chore: upgrade drone-scp to v1.6.7 version. (#101)

- Add a new job `changes` to the `ci.yml` file
- Copy changed files to a server in the `changes` job
- Add a YAML code block to the `README.md` file

fix https://github.com/appleboy/scp-action/issues/73

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://www.paypal.me/appleboy46']

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly

.github/workflows/ci.yml

@@ -2,12 +2,12 @@ name: scp files
 on: [push]
 jobs:
 
-  build:
+  testing:
-    name: Build
+    name: test scp action
     runs-on: ubuntu-latest
     steps:
     - name: checkout
-      uses: actions/checkout@v1
+      uses: actions/checkout@v3
 
     - name: copy file via ssh password
       uses: ./
@@ -50,3 +50,90 @@ jobs:
         port: ${{ secrets.PORT }}
         source: "tests/a.txt,tests/b.txt"
         target: "test"
+
+    - name: use insecure cipher
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.SSH2 }}
+        passphrase: ${{ secrets.PASSPHRASE }}
+        port: ${{ secrets.PORT }}
+        source: "tests/a.txt,tests/b.txt"
+        target: "test"
+        use_insecure_cipher: true
+
+    - name: correct key but wrong password
+      uses: appleboy/scp-action@7af00892de6f8397c5c3393cfb3b32ae7f91b94b
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        password: abcdefg
+        port: ${{ secrets.PORT }}
+        source: "tests/a.txt,tests/b.txt"
+        target: "test"
+
+    - name: correct password but wrong key
+      uses: appleboy/scp-action@7af00892de6f8397c5c3393cfb3b32ae7f91b94b
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: abcdefg
+        password: ${{ secrets.PASSWORD }}
+        port: ${{ secrets.PORT }}
+        source: "tests/a.txt,tests/b.txt"
+        target: "test"
+
+  deploy:
+    name: deploy artifact
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v3
+
+    - run: echo hello > world.txt
+
+    - uses: actions/upload-artifact@v3
+      with:
+        name: my-artifact
+        path: world.txt
+
+    - uses: actions/download-artifact@v2
+      with:
+        name: my-artifact
+        path: distfiles
+
+    - name: copy file to server
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        source: distfiles/*
+        target: test
+
+  changes:
+    name: test changed-files
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v3
+
+    - name: Get changed files
+      id: changed-files
+      uses: tj-actions/changed-files@v35
+      with:
+        since_last_remote_commit: true
+        separator: ","
+
+    - name: copy file to server
+      uses: ./
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        source: ${{ steps.changed-files.outputs.all_changed_files }}
+        target: test

Dockerfile

@@ -1,5 +1,5 @@
-FROM appleboy/drone-scp:1.5.6-linux-amd64
+FROM ghcr.io/appleboy/drone-scp:1.6.7
 
-ADD entrypoint.sh /entrypoint.sh
+COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -2,13 +2,13 @@
 
 [GitHub Action](https://github.com/features/actions) for copying files and artifacts via SSH.
 
-![ssh key](./images/copy-multiple-file.png)
-
 [![Actions Status](https://github.com/appleboy/scp-action/workflows/scp%20files/badge.svg)](https://github.com/appleboy/scp-action/actions)
 
+**Important**: Only support **Linux** [docker](https://www.docker.com/) container.
+
 ## Usage
 
-copy files and artifacts via SSH as blow.
+Copy files and artifacts via SSH:
 
 ```yaml
 name: scp files
@@ -33,23 +33,27 @@ jobs:
 
 ## Input variables
 
-see the [action.yml](./action.yml) file for more detail imformation.
+See the [action.yml](./action.yml) file for more detail information.
 
 * host - scp remote host
 * port - scp remote port, default is `22`
 * username - scp username
 * password - scp password
 * passphrase - the passphrase is usually to encrypt the private key
+* fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
 * timeout - timeout for ssh to remote host, default is `30s`
 * command_timeout - timeout for scp command, default is `10m`
 * key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
 * key_path - path of ssh private key
-* target - target path on the server
+* target - target path on the server, must be a directory (**required**)
-* source - scp file list
+* source - scp file list (**required**)
 * rm - remove target folder before upload data, default is `false`
 * strip_components - remove the specified number of leading path elements.
-* overwrite - use `--overwrite` flag with tar
+* overwrite - use `--overwrite` flag with tar, overwrite existing files when extracting
 * tar_tmp_path - temporary path for tar file on the dest host
+* tar_exec - path to tar executable on the dest host. default is `tar`
+* tar_dereference - use `--dereference` flag with tar, follow symlinks; archive and dump the files they point to
+* use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))
 
 SSH Proxy Setting:
 
@@ -61,10 +65,75 @@ SSH Proxy Setting:
 * proxy_timeout - timeout for ssh to proxy host, default is `30s`
 * proxy_key - content of ssh proxy private key.
 * proxy_key_path - path of ssh proxy private key
+* proxy_fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
+* proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))
 
-### Example
+## Setting up a SSH Key
 
-Copy file via ssh password
+Make sure to follow the below steps while creating SSH Keys and using them.
+The best practice is create the SSH Keys on local machine not remote machine.
+Login with username specified in Github Secrets. Generate a RSA Key-Pair:
+
+```bash
+# rsa
+ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+
+# ed25519
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+Add newly generated key into Authorized keys. Read more about authorized keys [here](https://www.ssh.com/ssh/authorized_keys/).
+
+```bash
+# rsa
+cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+
+# d25519
+cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'
+```
+
+Copy Private Key content and paste in Github Secrets.
+
+```bash
+# rsa
+clip < ~/.ssh/id_rsa
+
+# ed25519
+clip < ~/.ssh/id_ed25519
+```
+
+See the detail information about [SSH login without password](http://www.linuxproblem.org/art_9.html).
+
+**A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
+
+* Put the public key in `.ssh/authorized_keys2`
+* Change the permissions of `.ssh` to 700
+* Change the permissions of `.ssh/authorized_keys2` to 640
+
+### If you are using OpenSSH
+
+If you are currently using OpenSSH and are getting the following error:
+
+```bash
+ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
+```
+
+Make sure that your key algorithm of choice is supported.
+On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`):
+
+```bash
+CASignatureAlgorithms +ssh-rsa
+```
+
+Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:
+
+```bash
+ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"
+```
+
+## Example
+
+Copy file via a SSH password:
 
 ```yaml
 - name: copy file via ssh password
@@ -78,17 +147,16 @@ Copy file via ssh password
     target: "test"
 ```
 
-Copy file via ssh key
+Copy file via a SSH key:
 
 ```yaml
 - name: copy file via ssh key
   uses: appleboy/scp-action@master
-  env:
-    HOST: ${{ secrets.HOST }}
-    USERNAME: ${{ secrets.USERNAME }}
-    PORT: ${{ secrets.PORT }}
-    KEY: ${{ secrets.KEY }}
   with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    port: ${{ secrets.PORT }}
+    key: ${{ secrets.KEY }}
     source: "tests/a.txt,tests/b.txt"
     target: "test"
 ```
@@ -98,17 +166,16 @@ Example configuration for ignore list:
 ```yaml
 - name: copy file via ssh key
   uses: appleboy/scp-action@master
-  env:
-    HOST: ${{ secrets.HOST }}
-    USERNAME: ${{ secrets.USERNAME }}
-    PORT: ${{ secrets.PORT }}
-    KEY: ${{ secrets.KEY }}
   with:
+    host: ${{ secrets.HOST }}
+    username: ${{ secrets.USERNAME }}
+    port: ${{ secrets.PORT }}
+    key: ${{ secrets.KEY }}
     source: "tests/*.txt,!tests/a.txt"
     target: "test"
 ```
 
-Example configuration for multiple server
+Example configuration for multiple servers:
 
 ```diff
   uses: appleboy/scp-action@master
@@ -122,7 +189,54 @@ Example configuration for multiple server
     target: "test"
 ```
 
-remove the specified number of leading path elements
+Example configuration for exclude custom files:
+
+```yaml
+  uses: appleboy/scp-action@master
+  with:
+    host: "example.com"
+    username: foo
+    password: bar
+    port: 22
+-   source: "tests/*.txt"
++   source: "tests/*.txt,!tests/a.txt,!tests/b.txt"
+    target: "test"
+```
+
+Upload artifact files to remote server:
+
+```yaml
+  deploy:
+    name: deploy artifact
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v3
+
+    - run: echo hello > world.txt
+
+    - uses: actions/upload-artifact@v3
+      with:
+        name: my-artifact
+        path: world.txt
+
+    - uses: actions/download-artifact@v2
+      with:
+        name: my-artifact
+        path: distfiles
+
+    - name: copy file to server
+      uses: appleboy/scp-action@master
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        source: distfiles/*
+        target: test
+```
+
+Remove the specified number of leading path elements:
 
 ```yaml
 - name: remove the specified number of leading path elements
@@ -137,7 +251,35 @@ remove the specified number of leading path elements
     strip_components: 1
 ```
 
-old target structure:
+Only copy files that are newer than the corresponding destination files:
+
+```yaml
+  changes:
+    name: test changed-files
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v3
+
+    - name: Get changed files
+      id: changed-files
+      uses: tj-actions/changed-files@v35
+      with:
+        since_last_remote_commit: true
+        separator: ","
+
+    - name: copy file to server
+      uses: appleboy/scp-action@master
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.KEY }}
+        port: ${{ secrets.PORT }}
+        source: ${{ steps.changed-files.outputs.all_changed_files }}
+        target: test
+```
+
+Old target structure:
 
 ```sh
 foobar
@@ -146,7 +288,7 @@ foobar
     └── b.txt
 ```
 
-new target structure:
+New target structure:
 
 ```sh
 foobar

action.yml

@@ -23,21 +23,35 @@ inputs:
     description: 'path of ssh private key'
   passphrase:
     description: 'ssh key passphrase'
+  fingerprint:
+    description: 'fingerprint SHA256 of the host public key, default is to skip verification'
+  use_insecure_cipher:
+    description: 'include more ciphers with use_insecure_cipher'
+    default: false
   target:
-    description: 'target path on the server'
+    description: 'target path on the server, must be a directory path.'
   source:
     description: 'scp file list'
   rm:
     description: 'remove target folder before upload data'
     default: false
+  debug:
+    description: 'enable debug message'
+    default: false
   strip_components:
     description: 'remove the specified number of leading path elements'
     default: 0
   overwrite:
-    description: 'use `--overwrite` flag with tar'
+    description: 'use --overwrite flag with tar'
+    default: false
+  tar_dereference:
+    description: 'use --dereference flag with tar'
     default: false
   tar_tmp_path:
     description: 'temporary path for tar file on the dest host'
+  tar_exec:
+    description: 'temporary path for tar file on the dest host'
+    default: 'tar'
   proxy_host:
     description: 'ssh proxy remote host'
   proxy_port:
@@ -56,6 +70,11 @@ inputs:
     description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa'
   proxy_key_path:
     description: 'path of ssh proxy private key'
+  proxy_fingerprint:
+    description: 'fingerprint SHA256 of the host public key, default is to skip verification'
+  proxy_use_insecure_cipher:
+    description: 'include more ciphers with use_insecure_cipher'
+    default: false
 runs:
   using: 'docker'
   image: 'Dockerfile'

entrypoint.sh

@@ -2,8 +2,6 @@
 
 set -eu
 
-export GITHUB="true"
-
 [ -n "$INPUT_STRIP_COMPONENTS" ] && export INPUT_STRIP_COMPONENTS=$((INPUT_STRIP_COMPONENTS + 0))
 
 sh -c "/bin/drone-scp $*"

tests/a.txt

@@ -1 +1,2 @@
 foo
+foobar

tests/b.txt

@@ -1 +1,2 @@
 bar
+foobar

tests/c.txt

@@ -1 +1,3 @@
 c
+foobar
+test1234

tests/d.txt

@@ -1 +1,3 @@
 d
+foobar
+foobar