Skip to content

Commit

Permalink
Release/v5 (#13)
Browse files Browse the repository at this point in the history
* Reference JoshPiper/rsync-docker @ 1.1.0

* See: https://github.com/JoshPiper/rsync-docker/tree/1.1.0
* New features: Support passphrase protected keys

* supply SSH_PASS (key passphrase) to agent-add

Read more about the behavior: https://github.com/JoshPiper/rsync-docker#agent-askpass

* add new remote_key_pass config option

* Update README.md

* Update README.md

* 2.0 is EOL

* support 5.0, drop 2.0

* default to empty string

* reference JoshPiper/rsync-docker @ v1.2.0
  • Loading branch information
Burnett01 authored Aug 2, 2021
1 parent a93a577 commit 342e70b
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 11 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM drinternet/rsync:1.0.1
FROM drinternet/rsync:v1.2.0

# Copy entrypoint
COPY entrypoint.sh /entrypoint.sh
Expand Down
55 changes: 47 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache))

- `remote_key`* - The remote ssh key

- `remote_key_pass` - The remote ssh key passphrase (if any)

``* = Required``

## Required secret
## Required secret(s)

This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.

This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input.
> Always use secrets when dealing with sensitive inputs!
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.

## Example usage

Expand All @@ -49,7 +55,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@4.1
uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete
path: src/
Expand All @@ -68,7 +74,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@4.1
uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/
Expand All @@ -79,7 +85,7 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
```

For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.

```
jobs:
Expand All @@ -88,17 +94,50 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/rsync-deployments@4.1
uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete
path: src/
remote_path: /var/www/html/
remote_path: ${{ secrets.DEPLOY_PATH }}
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
```

If your private key is passphrase protected you should use:

```
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: rsync deployments
uses: burnett01/[email protected]
with:
switches: -avzr --delete
path: src/
remote_path: ${{ secrets.DEPLOY_PATH }}
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
```
---

## Version 4.0 & 4.1

Looking for version 4.0 and 4.1?

Check here:

- https://github.com/Burnett01/rsync-deployments/tree/4.0
- https://github.com/Burnett01/rsync-deployments/tree/4.1

Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.

---

## Version 3.0
Expand All @@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
based on ``alpine:latest``and heavily optimized for rsync.

## Version 2.0
## Version 2.0 (EOL)

Looking for version 2.0?

Expand Down
4 changes: 3 additions & 1 deletion SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@ The following versions are currently being supported with security updates:

| Version | Supported |
| ------- | ------------------ |
| 5.0 | :white_check_mark: |
| 4.1 | :white_check_mark: |
| 4.0 | :white_check_mark: |
| 3.0 | :white_check_mark: |
| < 2.0 | :x: |
| 2.0 | :x: |
| 1.0 | :x: |

## Reporting a Vulnerability

Expand Down
4 changes: 4 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ inputs:
remote_key:
description: 'The remote key'
required: true
remote_key_pass:
description: 'The remote key passphrase'
required: false
default: ''
runs:
using: 'docker'
image: 'Dockerfile'
Expand Down
2 changes: 1 addition & 1 deletion entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

# Start the SSH agent and load key.
source agent-start "$GITHUB_ACTION"
echo "$INPUT_REMOTE_KEY" | agent-add
echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add

# Add strict errors.
set -eu
Expand Down

0 comments on commit 342e70b

Please sign in to comment.