From 248befb7da6077811e46962ea37a0f57daaaaee6 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 27 Jun 2020 15:53:22 +0200 Subject: [PATCH 01/42] Create SECURITY.md --- SECURITY.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..67de8c8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ +# Security Policy + +## Supported Versions + +The following versions are currently being supported with security updates: + +| Version | Supported | +| ------- | ------------------ | +| 4.1 | :white_check_mark: | +| 4.0 | :white_check_mark: | +| 3.0 | :white_check_mark: | +| < 2.0 | :x: | + +## Reporting a Vulnerability + +You can report a vulnerability by creating an issue. From 5aaa93368b4a1e5e19706fa6fd4f19a6613cf620 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 27 Jun 2020 15:55:31 +0200 Subject: [PATCH 02/42] Create CODE_OF_CONDUCT.md --- CODE_OF_CONDUCT.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..a4ec36f --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team via issues. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq From b1aa5210b195e3a97a691ef474cc9c8ede3285c1 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 27 Jun 2020 15:55:57 +0200 Subject: [PATCH 03/42] Create CONTRIBUTING.md --- CONTRIBUTING.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..167342d --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1 @@ +Feel free to contribute to this project. From 695f58ca67af73a00d68f4ea156d92d427d1fbeb Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 5 Oct 2020 18:46:16 +0200 Subject: [PATCH 04/42] mention blogs --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index f866d66..1a2c800 100644 --- a/README.md +++ b/README.md @@ -135,4 +135,21 @@ Please note that version 1.0 has reached end of life state. + This project is a fork of [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments) + Base image [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker) +--- + +## Media + +This action was featured in multiple blogs across the globe: + +- https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions + +- https://blog.maniak.co/ci-cd-for-wordpress/ + +- https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/ + +- https://www.vektor-inc.co.jp/post/github-actions-deploy/ + +- https://ews.ink/tech/blog-deploy-2/ + +- https://webpick.info/automatiser-avec-github-actions/ From 22f8d1ffe807551ba75eba6a450c3d577690249f Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Fri, 1 Jan 2021 17:46:52 +0100 Subject: [PATCH 05/42] 2021 --- LICENSE | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/LICENSE b/LICENSE index 41554ec..8323eea 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ MIT License -Copyright (c) 2019-2020 Contention -Copyright (c) 2019-2020 Burnett01 +Copyright (c) 2019-2021 Contention +Copyright (c) 2019-2021 Burnett01 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From a93a577f3fa53a5cf1a763bb4dd37a80693cc7c2 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 3 Apr 2021 15:02:42 +0200 Subject: [PATCH 06/42] add more blogs/media --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 1a2c800..c4cfc35 100644 --- a/README.md +++ b/README.md @@ -153,3 +153,16 @@ This action was featured in multiple blogs across the globe: - https://webpick.info/automatiser-avec-github-actions/ +- https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/ + +- https://mikael.koutero.me/posts/hugo-github-actions-deploy-rsync/ + +- https://cdmana.com/2021/02/20210208122400688I.html + +- https://jishuin.proginn.com/p/763bfbd38928 + +- https://cloud.tencent.com/developer/article/1786522 + +- http://www.ningco.cn/github_action_deploy_blog/ + +- https://qdmana.com/2021/01/20210127094413405u.html From 342e70b07eb35b517864a3ee86a034272b724aa9 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 2 Aug 2021 21:57:01 +0200 Subject: [PATCH 07/42] Release/v5 (#13) * Reference JoshPiper/rsync-docker @ 1.1.0 * See: https://github.com/JoshPiper/rsync-docker/tree/1.1.0 * New features: Support passphrase protected keys * supply SSH_PASS (key passphrase) to agent-add Read more about the behavior: https://github.com/JoshPiper/rsync-docker#agent-askpass * add new remote_key_pass config option * Update README.md * Update README.md * 2.0 is EOL * support 5.0, drop 2.0 * default to empty string * reference JoshPiper/rsync-docker @ v1.2.0 --- Dockerfile | 2 +- README.md | 55 +++++++++++++++++++++++++++++++++++++++++++-------- SECURITY.md | 4 +++- action.yml | 4 ++++ entrypoint.sh | 2 +- 5 files changed, 56 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index e206465..f0daa6b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:1.0.1 +FROM drinternet/rsync:v1.2.0 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh diff --git a/README.md b/README.md index c4cfc35..67f2c82 100644 --- a/README.md +++ b/README.md @@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache)) - `remote_key`* - The remote ssh key +- `remote_key_pass` - The remote ssh key passphrase (if any) + ``* = Required`` -## Required secret +## Required secret(s) -This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input. +This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input. + +> Always use secrets when dealing with sensitive inputs! + +For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples. ## Example usage @@ -49,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@4.1 + uses: burnett01/rsync-deployments@5.0 with: switches: -avzr --delete path: src/ @@ -68,7 +74,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@4.1 + uses: burnett01/rsync-deployments@5.0 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -79,7 +85,7 @@ jobs: remote_key: ${{ secrets.DEPLOY_KEY }} ``` -For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs. +For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs. ``` jobs: @@ -88,17 +94,50 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@4.1 + uses: burnett01/rsync-deployments@5.0 with: switches: -avzr --delete path: src/ - remote_path: /var/www/html/ + remote_path: ${{ secrets.DEPLOY_PATH }} remote_host: ${{ secrets.DEPLOY_HOST }} remote_port: ${{ secrets.DEPLOY_PORT }} remote_user: ${{ secrets.DEPLOY_USER }} remote_key: ${{ secrets.DEPLOY_KEY }} ``` +If your private key is passphrase protected you should use: + +``` +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: rsync deployments + uses: burnett01/rsync-deployments@5.0 + with: + switches: -avzr --delete + path: src/ + remote_path: ${{ secrets.DEPLOY_PATH }} + remote_host: ${{ secrets.DEPLOY_HOST }} + remote_port: ${{ secrets.DEPLOY_PORT }} + remote_user: ${{ secrets.DEPLOY_USER }} + remote_key: ${{ secrets.DEPLOY_KEY }} + remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }} +``` +--- + +## Version 4.0 & 4.1 + +Looking for version 4.0 and 4.1? + +Check here: + +- https://github.com/Burnett01/rsync-deployments/tree/4.0 +- https://github.com/Burnett01/rsync-deployments/tree/4.1 + +Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image. + --- ## Version 3.0 @@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is
based on ``alpine:latest``and heavily optimized for rsync. -## Version 2.0 +## Version 2.0 (EOL) Looking for version 2.0? diff --git a/SECURITY.md b/SECURITY.md index 67de8c8..8db6109 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,10 +6,12 @@ The following versions are currently being supported with security updates: | Version | Supported | | ------- | ------------------ | +| 5.0 | :white_check_mark: | | 4.1 | :white_check_mark: | | 4.0 | :white_check_mark: | | 3.0 | :white_check_mark: | -| < 2.0 | :x: | +| 2.0 | :x: | +| 1.0 | :x: | ## Reporting a Vulnerability diff --git a/action.yml b/action.yml index d89ac9e..31eaea8 100644 --- a/action.yml +++ b/action.yml @@ -29,6 +29,10 @@ inputs: remote_key: description: 'The remote key' required: true + remote_key_pass: + description: 'The remote key passphrase' + required: false + default: '' runs: using: 'docker' image: 'Dockerfile' diff --git a/entrypoint.sh b/entrypoint.sh index 6590803..9d0f2b5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,7 @@ # Start the SSH agent and load key. source agent-start "$GITHUB_ACTION" -echo "$INPUT_REMOTE_KEY" | agent-add +echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add # Add strict errors. set -eu From b943ffe476f772c90f0199d1a180f068f0206e87 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 12 Aug 2021 18:45:01 +0200 Subject: [PATCH 08/42] Release/v5.1 (#15) * update base image drinternet/rsync:v1.3.0 * Base Image updates: alpine 3.14.1 latest * use v5.1 in examples * support for v5.x * mention Alpine version --- Dockerfile | 2 +- README.md | 10 +++++----- SECURITY.md | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index f0daa6b..416972d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:v1.2.0 +FROM drinternet/rsync:v1.3.0 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh diff --git a/README.md b/README.md index 67f2c82..c5da961 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This GitHub Action deploys files in `GITHUB_WORKSPACE` to a remote folder via rs Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. -The underlaying base-image of the docker-image is very small (Alpine (no cache)) which results in fast deployments. +The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.14.1 (no cache) which results in fast deployments. --- @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.0 + uses: burnett01/rsync-deployments@5.1 with: switches: -avzr --delete path: src/ @@ -74,7 +74,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.0 + uses: burnett01/rsync-deployments@5.1 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -94,7 +94,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.0 + uses: burnett01/rsync-deployments@5.1 with: switches: -avzr --delete path: src/ @@ -114,7 +114,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.0 + uses: burnett01/rsync-deployments@5.1 with: switches: -avzr --delete path: src/ diff --git a/SECURITY.md b/SECURITY.md index 8db6109..5476fe9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ The following versions are currently being supported with security updates: | Version | Supported | | ------- | ------------------ | -| 5.0 | :white_check_mark: | +| 5.x | :white_check_mark: | | 4.1 | :white_check_mark: | | 4.0 | :white_check_mark: | | 3.0 | :white_check_mark: | From 164dafd7fc0a77a75389996c00f3cea2b7f5069f Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 1 Sep 2021 12:47:46 +0200 Subject: [PATCH 09/42] Create dependabot.yml --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..31d2199 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: docker + directory: / + schedule: + interval: monthly From 057a69d14781d9113ce646a941f56308876d7239 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 1 Jan 2022 19:00:50 +0100 Subject: [PATCH 10/42] Update LICENSE --- LICENSE | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/LICENSE b/LICENSE index 8323eea..86b9855 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ MIT License -Copyright (c) 2019-2021 Contention -Copyright (c) 2019-2021 Burnett01 +Copyright (c) 2019-2022 Contention +Copyright (c) 2019-2022 Burnett01 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 4a950331e53e5b1e366a9fac8ce36c31b49bddff Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 1 Jan 2022 19:02:50 +0100 Subject: [PATCH 11/42] dropped support for 3.0 --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 5476fe9..e997f19 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -9,7 +9,7 @@ The following versions are currently being supported with security updates: | 5.x | :white_check_mark: | | 4.1 | :white_check_mark: | | 4.0 | :white_check_mark: | -| 3.0 | :white_check_mark: | +| 3.0 | :x: | | 2.0 | :x: | | 1.0 | :x: | From 6ae12186da91ca6553948d0f086c735a83dc6ed6 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 1 Jan 2022 19:07:03 +0100 Subject: [PATCH 12/42] bump version to 5.2 in Readme --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c5da961..e175348 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This GitHub Action deploys files in `GITHUB_WORKSPACE` to a remote folder via rs Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. -The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.14.1 (no cache) which results in fast deployments. +The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.15.0 (no cache) which results in fast deployments. --- @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.1 + uses: burnett01/rsync-deployments@5.2 with: switches: -avzr --delete path: src/ @@ -74,7 +74,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.1 + uses: burnett01/rsync-deployments@5.2 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -94,7 +94,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.1 + uses: burnett01/rsync-deployments@5.2 with: switches: -avzr --delete path: src/ @@ -114,7 +114,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.1 + uses: burnett01/rsync-deployments@5.2 with: switches: -avzr --delete path: src/ From 4afbe87441b11e0d234a06fcd5dd11b29984018f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jan 2022 19:07:48 +0100 Subject: [PATCH 13/42] Bump drinternet/rsync from v1.3.0 to v1.4.0 (#22) Bumps drinternet/rsync from v1.3.0 to v1.4.0. --- updated-dependencies: - dependency-name: drinternet/rsync dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 416972d..4c67b0c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:v1.3.0 +FROM drinternet/rsync:v1.4.0 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh From 9f40ee1996a98d2e3f102943c59020216226c1be Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 1 Jan 2022 19:29:16 +0100 Subject: [PATCH 14/42] version 3.0 is EOL (see #23) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e175348..91b682c 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image. --- -## Version 3.0 +## Version 3.0 (EOL) Looking for version 3.0? From c7baefdc23c4bb3b517a16ffa6ddda31763f0be8 Mon Sep 17 00:00:00 2001 From: Jason Gill Date: Wed, 2 Mar 2022 12:29:53 -0500 Subject: [PATCH 15/42] Allow RSA host keys RSA host keys are disabled by default on OpenSSH 8.8+ which is used by the base Alpine image, but many servers still use RSA host keys --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 9d0f2b5..c62f402 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,7 +9,7 @@ set -eu # Variables. SWITCHES="$INPUT_SWITCHES" -RSH="ssh -o StrictHostKeyChecking=no -p $INPUT_REMOTE_PORT $INPUT_RSH" +RSH="ssh -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -p $INPUT_REMOTE_PORT $INPUT_RSH" LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH" DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST" From d2a4efa87c52ef2e77cc5727734cc89c313be3f9 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 30 Jul 2022 10:19:44 +0200 Subject: [PATCH 16/42] Update with suggestions from #31 #31 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 91b682c..103bb6e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # rsync deployments -This GitHub Action deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh. +This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh. Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. @@ -14,7 +14,7 @@ The base-image (drinternet/rsync) of this action is very small and is based on A - `rsh` - Remote shell commands -- `path` - The source path. Defaults to GITHUB_WORKSPACE +- `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it - `remote_path`* - The deployment target path From de20664c6e5271611362e92ca9674ef5e5883870 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Aug 2022 02:08:20 +0000 Subject: [PATCH 17/42] Bump drinternet/rsync from v1.4.0 to v1.4.1 Bumps drinternet/rsync from v1.4.0 to v1.4.1. --- updated-dependencies: - dependency-name: drinternet/rsync dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4c67b0c..99d762d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:v1.4.0 +FROM drinternet/rsync:v1.4.1 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh From a9c15493e0b005a51727e570f06a6d5f453e8924 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 1 Aug 2022 17:59:24 +0200 Subject: [PATCH 18/42] mention version 5.2.1 --- README.md | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 103bb6e..56e2493 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folde Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. -The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.15.0 (no cache) which results in fast deployments. +The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.16.1 (no cache) which results in fast deployments. --- @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2 + uses: burnett01/rsync-deployments@5.2.1 with: switches: -avzr --delete path: src/ @@ -74,7 +74,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2 + uses: burnett01/rsync-deployments@5.2.1 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -94,7 +94,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2 + uses: burnett01/rsync-deployments@5.2.1 with: switches: -avzr --delete path: src/ @@ -114,7 +114,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2 + uses: burnett01/rsync-deployments@5.2.1 with: switches: -avzr --delete path: src/ @@ -127,9 +127,17 @@ jobs: ``` --- -## Version 4.0 & 4.1 +## Version 5.0, 5.1 & 5.2 -Looking for version 4.0 and 4.1? +Check here: + +- https://github.com/Burnett01/rsync-deployments/tree/5.0 (alpine 3.11.x) +- https://github.com/Burnett01/rsync-deployments/tree/5.1 (alpine 3.14.1) +- https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0) + +--- + +## Version 4.0 & 4.1 Check here: @@ -142,8 +150,6 @@ Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image. ## Version 3.0 (EOL) -Looking for version 3.0? - Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0 Version 3.0 uses the ``alpine:latest`` base-image directly.
@@ -152,8 +158,6 @@ based on ``alpine:latest``and heavily optimized for rsync. ## Version 2.0 (EOL) -Looking for version 2.0? - Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0 Version 2.0 uses a larger base-image (``ubuntu:latest``).
@@ -161,8 +165,6 @@ Consider upgrading to 3.0 for even faster deployments. ## Version 1.0 (EOL) -Looking for version 1.0? - Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0 Please note that version 1.0 has reached end of life state. From 4b36c0937bcf164894a09975bb55a05beaf337b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Sep 2022 02:03:49 +0000 Subject: [PATCH 19/42] Bump drinternet/rsync from v1.4.1 to v1.4.2 Bumps drinternet/rsync from v1.4.1 to v1.4.2. --- updated-dependencies: - dependency-name: drinternet/rsync dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 99d762d..4dde627 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:v1.4.1 +FROM drinternet/rsync:v1.4.2 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh From b2007e683fcda0f73a70861be543d8c3cca8cad5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Apr 2023 02:56:43 +0000 Subject: [PATCH 20/42] Bump drinternet/rsync from v1.4.2 to v1.4.3 Bumps drinternet/rsync from v1.4.2 to v1.4.3. --- updated-dependencies: - dependency-name: drinternet/rsync dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4dde627..cf2dca1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:v1.4.2 +FROM drinternet/rsync:v1.4.3 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh From f17a58e4bae2440a51a89a7bc8dd77b2f5866782 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 1 Jun 2023 11:48:45 +0200 Subject: [PATCH 21/42] adjust readme with correct versions --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 56e2493..c55621f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folde Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. -The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.16.1 (no cache) which results in fast deployments. +The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.17.2 (no cache) which results in fast deployments. --- @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.1 + uses: burnett01/rsync-deployments@5.2.2 with: switches: -avzr --delete path: src/ @@ -74,7 +74,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.1 + uses: burnett01/rsync-deployments@5.2.2 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -94,7 +94,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.1 + uses: burnett01/rsync-deployments@5.2.2 with: switches: -avzr --delete path: src/ @@ -114,7 +114,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.1 + uses: burnett01/rsync-deployments@5.2.2 with: switches: -avzr --delete path: src/ @@ -134,7 +134,9 @@ Check here: - https://github.com/Burnett01/rsync-deployments/tree/5.0 (alpine 3.11.x) - https://github.com/Burnett01/rsync-deployments/tree/5.1 (alpine 3.14.1) - https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0) - +- https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.0) +- https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2) +- --- ## Version 4.0 & 4.1 From b247bfd3aff7245a6df1b3a64798f4176ca2a4a1 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 1 Jun 2023 11:49:29 +0200 Subject: [PATCH 22/42] versions correction --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c55621f..fd82a1d 100644 --- a/README.md +++ b/README.md @@ -134,7 +134,7 @@ Check here: - https://github.com/Burnett01/rsync-deployments/tree/5.0 (alpine 3.11.x) - https://github.com/Burnett01/rsync-deployments/tree/5.1 (alpine 3.14.1) - https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0) -- https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.0) +- https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.1) - https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2) - --- From bef106d127abd12cae53dffdc9a4f98ed9906226 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 8 Jun 2023 17:23:41 +0200 Subject: [PATCH 23/42] validate remote_path is not empty --- entrypoint.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index 9d0f2b5..8b437e7 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,5 +1,10 @@ #!/bin/sh +if [ -z "$(awk '{$1=$1};1' <<< "$INPUT_REMOTE_PATH")" ]; then + echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44" + exit 1 +fi + # Start the SSH agent and load key. source agent-start "$GITHUB_ACTION" echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add From 570fd6bb52b116bc20b41c36c1a5b6d487552750 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 8 Jun 2023 17:27:31 +0200 Subject: [PATCH 24/42] fix empty string check --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 8b437e7..c40ca1f 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$(awk '{$1=$1};1' <<< "$INPUT_REMOTE_PATH")" ]; then +if [ -z "$(awk '{$1=$1} END{print}' <<< "$INPUT_REMOTE_PATH")" ]; then echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44" exit 1 fi From d732b3973265878780ccda490964c163ad73ab63 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 8 Jun 2023 17:35:29 +0200 Subject: [PATCH 25/42] improved string empty check for remote_path --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index c40ca1f..2ff103a 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$(awk '{$1=$1} END{print}' <<< "$INPUT_REMOTE_PATH")" ]; then +if [ -z "$(echo "$INPUT_REMOTE_PATH" | awk '{$1=$1};1')" ]; then echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44" exit 1 fi From 45d84ad5f6c174f3e0ffc50e9060a9666d09c16e Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 8 Jun 2023 17:54:10 +0200 Subject: [PATCH 26/42] New version 6.0.0 - It is no longer possible to use an empty string as remote_path (Fixes #44) (Thanks to @maximilliangeorge) - Updated checkout action in examples from v2 to v3 - Added disclaimer to media site-links - Overall readme improvements --- README.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index fd82a1d..e0aeae9 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folde Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. -The base-image (drinternet/rsync) of this action is very small and is based on Alpine 3.17.2 (no cache) which results in fast deployments. +The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.17.2 (no cache) which results in fast deployments. --- @@ -53,9 +53,9 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.2 + uses: burnett01/rsync-deployments@6.0.0 with: switches: -avzr --delete path: src/ @@ -72,9 +72,9 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.2 + uses: burnett01/rsync-deployments@6.0.0 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -92,9 +92,9 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.2 + uses: burnett01/rsync-deployments@6.0.0 with: switches: -avzr --delete path: src/ @@ -112,9 +112,9 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@5.2.2 + uses: burnett01/rsync-deployments@6.0.0 with: switches: -avzr --delete path: src/ @@ -184,6 +184,8 @@ Please note that version 1.0 has reached end of life state. This action was featured in multiple blogs across the globe: +> Disclaimer: The author & co-authors are not responsible for the content of the site-links below. + - https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions - https://blog.maniak.co/ci-cd-for-wordpress/ From c04732dab25a8b2c000b7198a067bf26e93959e2 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Thu, 8 Jun 2023 18:05:17 +0200 Subject: [PATCH 27/42] added v6 as new major --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index e997f19..885167c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,9 +6,9 @@ The following versions are currently being supported with security updates: | Version | Supported | | ------- | ------------------ | +| 6.x | :white_check_mark: | | 5.x | :white_check_mark: | -| 4.1 | :white_check_mark: | -| 4.0 | :white_check_mark: | +| 4.x | :white_check_mark: | | 3.0 | :x: | | 2.0 | :x: | | 1.0 | :x: | From ee287eb1f090f838d05d64cf0e798b74dbc619fd Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 11:58:08 +0100 Subject: [PATCH 28/42] feat: Update base image to latest 1.4.4 (apline 3.19.1) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cf2dca1..bb4a185 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM drinternet/rsync:v1.4.3 +FROM drinternet/rsync:v1.4.4 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh From 9603fc818619574f10c02c47431eb0a7edafef9a Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 12:16:35 +0100 Subject: [PATCH 29/42] feat: Make usage of legacy rsa hostkeys conditional The usage of RSA host keys introduced with c7baefdc23c4bb3b517a16ffa6ddda31763f0be8 was adjusted to make it conditional/configurable and to keep backward compatibility --- entrypoint.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index a19b5cf..b854a54 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -13,8 +13,11 @@ echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add set -eu # Variables. +LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" +LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "") + SWITCHES="$INPUT_SWITCHES" -RSH="ssh -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -p $INPUT_REMOTE_PORT $INPUT_RSH" +RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH" LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH" DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST" From 008719532fb1adf12fd09a5f271e7a170a85cbe5 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 12:20:39 +0100 Subject: [PATCH 30/42] feat: configuarable legacy RSA hostkeys support Ability to configure legacy rsa hostkeys support for OpenSSH servers < 8.8. Related to #24 and 9603fc8 --- action.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/action.yml b/action.yml index 31eaea8..db35730 100644 --- a/action.yml +++ b/action.yml @@ -9,6 +9,10 @@ inputs: description: 'The remote shell argument' required: false default: '' + legacy_allow_rsa_hostkeys: + description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+' + required: false + default: 'false' path: description: 'The local path' required: false From f479c977832a3bb48ae033c5449273ad33d24a30 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 12:29:40 +0100 Subject: [PATCH 31/42] chore: mention new legacy_allow_rsa_hostkeys option --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index e0aeae9..745e1f9 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,8 @@ The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of - `rsh` - Remote shell commands +- `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false") + - `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it - `remote_path`* - The deployment target path @@ -125,6 +127,35 @@ jobs: remote_key: ${{ secrets.DEPLOY_KEY }} remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }} ``` + +--- + +#### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+ + +If your remote OpenSSH Server still uses RSA hostkeys, then you have to +manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``. + +``` +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: rsync deployments + uses: burnett01/rsync-deployments@6.0.0 + with: + switches: -avzr --delete + legacy_allow_rsa_hostkeys: "true" + path: src/ + remote_path: ${{ secrets.DEPLOY_PATH }} + remote_host: ${{ secrets.DEPLOY_HOST }} + remote_port: ${{ secrets.DEPLOY_PORT }} + remote_user: ${{ secrets.DEPLOY_USER }} + remote_key: ${{ secrets.DEPLOY_KEY }} +``` + +See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information. + --- ## Version 5.0, 5.1 & 5.2 From b9a68ac619de1a77314c0296dcb1ef6348ea93cf Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 12:35:07 +0100 Subject: [PATCH 32/42] chore!: Versions 4.x EOL, 5.x DEPRECATED, 6.x MAINTENANCE - All versions 4.x are now EOL and no longer maintained - All versions 5.x are now DEPRECATED and will become EOL within Q2 2024 - All versions 6.x are now MAINTENANCE and will become DEPRECATED within Q4 2024 --- README.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 745e1f9..bbef4ee 100644 --- a/README.md +++ b/README.md @@ -158,7 +158,15 @@ See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](ht --- -## Version 5.0, 5.1 & 5.2 +## Version 6.0 (MAINTENANCE) + +Check here: + +- https://github.com/Burnett01/rsync-deployments/tree/6.0 (alpine 3.17.2) + +--- + +## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED) Check here: @@ -167,10 +175,10 @@ Check here: - https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0) - https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.1) - https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2) -- + --- -## Version 4.0 & 4.1 +## Version 4.0 & 4.1 (EOL) Check here: From c88a1dbded8f658a1e5218497401bcb66bae2529 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 14:33:02 +0100 Subject: [PATCH 33/42] chore: adjust for EOL, DEPRECATION and MAINTENANCE --- SECURITY.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 885167c..b85ce16 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,12 +6,13 @@ The following versions are currently being supported with security updates: | Version | Supported | | ------- | ------------------ | -| 6.x | :white_check_mark: | -| 5.x | :white_check_mark: | -| 4.x | :white_check_mark: | -| 3.0 | :x: | -| 2.0 | :x: | -| 1.0 | :x: | +| 7.x | :white_check_mark: | +| 6.x | :information_source: MAINTENANCE | +| 5.x | :warning: DEPRECATED | +| 4.x | :x: EOL | +| 3.0 | :x: EOL | +| 2.0 | :x: EOL | +| 1.0 | :x: EOL | ## Reporting a Vulnerability From 21c0e5a9d97faccd2f6caa293c244639eb901c5f Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 14:33:58 +0100 Subject: [PATCH 34/42] chore: mention latest Alpine 3.19.1 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bbef4ee..fe7849f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folde Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. -The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.17.2 (no cache) which results in fast deployments. +The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments. --- From 93f02b856fbeaf9a8fbfdd8ce1a4adfd0843f849 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Wed, 6 Mar 2024 15:04:26 +0100 Subject: [PATCH 35/42] chore: adjust readme for release 7.0.0 --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index fe7849f..eb393ec 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete path: src/ @@ -76,7 +76,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -96,7 +96,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete path: src/ @@ -116,7 +116,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete path: src/ @@ -142,7 +142,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@6.0.0 + uses: burnett01/rsync-deployments@7.0.0 with: switches: -avzr --delete legacy_allow_rsa_hostkeys: "true" From b16614048bd61f82b03c532b0200b0f148c86d50 Mon Sep 17 00:00:00 2001 From: Matthias Pohl Date: Thu, 28 Mar 2024 17:53:03 +0100 Subject: [PATCH 36/42] Use SHA instead of Docker version tag for base image to allow for consistent code execution. --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bb4a185..2d61258 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM drinternet/rsync:v1.4.4 +# drinternet/rsync@v1.4.4 +FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234 # Copy entrypoint COPY entrypoint.sh /entrypoint.sh From 13aa4f9f57bf89d5e04cf7cf1dd1dbb1e5a13fa5 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 30 Mar 2024 10:46:13 +0100 Subject: [PATCH 37/42] update year to 2024 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 86b9855..3907af1 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ MIT License Copyright (c) 2019-2022 Contention -Copyright (c) 2019-2022 Burnett01 +Copyright (c) 2019-2024 Burnett01 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 93c0d7acae56bb1b353ef070e28ba52cfa0f743c Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sat, 30 Mar 2024 10:49:50 +0100 Subject: [PATCH 38/42] upd: mention version 7.0.1 --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index eb393ec..f3fca49 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,8 @@ This action needs secret variables for the ssh private key of your key pair. The For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples. +## Current Version: 7.0.1 + ## Example usage Simple: @@ -57,7 +59,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.0 + uses: burnett01/rsync-deployments@7.0.1 with: switches: -avzr --delete path: src/ @@ -76,7 +78,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.0 + uses: burnett01/rsync-deployments@7.0.1 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -96,7 +98,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.0 + uses: burnett01/rsync-deployments@7.0.1 with: switches: -avzr --delete path: src/ @@ -116,7 +118,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.0 + uses: burnett01/rsync-deployments@7.0.1 with: switches: -avzr --delete path: src/ @@ -142,7 +144,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.0 + uses: burnett01/rsync-deployments@7.0.1 with: switches: -avzr --delete legacy_allow_rsa_hostkeys: "true" From f825a1ed740b6643b2a20c271f966f1508f00b33 Mon Sep 17 00:00:00 2001 From: Ilya Brin <464157+ilyabrin@users.noreply.github.com> Date: Sat, 14 Sep 2024 14:32:58 +0300 Subject: [PATCH 39/42] Update README.md added syntax highlighting --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f3fca49..ac4f302 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ For simplicity, we are using `DEPLOY_*` as the secret variables throughout the e Simple: -``` +```yml name: DEPLOY on: push: @@ -71,7 +71,7 @@ jobs: Advanced: -``` +```yml jobs: deploy: runs-on: ubuntu-latest @@ -91,7 +91,7 @@ jobs: For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs. -``` +```yml jobs: deploy: runs-on: ubuntu-latest @@ -111,7 +111,7 @@ jobs: If your private key is passphrase protected you should use: -``` +```yml jobs: deploy: runs-on: ubuntu-latest @@ -137,7 +137,7 @@ jobs: If your remote OpenSSH Server still uses RSA hostkeys, then you have to manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``. -``` +```yml jobs: deploy: runs-on: ubuntu-latest From 76404482ea2966b432c8716580059eab4b530642 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sun, 19 Jan 2025 15:19:29 +0100 Subject: [PATCH 40/42] always force-upgrade rsync to get the latest security upgrades --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 2d61258..0fe5c56 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,10 @@ # drinternet/rsync@v1.4.4 FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234 +# always force-upgrade rsync to get the latest security fixes +RUN apk update && apk add --no-cache --upgrade rsync +RUN rm -rf /var/cache/apk/* + # Copy entrypoint COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh From e642759b847b8af255c32ed7c2073045d98e77bc Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sun, 19 Jan 2025 15:29:07 +0100 Subject: [PATCH 41/42] new version 7.0.2 (with rsync 3.4.0), deprecate old versions, remove dead links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The latest rsync version 3.4.0 fixes a wide variety of CVE's: CVE-2024-12084 -⁠ Heap Buffer Overflow in Checksum Parsing. CVE-2024-12085 -⁠ Info Leak via uninitialized Stack contents defeats ASLR. CVE-2024-12086 -⁠ Server leaks arbitrary client files. CVE-2024-12087 -⁠ Server can make client write files outside of destination directory using symbolic links. CVE-2024-12088 -⁠ -⁠-⁠safe-⁠links Bypass. CVE-2024-12747 -⁠ symlink race condition. See their press release: https://download.samba.org/pub/rsync/NEWS#3.4.0 The latest action version 7.0.2 is using rsync 3.4.0, so please use that. --- README.md | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index ac4f302..fc7be23 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,9 @@ Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPA The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments. +Alpine version: [3.19.1](https://alpinelinux.org/posts/Alpine-3.19.1-released.html) +Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0) + --- ## Inputs @@ -40,7 +43,7 @@ This action needs secret variables for the ssh private key of your key pair. The For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples. -## Current Version: 7.0.1 +## Current Version: 7.0.2 ## Example usage @@ -59,7 +62,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.1 + uses: burnett01/rsync-deployments@7.0.2 with: switches: -avzr --delete path: src/ @@ -78,7 +81,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.1 + uses: burnett01/rsync-deployments@7.0.2 with: switches: -avzr --delete --exclude="" --include="" --filter="" path: src/ @@ -98,7 +101,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.1 + uses: burnett01/rsync-deployments@7.0.2 with: switches: -avzr --delete path: src/ @@ -118,7 +121,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.1 + uses: burnett01/rsync-deployments@7.0.2 with: switches: -avzr --delete path: src/ @@ -144,7 +147,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: rsync deployments - uses: burnett01/rsync-deployments@7.0.1 + uses: burnett01/rsync-deployments@7.0.2 with: switches: -avzr --delete legacy_allow_rsa_hostkeys: "true" @@ -160,7 +163,16 @@ See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](ht --- -## Version 6.0 (MAINTENANCE) +## Version 7.0.0 & 7.0.1 (DEPRECATED) + +Check here: + +- https://github.com/Burnett01/rsync-deployments/tree/7.0.0 (alpine 3.19.1) +- https://github.com/Burnett01/rsync-deployments/tree/7.0.1 (alpine 3.19.1) + +--- + +## Version 6.0 (EOL) Check here: @@ -168,7 +180,7 @@ Check here: --- -## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED) +## Version 5.0, 5.1 & 5.2 & 5.x (EOL) Check here: @@ -227,28 +239,15 @@ This action was featured in multiple blogs across the globe: > Disclaimer: The author & co-authors are not responsible for the content of the site-links below. -- https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions - -- https://blog.maniak.co/ci-cd-for-wordpress/ - - https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/ - https://www.vektor-inc.co.jp/post/github-actions-deploy/ -- https://ews.ink/tech/blog-deploy-2/ - - https://webpick.info/automatiser-avec-github-actions/ - https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/ -- https://mikael.koutero.me/posts/hugo-github-actions-deploy-rsync/ - -- https://cdmana.com/2021/02/20210208122400688I.html - - https://jishuin.proginn.com/p/763bfbd38928 - https://cloud.tencent.com/developer/article/1786522 -- http://www.ningco.cn/github_action_deploy_blog/ - -- https://qdmana.com/2021/01/20210127094413405u.html From 3cccb6851148e6198ed9ed89eb0d1c17b5e58cc7 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Sun, 19 Jan 2025 15:32:42 +0100 Subject: [PATCH 42/42] Update SECURITY.md --- SECURITY.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b85ce16..36f2e06 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,15 +4,17 @@ The following versions are currently being supported with security updates: -| Version | Supported | -| ------- | ------------------ | -| 7.x | :white_check_mark: | -| 6.x | :information_source: MAINTENANCE | -| 5.x | :warning: DEPRECATED | -| 4.x | :x: EOL | -| 3.0 | :x: EOL | -| 2.0 | :x: EOL | -| 1.0 | :x: EOL | +| Version | Supported | Rsync version | +| ------- | ------------------ | ------------------ | +| 7.0.2 | :white_check_mark: | >= 3.4.0 | +| 7.0.1 | :warning: DEPRECATED | < 3.4.0 | +| 7.0.0 | :warning: DEPRECATED | < 3.4.0| +| 6.x | :x: EOL |< 3.4.0| +| 5.x | :x: EOL |< 3.4.0| +| 4.x | :x: EOL |< 3.4.0| +| 3.0 | :x: EOL |< 3.4.0| +| 2.0 | :x: EOL |< 3.4.0| +| 1.0 | :x: EOL |< 3.4.0| ## Reporting a Vulnerability