feat: migrate to composite action with dynamic drone-scp support

- Remove Dockerfile and switch the action implementation from Docker to composite actions
- Add support for specifying the drone-scp version and automatically download the appropriate binary at runtime
- Add new inputs: curl_insecure, capture_stdout, and version for improved flexibility and output handling
- Add output for capturing standard output from executed commands when enabled
- entrypoint.sh refactored from sh to bash and made more robust with error handling, dynamic platform/architecture detection, and secure downloading of the binary
- Action now works cross-platform rather than being tied to a specific Docker image

Signed-off-by: appleboy <appleboy.tw@gmail.com>

Dockerfile

@@ -1,5 +0,0 @@
-FROM ghcr.io/appleboy/drone-scp:1.6.14
-
-COPY entrypoint.sh /bin/entrypoint.sh
-
-ENTRYPOINT ["/bin/entrypoint.sh"]

README.md

@@ -4,7 +4,7 @@
 
 [![Actions Status](https://github.com/appleboy/scp-action/workflows/scp%20files/badge.svg)](https://github.com/appleboy/scp-action/actions)
 
-**Important**: Only support **Linux** [docker](https://www.docker.com/) container.
+**Important**: Only supports **Linux** [docker](https://www.docker.com/) containers.
 
 ## Usage
 
@@ -34,46 +34,50 @@ jobs:
 
 See the [action.yml](./action.yml) file for more detail information.
 
-- host - scp remote host
-- port - scp remote port, default is `22`
-- username - scp username
-- password - scp password
-- passphrase - the passphrase is usually to encrypt the private key
-- protocol - The IP protocol to use. Valid values are `tcp`. `tcp4` or `tcp6`. Default to `tcp`.
-- fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
-- timeout - timeout for ssh to remote host, default is `30s`
-- command_timeout - timeout for scp command, default is `10m`
-- key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
-- key_path - path of ssh private key
-- target - target path on the server, must be a directory (**required**)
-- source - scp file list (**required**)
-- rm - remove target folder before upload data, default is `false`
-- strip_components - remove the specified number of leading path elements.
-- overwrite - use `--overwrite` flag with tar, overwrite existing files when extracting
-- tar_tmp_path - temporary path for tar file on the dest host
-- tar_exec - path to tar executable on the dest host. default is `tar`
-- tar_dereference - use `--dereference` flag with tar, follow symlinks; archive and dump the files they point to
-- use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))
+| Variable            | Description                                                                                                 | Default Value |
+| ------------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| host                | SCP remote host                                                                                             | -             |
+| port                | SCP remote port                                                                                             | `22`          |
+| username            | SCP username                                                                                                | -             |
+| password            | SCP password                                                                                                | -             |
+| passphrase          | The passphrase is usually used to encrypt the private key                                                   | -             |
+| protocol            | The IP protocol to use. Valid values are `tcp`, `tcp4`, or `tcp6`.                                          | `tcp`         |
+| fingerprint         | Fingerprint SHA256 of the host public key. Default is to skip verification                                  | -             |
+| timeout             | Timeout for SSH to remote host                                                                              | `30s`         |
+| command_timeout     | Timeout for SCP command                                                                                     | `10m`         |
+| key                 | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa                                              | -             |
+| key_path            | Path of SSH private key                                                                                     | -             |
+| target              | Target path on the server, must be a directory (**required**)                                               | -             |
+| source              | SCP file list (**required**)                                                                                | -             |
+| rm                  | Remove target folder before uploading data                                                                  | `false`       |
+| strip_components    | Remove the specified number of leading path elements                                                        | -             |
+| overwrite           | Use `--overwrite` flag with tar, overwrite existing files when extracting                                   | -             |
+| tar_tmp_path        | Temporary path for tar file on the destination host                                                         | -             |
+| tar_exec            | Path to tar executable on the destination host                                                              | `tar`         |
+| tar_dereference     | Use `--dereference` flag with tar, follow symlinks; archive and dump the files they point to                | -             |
+| use_insecure_cipher | Include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15)) | -             |
 
 SSH Proxy Setting:
 
-- proxy_host - proxy host
-- proxy_port - proxy port, default is `22`
-- proxy_username - proxy username
-- proxy_password - proxy password
-- proxy_protocol - The IP protocol to use. Valid values are `tcp`. `tcp4` or `tcp6`. Default to `tcp`.
-- proxy_passphrase - the passphrase is usually to encrypt the private key
-- proxy_timeout - timeout for ssh to proxy host, default is `30s`
-- proxy_key - content of ssh proxy private key.
-- proxy_key_path - path of ssh proxy private key
-- proxy_fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
-- proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))
+| Variable                  | Description                                                                                                 | Default Value |
+| ------------------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| proxy_host                | Proxy host                                                                                                  | -             |
+| proxy_port                | Proxy port                                                                                                  | `22`          |
+| proxy_username            | Proxy username                                                                                              | -             |
+| proxy_password            | Proxy password                                                                                              | -             |
+| proxy_protocol            | The IP protocol to use. Valid values are `tcp`, `tcp4`, or `tcp6`.                                          | `tcp`         |
+| proxy_passphrase          | The passphrase is usually used to encrypt the private key                                                   | -             |
+| proxy_timeout             | Timeout for SSH to proxy host                                                                               | `30s`         |
+| proxy_key                 | Content of SSH proxy private key                                                                            | -             |
+| proxy_key_path            | Path of SSH proxy private key                                                                               | -             |
+| proxy_fingerprint         | Fingerprint SHA256 of the host public key. Default is to skip verification                                  | -             |
+| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15)) | -             |
 
 ## Setting up a SSH Key
 
-Make sure to follow the below steps while creating SSH Keys and using them.
-The best practice is create the SSH Keys on local machine not remote machine.
-Login with username specified in Github Secrets. Generate a RSA Key-Pair:
+Make sure to follow the steps below when creating and using SSH keys.
+The best practice is to create the SSH keys on the local machine, not the remote machine.
+Log in with the username specified in GitHub Secrets and generate an RSA key pair:
 
 ```bash
 # rsa
@@ -148,6 +152,20 @@ Copy file via a SSH password:
     target: your_server_target_folder_path
 ```
 
+Using the environment variables
+
+```yaml
+- name: copy file via ssh password
+  uses: appleboy/scp-action@v0.1.7
+  with:
+    host: ${{ env.HOST }}
+    username: ${{ env.USERNAME }}
+    password: ${{ secrets.PASSWORD }}
+    port: ${{ env.PORT }}
+    source: "tests/a.txt,tests/b.txt"
+    target: ${{ env.TARGET_PATH }}
+```
+
 Copy file via a SSH key:
 
 ```yaml

action.yml

@@ -71,9 +71,71 @@ inputs:
     description: "fingerprint SHA256 of the host public key, default is to skip verification"
   proxy_use_insecure_cipher:
     description: "include more ciphers with use_insecure_cipher"
+  curl_insecure:
+    description: "When true, uses the --insecure option with curl for insecure downloads."
+    default: "false"
+  capture_stdout:
+    description: "When true, captures and returns standard output from the commands as action output."
+    default: "false"
+  version:
+    description: |
+      The version of drone-scp to use.
+
+outputs:
+  stdout:
+    description: "Standard output of the executed commands when capture_stdout is enabled."
+    value: ${{ steps.entrypoint.outputs.stdout }}
+
 runs:
-  using: "docker"
-  image: "Dockerfile"
+  using: "composite"
+  steps:
+    - name: Set GitHub Path
+      run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
+      shell: bash
+      env:
+        GITHUB_ACTION_PATH: ${{ github.action_path }}
+    - id: entrypoint
+      name: Run entrypoint.sh
+      run: entrypoint.sh
+      shell: bash
+      env:
+        GITHUB_ACTION_PATH: ${{ github.action_path }}
+        INPUT_HOST: ${{ inputs.host }}
+        INPUT_PORT: ${{ inputs.port }}
+        INPUT_PROTOCOL: ${{ inputs.protocol }}
+        INPUT_USERNAME: ${{ inputs.username }}
+        INPUT_PASSWORD: ${{ inputs.password }}
+        INPUT_PASSPHRASE: ${{ inputs.passphrase }}
+        INPUT_KEY: ${{ inputs.key }}
+        INPUT_KEY_PATH: ${{ inputs.key_path }}
+        INPUT_FINGERPRINT: ${{ inputs.fingerprint }}
+        INPUT_PROXY_HOST: ${{ inputs.proxy_host }}
+        INPUT_PROXY_PORT: ${{ inputs.proxy_port }}
+        INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }}
+        INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }}
+        INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }}
+        INPUT_PROXY_KEY: ${{ inputs.proxy_key }}
+        INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }}
+        INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }}
+        INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }}
+        INPUT_CIPHER: ${{ inputs.cipher }}
+        INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
+        INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
+        INPUT_DEBUG: ${{ inputs.debug }}
+        INPUT_TIMEOUT: ${{ inputs.timeout }}
+        INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
+        INPUT_TARGET: ${{ inputs.target }}
+        INPUT_SOURCE: ${{ inputs.source }}
+        INPUT_RM: ${{ inputs.rm }}
+        INPUT_STRIP_COMPONENTS: ${{ inputs.strip_components }}
+        INPUT_OVERWRITE: ${{ inputs.overwrite }}
+        INPUT_TAR_DEREFERENCE: ${{ inputs.tar_dereference }}
+        INPUT_TAR_TMP_PATH: ${{ inputs.tar_tmp_path }}
+        INPUT_TAR_EXEC: ${{ inputs.tar_exec }}
+        INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
+        INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}
+        INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }}
+        DRONE_SCP_VERSION: ${{ inputs.version }}
 
 branding:
   icon: "copy"

entrypoint.sh

@@ -1,7 +1,56 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
-set -eu
+set -euo pipefail
 
-[ -n "$INPUT_STRIP_COMPONENTS" ] && export INPUT_STRIP_COMPONENTS=$((INPUT_STRIP_COMPONENTS + 0))
+export GITHUB="true"
 
-sh -c "/bin/drone-scp $*"
+GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}"
+DRONE_SCP_RELEASE_URL="${DRONE_SCP_RELEASE_URL:-https://github.com/appleboy/drone-scp/releases/download}"
+DRONE_SCP_VERSION="${DRONE_SCP_VERSION:-1.7.0}"
+
+function log_error() {
+  echo "$1" >&2
+  exit "$2"
+}
+
+function detect_client_info() {
+  CLIENT_PLATFORM="${SCP_CLIENT_OS:-$(uname -s | tr '[:upper:]' '[:lower:]')}"
+  CLIENT_ARCH="${SCP_CLIENT_ARCH:-$(uname -m)}"
+
+  case "${CLIENT_PLATFORM}" in
+  darwin | linux | windows) ;;
+  *) log_error "Unknown or unsupported platform: ${CLIENT_PLATFORM}. Supported platforms are Linux, Darwin, and Windows." 2 ;;
+  esac
+
+  case "${CLIENT_ARCH}" in
+  x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;;
+  aarch64* | arm64*) CLIENT_ARCH="arm64" ;;
+  *) log_error "Unknown or unsupported architecture: ${CLIENT_ARCH}. Supported architectures are x86_64, i686, and arm64." 3 ;;
+  esac
+}
+
+detect_client_info
+DOWNLOAD_URL_PREFIX="${DRONE_SCP_RELEASE_URL}/v${DRONE_SCP_VERSION}"
+CLIENT_BINARY="drone-scp-${DRONE_SCP_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}"
+TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}"
+echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}"
+INSECURE_OPTION=""
+if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then
+  INSECURE_OPTION="--insecure"
+fi
+
+curl -fsSL --retry 5 --keepalive-time 2 ${INSECURE_OPTION} "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}"
+chmod +x "${TARGET}"
+
+echo "======= CLI Version Information ======="
+"${TARGET}" --version
+echo "======================================="
+if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then
+  {
+    echo 'stdout<<EOF'
+    "${TARGET}" "$@" | tee -a "${GITHUB_OUTPUT}"
+    echo 'EOF'
+  } >>"${GITHUB_OUTPUT}"
+else
+  "${TARGET}" "$@"
+fi