16 changed files with 169 additions and 420 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,6 +0,0 @@
 version: 2
 updates:
  - package-ecosystem: docker
    directory: /
    schedule:
      interval: monthly
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -1,76 +0,0 @@
 # Contributor Covenant Code of Conduct
 ## Our Pledge
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, sex characteristics, gender identity and expression,
 level of experience, education, socio-economic status, nationality, personal
 appearance, race, religion, or sexual identity and orientation.
 ## Our Standards
 Examples of behavior that contributes to creating a positive environment
 include:
 * Using welcoming and inclusive language
 * Being respectful of differing viewpoints and experiences
 * Gracefully accepting constructive criticism
 * Focusing on what is best for the community
 * Showing empathy towards other community members
 Examples of unacceptable behavior by participants include:
 * The use of sexualized language or imagery and unwelcome sexual attention or
 advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or electronic
 address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
 professional setting
 ## Our Responsibilities
 Project maintainers are responsible for clarifying the standards of acceptable
 behavior and are expected to take appropriate and fair corrective action in
 response to any instances of unacceptable behavior.
 Project maintainers have the right and responsibility to remove, edit, or
 reject comments, commits, code, wiki edits, issues, and other contributions
 that are not aligned to this Code of Conduct, or to ban temporarily or
 permanently any contributor for other behaviors that they deem inappropriate,
 threatening, offensive, or harmful.
 ## Scope
 This Code of Conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community. Examples of
 representing a project or community include using an official project e-mail
 address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported by contacting the project team via issues. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
 Further details of specific enforcement policies may be posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good
 faith may face temporary or permanent repercussions as determined by other
 members of the project's leadership.
 ## Attribution
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 [homepage]: https://www.contributor-covenant.org
 For answers to common questions about this code of conduct, see
 https://www.contributor-covenant.org/faq
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1 +0,0 @@
 Feel free to contribute to this project.
--- a/20
+++ b/20
@ -1,8 +1,16 @@
-# drinternet/rsync@v1.4.4
+FROM alpine:3.20.0
-FROM drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
+MAINTAINER Dr Internet <internet@limelightgaming.net>
-# Copy entrypoint
+# Install RSync and Open SSH.
-COPY entrypoint.sh /entrypoint.sh
+RUN apk update && apk add --no-cache rsync openssh-client
-RUN chmod +x /entrypoint.sh
+RUN rm -rf /var/cache/apk/*
-ENTRYPOINT ["/entrypoint.sh"]
+# Prepare SSH dir.
 RUN mkdir ~/.ssh
 # Copy in our executables.
 COPY agent-* hosts-* /bin/
 RUN chmod +x /bin/agent-* /bin/hosts-*
 # Prepare for known hosts.
 RUN hosts-clear
--- a/3
+++ b/3
@ -1,7 +1,6 @@
 MIT License
-Copyright (c) 2019-2022 Contention
+Copyright (c) 2020 Joshua Piper
 Copyright (c) 2019-2024 Burnett01
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -1,254 +1,93 @@
-# rsync deployments
+# rsync docker image.
-This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folder via rsync over ssh. 
+A simple alpine based docker image for rsync and ssh deployments.
-Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`.
+## Using this image
 This image has two primary uses. Firstly, as a deployment image for GitLab CI runs. Secondly, as a base image for other images.
-The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
+### gitlab-ci.yml
 ```yml
 image: drinternet/rsync:1.0.1
 ...
 before_script:
  - source agent-autostart "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
  - hosts-add "$SSH_KNOWN_HOSTS"
---
+after_script:
-
+  - agent-stop "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
 ## Inputs
 - `switches`* - The first is for any initial/required rsync flags, eg: `-avzr --delete`
 - `rsh` - Remote shell commands
 - `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false")
 - `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it
 - `remote_path`* - The deployment target path
 - `remote_host`* - The remote host
 - `remote_port` - The remote port. Defaults to 22
 - `remote_user`* - The remote user
 - `remote_key`* - The remote ssh key
 - `remote_key_pass` - The remote ssh key passphrase (if any)
 ``* = Required``
 ## Required secret(s)
 This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the  `remote_key` input.
 > Always use secrets when dealing with sensitive inputs!
 For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
 ## Current Version: 7.0.1
 ## Example usage
 Simple:
 ```
 name: DEPLOY
 on:
  push:
    branches:
    - master
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.0.1
      with:
        switches: -avzr --delete
        path: src/
        remote_path: /var/www/html/
        remote_host: example.com
        remote_user: debian
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
-Advanced:
+### Base image in a `Dockerfile
-
+```dockerfile
-```
+FROM drinternet/rsync:1.0.1
-jobs:
+COPY some/file or/whatever
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.0.1
      with:
        switches: -avzr --delete --exclude="" --include="" --filter=""
        path: src/
        remote_path: /var/www/html/
        remote_host: example.com
        remote_port: 5555
        remote_user: debian
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
-For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
+## Inbuilt commands.
-```
+This base image also includes a few shell scripts, to help with managing SSH agents and known hosts files.
-jobs:
+### SSH Agent Management
-  deploy:
+#### agent-start
-    runs-on: ubuntu-latest
+This command starts the SSH agent, if it isn't already started (SSH_AGENT_PID set or ssh agent ID file found).
-    steps:
+It takes one optional argument, for the name of the agent to be started. Defaults to "default".
-    - uses: actions/checkout@v3
+This program needs to be source'd to work correctly.
-    - name: rsync deployments
+`source agent-start "default"`
-      uses: burnett01/rsync-deployments@7.0.1
+
-      with:
+#### agent-stop
-        switches: -avzr --delete
+This command stops the SSH agent, if it is started (SSH_AGENT_PID set or ssh agent ID file found).
-        path: src/
+It takes one optional argument, for the name of the agent to be stopped. Defaults to "default".
-        remote_path: ${{ secrets.DEPLOY_PATH }}
+`agent-stop "my-agent-name"`
-        remote_host: ${{ secrets.DEPLOY_HOST }}
+
-        remote_port: ${{ secrets.DEPLOY_PORT }}
+#### agent-add
-        remote_user: ${{ secrets.DEPLOY_USER }}
+This command adds a key to the currently running SSH agent. The key is taken from stdin, and the agent used is that in SSH_AGENT_PID.
-        remote_key: ${{ secrets.DEPLOY_KEY }}
+
 #### agent-autostart
 This command starts the SSH agent and loads the private key from the "SSH_PRIVATE_KEY" environment var. The command takes one optional argument, for the name of the agent to be started. Defaults to "default".
 As with agent-start, this command needs to be sourced.
 #### agent-askpass
 This command is called by ssh-add when the [SSH_ASKPASS](https://man.openbsd.org/ssh-add.1#ENVIRONMENT) variable is set active. The command returns the SSH_PASS to [ssh-askpass(1)](https://man.openbsd.org/ssh-askpass.1).
 This command is ignored by ssh-add if the key does not require a passphrase.
 ### known_hosts management
 #### hosts-clear
 This command truncates the known_hosts file and sets its permissions.
 #### hosts-add
 This command adds an entry to the known hosts file, and ensures its permissions are correct. It takes one argument, which is the new key to add.
 ## Tags
 Both the repository and Docker Hub images follow the [semantic versioning](https://semver.org/) standard.
 Docker Hub image versions are prefixed with v, and contain the full version, version sub patch number and version sub minor and patch.
 For example, the repository tag 1.2.3, creates the Hub tags v1.2.3, v1.2 and v1, to allow for binding to a specific version, specific minor version or specific major version.
 ## Example gitlab-ci.yml
 ```yml
 image: drinternet/rsync:1.0.1
 stages:
  - deploy
 before_script:
  - source agent-autostart "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
  - hosts-add "$SSH_KNOWN_HOSTS"
 after_script:
  - agent-stop "$CI_PROJECT_ID-$CI_PIPELINE_ID-$_CI_CONCURRENT_ID"
 deploy:
  stage: deploy
  script:
    - rsync -zrSlhaO --chmod=D2775,F664 --delete-after . $FTP_USER@$FTP_HOST:/var/www/deployment/
 ```
-If your private key is passphrase protected you should use:
+## Using with passphrase protected key
 You can supply a passphrase with ``SSH_PASS`` to ``agent-add``, ``agent-start`` or ``agent-autostart``.
 ```
-jobs:
+SSH_PASS="THE_PASSPHRASE" agent-add
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.0.1
      with:
        switches: -avzr --delete
        path: src/
        remote_path: ${{ secrets.DEPLOY_PATH }}
        remote_host: ${{ secrets.DEPLOY_HOST }}
        remote_port: ${{ secrets.DEPLOY_PORT }}
        remote_user: ${{ secrets.DEPLOY_USER }}
        remote_key: ${{ secrets.DEPLOY_KEY }}
        remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
 ```
 ---
 #### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+
 If your remote OpenSSH Server still uses RSA hostkeys, then you have to
 manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
 ```
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: rsync deployments
      uses: burnett01/rsync-deployments@7.0.1
      with:
        switches: -avzr --delete
        legacy_allow_rsa_hostkeys: "true"
        path: src/
        remote_path: ${{ secrets.DEPLOY_PATH }}
        remote_host: ${{ secrets.DEPLOY_HOST }}
        remote_port: ${{ secrets.DEPLOY_PORT }}
        remote_user: ${{ secrets.DEPLOY_USER }}
        remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
 See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information.
 ---
 ## Version 6.0 (MAINTENANCE)
 Check here: 
 - https://github.com/Burnett01/rsync-deployments/tree/6.0  (alpine 3.17.2)
 ---
 ## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED)
 Check here: 
 - https://github.com/Burnett01/rsync-deployments/tree/5.0  (alpine 3.11.x)
 - https://github.com/Burnett01/rsync-deployments/tree/5.1  (alpine 3.14.1)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2  (alpine 3.15.0)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2.1  (alpine 3.16.1)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2.2  (alpine 3.17.2)
 ---
 ## Version 4.0 & 4.1 (EOL)
 Check here: 
 - https://github.com/Burnett01/rsync-deployments/tree/4.0
 - https://github.com/Burnett01/rsync-deployments/tree/4.1
 Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
 ---
 ## Version 3.0 (EOL)
 Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0
 Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
 Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
 based on ``alpine:latest``and heavily optimized for rsync.
 ## Version 2.0 (EOL)
 Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0
 Version 2.0 uses a larger base-image (``ubuntu:latest``).<br>
 Consider upgrading to 3.0 for even faster deployments.
 ## Version 1.0 (EOL)
 Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0
 Please note that version 1.0 has reached end of life state.
 ---
 ## Acknowledgements
 + This project is a fork of [Contention/rsync-deployments](https://github.com/Contention/rsync-deployments)
 + Base image [JoshPiper/rsync-docker](https://github.com/JoshPiper/rsync-docker)
 ---
 ## Media
 This action was featured in multiple blogs across the globe:
 > Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
 - https://leobrack.co.uk/blog/2020-02-15-automatically-push-changes-to-your-live-site-with-github-actions
 - https://blog.maniak.co/ci-cd-for-wordpress/
 - https://elijahverdoorn.com/2020/04/14/automating-deployment-with-github-actions/
 - https://www.vektor-inc.co.jp/post/github-actions-deploy/
 - https://ews.ink/tech/blog-deploy-2/
 - https://webpick.info/automatiser-avec-github-actions/
 - https://matthias-andrasch.eu/blog/2021/tutorial-webseite-mittels-github-actions-deployment-zu-uberspace-uebertragen-rsync/
 - https://mikael.koutero.me/posts/hugo-github-actions-deploy-rsync/
 - https://cdmana.com/2021/02/20210208122400688I.html
 - https://jishuin.proginn.com/p/763bfbd38928
 - https://cloud.tencent.com/developer/article/1786522
 - http://www.ningco.cn/github_action_deploy_blog/
 - https://qdmana.com/2021/01/20210127094413405u.html
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,19 +0,0 @@
 # Security Policy
 ## Supported Versions
 The following versions are currently being supported with security updates:
 | Version | Supported          |
 | ------- | ------------------ |
 | 7.x   | :white_check_mark: |
 | 6.x   | :information_source: MAINTENANCE |
 | 5.x   | :warning: DEPRECATED |
 | 4.x   | :x: EOL |
 | 3.0   | :x: EOL |
 | 2.0   | :x: EOL               |
 | 1.0   | :x: EOL               |
 ## Reporting a Vulnerability
 You can report a vulnerability by creating an issue.
--- a/action.yml
+++ b/action.yml
@ -1,45 +0,0 @@
 name: 'Rsync Deployments Action'
 description: 'GitHub Action for deploying code via rsync over ssh'
 author: 'Burnett01'
 inputs:
  switches:
    description: 'The switches'
    required: true
  rsh:
    description: 'The remote shell argument'
    required: false
    default: ''
  legacy_allow_rsa_hostkeys:
    description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+'
    required: false
    default: 'false'
  path:
    description: 'The local path'
    required: false
    default: ''
  remote_path:
    description: 'The remote path'
    required: true
  remote_host:
    description: 'The remote host'
    required: true
  remote_port:
    description: 'The remote port'
    required: false
    default: 22
  remote_user:
    description: 'The remote user'
    required: true
  remote_key:
    description: 'The remote key'
    required: true
  remote_key_pass:
    description: 'The remote key passphrase'
    required: false
    default: ''
 runs:
  using: 'docker'
  image: 'Dockerfile'
 branding:
  icon: 'send'  
  color: 'gray-dark'
--- a/4
+++ b/4
@ -0,0 +1,4 @@
 #!/bin/sh
 source agent-start "${1:-default}"
 cat - | tr -d '\r' | DISPLAY=1 SSH_ASKPASS=agent-askpass ssh-add - >/dev/null
--- a/2
+++ b/2
@ -0,0 +1,2 @@
 #!/bin/sh
 echo "$SSH_PASS"
--- a/4
+++ b/4
@ -0,0 +1,4 @@
 #!/bin/sh
 source agent-start "${1:-default}"
 echo "$SSH_PRIVATE_KEY" | agent-add
--- a/22
+++ b/22
@ -0,0 +1,22 @@
 #!/bin/sh
 FOLDER=${1:-default}
 STORE_PATH="/tmp/ssh-agent/$FOLDER"
 mkdir -p "$STORE_PATH"
 # Start the SSH agent if it isn't already.
 if [ -z "$SSH_AGENT_PID" ]; then
 	if [ -f "$STORE_PATH/id" ]; then
 		# Our auth agent is already running.
 		# Reload the vars, and export them.
 		SSH_AGENT_PID=$(cat "$STORE_PATH/id")
 		export SSH_AGENT_PID
 		SSH_AUTH_SOCK=$(cat "$STORE_PATH/sock")
 		export SSH_AUTH_SOCK
 	else
 		eval "$(ssh-agent)" > /dev/null
 		echo "$SSH_AGENT_PID" > "$STORE_PATH"/id
 		echo "$SSH_AUTH_SOCK" > "$STORE_PATH"/sock
 	fi
 fi
--- a/35
+++ b/35
@ -0,0 +1,35 @@
 #!/bin/sh
 if [ ! -z "$SSH_AGENT_PID" ]; then
 	# Here, the environment is set already, just kill the script.
 	eval $(ssh-agent -k) >/dev/null
 	exit $?
 else
 	# The env isn't set, construct the file path.
 	FOLDER=${1:-default}
 	STORE_PATH="/tmp/ssh-agent/$FOLDER"
 	if [ ! -d "$STORE_PATH" ]; then
 		echo "Store Path $STORE_PATH doesn't exist!" >&2
 		exit 1
 	fi
 	# And check our files exist.
 	if [ -f "$STORE_PATH/id" ]; then
 		# Grab our PID and socket.
 		SSH_AGENT_PID=$(cat "$STORE_PATH/id")
 		export SSH_AGENT_PID
 		rm "$STORE_PATH/id"
 		SSH_AUTH_SOCK=$(cat "$STORE_PATH/sock")
 		export SSH_AUTH_SOCK
 		rm "$STORE_PATH/sock"
 		rmdir "$STORE_PATH"
 		eval $(ssh-agent -k) >/dev/null
 		exit $?
 	else
 		echo "SSH_AGENT_PID not set, $STORE_PATH/id doesn't exist!" >&2
 		exit 1
 	fi
 fi
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,25 +0,0 @@
 #!/bin/sh
 if [ -z "$(echo "$INPUT_REMOTE_PATH" | awk '{$1=$1};1')" ]; then
    echo "The remote_path can not be empty. see: github.com/Burnett01/rsync-deployments/issues/44"
    exit 1
 fi
 # Start the SSH agent and load key.
 source agent-start "$GITHUB_ACTION"
 echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
 # Add strict errors.
 set -eu
 # Variables.
 LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
 LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "")
 SWITCHES="$INPUT_SWITCHES"
 RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH"
 LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH"
 DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST"
 # Deploy.
 sh -c "rsync $SWITCHES -e '$RSH' $LOCAL_PATH $DSN:$INPUT_REMOTE_PATH"
--- a/4
+++ b/4
@ -0,0 +1,4 @@
 #!/bin/sh
 echo "$@" >> ~/.ssh/known_hosts
 chmod 0664 ~/.ssh/known_hosts
--- a/4
+++ b/4
@ -0,0 +1,4 @@
 #!/bin/sh
 truncate -s 0 ~/.ssh/known_hosts
 chmod 0664 ~/.ssh/known_hosts