Release/v5 (#13)
* Reference JoshPiper/rsync-docker @ 1.1.0 * See: https://github.com/JoshPiper/rsync-docker/tree/1.1.0 * New features: Support passphrase protected keys * supply SSH_PASS (key passphrase) to agent-add Read more about the behavior: https://github.com/JoshPiper/rsync-docker#agent-askpass * add new remote_key_pass config option * Update README.md * Update README.md * 2.0 is EOL * support 5.0, drop 2.0 * default to empty string * reference JoshPiper/rsync-docker @ v1.2.0
This commit is contained in:
parent
a93a577f3f
commit
342e70b07e
5 changed files with 56 additions and 11 deletions
|
@ -1,4 +1,4 @@
|
|||
FROM drinternet/rsync:1.0.1
|
||||
FROM drinternet/rsync:v1.2.0
|
||||
|
||||
# Copy entrypoint
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
|
|
55
README.md
55
README.md
|
@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache))
|
|||
|
||||
- `remote_key`* - The remote ssh key
|
||||
|
||||
- `remote_key_pass` - The remote ssh key passphrase (if any)
|
||||
|
||||
``* = Required``
|
||||
|
||||
## Required secret
|
||||
## Required secret(s)
|
||||
|
||||
This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input.
|
||||
This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.
|
||||
|
||||
> Always use secrets when dealing with sensitive inputs!
|
||||
|
||||
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
|
||||
|
||||
## Example usage
|
||||
|
||||
|
@ -49,7 +55,7 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: rsync deployments
|
||||
uses: burnett01/rsync-deployments@4.1
|
||||
uses: burnett01/rsync-deployments@5.0
|
||||
with:
|
||||
switches: -avzr --delete
|
||||
path: src/
|
||||
|
@ -68,7 +74,7 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: rsync deployments
|
||||
uses: burnett01/rsync-deployments@4.1
|
||||
uses: burnett01/rsync-deployments@5.0
|
||||
with:
|
||||
switches: -avzr --delete --exclude="" --include="" --filter=""
|
||||
path: src/
|
||||
|
@ -79,7 +85,7 @@ jobs:
|
|||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
||||
```
|
||||
|
||||
For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
|
||||
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
|
||||
|
||||
```
|
||||
jobs:
|
||||
|
@ -88,17 +94,50 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: rsync deployments
|
||||
uses: burnett01/rsync-deployments@4.1
|
||||
uses: burnett01/rsync-deployments@5.0
|
||||
with:
|
||||
switches: -avzr --delete
|
||||
path: src/
|
||||
remote_path: /var/www/html/
|
||||
remote_path: ${{ secrets.DEPLOY_PATH }}
|
||||
remote_host: ${{ secrets.DEPLOY_HOST }}
|
||||
remote_port: ${{ secrets.DEPLOY_PORT }}
|
||||
remote_user: ${{ secrets.DEPLOY_USER }}
|
||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
||||
```
|
||||
|
||||
If your private key is passphrase protected you should use:
|
||||
|
||||
```
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: rsync deployments
|
||||
uses: burnett01/rsync-deployments@5.0
|
||||
with:
|
||||
switches: -avzr --delete
|
||||
path: src/
|
||||
remote_path: ${{ secrets.DEPLOY_PATH }}
|
||||
remote_host: ${{ secrets.DEPLOY_HOST }}
|
||||
remote_port: ${{ secrets.DEPLOY_PORT }}
|
||||
remote_user: ${{ secrets.DEPLOY_USER }}
|
||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
||||
remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
|
||||
```
|
||||
---
|
||||
|
||||
## Version 4.0 & 4.1
|
||||
|
||||
Looking for version 4.0 and 4.1?
|
||||
|
||||
Check here:
|
||||
|
||||
- https://github.com/Burnett01/rsync-deployments/tree/4.0
|
||||
- https://github.com/Burnett01/rsync-deployments/tree/4.1
|
||||
|
||||
Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
|
||||
|
||||
---
|
||||
|
||||
## Version 3.0
|
||||
|
@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
|
|||
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
|
||||
based on ``alpine:latest``and heavily optimized for rsync.
|
||||
|
||||
## Version 2.0
|
||||
## Version 2.0 (EOL)
|
||||
|
||||
Looking for version 2.0?
|
||||
|
||||
|
|
|
@ -6,10 +6,12 @@ The following versions are currently being supported with security updates:
|
|||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 5.0 | :white_check_mark: |
|
||||
| 4.1 | :white_check_mark: |
|
||||
| 4.0 | :white_check_mark: |
|
||||
| 3.0 | :white_check_mark: |
|
||||
| < 2.0 | :x: |
|
||||
| 2.0 | :x: |
|
||||
| 1.0 | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
|
|
|
@ -29,6 +29,10 @@ inputs:
|
|||
remote_key:
|
||||
description: 'The remote key'
|
||||
required: true
|
||||
remote_key_pass:
|
||||
description: 'The remote key passphrase'
|
||||
required: false
|
||||
default: ''
|
||||
runs:
|
||||
using: 'docker'
|
||||
image: 'Dockerfile'
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# Start the SSH agent and load key.
|
||||
source agent-start "$GITHUB_ACTION"
|
||||
echo "$INPUT_REMOTE_KEY" | agent-add
|
||||
echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
|
||||
|
||||
# Add strict errors.
|
||||
set -eu
|
||||
|
|
Loading…
Reference in a new issue