: Whitelist GitHub Actions IP ranges (Azure-based)
  • Option B: Use self-hosted runners on your server (recommended for strict firewall environments)

Excluding files/folders (eg .git)

By default, rsync copies dot files and folder if present at path:. To exclude them, you can use the --exclude switch:

switches: -avzr --delete --exclude='.git/'

Other common exclusions:

switches: -avzr --delete --exclude='.git/' --exclude='node_modules/' --exclude='.env'

More advanced examples:

Versions

Version 7.0.2

Check here:

Version 7.0.0 & 7.0.1 (DEPRECATED)

Check here:

Version 6.0 (EOL)

Check here:

Version 5.0, 5.1 & 5.2 & 5.x (EOL)

Check here:

Version 4.0 & 4.1 (EOL)

Check here:

Version 4.0 & 4.1 use the drinternet/rsync:1.0.1 base-image.

Version 3.0 (EOL)

Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0

Version 3.0 uses the alpine:latest base-image directly.
Consider upgrading to 4.0 that uses a docker-image drinternet/rsync:1.0.1 that is
based on alpine:latestand heavily optimized for rsync.

Version 2.0 (EOL)

Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0

Version 2.0 uses a larger base-image (ubuntu:latest).
Consider upgrading to 3.0 for even faster deployments.

Version 1.0 (EOL)

Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0

Please note that version 1.0 has reached end of life state.

Acknowledgements

Media & Pingback

This action was featured in multiple blogs across the globe:

Disclaimer: The author & co-authors are not responsible for the content of the site-links below.