Compare commits
No commits in common. "master" and "drinternet-rsync-merge" have entirely different histories.
master
...
drinternet
|
@ -1,6 +0,0 @@
|
||||||
version: 2
|
|
||||||
updates:
|
|
||||||
- package-ecosystem: docker
|
|
||||||
directory: /
|
|
||||||
schedule:
|
|
||||||
interval: monthly
|
|
|
@ -1,76 +0,0 @@
|
||||||
# Contributor Covenant Code of Conduct
|
|
||||||
|
|
||||||
## Our Pledge
|
|
||||||
|
|
||||||
In the interest of fostering an open and welcoming environment, we as
|
|
||||||
contributors and maintainers pledge to making participation in our project and
|
|
||||||
our community a harassment-free experience for everyone, regardless of age, body
|
|
||||||
size, disability, ethnicity, sex characteristics, gender identity and expression,
|
|
||||||
level of experience, education, socio-economic status, nationality, personal
|
|
||||||
appearance, race, religion, or sexual identity and orientation.
|
|
||||||
|
|
||||||
## Our Standards
|
|
||||||
|
|
||||||
Examples of behavior that contributes to creating a positive environment
|
|
||||||
include:
|
|
||||||
|
|
||||||
* Using welcoming and inclusive language
|
|
||||||
* Being respectful of differing viewpoints and experiences
|
|
||||||
* Gracefully accepting constructive criticism
|
|
||||||
* Focusing on what is best for the community
|
|
||||||
* Showing empathy towards other community members
|
|
||||||
|
|
||||||
Examples of unacceptable behavior by participants include:
|
|
||||||
|
|
||||||
* The use of sexualized language or imagery and unwelcome sexual attention or
|
|
||||||
advances
|
|
||||||
* Trolling, insulting/derogatory comments, and personal or political attacks
|
|
||||||
* Public or private harassment
|
|
||||||
* Publishing others' private information, such as a physical or electronic
|
|
||||||
address, without explicit permission
|
|
||||||
* Other conduct which could reasonably be considered inappropriate in a
|
|
||||||
professional setting
|
|
||||||
|
|
||||||
## Our Responsibilities
|
|
||||||
|
|
||||||
Project maintainers are responsible for clarifying the standards of acceptable
|
|
||||||
behavior and are expected to take appropriate and fair corrective action in
|
|
||||||
response to any instances of unacceptable behavior.
|
|
||||||
|
|
||||||
Project maintainers have the right and responsibility to remove, edit, or
|
|
||||||
reject comments, commits, code, wiki edits, issues, and other contributions
|
|
||||||
that are not aligned to this Code of Conduct, or to ban temporarily or
|
|
||||||
permanently any contributor for other behaviors that they deem inappropriate,
|
|
||||||
threatening, offensive, or harmful.
|
|
||||||
|
|
||||||
## Scope
|
|
||||||
|
|
||||||
This Code of Conduct applies both within project spaces and in public spaces
|
|
||||||
when an individual is representing the project or its community. Examples of
|
|
||||||
representing a project or community include using an official project e-mail
|
|
||||||
address, posting via an official social media account, or acting as an appointed
|
|
||||||
representative at an online or offline event. Representation of a project may be
|
|
||||||
further defined and clarified by project maintainers.
|
|
||||||
|
|
||||||
## Enforcement
|
|
||||||
|
|
||||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
|
||||||
reported by contacting the project team via issues. All
|
|
||||||
complaints will be reviewed and investigated and will result in a response that
|
|
||||||
is deemed necessary and appropriate to the circumstances. The project team is
|
|
||||||
obligated to maintain confidentiality with regard to the reporter of an incident.
|
|
||||||
Further details of specific enforcement policies may be posted separately.
|
|
||||||
|
|
||||||
Project maintainers who do not follow or enforce the Code of Conduct in good
|
|
||||||
faith may face temporary or permanent repercussions as determined by other
|
|
||||||
members of the project's leadership.
|
|
||||||
|
|
||||||
## Attribution
|
|
||||||
|
|
||||||
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
|
||||||
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
|
|
||||||
|
|
||||||
[homepage]: https://www.contributor-covenant.org
|
|
||||||
|
|
||||||
For answers to common questions about this code of conduct, see
|
|
||||||
https://www.contributor-covenant.org/faq
|
|
|
@ -1 +0,0 @@
|
||||||
Feel free to contribute to this project.
|
|
20
Dockerfile
20
Dockerfile
|
@ -1,8 +1,16 @@
|
||||||
# drinternet/rsync@v1.4.4
|
FROM alpine:3.20.0
|
||||||
FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
|
MAINTAINER Dr Internet <internet@limelightgaming.net>
|
||||||
|
|
||||||
# Copy entrypoint
|
# Install RSync and Open SSH.
|
||||||
COPY entrypoint.sh /entrypoint.sh
|
RUN apk update && apk add --no-cache rsync openssh-client
|
||||||
RUN chmod +x /entrypoint.sh
|
RUN rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
# Prepare SSH dir.
|
||||||
|
RUN mkdir ~/.ssh
|
||||||
|
|
||||||
|
# Copy in our executables.
|
||||||
|
COPY agent-* hosts-* /bin/
|
||||||
|
RUN chmod +x /bin/agent-* /bin/hosts-*
|
||||||
|
|
||||||
|
# Prepare for known hosts.
|
||||||
|
RUN hosts-clear
|
||||||
|
|
3
LICENSE
3
LICENSE
|
@ -1,7 +1,6 @@
|
||||||
MIT License
|
MIT License
|
||||||
|
|
||||||
Copyright (c) 2019-2022 Contention
|
Copyright (c) 2020 Joshua Piper
|
||||||
Copyright (c) 2019-2024 Burnett01
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
|
323
README.md
323
README.md
|
@ -1,254 +1,93 @@
|
||||||
# rsync deployments
|
# rsync docker image.
|
||||||
|
|
||||||
This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh.
|
A simple alpine based docker image for rsync and ssh deployments.
|
||||||
|
|
||||||
Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`.
|
## Using this image
|
||||||
|
This image has two primary uses. Firstly, as a deployment image for GitLab CI runs. Secondly, as a base image for other images.
|
||||||
|
|
||||||
The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
|
### gitlab-ci.yml
|
||||||
|
```yml
|
||||||
---
|
image: drinternet/rsync:1.0.1
|
||||||
|
...
|
||||||
## Inputs
|
before_script:
|
||||||
|
- source agent-autostart "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
|
||||||
- `switches`* - The first is for any initial/required rsync flags, eg: `-avzr --delete`
|
- hosts-add "$SSH_KNOWN_HOSTS"
|
||||||
|
|
||||||
- `rsh` - Remote shell commands
|
|
||||||
|
|
||||||
- `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false")
|
|
||||||
|
|
||||||
- `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it
|
|
||||||
|
|
||||||
- `remote_path`* - The deployment target path
|
|
||||||
|
|
||||||
- `remote_host`* - The remote host
|
|
||||||
|
|
||||||
- `remote_port` - The remote port. Defaults to 22
|
|
||||||
|
|
||||||
- `remote_user`* - The remote user
|
|
||||||
|
|
||||||
- `remote_key`* - The remote ssh key
|
|
||||||
|
|
||||||
- `remote_key_pass` - The remote ssh key passphrase (if any)
|
|
||||||
|
|
||||||
``* = Required``
|
|
||||||
|
|
||||||
## Required secret(s)
|
|
||||||
|
|
||||||
This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the `remote_key` input.
|
|
||||||
|
|
||||||
> Always use secrets when dealing with sensitive inputs!
|
|
||||||
|
|
||||||
For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
|
|
||||||
|
|
||||||
## Current Version: 7.0.1
|
|
||||||
|
|
||||||
## Example usage
|
|
||||||
|
|
||||||
Simple:
|
|
||||||
|
|
||||||
|
after_script:
|
||||||
|
- agent-stop "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
|
||||||
```
|
```
|
||||||
name: DEPLOY
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- master
|
|
||||||
|
|
||||||
jobs:
|
### Base image in a `Dockerfile
|
||||||
|
```dockerfile
|
||||||
|
FROM drinternet/rsync:1.0.1
|
||||||
|
COPY some/file or/whatever
|
||||||
|
```
|
||||||
|
|
||||||
|
## Inbuilt commands.
|
||||||
|
|
||||||
|
This base image also includes a few shell scripts, to help with managing SSH agents and known hosts files.
|
||||||
|
### SSH Agent Management
|
||||||
|
#### agent-start
|
||||||
|
This command starts the SSH agent, if it isn't already started (SSH_AGENT_PID set or ssh agent ID file found).
|
||||||
|
It takes one optional argument, for the name of the agent to be started. Defaults to "default".
|
||||||
|
This program needs to be source'd to work correctly.
|
||||||
|
`source agent-start "default"`
|
||||||
|
|
||||||
|
#### agent-stop
|
||||||
|
This command stops the SSH agent, if it is started (SSH_AGENT_PID set or ssh agent ID file found).
|
||||||
|
It takes one optional argument, for the name of the agent to be stopped. Defaults to "default".
|
||||||
|
`agent-stop "my-agent-name"`
|
||||||
|
|
||||||
|
#### agent-add
|
||||||
|
This command adds a key to the currently running SSH agent. The key is taken from stdin, and the agent used is that in SSH_AGENT_PID.
|
||||||
|
|
||||||
|
#### agent-autostart
|
||||||
|
This command starts the SSH agent and loads the private key from the "SSH_PRIVATE_KEY" environment var. The command takes one optional argument, for the name of the agent to be started. Defaults to "default".
|
||||||
|
As with agent-start, this command needs to be sourced.
|
||||||
|
|
||||||
|
#### agent-askpass
|
||||||
|
This command is called by ssh-add when the [SSH_ASKPASS](https://man.openbsd.org/ssh-add.1#ENVIRONMENT) variable is set active. The command returns the SSH_PASS to [ssh-askpass(1)](https://man.openbsd.org/ssh-askpass.1).
|
||||||
|
|
||||||
|
This command is ignored by ssh-add if the key does not require a passphrase.
|
||||||
|
|
||||||
|
### known_hosts management
|
||||||
|
#### hosts-clear
|
||||||
|
This command truncates the known_hosts file and sets its permissions.
|
||||||
|
|
||||||
|
#### hosts-add
|
||||||
|
This command adds an entry to the known hosts file, and ensures its permissions are correct. It takes one argument, which is the new key to add.
|
||||||
|
|
||||||
|
## Tags
|
||||||
|
Both the repository and Docker Hub images follow the [semantic versioning](https://semver.org/) standard.
|
||||||
|
Docker Hub image versions are prefixed with v, and contain the full version, version sub patch number and version sub minor and patch.
|
||||||
|
|
||||||
|
For example, the repository tag 1.2.3, creates the Hub tags v1.2.3, v1.2 and v1, to allow for binding to a specific version, specific minor version or specific major version.
|
||||||
|
|
||||||
|
|
||||||
|
## Example gitlab-ci.yml
|
||||||
|
```yml
|
||||||
|
image: drinternet/rsync:1.0.1
|
||||||
|
|
||||||
|
stages:
|
||||||
|
- deploy
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- source agent-autostart "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
|
||||||
|
- hosts-add "$SSH_KNOWN_HOSTS"
|
||||||
|
|
||||||
|
after_script:
|
||||||
|
- agent-stop "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
runs-on: ubuntu-latest
|
stage: deploy
|
||||||
steps:
|
script:
|
||||||
- uses: actions/checkout@v3
|
- rsync -zrSlhaO --chmod=D2775,F664 --delete-after . $FTP_USER@$FTP_HOST:/var/www/deployment/
|
||||||
- name: rsync deployments
|
|
||||||
uses: burnett01/rsync-deployments@7.0.1
|
|
||||||
with:
|
|
||||||
switches: -avzr --delete
|
|
||||||
path: src/
|
|
||||||
remote_path: /var/www/html/
|
|
||||||
remote_host: example.com
|
|
||||||
remote_user: debian
|
|
||||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Advanced:
|
## Using with passphrase protected key
|
||||||
|
|
||||||
|
You can supply a passphrase with ``SSH_PASS`` to ``agent-add``, ``agent-start`` or ``agent-autostart``.
|
||||||
|
|
||||||
```
|
```
|
||||||
jobs:
|
SSH_PASS="THE_PASSPHRASE" agent-add
|
||||||
deploy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: rsync deployments
|
|
||||||
uses: burnett01/rsync-deployments@7.0.1
|
|
||||||
with:
|
|
||||||
switches: -avzr --delete --exclude="" --include="" --filter=""
|
|
||||||
path: src/
|
|
||||||
remote_path: /var/www/html/
|
|
||||||
remote_host: example.com
|
|
||||||
remote_port: 5555
|
|
||||||
remote_user: debian
|
|
||||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
|
||||||
```
|
```
|
||||||
|
|
||||||
For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
|
|
||||||
|
|
||||||
```
|
|
||||||
jobs:
|
|
||||||
deploy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: rsync deployments
|
|
||||||
uses: burnett01/rsync-deployments@7.0.1
|
|
||||||
with:
|
|
||||||
switches: -avzr --delete
|
|
||||||
path: src/
|
|
||||||
remote_path: ${{ secrets.DEPLOY_PATH }}
|
|
||||||
remote_host: ${{ secrets.DEPLOY_HOST }}
|
|
||||||
remote_port: ${{ secrets.DEPLOY_PORT }}
|
|
||||||
remote_user: ${{ secrets.DEPLOY_USER }}
|
|
||||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
|
||||||
```
|
|
||||||
|
|
||||||
If your private key is passphrase protected you should use:
|
|
||||||
|
|
||||||
```
|
|
||||||
jobs:
|
|
||||||
deploy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: rsync deployments
|
|
||||||
uses: burnett01/rsync-deployments@7.0.1
|
|
||||||
with:
|
|
||||||
switches: -avzr --delete
|
|
||||||
path: src/
|
|
||||||
remote_path: ${{ secrets.DEPLOY_PATH }}
|
|
||||||
remote_host: ${{ secrets.DEPLOY_HOST }}
|
|
||||||
remote_port: ${{ secrets.DEPLOY_PORT }}
|
|
||||||
remote_user: ${{ secrets.DEPLOY_USER }}
|
|
||||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
|
||||||
remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
#### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+
|
|
||||||
|
|
||||||
If your remote OpenSSH Server still uses RSA hostkeys, then you have to
|
|
||||||
manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
|
|
||||||
|
|
||||||
```
|
|
||||||
jobs:
|
|
||||||
deploy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: rsync deployments
|
|
||||||
uses: burnett01/rsync-deployments@7.0.1
|
|
||||||
with:
|
|
||||||
switches: -avzr --delete
|
|
||||||
legacy_allow_rsa_hostkeys: "true"
|
|
||||||
path: src/
|
|
||||||
remote_path: ${{ secrets.DEPLOY_PATH }}
|
|
||||||
remote_host: ${{ secrets.DEPLOY_HOST }}
|
|
||||||
remote_port: ${{ secrets.DEPLOY_PORT }}
|
|
||||||
remote_user: ${{ secrets.DEPLOY_USER }}
|
|
||||||
remote_key: ${{ secrets.DEPLOY_KEY }}
|
|
||||||
```
|
|
||||||
|
|
||||||
See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Version 6.0 (MAINTENANCE)
|
|
||||||
|
|
||||||
Check here:
|
|
||||||
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/6.0 (alpine 3.17.2)
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED)
|
|
||||||
|
|
||||||
Check here:
|
|
||||||
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/5.0 (alpine 3.11.x)
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/5.1 (alpine 3.14.1)
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0)
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.1)
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2)
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Version 4.0 & 4.1 (EOL)
|
|
||||||
|
|
||||||
Check here:
|
|
||||||
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/4.0
|
|
||||||
- https://github.com/Burnett01/rsync-deployments/tree/4.1
|
|
||||||
|
|
||||||
Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Version 3.0 (EOL)
|
|
||||||
|
|
||||||
Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0
|
|
||||||
|
|
||||||
Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
|
|
||||||
Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
|
|
||||||
based on ``alpine:latest``and heavily optimized for rsync.
|
|
||||||
|
|
||||||
## Version 2.0 (EOL)
|
|
||||||
|
|
||||||
Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0
|
|
||||||
|
|
||||||
Version 2.0 uses a larger base-image (``ubuntu:latest``).<br>
|
|
||||||
Consider upgrading to 3.0 for even faster deployments.
|
|
||||||
|
|
||||||
## Version 1.0 (EOL)
|
|
||||||
|
|
||||||
Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0
|
|
||||||
|
|
||||||
Please note that version 1.0 has reached end of life state.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Acknowledgements
|
|
||||||
|
|
||||||
+ This project is a fork of [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
|
|
||||||
+ Base image [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker)
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Media
|
|
||||||
|
|
||||||
This action was featured in multiple blogs across the globe:
|
|
||||||
|
|
||||||
> Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
|
|
||||||
|
|
||||||
- https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions
|
|
||||||
|
|
||||||
- https://blog.maniak.co/ci-cd-for-wordpress/
|
|
||||||
|
|
||||||
- https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
|
|
||||||
|
|
||||||
- https://www.vektor-inc.co.jp/post/github-actions-deploy/
|
|
||||||
|
|
||||||
- https://ews.ink/tech/blog-deploy-2/
|
|
||||||
|
|
||||||
- https://webpick.info/automatiser-avec-github-actions/
|
|
||||||
|
|
||||||
- https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
|
|
||||||
|
|
||||||
- https://mikael.koutero.me/posts/hugo-github-actions-deploy-rsync/
|
|
||||||
|
|
||||||
- https://cdmana.com/2021/02/20210208122400688I.html
|
|
||||||
|
|
||||||
- https://jishuin.proginn.com/p/763bfbd38928
|
|
||||||
|
|
||||||
- https://cloud.tencent.com/developer/article/1786522
|
|
||||||
|
|
||||||
- http://www.ningco.cn/github_action_deploy_blog/
|
|
||||||
|
|
||||||
- https://qdmana.com/2021/01/20210127094413405u.html
|
|
||||||
|
|
19
SECURITY.md
19
SECURITY.md
|
@ -1,19 +0,0 @@
|
||||||
# Security Policy
|
|
||||||
|
|
||||||
## Supported Versions
|
|
||||||
|
|
||||||
The following versions are currently being supported with security updates:
|
|
||||||
|
|
||||||
| Version | Supported |
|
|
||||||
| ------- | ------------------ |
|
|
||||||
| 7.x | :white_check_mark: |
|
|
||||||
| 6.x | :information_source: MAINTENANCE |
|
|
||||||
| 5.x | :warning: DEPRECATED |
|
|
||||||
| 4.x | :x: EOL |
|
|
||||||
| 3.0 | :x: EOL |
|
|
||||||
| 2.0 | :x: EOL |
|
|
||||||
| 1.0 | :x: EOL |
|
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
|
||||||
|
|
||||||
You can report a vulnerability by creating an issue.
|
|
45
action.yml
45
action.yml
|
@ -1,45 +0,0 @@
|
||||||
name: 'Rsync Deployments Action'
|
|
||||||
description: 'GitHub Action for deploying code via rsync over ssh'
|
|
||||||
author: 'Burnett01'
|
|
||||||
inputs:
|
|
||||||
switches:
|
|
||||||
description: 'The switches'
|
|
||||||
required: true
|
|
||||||
rsh:
|
|
||||||
description: 'The remote shell argument'
|
|
||||||
required: false
|
|
||||||
default: ''
|
|
||||||
legacy_allow_rsa_hostkeys:
|
|
||||||
description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+'
|
|
||||||
required: false
|
|
||||||
default: 'false'
|
|
||||||
path:
|
|
||||||
description: 'The local path'
|
|
||||||
required: false
|
|
||||||
default: ''
|
|
||||||
remote_path:
|
|
||||||
description: 'The remote path'
|
|
||||||
required: true
|
|
||||||
remote_host:
|
|
||||||
description: 'The remote host'
|
|
||||||
required: true
|
|
||||||
remote_port:
|
|
||||||
description: 'The remote port'
|
|
||||||
required: false
|
|
||||||
default: 22
|
|
||||||
remote_user:
|
|
||||||
description: 'The remote user'
|
|
||||||
required: true
|
|
||||||
remote_key:
|
|
||||||
description: 'The remote key'
|
|
||||||
required: true
|
|
||||||
remote_key_pass:
|
|
||||||
description: 'The remote key passphrase'
|
|
||||||
required: false
|
|
||||||
default: ''
|
|
||||||
runs:
|
|
||||||
using: 'docker'
|
|
||||||
image: 'Dockerfile'
|
|
||||||
branding:
|
|
||||||
icon: 'send'
|
|
||||||
color: 'gray-dark'
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
source agent-start "${1:-default}"
|
||||||
|
cat - | tr -d '\r' | DISPLAY=1 SSH_ASKPASS=agent-askpass ssh-add - >/dev/null
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/sh
|
||||||
|
echo "$SSH_PASS"
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
source agent-start "${1:-default}"
|
||||||
|
echo "$SSH_PRIVATE_KEY" | agent-add
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
FOLDER=${1:-default}
|
||||||
|
STORE_PATH="/tmp/ssh-agent/$FOLDER"
|
||||||
|
mkdir -p "$STORE_PATH"
|
||||||
|
|
||||||
|
# Start the SSH agent if it isn't already.
|
||||||
|
if [ -z "$SSH_AGENT_PID" ]; then
|
||||||
|
if [ -f "$STORE_PATH/id" ]; then
|
||||||
|
# Our auth agent is already running.
|
||||||
|
# Reload the vars, and export them.
|
||||||
|
SSH_AGENT_PID=$(cat "$STORE_PATH/id")
|
||||||
|
export SSH_AGENT_PID
|
||||||
|
|
||||||
|
SSH_AUTH_SOCK=$(cat "$STORE_PATH/sock")
|
||||||
|
export SSH_AUTH_SOCK
|
||||||
|
else
|
||||||
|
eval "$(ssh-agent)" > /dev/null
|
||||||
|
echo "$SSH_AGENT_PID" > "$STORE_PATH"/id
|
||||||
|
echo "$SSH_AUTH_SOCK" > "$STORE_PATH"/sock
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ ! -z "$SSH_AGENT_PID" ]; then
|
||||||
|
# Here, the environment is set already, just kill the script.
|
||||||
|
eval $(ssh-agent -k) >/dev/null
|
||||||
|
exit $?
|
||||||
|
else
|
||||||
|
# The env isn't set, construct the file path.
|
||||||
|
FOLDER=${1:-default}
|
||||||
|
STORE_PATH="/tmp/ssh-agent/$FOLDER"
|
||||||
|
if [ ! -d "$STORE_PATH" ]; then
|
||||||
|
echo "Store Path $STORE_PATH doesn't exist!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# And check our files exist.
|
||||||
|
if [ -f "$STORE_PATH/id" ]; then
|
||||||
|
# Grab our PID and socket.
|
||||||
|
SSH_AGENT_PID=$(cat "$STORE_PATH/id")
|
||||||
|
export SSH_AGENT_PID
|
||||||
|
rm "$STORE_PATH/id"
|
||||||
|
|
||||||
|
SSH_AUTH_SOCK=$(cat "$STORE_PATH/sock")
|
||||||
|
export SSH_AUTH_SOCK
|
||||||
|
rm "$STORE_PATH/sock"
|
||||||
|
|
||||||
|
|
||||||
|
rmdir "$STORE_PATH"
|
||||||
|
eval $(ssh-agent -k) >/dev/null
|
||||||
|
exit $?
|
||||||
|
else
|
||||||
|
echo "SSH_AGENT_PID not set, $STORE_PATH/id doesn't exist!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -1,25 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
if [ -z "$(echo "$INPUT_REMOTE_PATH" | awk '{$1=$1};1')" ]; then
|
|
||||||
echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Start the SSH agent and load key.
|
|
||||||
source agent-start "$GITHUB_ACTION"
|
|
||||||
echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
|
|
||||||
|
|
||||||
# Add strict errors.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
# Variables.
|
|
||||||
LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
|
||||||
LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "")
|
|
||||||
|
|
||||||
SWITCHES="$INPUT_SWITCHES"
|
|
||||||
RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH"
|
|
||||||
LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH"
|
|
||||||
DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST"
|
|
||||||
|
|
||||||
# Deploy.
|
|
||||||
sh -c "rsync $SWITCHES -e '$RSH' $LOCAL_PATH $DSN:$INPUT_REMOTE_PATH"
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo "$@" >> ~/.ssh/known_hosts
|
||||||
|
chmod 0664 ~/.ssh/known_hosts
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
truncate -s 0 ~/.ssh/known_hosts
|
||||||
|
chmod 0664 ~/.ssh/known_hosts
|
Loading…
Reference in New Issue