From 24cfa35ecb220252cb27819e1400e08b82ff52cb Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:26:19 +0100 Subject: [PATCH 1/8] remove docker labeling --- Dockerfile | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 764a964..fff8dcf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,27 +1,12 @@ FROM ubuntu:latest - # Update RUN apt-get update - # Install packages RUN apt-get -yq install rsync openssh-client - -# Label -LABEL "com.github.actions.name"="rsync deployments" -LABEL "com.github.actions.description"="For deploying code to a webserver via rsync over ssh" -LABEL "com.github.actions.icon"="truck" -LABEL "com.github.actions.color"="yellow" - -LABEL "repository"="https://github.com/Burnett01/rsync-deployments" -LABEL "homepage"="https://github.com/Burnett01/rsync-deployments" -LABEL "maintainer"="Contention & Burnett01" - - # Copy entrypoint ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] - From 1eb5088cc245a3f1581b96086079c25455a0ab19 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:28:33 +0100 Subject: [PATCH 2/8] Mention new inputs, added more examples, removed disclaimer --- README.md | 63 +++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 45 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index e23138e..7e512bc 100644 --- a/README.md +++ b/README.md @@ -7,24 +7,32 @@ This GitHub Action deploys files in `GITHUB_WORKSPACE` to a folder on a server v Use this action in a build/test workflow which leaves deployable code in `GITHUB_WORKSPACE`. -# Required SECRETs +# Inputs -This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as an `env` variable. +- `swtiches`* - The first is for any initial/required rsync flags, eg: `-avzr --delete` -# ARGs +- `rsh` - Remote shell commands, eg for using a different SSH port: `"-p ${{ secrets.DEPLOY_PORT }}"` -This action requires 4 args in the `with` block. +- `path`* - The source path, if none; use `""` -1. `swtiches` - The first is for any initial/required rsync flags, eg: `-avzr --delete` +- `remote_path`* - The deployment target, and should be in the format: `[USER]@[HOST]:[PATH]` -2. `rsh` - Remote shell commands, eg for using a different SSH port: `"-p ${{ secrets.DEPLOY_PORT }}"` +- `remote_host`* - The remote host -3. `path` - The source path, if none; use `""` +- `remote_user`* - The remote user -4. `upload_path` - The deployment target, and should be in the format: `[USER]@[HOST]:[PATH]` +- `remote_key`* - The remote ssh key + +* = Required + +# Required secret + +This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input. # Example usage +Simple: + ``` name: DEPLOY on: @@ -40,18 +48,37 @@ jobs: - name: rsync deployments uses: burnett01/rsync-deployments@1.0 with: - switches: -avzr --delete --exclude="" --include="" - rsh: "-p ${{ secrets.DEPLOY_PORT }}" + switches: -avzr --delete path: src/ - upload_path: user@example.com:/var/www/html/ - - env: - DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} - + remote_path: /var/www/html/ + remote_host: example.com + remote_user: debian + remote_key: ${{ secrets.DEPLOY_KEY }} ``` -## Disclaimer +Advanced: -If you're using GitHub Actions, you probably already know that it's still in limited public beta, and GitHub advise against using Actions in production. +``` +name: DEPLOY +on: + push: + branches: + - master + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: rsync deployments + uses: burnett01/rsync-deployments@1.0 + with: + switches: -avzr --delete --exclude="" --include="" --filter="" + rsh: "-p ${{ secrets.DEPLOY_PORT }}" + path: src/ + remote_path: /var/www/html/ + remote_host: example.com + remote_user: debian + remote_key: ${{ secrets.DEPLOY_KEY }} +``` -So, check your keys. Check your deployment paths. And use at your own risk. From 72f04677dec198961101190236f123f6911f1164 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:29:34 +0100 Subject: [PATCH 3/8] new inputs and shell --- entrypoint.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index ef1adda..6cc9efa 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,17 +1,18 @@ -#!/bin/sh +#!/bin/bash set -eu # Set deploy key SSH_PATH="$HOME/.ssh" + # Create .ssh dir if it doesn't exist -if [ ! -d "$SSH_PATH" ]; then - mkdir "$SSH_PATH" -fi +[ -d "$SSH_PATH" ] || mkdir "$SSH_PATH" + # Place deploy_key into .ssh dir -echo "$DEPLOY_KEY" > "$SSH_PATH/deploy_key" +echo "$INPUT_REMOTE_KEY" > "$SSH_PATH/key" + # Set r+w to user only -chmod 600 "$SSH_PATH/deploy_key" +chmod 600 "$SSH_PATH/key" # Do deployment -sh -c "rsync $INPUT_SWITCHES -e 'ssh -i $SSH_PATH/deploy_key -o StrictHostKeyChecking=no $INPUT_RSH' $GITHUB_WORKSPACE/$INPUT_PATH $INPUT_UPLOAD_PATH" +sh -c "rsync $INPUT_SWITCHES -e 'ssh -i $SSH_PATH/key -o StrictHostKeyChecking=no $INPUT_RSH' $GITHUB_WORKSPACE/$INPUT_PATH $INPUT_REMOTE_USER@$INPUT_REMOTE_HOST:$INPUT_REMOTE_PATH" From e9dd3cdb51b13a13bc89877a798ed0d32d1e15f6 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:31:26 +0100 Subject: [PATCH 4/8] new inputs --- action.yml | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/action.yml b/action.yml index b030baa..b81965a 100644 --- a/action.yml +++ b/action.yml @@ -2,16 +2,29 @@ name: 'Rsync Deployments Action' description: 'GitHub Action for deploying code via rsync over ssh' author: 'Burnett01' inputs: - swtiches: - description: 'API method to use' + switches: + description: 'The switches' required: true rsh: - description: 'Github repository token' - required: true + description: 'The remote shell argument' + required: false + default: '' path: - description: 'Repository owner. Default: Current repository owner' - upload_path: - description: 'Repository name. Default: Current repository name' + description: 'The local path' + required: false + default: '' + remote_path: + description: 'The remote path' + required: true + remote_host: + description: 'The remote host' + required: true + remote_user: + description: 'The remote user' + required: true + remote_key: + description: 'The remote key' + required: true runs: using: 'docker' image: 'Dockerfile' From 5536ad8c4219629d63f30d5443c7fbd1b4f4d15e Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:35:52 +0100 Subject: [PATCH 5/8] Update README.md --- README.md | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7e512bc..586d284 100644 --- a/README.md +++ b/README.md @@ -13,9 +13,9 @@ Use this action in a build/test workflow which leaves deployable code in `GITHUB - `rsh` - Remote shell commands, eg for using a different SSH port: `"-p ${{ secrets.DEPLOY_PORT }}"` -- `path`* - The source path, if none; use `""` +- `path` - The source path. Defaults to GITHUB_WORKSPACE -- `remote_path`* - The deployment target, and should be in the format: `[USER]@[HOST]:[PATH]` +- `remote_path`* - The deployment target path - `remote_host`* - The remote host @@ -82,3 +82,27 @@ jobs: remote_key: ${{ secrets.DEPLOY_KEY }} ``` +For better security, I suggest you create additional secrets for remote_host and remote_user inputs. + +``` +name: DEPLOY +on: + push: + branches: + - master + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: rsync deployments + uses: burnett01/rsync-deployments@1.0 + with: + switches: -avzr --delete + path: src/ + remote_path: /var/www/html/ + remote_host: ${{ secrets.DEPLOY_HOST }} + remote_user: ${{ secrets.DEPLOY_USER }} + remote_key: ${{ secrets.DEPLOY_KEY }} +``` From 2f0d5a19fa9e9241b33b30d43f5b5ed60d242c60 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:37:11 +0100 Subject: [PATCH 6/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 586d284..f4cdfe5 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ Use this action in a build/test workflow which leaves deployable code in `GITHUB - `remote_key`* - The remote ssh key -* = Required +``* = Required`` # Required secret From c4c3b6821b834fec5d9af141fa9b7308dc2a8e14 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:39:07 +0100 Subject: [PATCH 7/8] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f4cdfe5..c813cde 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: rsync deployments - uses: burnett01/rsync-deployments@1.0 + uses: burnett01/rsync-deployments@2.0 with: switches: -avzr --delete path: src/ @@ -71,7 +71,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: rsync deployments - uses: burnett01/rsync-deployments@1.0 + uses: burnett01/rsync-deployments@2.0 with: switches: -avzr --delete --exclude="" --include="" --filter="" rsh: "-p ${{ secrets.DEPLOY_PORT }}" @@ -97,7 +97,7 @@ jobs: steps: - uses: actions/checkout@v1 - name: rsync deployments - uses: burnett01/rsync-deployments@1.0 + uses: burnett01/rsync-deployments@2.0 with: switches: -avzr --delete path: src/ From 6b3db75d871d0e80889f177526f102bfcddab0b3 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 4 Dec 2019 18:41:36 +0100 Subject: [PATCH 8/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c813cde..cccace3 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Use this action in a build/test workflow which leaves deployable code in `GITHUB # Inputs -- `swtiches`* - The first is for any initial/required rsync flags, eg: `-avzr --delete` +- `switches`* - The first is for any initial/required rsync flags, eg: `-avzr --delete` - `rsh` - Remote shell commands, eg for using a different SSH port: `"-p ${{ secrets.DEPLOY_PORT }}"`