diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index a1b5e3e..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: '' -labels: '' -assignees: '' - ---- - -**Action version** -eg. 7.0.1 - -**Runner OS+Version** -eg. ubuntu-latest - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Additional context** -Add any other context about the problem here. diff --git a/.github/workflows/ci-validating-linting-testing.yml b/.github/workflows/ci-validating-linting-testing.yml deleted file mode 100644 index 172ba23..0000000 --- a/.github/workflows/ci-validating-linting-testing.yml +++ /dev/null @@ -1,165 +0,0 @@ -# GitHub Actions CI workflow for rsync-deployments -# This workflow validates the action on every push and pull request by: -# - Running BATS tests for the entrypoint script -# - Validating the action.yml definition -# - Building and testing the Docker image -# - Checking file structure and permissions -# - Linting shell scripts -# - Running a final integration check - -name: CI - Validating, Linting, Testing -permissions: - contents: read - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - -jobs: - test: - runs-on: ubuntu-latest - name: Test BATS Suite - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Install BATS - run: | - sudo apt-get update - sudo apt-get install -y bats - - - name: Run BATS tests - run: bats test/entrypoint.bats - - validate-action: - runs-on: ubuntu-latest - name: Validate Action Definition - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Validate action.yml - run: | - # Check if action.yml exists and has required fields - if [ ! -f "action.yml" ]; then - echo "Error: action.yml not found" - exit 1 - fi - - # Basic validation that action.yml contains required fields - python3 -c " - import yaml - import sys - - with open('action.yml', 'r') as f: - action = yaml.safe_load(f) - - required_fields = ['name', 'description', 'inputs', 'runs'] - for field in required_fields: - if field not in action: - print(f'Missing required field: {field}') - sys.exit(1) - - # Check required inputs exist - required_inputs = ['switches', 'remote_path', 'remote_host', 'remote_user', 'remote_key'] - for input_name in required_inputs: - if input_name not in action['inputs']: - print(f'Missing required input: {input_name}') - sys.exit(1) - if not action['inputs'][input_name].get('required', False): - print(f'Input {input_name} should be marked as required') - sys.exit(1) - - print('Action definition is valid') - " - - docker-build: - runs-on: ubuntu-latest - name: Build Docker Image - needs: [validate-action, action-structure] - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Build Docker image - run: | - echo "Building Docker image..." - docker build -t rsync-deployments . --no-cache - echo "Docker image built successfully" - - action-structure: - runs-on: ubuntu-latest - name: Validate Action Structure - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Check required files - run: | - echo "Checking required files exist..." - - # Check all required files exist - required_files=("action.yml" "Dockerfile" "entrypoint.sh") - for file in "${required_files[@]}"; do - if [ ! -f "$file" ]; then - echo "Error: Required file $file not found" - exit 1 - fi - echo "✓ $file exists" - done - - # Check entrypoint is executable - if [ ! -x "entrypoint.sh" ]; then - echo "Error: entrypoint.sh is not executable" - exit 1 - fi - echo "✓ entrypoint.sh is executable" - - # Check basic script syntax - bash -n entrypoint.sh - echo "✓ entrypoint.sh has valid syntax" - - echo "All structure checks passed!" - - lint-shell: - runs-on: ubuntu-latest - name: Lint Shell Scripts - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Install ShellCheck - run: | - sudo apt-get update - sudo apt-get install -y shellcheck - - - name: Lint entrypoint.sh - run: | - echo "Linting shell scripts..." - # Run shellcheck with exclusions for Docker-specific dependencies - shellcheck -e SC1091 -e SC3046 entrypoint.sh || { - echo "ShellCheck found issues, but running with Docker-specific exclusions..." - shellcheck -e SC1091 -e SC3046 entrypoint.sh - } - echo "Shell script linting completed" - - integration-check: - runs-on: ubuntu-latest - name: Integration Check - needs: [test, validate-action, docker-build, action-structure, lint-shell] - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Final integration check - run: | - echo "All CI jobs completed successfully!" - echo "✅ BATS tests passed" - echo "✅ Action definition validated" - echo "✅ Docker image built and tested" - echo "✅ File structure validated" - echo "✅ Shell scripts linted" - echo "" - echo "🎉 rsync-deployments action is ready for use!" diff --git a/.github/workflows/snyk-docker-vulnerability-scan.yml b/.github/workflows/snyk-docker-vulnerability-scan.yml deleted file mode 100644 index 5ad08fc..0000000 --- a/.github/workflows/snyk-docker-vulnerability-scan.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Snyk Docker Vulnerability Scan - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - schedule: - - cron: '39 13 * * 4' - -permissions: - contents: read - -jobs: - snyk: - permissions: - contents: read - security-events: write - actions: read - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Build a Docker image - run: docker build -t burnett01/rsync-deployments . - - name: Run Snyk to check Docker image for vulnerabilities - continue-on-error: true - uses: snyk/actions/docker@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: burnett01/rsync-deployments - args: --file=Dockerfile - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: snyk.sarif diff --git a/README.md b/README.md index 7ff52b3..08e92f5 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,5 @@ # rsync deployments -[![CI - Validating, Linting, Testing](https://github.com/Burnett01/rsync-deployments/actions/workflows/ci-validating-linting-testing.yml/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/ci-validating-linting-testing.yml) -[![Snyk Docker Vulnerability Scan](https://github.com/Burnett01/rsync-deployments/actions/workflows/snyk-docker-vulnerability-scan.yml/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/snyk-docker-vulnerability-scan.yml) -[![CodeQL](https://github.com/Burnett01/rsync-deployments/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/github-code-scanning/codeql) -[![Dependabot Updates](https://github.com/Burnett01/rsync-deployments/actions/workflows/dependabot/dependabot-updates/badge.svg)](https://github.com/Burnett01/rsync-deployments/actions/workflows/dependabot/dependabot-updates) - - This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh. Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`. @@ -247,20 +241,12 @@ Please note that version 1.0 has reached end of life state. --- -## Media & Pingback +## Media This action was featured in multiple blogs across the globe: > Disclaimer: The author & co-authors are not responsible for the content of the site-links below. -- https://hosting.xyz/wiki/hosting/other/github-actions/ - -- https://www.alexander-palm.de/2025/07/22/sichere-rsync-deployments-mit-github-actions-und-rrsync/ - -- https://lab.uberspace.de/howto_automatic-deployment/ - -- https://blog.devops.dev/setting-up-an-ubuntu-instance-for-nodejs-apps-in-ovh-cloud-using-nginx-pm2-github-actions-7618c768d081 - - https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/ - https://www.vektor-inc.co.jp/post/github-actions-deploy/ diff --git a/test/entrypoint.bats b/test/entrypoint.bats deleted file mode 100644 index 80dfba9..0000000 --- a/test/entrypoint.bats +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env bats - -setup() { - # Create a dummy ssh agent and agent-add for sourcing - echo 'echo "agent started"' > agent-start - echo 'echo "key added"' > agent-add - chmod +x agent-start agent-add - - # Create a dummy rsync to capture its arguments - echo 'echo "rsync $@"' > rsync - chmod +x rsync - - PATH="$PWD:$PATH" -} - -teardown() { - rm -f agent-start agent-add rsync -} - -@test "fails if INPUT_REMOTE_PATH is empty" { - export INPUT_REMOTE_PATH=" " - run ./entrypoint.sh - [ "$status" -eq 1 ] - [[ "${output}" == *"can not be empty"* ]] -} - -@test "includes legacy RSA switches when allowed" { - export INPUT_LEGACY_ALLOW_RSA_HOSTKEYS="true" - export INPUT_REMOTE_PATH="remote/" - export INPUT_REMOTE_KEY="dummy" - export INPUT_REMOTE_KEY_PASS="dummy" - export GITHUB_ACTION="dummy" - export INPUT_SWITCHES="-avz" - export INPUT_REMOTE_PORT="22" - export INPUT_RSH="" - export INPUT_PATH="" - export INPUT_REMOTE_USER="user" - export INPUT_REMOTE_HOST="host" - export GITHUB_WORKSPACE="/tmp" - export DSN="user@host" - export LOCAL_PATH="/tmp/" - - run ./entrypoint.sh - [[ "${output}" == *"HostKeyAlgorithms=+ssh-rsa"* ]] -} - -@test "does not include legacy RSA switches when not allowed" { - export INPUT_LEGACY_ALLOW_RSA_HOSTKEYS="false" - export INPUT_REMOTE_PATH="remote/" - export INPUT_REMOTE_KEY="dummy" - export INPUT_REMOTE_KEY_PASS="dummy" - export GITHUB_ACTION="dummy" - export INPUT_SWITCHES="-avz" - export INPUT_REMOTE_PORT="22" - export INPUT_RSH="" - export INPUT_PATH="" - export INPUT_REMOTE_USER="user" - export INPUT_REMOTE_HOST="host" - export GITHUB_WORKSPACE="/tmp" - export DSN="user@host" - export LOCAL_PATH="/tmp/" - - run ./entrypoint.sh - [[ "${output}" != *"HostKeyAlgorithms=+ssh-rsa"* ]] -}