Release/v5 (#13)

* Reference JoshPiper/rsync-docker @ 1.1.0 * See: https://github.com/JoshPiper/rsync-docker/tree/1.1.0 * New features: Support passphrase protected keys * supply SSH_PASS (key passphrase) to agent-add Read more about the behavior: https://github.com/JoshPiper/rsync-docker#agent-askpass * add new remote_key_pass config option * Update README.md * Update README.md * 2.0 is EOL * support 5.0, drop 2.0 * default to empty string * reference JoshPiper/rsync-docker @ v1.2.0
Burnett01 · Aug 2, 2021 · 342e70b · 342e70b
1 parent a93a577
commit 342e70b
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM drinternet/rsync:1.0.1
+FROM drinternet/rsync:v1.2.0
 
 # Copy entrypoint
 COPY entrypoint.sh /entrypoint.sh

diff --git a/README.md b/README.md
@@ -26,11 +26,17 @@ The underlaying base-image of the docker-image is very small (Alpine (no cache))
 
 - `remote_key`* - The remote ssh key
 
+- `remote_key_pass` - The remote ssh key passphrase (if any)
+
 ``* = Required``
 
-## Required secret
+## Required secret(s)
+
+This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the  `remote_key` input.
 
-This action needs a `DEPLOY_KEY` secret variable. This should be the private key part of a ssh key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. This should be set in the Github secrets section and then referenced as the  `remote_key` input.
+> Always use secrets when dealing with sensitive inputs!
+
+For simplicity, we are using `DEPLOY_*` as the secret variables throughout the examples.
 
 ## Example usage
 
@@ -49,7 +55,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@4.1
+      uses: burnett01/rsync-deployments@5.0
       with:
         switches: -avzr --delete
         path: src/
@@ -68,7 +74,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@4.1
+      uses: burnett01/rsync-deployments@5.0
       with:
         switches: -avzr --delete --exclude="" --include="" --filter=""
         path: src/
@@ -79,7 +85,7 @@ jobs:
         remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
 
-For better security, I suggest you create additional secrets for remote_host, remote_port and remote_user inputs.
+For better **security**, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
 
 ```
 jobs:
@@ -88,17 +94,50 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@4.1
+      uses: burnett01/rsync-deployments@5.0
       with:
         switches: -avzr --delete
         path: src/
-        remote_path: /var/www/html/
+        remote_path: ${{ secrets.DEPLOY_PATH }}
         remote_host: ${{ secrets.DEPLOY_HOST }}
         remote_port: ${{ secrets.DEPLOY_PORT }}
         remote_user: ${{ secrets.DEPLOY_USER }}
         remote_key: ${{ secrets.DEPLOY_KEY }}
 ```
 
+If your private key is passphrase protected you should use:
+
+```
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: rsync deployments
+      uses: burnett01/[email protected]
+      with:
+        switches: -avzr --delete
+        path: src/
+        remote_path: ${{ secrets.DEPLOY_PATH }}
+        remote_host: ${{ secrets.DEPLOY_HOST }}
+        remote_port: ${{ secrets.DEPLOY_PORT }}
+        remote_user: ${{ secrets.DEPLOY_USER }}
+        remote_key: ${{ secrets.DEPLOY_KEY }}
+        remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
+```
+---
+
+## Version 4.0 & 4.1
+
+Looking for version 4.0 and 4.1?
+
+Check here: 
+
+- https://github.com/Burnett01/rsync-deployments/tree/4.0
+- https://github.com/Burnett01/rsync-deployments/tree/4.1
+
+Version 4.0 & 4.1 use the ``drinternet/rsync:1.0.1`` base-image.
+
 ---
 
 ## Version 3.0
@@ -111,7 +150,7 @@ Version 3.0 uses the ``alpine:latest`` base-image directly.<br>
 Consider upgrading to 4.0 that uses a docker-image ``drinternet/rsync:1.0.1`` that is<br>
 based on ``alpine:latest``and heavily optimized for rsync.
 
-## Version 2.0
+## Version 2.0 (EOL)
 
 Looking for version 2.0?
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -6,10 +6,12 @@ The following versions are currently being supported with security updates:
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 5.0   | :white_check_mark: |
 | 4.1   | :white_check_mark: |
 | 4.0   | :white_check_mark: |
 | 3.0   | :white_check_mark: |
-| < 2.0   | :x:                |
+| 2.0   | :x:                |
+| 1.0   | :x:                |
 
 ## Reporting a Vulnerability
 

diff --git a/action.yml b/action.yml
@@ -29,6 +29,10 @@ inputs:
   remote_key:
     description: 'The remote key'
     required: true
+  remote_key_pass:
+    description: 'The remote key passphrase'
+    required: false
+    default: ''
 runs:
   using: 'docker'
   image: 'Dockerfile'

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -2,7 +2,7 @@
 
 # Start the SSH agent and load key.
 source agent-start "$GITHUB_ACTION"
-echo "$INPUT_REMOTE_KEY" | agent-add
+echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
 
 # Add strict errors.
 set -eu