diff --git a/Dockerfile b/Dockerfile index 764a964..fff8dcf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,27 +1,12 @@ FROM ubuntu:latest - # Update RUN apt-get update - # Install packages RUN apt-get -yq install rsync openssh-client - -# Label -LABEL "com.github.actions.name"="rsync deployments" -LABEL "com.github.actions.description"="For deploying code to a webserver via rsync over ssh" -LABEL "com.github.actions.icon"="truck" -LABEL "com.github.actions.color"="yellow" - -LABEL "repository"="https://github.com/Burnett01/rsync-deployments" -LABEL "homepage"="https://github.com/Burnett01/rsync-deployments" -LABEL "maintainer"="Contention & Burnett01" - - # Copy entrypoint ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] - diff --git a/README.md b/README.md index e23138e..cccace3 100644 --- a/README.md +++ b/README.md @@ -7,24 +7,32 @@ This GitHub Action deploys files in `GITHUB_WORKSPACE` to a folder on a server v Use this action in a build/test workflow which leaves deployable code in `GITHUB_WORKSPACE`. -# Required SECRETs +# Inputs -This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as an `env` variable. +- `switches`* - The first is for any initial/required rsync flags, eg: `-avzr --delete` -# ARGs +- `rsh` - Remote shell commands, eg for using a different SSH port: `"-p ${{ secrets.DEPLOY_PORT }}"` -This action requires 4 args in the `with` block. +- `path` - The source path. Defaults to GITHUB_WORKSPACE -1. `swtiches` - The first is for any initial/required rsync flags, eg: `-avzr --delete` +- `remote_path`* - The deployment target path -2. `rsh` - Remote shell commands, eg for using a different SSH port: `"-p ${{ secrets.DEPLOY_PORT }}"` +- `remote_host`* - The remote host -3. `path` - The source path, if none; use `""` +- `remote_user`* - The remote user -4. `upload_path` - The deployment target, and should be in the format: `[USER]@[HOST]:[PATH]` +- `remote_key`* - The remote ssh key + +``* = Required`` + +# Required secret + +This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input. # Example usage +Simple: + ``` name: DEPLOY on: @@ -38,20 +46,63 @@ jobs: steps: - uses: actions/checkout@v1 - name: rsync deployments - uses: burnett01/rsync-deployments@1.0 + uses: burnett01/rsync-deployments@2.0 with: - switches: -avzr --delete --exclude="" --include="" - rsh: "-p ${{ secrets.DEPLOY_PORT }}" + switches: -avzr --delete path: src/ - upload_path: user@example.com:/var/www/html/ - - env: - DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} - + remote_path: /var/www/html/ + remote_host: example.com + remote_user: debian + remote_key: ${{ secrets.DEPLOY_KEY }} ``` -## Disclaimer +Advanced: -If you're using GitHub Actions, you probably already know that it's still in limited public beta, and GitHub advise against using Actions in production. +``` +name: DEPLOY +on: + push: + branches: + - master -So, check your keys. Check your deployment paths. And use at your own risk. +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: rsync deployments + uses: burnett01/rsync-deployments@2.0 + with: + switches: -avzr --delete --exclude="" --include="" --filter="" + rsh: "-p ${{ secrets.DEPLOY_PORT }}" + path: src/ + remote_path: /var/www/html/ + remote_host: example.com + remote_user: debian + remote_key: ${{ secrets.DEPLOY_KEY }} +``` + +For better security, I suggest you create additional secrets for remote_host and remote_user inputs. + +``` +name: DEPLOY +on: + push: + branches: + - master + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: rsync deployments + uses: burnett01/rsync-deployments@2.0 + with: + switches: -avzr --delete + path: src/ + remote_path: /var/www/html/ + remote_host: ${{ secrets.DEPLOY_HOST }} + remote_user: ${{ secrets.DEPLOY_USER }} + remote_key: ${{ secrets.DEPLOY_KEY }} +``` diff --git a/action.yml b/action.yml index 1747954..b81965a 100644 --- a/action.yml +++ b/action.yml @@ -13,9 +13,18 @@ inputs: description: 'The local path' required: false default: '' - upload_path: + remote_path: description: 'The remote path' required: true + remote_host: + description: 'The remote host' + required: true + remote_user: + description: 'The remote user' + required: true + remote_key: + description: 'The remote key' + required: true runs: using: 'docker' image: 'Dockerfile' diff --git a/entrypoint.sh b/entrypoint.sh index ef1adda..6cc9efa 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,17 +1,18 @@ -#!/bin/sh +#!/bin/bash set -eu # Set deploy key SSH_PATH="$HOME/.ssh" + # Create .ssh dir if it doesn't exist -if [ ! -d "$SSH_PATH" ]; then - mkdir "$SSH_PATH" -fi +[ -d "$SSH_PATH" ] || mkdir "$SSH_PATH" + # Place deploy_key into .ssh dir -echo "$DEPLOY_KEY" > "$SSH_PATH/deploy_key" +echo "$INPUT_REMOTE_KEY" > "$SSH_PATH/key" + # Set r+w to user only -chmod 600 "$SSH_PATH/deploy_key" +chmod 600 "$SSH_PATH/key" # Do deployment -sh -c "rsync $INPUT_SWITCHES -e 'ssh -i $SSH_PATH/deploy_key -o StrictHostKeyChecking=no $INPUT_RSH' $GITHUB_WORKSPACE/$INPUT_PATH $INPUT_UPLOAD_PATH" +sh -c "rsync $INPUT_SWITCHES -e 'ssh -i $SSH_PATH/key -o StrictHostKeyChecking=no $INPUT_RSH' $GITHUB_WORKSPACE/$INPUT_PATH $INPUT_REMOTE_USER@$INPUT_REMOTE_HOST:$INPUT_REMOTE_PATH"