diff --git a/Dockerfile b/Dockerfile
index e206465..f0daa6b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM drinternet/rsync:1.0.1
+FROM drinternet/rsync:v1.2.0
# Copy entrypoint
COPY entrypoint.sh /entrypoint.sh
diff --git a/README.md b/README.md
index c4cfc35..67f2c82 100644
--- a/README.md
+++ b/README.md
@@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache))
- `remote_key`* - The remote ssh key
+- `remote_key_pass` - The remote ssh key passphrase (if any)
+
``* = Required``
-## Required secret
+## Required secret(s)
-This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the `remote_key` input.
+This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.
+
+> Always use secrets when dealing with sensitive inputs!
+
+For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
## Example usage
@@ -49,7 +55,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
- uses: burnett01/rsync-deployments@4.1
+ uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete
path: src/
@@ -68,7 +74,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
- uses: burnett01/rsync-deployments@4.1
+ uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/
@@ -79,7 +85,7 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
```
-For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
+For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
```
jobs:
@@ -88,17 +94,50 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: rsync deployments
- uses: burnett01/rsync-deployments@4.1
+ uses: burnett01/rsync-deployments@5.0
with:
switches: -avzr --delete
path: src/
- remote_path: /var/www/html/
+ remote_path: ${{ secrets.DEPLOY_PATH }}
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_port: ${{ secrets.DEPLOY_PORT }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
```
+If your private key is passphrase protected you should use:
+
+```
+jobs:
+ deploy:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: rsync deployments
+ uses: burnett01/rsync-deployments@5.0
+ with:
+ switches: -avzr --delete
+ path: src/
+ remote_path: ${{ secrets.DEPLOY_PATH }}
+ remote_host: ${{ secrets.DEPLOY_HOST }}
+ remote_port: ${{ secrets.DEPLOY_PORT }}
+ remote_user: ${{ secrets.DEPLOY_USER }}
+ remote_key: ${{ secrets.DEPLOY_KEY }}
+ remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
+```
+---
+
+## Version 4.0 & 4.1
+
+Looking for version 4.0 and 4.1?
+
+Check here:
+
+- https://github.com/Burnett01/rsync-deployments/tree/4.0
+- https://github.com/Burnett01/rsync-deployments/tree/4.1
+
+Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
+
---
## Version 3.0
@@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is
based on ``alpine:latest``and heavily optimized for rsync.
-## Version 2.0
+## Version 2.0 (EOL)
Looking for version 2.0?
diff --git a/SECURITY.md b/SECURITY.md
index 67de8c8..8db6109 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,10 +6,12 @@ The following versions are currently being supported with security updates:
| Version | Supported |
| ------- | ------------------ |
+| 5.0 | :white_check_mark: |
| 4.1 | :white_check_mark: |
| 4.0 | :white_check_mark: |
| 3.0 | :white_check_mark: |
-| < 2.0 | :x: |
+| 2.0 | :x: |
+| 1.0 | :x: |
## Reporting a Vulnerability
diff --git a/action.yml b/action.yml
index d89ac9e..31eaea8 100644
--- a/action.yml
+++ b/action.yml
@@ -29,6 +29,10 @@ inputs:
remote_key:
description: 'The remote key'
required: true
+ remote_key_pass:
+ description: 'The remote key passphrase'
+ required: false
+ default: ''
runs:
using: 'docker'
image: 'Dockerfile'
diff --git a/entrypoint.sh b/entrypoint.sh
index 6590803..9d0f2b5 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,7 +2,7 @@
# Start the SSH agent and load key.
source agent-start "$GITHUB_ACTION"
-echo "$INPUT_REMOTE_KEY" | agent-add
+echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
# Add strict errors.
set -eu