Merge pull request #61 from Burnett01/release/7.0.1

- Pin @JoshPiper [drinternet/rsync](https://github.com/JoshPiper/rsync-docker) image by SHA-256 hash rather than version.  (Immutability)
Added via #60 

The docker image of this action is now pinned to the specific SHA-256 hash of the version rather than just the version.
This means for the latest `drinternet/rsync:v1.4.4` the corresponding hash is `drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234`

Check for validation: https://hub.docker.com/layers/drinternet/rsync/v1.4.4/images/sha256-15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234

With that, usage of this action is even more secure due to a consistent dependency chain of trust,
since changes accompanied by a docker image hash are immutable.

Thanks to @XComp
This commit is contained in:
Steven Agyekum 2024-03-31 18:11:10 +02:00 committed by GitHub
commit 796cf0d5e4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 10 additions and 7 deletions

View File

@ -1,4 +1,5 @@
FROM drinternet/rsync:v1.4.4 # drinternet/rsync@v1.4.4
FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
# Copy entrypoint # Copy entrypoint
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh

View File

@ -1,7 +1,7 @@
MIT License MIT License
Copyright (c) 2019-2022 Contention Copyright (c) 2019-2022 Contention
Copyright (c) 2019-2022 Burnett01 Copyright (c) 2019-2024 Burnett01
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

View File

@ -40,6 +40,8 @@ This action needs secret variables for the ssh private key of your key pair. The
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples. For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
## Current Version: 7.0.1
## Example usage ## Example usage
Simple: Simple:
@ -57,7 +59,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.1
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -76,7 +78,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.1
with: with:
switches: -avzr --delete --exclude="" --include="" --filter="" switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/ path: src/
@ -96,7 +98,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.1
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -116,7 +118,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.1
with: with:
switches: -avzr --delete switches: -avzr --delete
path: src/ path: src/
@ -142,7 +144,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: rsync deployments - name: rsync deployments
uses: burnett01/rsync-deployments@7.0.0 uses: burnett01/rsync-deployments@7.0.1
with: with:
switches: -avzr --delete switches: -avzr --delete
legacy_allow_rsa_hostkeys: "true" legacy_allow_rsa_hostkeys: "true"