diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 31d2199..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
- - package-ecosystem: docker
- directory: /
- schedule:
- interval: monthly
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
deleted file mode 100644
index a4ec36f..0000000
--- a/CODE_OF_CONDUCT.md
+++ /dev/null
@@ -1,76 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
- advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
- address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
- professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team via issues. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
deleted file mode 100644
index 167342d..0000000
--- a/CONTRIBUTING.md
+++ /dev/null
@@ -1 +0,0 @@
-Feel free to contribute to this project.
diff --git a/Dockerfile b/Dockerfile
index 0fe5c56..fff8dcf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,12 @@
-# drinternet/rsync@v1.4.4
-FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
+FROM ubuntu:latest
-# always force-upgrade rsync to get the latest security fixes
-RUN apk update && apk add --no-cache --upgrade rsync
-RUN rm -rf /var/cache/apk/*
+# Update
+RUN apt-get update
+
+# Install packages
+RUN apt-get -yq install rsync openssh-client
# Copy entrypoint
-COPY entrypoint.sh /entrypoint.sh
+ADD entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
-
ENTRYPOINT ["/entrypoint.sh"]
diff --git a/LICENSE b/LICENSE
index 3907af1..43ed1b4 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,7 +1,7 @@
MIT License
-Copyright (c) 2019-2022 Contention
-Copyright (c) 2019-2024 Burnett01
+Copyright (c) 2019 Contention
+Copyright (c) 2019 Burnett01
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
index fc7be23..bca2f03 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,11 @@
# rsync deployments
-This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh.
+Forked from [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
-Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`.
-The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
+This GitHub Action deploys files in `GITHUB_WORKSPACE` to a folder on a server via rsync over ssh.
-Alpine version: [3.19.1](https://alpinelinux.org/posts/Alpine-3.19.1-released.html)
-Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
+Use this action in a build/test workflow which leaves deployable code in `GITHUB_WORKSPACE`.
---
@@ -17,9 +15,7 @@ Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
- `rsh` - Remote shell commands
-- `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false")
-
-- `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it
+- `path` - The source path. Defaults to GITHUB_WORKSPACE
- `remote_path`* - The deployment target path
@@ -31,25 +27,17 @@ Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
- `remote_key`* - The remote ssh key
-- `remote_key_pass` - The remote ssh key passphrase (if any)
-
``* = Required``
-## Required secret(s)
+## Required secret
-This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.
-
-> Always use secrets when dealing with sensitive inputs!
-
-For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
-
-## Current Version: 7.0.2
+This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input.
## Example usage
Simple:
-```yml
+```
name: DEPLOY
on:
push:
@@ -60,9 +48,9 @@ jobs:
deploy:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v1
- name: rsync deployments
- uses: burnett01/rsync-deployments@7.0.2
+ uses: burnett01/rsync-deployments@2.0
with:
switches: -avzr --delete
path: src/
@@ -74,14 +62,20 @@ jobs:
Advanced:
-```yml
+```
+name: DEPLOY
+on:
+ push:
+ branches:
+ - master
+
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v1
- name: rsync deployments
- uses: burnett01/rsync-deployments@7.0.2
+ uses: burnett01/rsync-deployments@2.0
with:
switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/
@@ -92,162 +86,38 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
```
-For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
+For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
+
+```
+name: DEPLOY
+on:
+ push:
+ branches:
+ - master
-```yml
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v1
- name: rsync deployments
- uses: burnett01/rsync-deployments@7.0.2
+ uses: burnett01/rsync-deployments@2.0
with:
switches: -avzr --delete
path: src/
- remote_path: ${{ secrets.DEPLOY_PATH }}
+ remote_path: /var/www/html/
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
```
-If your private key is passphrase protected you should use:
-
-```yml
-jobs:
- deploy:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: rsync deployments
- uses: burnett01/rsync-deployments@7.0.2
- with:
- switches: -avzr --delete
- path: src/
- remote_path: ${{ secrets.DEPLOY_PATH }}
- remote_host: ${{ secrets.DEPLOY_HOST }}
- remote_port: ${{ secrets.DEPLOY_PORT }}
- remote_user: ${{ secrets.DEPLOY_USER }}
- remote_key: ${{ secrets.DEPLOY_KEY }}
- remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
-```
-
---
-#### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+
-
-If your remote OpenSSH Server still uses RSA hostkeys, then you have to
-manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
-
-```yml
-jobs:
- deploy:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: rsync deployments
- uses: burnett01/rsync-deployments@7.0.2
- with:
- switches: -avzr --delete
- legacy_allow_rsa_hostkeys: "true"
- path: src/
- remote_path: ${{ secrets.DEPLOY_PATH }}
- remote_host: ${{ secrets.DEPLOY_HOST }}
- remote_port: ${{ secrets.DEPLOY_PORT }}
- remote_user: ${{ secrets.DEPLOY_USER }}
- remote_key: ${{ secrets.DEPLOY_KEY }}
-```
-
-See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information.
-
----
-
-## Version 7.0.0 & 7.0.1 (DEPRECATED)
-
-Check here:
-
-- https://github.com/Burnett01/rsync-deployments/tree/7.0.0 (alpine 3.19.1)
-- https://github.com/Burnett01/rsync-deployments/tree/7.0.1 (alpine 3.19.1)
-
----
-
-## Version 6.0 (EOL)
-
-Check here:
-
-- https://github.com/Burnett01/rsync-deployments/tree/6.0 (alpine 3.17.2)
-
----
-
-## Version 5.0, 5.1 & 5.2 & 5.x (EOL)
-
-Check here:
-
-- https://github.com/Burnett01/rsync-deployments/tree/5.0 (alpine 3.11.x)
-- https://github.com/Burnett01/rsync-deployments/tree/5.1 (alpine 3.14.1)
-- https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0)
-- https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.1)
-- https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2)
-
----
-
-## Version 4.0 & 4.1 (EOL)
-
-Check here:
-
-- https://github.com/Burnett01/rsync-deployments/tree/4.0
-- https://github.com/Burnett01/rsync-deployments/tree/4.1
-
-Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
-
----
-
-## Version 3.0 (EOL)
-
-Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0
-
-Version 3.0 uses the ``alpine:latest`` base-image directly.
-Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is
-based on ``alpine:latest``and heavily optimized for rsync.
-
-## Version 2.0 (EOL)
-
-Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0
-
-Version 2.0 uses a larger base-image (``ubuntu:latest``).
-Consider upgrading to 3.0 for even faster deployments.
-
## Version 1.0 (EOL)
+Looking for version 1.0?
+
Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0
Please note that version 1.0 has reached end of life state.
-
----
-
-## Acknowledgements
-
-+ This project is a fork of [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
-+ Base image [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker)
-
----
-
-## Media
-
-This action was featured in multiple blogs across the globe:
-
-> Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
-
-- https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
-
-- https://www.vektor-inc.co.jp/post/github-actions-deploy/
-
-- https://webpick.info/automatiser-avec-github-actions/
-
-- https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
-
-- https://jishuin.proginn.com/p/763bfbd38928
-
-- https://cloud.tencent.com/developer/article/1786522
-
diff --git a/SECURITY.md b/SECURITY.md
deleted file mode 100644
index 36f2e06..0000000
--- a/SECURITY.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-The following versions are currently being supported with security updates:
-
-| Version | Supported | Rsync version |
-| ------- | ------------------ | ------------------ |
-| 7.0.2 | :white_check_mark: | >= 3.4.0 |
-| 7.0.1 | :warning: DEPRECATED | < 3.4.0 |
-| 7.0.0 | :warning: DEPRECATED | < 3.4.0|
-| 6.x | :x: EOL |< 3.4.0|
-| 5.x | :x: EOL |< 3.4.0|
-| 4.x | :x: EOL |< 3.4.0|
-| 3.0 | :x: EOL |< 3.4.0|
-| 2.0 | :x: EOL |< 3.4.0|
-| 1.0 | :x: EOL |< 3.4.0|
-
-## Reporting a Vulnerability
-
-You can report a vulnerability by creating an issue.
diff --git a/action.yml b/action.yml
index db35730..d89ac9e 100644
--- a/action.yml
+++ b/action.yml
@@ -9,10 +9,6 @@ inputs:
description: 'The remote shell argument'
required: false
default: ''
- legacy_allow_rsa_hostkeys:
- description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+'
- required: false
- default: 'false'
path:
description: 'The local path'
required: false
@@ -33,10 +29,6 @@ inputs:
remote_key:
description: 'The remote key'
required: true
- remote_key_pass:
- description: 'The remote key passphrase'
- required: false
- default: ''
runs:
using: 'docker'
image: 'Dockerfile'
diff --git a/entrypoint.sh b/entrypoint.sh
index b854a54..c321d7d 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,25 +1,18 @@
-#!/bin/sh
+#!/bin/bash
-if [ -z "$(echo "$INPUT_REMOTE_PATH" | awk '{$1=$1};1')" ]; then
- echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44"
- exit 1
-fi
-
-# Start the SSH agent and load key.
-source agent-start "$GITHUB_ACTION"
-echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
-
-# Add strict errors.
set -eu
-# Variables.
-LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
-LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "")
+# Set deploy key
+SSH_PATH="$HOME/.ssh"
-SWITCHES="$INPUT_SWITCHES"
-RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH"
-LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH"
-DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST"
+# Create .ssh dir if it doesn't exist
+[ -d "$SSH_PATH" ] || mkdir "$SSH_PATH"
-# Deploy.
-sh -c "rsync $SWITCHES -e '$RSH' $LOCAL_PATH $DSN:$INPUT_REMOTE_PATH"
+# Place deploy_key into .ssh dir
+echo "$INPUT_REMOTE_KEY" > "$SSH_PATH/key"
+
+# Set r+w to user only
+chmod 600 "$SSH_PATH/key"
+
+# Do deployment
+sh -c "rsync $INPUT_SWITCHES -e 'ssh -i $SSH_PATH/key -o StrictHostKeyChecking=no -p $INPUT_REMOTE_PORT $INPUT_RSH' $GITHUB_WORKSPACE/$INPUT_PATH $INPUT_REMOTE_USER@$INPUT_REMOTE_HOST:$INPUT_REMOTE_PATH"