2025-06-18 23:03:01 -06:00
9 changed files with 53 additions and 302 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,6 +0,0 @@
 version: 2
 updates:
  - package-ecosystem: docker
    directory: /
    schedule:
      interval: monthly
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -1,76 +0,0 @@
 # Contributor Covenant Code of Conduct
 ## Our Pledge
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, sex characteristics, gender identity and expression,
 level of experience, education, socio-economic status, nationality, personal
 appearance, race, religion, or sexual identity and orientation.
 ## Our Standards
 Examples of behavior that contributes to creating a positive environment
 include:
 * Using welcoming and inclusive language
 * Being respectful of differing viewpoints and experiences
 * Gracefully accepting constructive criticism
 * Focusing on what is best for the community
 * Showing empathy towards other community members
 Examples of unacceptable behavior by participants include:
 * The use of sexualized language or imagery and unwelcome sexual attention or
 advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or electronic
 address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
 professional setting
 ## Our Responsibilities
 Project maintainers are responsible for clarifying the standards of acceptable
 behavior and are expected to take appropriate and fair corrective action in
 response to any instances of unacceptable behavior.
 Project maintainers have the right and responsibility to remove, edit, or
 reject comments, commits, code, wiki edits, issues, and other contributions
 that are not aligned to this Code of Conduct, or to ban temporarily or
 permanently any contributor for other behaviors that they deem inappropriate,
 threatening, offensive, or harmful.
 ## Scope
 This Code of Conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community. Examples of
 representing a project or community include using an official project e-mail
 address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported by contacting the project team via issues. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
 Further details of specific enforcement policies may be posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good
 faith may face temporary or permanent repercussions as determined by other
 members of the project's leadership.
 ## Attribution
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 [homepage]: https://www.contributor-covenant.org
 For answers to common questions about this code of conduct, see
 https://www.contributor-covenant.org/faq
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1 +0,0 @@
 Feel free to contribute to this project.
--- a/14
+++ b/14
@ -1,12 +1,12 @@
-# drinternet/rsync@v1.4.4
+FROM ubuntu:latest
 FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
-# always force-upgrade rsync to get the latest security fixes
+# Update
-RUN apk update && apk add --no-cache --upgrade rsync
+RUN apt-get update
-RUN rm -rf /var/cache/apk/*
+
 # Install packages
 RUN apt-get -yq install rsync openssh-client
 # Copy entrypoint
-COPY entrypoint.sh /entrypoint.sh
+ADD entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/4
+++ b/4
@ -1,7 +1,7 @@
 MIT License
-Copyright (c) 2019-2022 Contention
+Copyright (c) 2019 Contention
-Copyright (c) 2019-2024 Burnett01
+Copyright (c) 2019 Burnett01
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -1,13 +1,11 @@
 # rsync deployments
-This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh. 
+Forked from [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
 Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`.
-The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
+This GitHub Action deploys files in `GITHUB_WORKSPACE` to a folder on a server via rsync over ssh. 
-Alpine version: [3.19.1](https://alpinelinux.org/posts/Alpine-3.19.1-released.html)
+Use this action in a build/test workflow which leaves deployable code in `GITHUB_WORKSPACE`.
 Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
 ---
@ -17,9 +15,7 @@ Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
 - `rsh` - Remote shell commands
- `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false")
+- `path` - The source path. Defaults to GITHUB_WORKSPACE
 - `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it
 - `remote_path`* - The deployment target path
@ -31,25 +27,17 @@ Rsync version: [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0)
 - `remote_key`* - The remote ssh key
 - `remote_key_pass` - The remote ssh key passphrase (if any)
 ``* = Required``
-## Required secret(s)
+## Required secret
-This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the  `remote_key` input.
+This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the  `remote_key` input.
 > Always use secrets when dealing with sensitive inputs!
 For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
 ## Current Version: 7.0.2
 ## Example usage
 Simple:
-```yml
+```
 name: DEPLOY
 on:
  push:
@ -60,9 +48,9 @@ jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v1
    - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.2
+      uses: burnett01/rsync-deployments@2.0
      with:
        switches: -avzr --delete
        path: src/
@ -74,14 +62,20 @@ jobs:
 Advanced:
-```yml
+```
 name: DEPLOY
 on:
  push:
    branches:
    - master
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v1
    - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.2
+      uses: burnett01/rsync-deployments@2.0
      with:
        switches: -avzr --delete --exclude="" --include="" --filter=""
        path: src/
@ -92,162 +86,38 @@ jobs:
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
-For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
+For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
 ```
 name: DEPLOY
 on:
  push:
    branches:
    - master
 ```yml
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v1
    - name: rsync deployments
-      uses: burnett01/rsync-deployments@7.0.2
+      uses: burnett01/rsync-deployments@2.0
      with:
        switches: -avzr --delete
        path: src/
-        remote_path: ${{ secrets.DEPLOY_PATH }}
+        remote_path: /var/www/html/
        remote_host: ${{ secrets.DEPLOY_HOST }}
        remote_port: ${{ secrets.DEPLOY_PORT }}
        remote_user: ${{ secrets.DEPLOY_USER }}
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
 If your private key is passphrase protected you should use:
 ```yml
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.0.2
      with:
        switches: -avzr --delete
        path: src/
        remote_path: ${{ secrets.DEPLOY_PATH }}
        remote_host: ${{ secrets.DEPLOY_HOST }}
        remote_port: ${{ secrets.DEPLOY_PORT }}
        remote_user: ${{ secrets.DEPLOY_USER }}
        remote_key: ${{ secrets.DEPLOY_KEY }}
        remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
 ```
 ---
 #### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+
 If your remote OpenSSH Server still uses RSA hostkeys, then you have to
 manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
 ```yml
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.0.2
      with:
        switches: -avzr --delete
        legacy_allow_rsa_hostkeys: "true"
        path: src/
        remote_path: ${{ secrets.DEPLOY_PATH }}
        remote_host: ${{ secrets.DEPLOY_HOST }}
        remote_port: ${{ secrets.DEPLOY_PORT }}
        remote_user: ${{ secrets.DEPLOY_USER }}
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
 See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information.
 ---
 ## Version 7.0.0 & 7.0.1 (DEPRECATED)
 Check here: 
 - https://github.com/Burnett01/rsync-deployments/tree/7.0.0  (alpine 3.19.1)
 - https://github.com/Burnett01/rsync-deployments/tree/7.0.1  (alpine 3.19.1)
 ---
 ## Version 6.0 (EOL)
 Check here: 
 - https://github.com/Burnett01/rsync-deployments/tree/6.0  (alpine 3.17.2)
 ---
 ## Version 5.0, 5.1 & 5.2 & 5.x (EOL)
 Check here: 
 - https://github.com/Burnett01/rsync-deployments/tree/5.0  (alpine 3.11.x)
 - https://github.com/Burnett01/rsync-deployments/tree/5.1  (alpine 3.14.1)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2  (alpine 3.15.0)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2.1  (alpine 3.16.1)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2.2  (alpine 3.17.2)
 ---
 ## Version 4.0 & 4.1 (EOL)
 Check here: 
 - https://github.com/Burnett01/rsync-deployments/tree/4.0
 - https://github.com/Burnett01/rsync-deployments/tree/4.1
 Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
 ---
 ## Version 3.0 (EOL)
 Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0
 Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
 Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
 based on ``alpine:latest``and heavily optimized for rsync.
 ## Version 2.0 (EOL)
 Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0
 Version 2.0 uses a larger base-image (``ubuntu:latest``).<br>
 Consider upgrading to 3.0 for even faster deployments.
 ## Version 1.0 (EOL)
 Looking for version 1.0?
 Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0
 Please note that version 1.0 has reached end of life state.
 ---
 ## Acknowledgements
 + This project is a fork of [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
 + Base image [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker)
 ---
 ## Media
 This action was featured in multiple blogs across the globe:
 > Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
 - https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
 - https://www.vektor-inc.co.jp/post/github-actions-deploy/
 - https://webpick.info/automatiser-avec-github-actions/
 - https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
 - https://jishuin.proginn.com/p/763bfbd38928
 - https://cloud.tencent.com/developer/article/1786522
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,21 +0,0 @@
 # Security Policy
 ## Supported Versions
 The following versions are currently being supported with security updates:
 | Version | Supported          | Rsync version          |
 | ------- | ------------------ | ------------------ |
 | 7.0.2   | :white_check_mark: | >= 3.4.0 |
 | 7.0.1   | :warning: DEPRECATED | < 3.4.0 |
 | 7.0.0   | :warning: DEPRECATED | < 3.4.0|
 | 6.x   | :x: EOL |< 3.4.0|
 | 5.x   | :x: EOL |< 3.4.0|
 | 4.x   | :x: EOL |< 3.4.0|
 | 3.0   | :x: EOL |< 3.4.0|
 | 2.0   | :x: EOL               |< 3.4.0|
 | 1.0   | :x: EOL               |< 3.4.0|
 ## Reporting a Vulnerability
 You can report a vulnerability by creating an issue.
--- a/action.yml
+++ b/action.yml
@ -9,10 +9,6 @@ inputs:
    description: 'The remote shell argument'
    required: false
    default: ''
  legacy_allow_rsa_hostkeys:
    description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+'
    required: false
    default: 'false'
  path:
    description: 'The local path'
    required: false
@ -33,10 +29,6 @@ inputs:
  remote_key:
    description: 'The remote key'
    required: true
  remote_key_pass:
    description: 'The remote key passphrase'
    required: false
    default: ''
 runs:
  using: 'docker'
  image: 'Dockerfile'
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,25 +1,18 @@
-#!/bin/sh
+#!/bin/bash
 if [ -z "$(echo "$INPUT_REMOTE_PATH" | awk '{$1=$1};1')" ]; then
    echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44"
    exit 1
 fi
 # Start the SSH agent and load key.
 source agent-start "$GITHUB_ACTION"
 echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
 # Add strict errors.
 set -eu
-# Variables.
+# Set deploy key
-LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
+SSH_PATH="$HOME/.ssh"
 LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "")
-SWITCHES="$INPUT_SWITCHES"
+# Create .ssh dir if it doesn't exist
-RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH"
+[ -d "$SSH_PATH" ] || mkdir "$SSH_PATH"
 LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH"
 DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST"
-# Deploy.
+# Place deploy_key into .ssh dir
-sh -c "rsync $SWITCHES -e '$RSH' $LOCAL_PATH $DSN:$INPUT_REMOTE_PATH"
+echo "$INPUT_REMOTE_KEY" > "$SSH_PATH/key"
 # Set r+w to user only
 chmod 600 "$SSH_PATH/key"
 # Do deployment
 sh -c "rsync $INPUT_SWITCHES -e 'ssh -i $SSH_PATH/key -o StrictHostKeyChecking=no -p $INPUT_REMOTE_PORT $INPUT_RSH' $GITHUB_WORKSPACE/$INPUT_PATH $INPUT_REMOTE_USER@$INPUT_REMOTE_HOST:$INPUT_REMOTE_PATH"