feat: migrate to composite action with dynamic drone-scp support

- Remove Dockerfile and switch the action implementation from Docker to composite actions
- Add support for specifying the drone-scp version and automatically download the appropriate binary at runtime
- Add new inputs: curl_insecure, capture_stdout, and version for improved flexibility and output handling
- Add output for capturing standard output from executed commands when enabled
- entrypoint.sh refactored from sh to bash and made more robust with error handling, dynamic platform/architecture detection, and secure downloading of the binary
- Action now works cross-platform rather than being tied to a specific Docker image

Signed-off-by: appleboy <appleboy.tw@gmail.com>

.github/workflows/ci.yml

@@ -100,7 +100,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v41
+        uses: tj-actions/changed-files@v45
         with:
           since_last_remote_commit: true
           separator: ","

.github/workflows/goreleaser.yml

@@ -0,0 +1,33 @@
+name: Goreleaser
+
+on:
+  push:
+    tags:
+      - "*"
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "^1"
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.goreleaser.yaml

@@ -0,0 +1,28 @@
+builds:
+  - # If true, skip the build.
+    # Useful for library projects.
+    # Default is false
+    skip: true
+
+changelog:
+  use: github
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: "Bug fixes"
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: "Enhancements"
+      regexp: "^.*chore[(\\w)]*:+.*$"
+      order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: "Build process updates"
+      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
+      order: 4
+    - title: "Documentation updates"
+      regexp: ^.*?docs?(\(.+\))??!?:.+$
+      order: 4
+    - title: Others

Dockerfile

@@ -1,5 +0,0 @@
-FROM ghcr.io/appleboy/drone-scp:1.6.14
-
-COPY entrypoint.sh /bin/entrypoint.sh
-
-ENTRYPOINT ["/bin/entrypoint.sh"]

README.md

@@ -4,7 +4,7 @@
 
 [![Actions Status](https://github.com/appleboy/scp-action/workflows/scp%20files/badge.svg)](https://github.com/appleboy/scp-action/actions)
 
-**Important**: Only support **Linux** [docker](https://www.docker.com/) container.
+**Important**: Only supports **Linux** [docker](https://www.docker.com/) containers.
 
 ## Usage
 
@@ -14,12 +14,11 @@ Copy files and artifacts via SSH:
 name: scp files
 on: [push]
 jobs:
-
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: copy file via ssh password
         uses: appleboy/scp-action@v0.1.7
         with:
@@ -35,44 +34,50 @@ jobs:
 
 See the [action.yml](./action.yml) file for more detail information.
 
-* host - scp remote host
+| Variable            | Description                                                                                                 | Default Value |
-* port - scp remote port, default is `22`
+| ------------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
-* username - scp username
+| host                | SCP remote host                                                                                             | -             |
-* password - scp password
+| port                | SCP remote port                                                                                             | `22`          |
-* passphrase - the passphrase is usually to encrypt the private key
+| username            | SCP username                                                                                                | -             |
-* fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
+| password            | SCP password                                                                                                | -             |
-* timeout - timeout for ssh to remote host, default is `30s`
+| passphrase          | The passphrase is usually used to encrypt the private key                                                   | -             |
-* command_timeout - timeout for scp command, default is `10m`
+| protocol            | The IP protocol to use. Valid values are `tcp`, `tcp4`, or `tcp6`.                                          | `tcp`         |
-* key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
+| fingerprint         | Fingerprint SHA256 of the host public key. Default is to skip verification                                  | -             |
-* key_path - path of ssh private key
+| timeout             | Timeout for SSH to remote host                                                                              | `30s`         |
-* target - target path on the server, must be a directory (**required**)
+| command_timeout     | Timeout for SCP command                                                                                     | `10m`         |
-* source - scp file list (**required**)
+| key                 | Content of SSH private key. e.g., raw content of ~/.ssh/id_rsa                                              | -             |
-* rm - remove target folder before upload data, default is `false`
+| key_path            | Path of SSH private key                                                                                     | -             |
-* strip_components - remove the specified number of leading path elements.
+| target              | Target path on the server, must be a directory (**required**)                                               | -             |
-* overwrite - use `--overwrite` flag with tar, overwrite existing files when extracting
+| source              | SCP file list (**required**)                                                                                | -             |
-* tar_tmp_path - temporary path for tar file on the dest host
+| rm                  | Remove target folder before uploading data                                                                  | `false`       |
-* tar_exec - path to tar executable on the dest host. default is `tar`
+| strip_components    | Remove the specified number of leading path elements                                                        | -             |
-* tar_dereference - use `--dereference` flag with tar, follow symlinks; archive and dump the files they point to
+| overwrite           | Use `--overwrite` flag with tar, overwrite existing files when extracting                                   | -             |
-* use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))
+| tar_tmp_path        | Temporary path for tar file on the destination host                                                         | -             |
+| tar_exec            | Path to tar executable on the destination host                                                              | `tar`         |
+| tar_dereference     | Use `--dereference` flag with tar, follow symlinks; archive and dump the files they point to                | -             |
+| use_insecure_cipher | Include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15)) | -             |
 
 SSH Proxy Setting:
 
-* proxy_host - proxy host
+| Variable                  | Description                                                                                                 | Default Value |
-* proxy_port - proxy port, default is `22`
+| ------------------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
-* proxy_username - proxy username
+| proxy_host                | Proxy host                                                                                                  | -             |
-* proxy_password - proxy password
+| proxy_port                | Proxy port                                                                                                  | `22`          |
-* proxy_passphrase - the passphrase is usually to encrypt the private key
+| proxy_username            | Proxy username                                                                                              | -             |
-* proxy_timeout - timeout for ssh to proxy host, default is `30s`
+| proxy_password            | Proxy password                                                                                              | -             |
-* proxy_key - content of ssh proxy private key.
+| proxy_protocol            | The IP protocol to use. Valid values are `tcp`, `tcp4`, or `tcp6`.                                          | `tcp`         |
-* proxy_key_path - path of ssh proxy private key
+| proxy_passphrase          | The passphrase is usually used to encrypt the private key                                                   | -             |
-* proxy_fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
+| proxy_timeout             | Timeout for SSH to proxy host                                                                               | `30s`         |
-* proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15))
+| proxy_key                 | Content of SSH proxy private key                                                                            | -             |
+| proxy_key_path            | Path of SSH proxy private key                                                                               | -             |
+| proxy_fingerprint         | Fingerprint SHA256 of the host public key. Default is to skip verification                                  | -             |
+| proxy_use_insecure_cipher | Include more ciphers with use_insecure_cipher (see [#15](https://github.com/appleboy/scp-action/issues/15)) | -             |
 
 ## Setting up a SSH Key
 
-Make sure to follow the below steps while creating SSH Keys and using them.
+Make sure to follow the steps below when creating and using SSH keys.
-The best practice is create the SSH Keys on local machine not remote machine.
+The best practice is to create the SSH keys on the local machine, not the remote machine.
-Login with username specified in Github Secrets. Generate a RSA Key-Pair:
+Log in with the username specified in GitHub Secrets and generate an RSA key pair:
 
 ```bash
 # rsa
@@ -106,9 +111,9 @@ See the detail information about [SSH login without password](http://www.linuxpr
 
 **A note** from one of our readers: Depending on your version of SSH you might also have to do the following changes:
 
-* Put the public key in `.ssh/authorized_keys2`
+- Put the public key in `.ssh/authorized_keys2`
-* Change the permissions of `.ssh` to 700
+- Change the permissions of `.ssh` to 700
-* Change the permissions of `.ssh/authorized_keys2` to 640
+- Change the permissions of `.ssh/authorized_keys2` to 640
 
 ### If you are using OpenSSH
 
@@ -147,6 +152,20 @@ Copy file via a SSH password:
     target: your_server_target_folder_path
 ```
 
+Using the environment variables
+
+```yaml
+- name: copy file via ssh password
+  uses: appleboy/scp-action@v0.1.7
+  with:
+    host: ${{ env.HOST }}
+    username: ${{ env.USERNAME }}
+    password: ${{ secrets.PASSWORD }}
+    port: ${{ env.PORT }}
+    source: "tests/a.txt,tests/b.txt"
+    target: ${{ env.TARGET_PATH }}
+```
+
 Copy file via a SSH key:
 
 ```yaml
@@ -206,21 +225,21 @@ Example configuration for exclude custom files:
 Upload artifact files to remote server:
 
 ```yaml
-  deploy:
+deploy:
   name: deploy artifact
   runs-on: ubuntu-latest
   steps:
     - name: checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - run: echo hello > world.txt
 
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@v4
       with:
         name: my-artifact
         path: world.txt
 
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@v4
       with:
         name: my-artifact
         path: distfiles
@@ -271,12 +290,12 @@ foobar
 Only copy files that are newer than the corresponding destination files:
 
 ```yaml
-  changes:
+changes:
   name: test changed-files
   runs-on: ubuntu-latest
   steps:
     - name: checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Get changed files
       id: changed-files

action.yml

@@ -1,84 +1,142 @@
-name: 'SCP Command to Transfer Files'
+name: "SCP Command to Transfer Files"
-description: 'How to Use SCP Command to Transfer Files/Folders in Linux'
+description: "How to Use SCP Command to Transfer Files/Folders in Linux"
-author: 'Bo-Yi Wu'
+author: "Bo-Yi Wu"
 inputs:
   host:
-    description: 'scp remote host'
+    description: "scp remote host"
   port:
-    description: 'scp remote port'
+    description: "scp remote port"
-    default: 22
+    default: "22"
   username:
-    description: 'scp username'
+    description: "scp username"
   password:
-    description: 'scp password'
+    description: "scp password"
+  protocol:
+    description: "The IP protocol to use. Valid values are 'tcp'. 'tcp4' or 'tcp6'. Default to tcp."
+    default: "tcp"
   timeout:
-    description: 'timeout for ssh to remote host'
+    description: "timeout for ssh to remote host"
     default: "30s"
   command_timeout:
-    description: 'timeout for scp command'
+    description: "timeout for scp command"
     default: "10m"
   key:
-    description: 'content of ssh private key. ex raw content of ~/.ssh/id_rsa'
+    description: "content of ssh private key. ex raw content of ~/.ssh/id_rsa"
   key_path:
-    description: 'path of ssh private key'
+    description: "path of ssh private key"
   passphrase:
-    description: 'ssh key passphrase'
+    description: "ssh key passphrase"
   fingerprint:
-    description: 'fingerprint SHA256 of the host public key, default is to skip verification'
+    description: "fingerprint SHA256 of the host public key, default is to skip verification"
   use_insecure_cipher:
-    description: 'include more ciphers with use_insecure_cipher'
+    description: "include more ciphers with use_insecure_cipher"
-    default: false
   target:
-    description: 'target path on the server, must be a directory path.'
+    description: "target path on the server, must be a directory path."
   source:
-    description: 'scp file list'
+    description: "scp file list"
   rm:
-    description: 'remove target folder before upload data'
+    description: "remove target folder before upload data"
-    default: false
   debug:
-    description: 'enable debug message'
+    description: "enable debug message"
-    default: false
   strip_components:
-    description: 'remove the specified number of leading path elements'
+    description: "remove the specified number of leading path elements"
-    default: 0
   overwrite:
-    description: 'use --overwrite flag with tar'
+    description: "use --overwrite flag with tar"
-    default: false
   tar_dereference:
-    description: 'use --dereference flag with tar'
+    description: "use --dereference flag with tar"
-    default: false
   tar_tmp_path:
-    description: 'temporary path for tar file on the dest host'
+    description: "temporary path for tar file on the dest host"
   tar_exec:
-    description: 'temporary path for tar file on the dest host'
+    description: "temporary path for tar file on the dest host"
-    default: 'tar'
+    default: "tar"
   proxy_host:
-    description: 'ssh proxy remote host'
+    description: "ssh proxy remote host"
   proxy_port:
-    description: 'ssh proxy remote port'
+    description: "ssh proxy remote port"
-    default: 22
+    default: "22"
   proxy_username:
-    description: 'ssh proxy username'
+    description: "ssh proxy username"
   proxy_password:
-    description: 'ssh proxy password'
+    description: "ssh proxy password"
   proxy_passphrase:
-    description: 'ssh proxy key passphrase'
+    description: "ssh proxy key passphrase"
   proxy_timeout:
-    description: 'timeout for ssh to proxy host'
+    description: "timeout for ssh to proxy host"
     default: "30s"
   proxy_key:
-    description: 'content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa'
+    description: "content of ssh proxy private key. ex raw content of ~/.ssh/id_rsa"
   proxy_key_path:
-    description: 'path of ssh proxy private key'
+    description: "path of ssh proxy private key"
   proxy_fingerprint:
-    description: 'fingerprint SHA256 of the host public key, default is to skip verification'
+    description: "fingerprint SHA256 of the host public key, default is to skip verification"
   proxy_use_insecure_cipher:
-    description: 'include more ciphers with use_insecure_cipher'
+    description: "include more ciphers with use_insecure_cipher"
-    default: false
+  curl_insecure:
+    description: "When true, uses the --insecure option with curl for insecure downloads."
+    default: "false"
+  capture_stdout:
+    description: "When true, captures and returns standard output from the commands as action output."
+    default: "false"
+  version:
+    description: |
+      The version of drone-scp to use.
+
+outputs:
+  stdout:
+    description: "Standard output of the executed commands when capture_stdout is enabled."
+    value: ${{ steps.entrypoint.outputs.stdout }}
+
 runs:
-  using: 'docker'
+  using: "composite"
-  image: 'Dockerfile'
+  steps:
+    - name: Set GitHub Path
+      run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
+      shell: bash
+      env:
+        GITHUB_ACTION_PATH: ${{ github.action_path }}
+    - id: entrypoint
+      name: Run entrypoint.sh
+      run: entrypoint.sh
+      shell: bash
+      env:
+        GITHUB_ACTION_PATH: ${{ github.action_path }}
+        INPUT_HOST: ${{ inputs.host }}
+        INPUT_PORT: ${{ inputs.port }}
+        INPUT_PROTOCOL: ${{ inputs.protocol }}
+        INPUT_USERNAME: ${{ inputs.username }}
+        INPUT_PASSWORD: ${{ inputs.password }}
+        INPUT_PASSPHRASE: ${{ inputs.passphrase }}
+        INPUT_KEY: ${{ inputs.key }}
+        INPUT_KEY_PATH: ${{ inputs.key_path }}
+        INPUT_FINGERPRINT: ${{ inputs.fingerprint }}
+        INPUT_PROXY_HOST: ${{ inputs.proxy_host }}
+        INPUT_PROXY_PORT: ${{ inputs.proxy_port }}
+        INPUT_PROXY_USERNAME: ${{ inputs.proxy_username }}
+        INPUT_PROXY_PASSWORD: ${{ inputs.proxy_password }}
+        INPUT_PROXY_PASSPHRASE: ${{ inputs.proxy_passphrase }}
+        INPUT_PROXY_KEY: ${{ inputs.proxy_key }}
+        INPUT_PROXY_KEY_PATH: ${{ inputs.proxy_key_path }}
+        INPUT_PROXY_FINGERPRINT: ${{ inputs.proxy_fingerprint }}
+        INPUT_USE_INSECURE_CIPHER: ${{ inputs.use_insecure_cipher }}
+        INPUT_CIPHER: ${{ inputs.cipher }}
+        INPUT_PROXY_USE_INSECURE_CIPHER: ${{ inputs.proxy_use_insecure_cipher }}
+        INPUT_PROXY_CIPHER: ${{ inputs.proxy_cipher }}
+        INPUT_DEBUG: ${{ inputs.debug }}
+        INPUT_TIMEOUT: ${{ inputs.timeout }}
+        INPUT_COMMAND_TIMEOUT: ${{ inputs.command_timeout }}
+        INPUT_TARGET: ${{ inputs.target }}
+        INPUT_SOURCE: ${{ inputs.source }}
+        INPUT_RM: ${{ inputs.rm }}
+        INPUT_STRIP_COMPONENTS: ${{ inputs.strip_components }}
+        INPUT_OVERWRITE: ${{ inputs.overwrite }}
+        INPUT_TAR_DEREFERENCE: ${{ inputs.tar_dereference }}
+        INPUT_TAR_TMP_PATH: ${{ inputs.tar_tmp_path }}
+        INPUT_TAR_EXEC: ${{ inputs.tar_exec }}
+        INPUT_PROXY_TIMEOUT: ${{ inputs.proxy_timeout }}
+        INPUT_CAPTURE_STDOUT: ${{ inputs.capture_stdout }}
+        INPUT_CURL_INSECURE: ${{ inputs.curl_insecure }}
+        DRONE_SCP_VERSION: ${{ inputs.version }}
 
 branding:
-  icon: 'copy'
+  icon: "copy"
-  color: 'gray-dark'
+  color: "gray-dark"

entrypoint.sh

@@ -1,7 +1,56 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
-set -eu
+set -euo pipefail
 
-[ -n "$INPUT_STRIP_COMPONENTS" ] && export INPUT_STRIP_COMPONENTS=$((INPUT_STRIP_COMPONENTS + 0))
+export GITHUB="true"
 
-sh -c "/bin/drone-scp $*"
+GITHUB_ACTION_PATH="${GITHUB_ACTION_PATH%/}"
+DRONE_SCP_RELEASE_URL="${DRONE_SCP_RELEASE_URL:-https://github.com/appleboy/drone-scp/releases/download}"
+DRONE_SCP_VERSION="${DRONE_SCP_VERSION:-1.7.0}"
+
+function log_error() {
+  echo "$1" >&2
+  exit "$2"
+}
+
+function detect_client_info() {
+  CLIENT_PLATFORM="${SCP_CLIENT_OS:-$(uname -s | tr '[:upper:]' '[:lower:]')}"
+  CLIENT_ARCH="${SCP_CLIENT_ARCH:-$(uname -m)}"
+
+  case "${CLIENT_PLATFORM}" in
+  darwin | linux | windows) ;;
+  *) log_error "Unknown or unsupported platform: ${CLIENT_PLATFORM}. Supported platforms are Linux, Darwin, and Windows." 2 ;;
+  esac
+
+  case "${CLIENT_ARCH}" in
+  x86_64* | i?86_64* | amd64*) CLIENT_ARCH="amd64" ;;
+  aarch64* | arm64*) CLIENT_ARCH="arm64" ;;
+  *) log_error "Unknown or unsupported architecture: ${CLIENT_ARCH}. Supported architectures are x86_64, i686, and arm64." 3 ;;
+  esac
+}
+
+detect_client_info
+DOWNLOAD_URL_PREFIX="${DRONE_SCP_RELEASE_URL}/v${DRONE_SCP_VERSION}"
+CLIENT_BINARY="drone-scp-${DRONE_SCP_VERSION}-${CLIENT_PLATFORM}-${CLIENT_ARCH}"
+TARGET="${GITHUB_ACTION_PATH}/${CLIENT_BINARY}"
+echo "Downloading ${CLIENT_BINARY} from ${DOWNLOAD_URL_PREFIX}"
+INSECURE_OPTION=""
+if [[ "${INPUT_CURL_INSECURE}" == 'true' ]]; then
+  INSECURE_OPTION="--insecure"
+fi
+
+curl -fsSL --retry 5 --keepalive-time 2 ${INSECURE_OPTION} "${DOWNLOAD_URL_PREFIX}/${CLIENT_BINARY}" -o "${TARGET}"
+chmod +x "${TARGET}"
+
+echo "======= CLI Version Information ======="
+"${TARGET}" --version
+echo "======================================="
+if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then
+  {
+    echo 'stdout<<EOF'
+    "${TARGET}" "$@" | tee -a "${GITHUB_OUTPUT}"
+    echo 'EOF'
+  } >>"${GITHUB_OUTPUT}"
+else
+  "${TARGET}" "$@"
+fi