Merge pull request #59 from Burnett01/release/7.0.0

Release/7.0.0
Burnett01 · Mar 6, 2024 · e1c5b90 · e1c5b90
2 parents c04732d + 93f02b8
commit e1c5b90
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 16 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM drinternet/rsync:v1.4.3
+FROM drinternet/rsync:v1.4.4
 
 # Copy entrypoint
 COPY entrypoint.sh /entrypoint.sh

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ This GitHub Action (amd64) deploys files in `GITHUB_WORKSPACE` to a remote folde
 
 Use this action in a CD workflow which leaves deployable code in `GITHUB_WORKSPACE`.
 
-The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.17.2 (no cache) which results in fast deployments.
+The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of this action is very small and is based on Alpine 3.19.1 (no cache) which results in fast deployments.
 
 ---
 
@@ -14,6 +14,8 @@ The base-image [drinternet/rsync](https://github.com/JoshPiper/rsync-docker/) of
 
 - `rsh` - Remote shell commands
 
+- `legacy_allow_rsa_hostkeys` - Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false")
+
 - `path` - The source path. Defaults to GITHUB_WORKSPACE and is relative to it
 
 - `remote_path`* - The deployment target path
@@ -55,7 +57,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@6.0.0
+      uses: burnett01/rsync-deployments@7.0.0
       with:
         switches: -avzr --delete
         path: src/
@@ -74,7 +76,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@6.0.0
+      uses: burnett01/rsync-deployments@7.0.0
       with:
         switches: -avzr --delete --exclude="" --include="" --filter=""
         path: src/
@@ -94,7 +96,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@6.0.0
+      uses: burnett01/rsync-deployments@7.0.0
       with:
         switches: -avzr --delete
         path: src/
@@ -114,7 +116,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: rsync deployments
-      uses: burnett01/rsync-deployments@6.0.0
+      uses: burnett01/rsync-deployments@7.0.0
       with:
         switches: -avzr --delete
         path: src/
@@ -125,9 +127,46 @@ jobs:
         remote_key: ${{ secrets.DEPLOY_KEY }}
         remote_key_pass: ${{ secrets.DEPLOY_KEY_PASS }}
 ```
+
 ---
 
-## Version 5.0, 5.1 & 5.2
+#### Legacy RSA Hostkeys support for OpenSSH Servers >= 8.8+
+
+If your remote OpenSSH Server still uses RSA hostkeys, then you have to
+manually enable legacy support for this by using ``legacy_allow_rsa_hostkeys: "true"``.
+
+```
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: rsync deployments
+      uses: burnett01/[email protected]
+      with:
+        switches: -avzr --delete
+        legacy_allow_rsa_hostkeys: "true"
+        path: src/
+        remote_path: ${{ secrets.DEPLOY_PATH }}
+        remote_host: ${{ secrets.DEPLOY_HOST }}
+        remote_port: ${{ secrets.DEPLOY_PORT }}
+        remote_user: ${{ secrets.DEPLOY_USER }}
+        remote_key: ${{ secrets.DEPLOY_KEY }}
+```
+
+See [#49](https://github.com/Burnett01/rsync-deployments/issues/49) and [#24](https://github.com/Burnett01/rsync-deployments/issues/24) for more information.
+
+---
+
+## Version 6.0 (MAINTENANCE)
+
+Check here: 
+
+- https://github.com/Burnett01/rsync-deployments/tree/6.0  (alpine 3.17.2)
+
+---
+
+## Version 5.0, 5.1 & 5.2 & 5.x (DEPRECATED)
 
 Check here: 
 
@@ -136,10 +175,10 @@ Check here:
 - https://github.com/Burnett01/rsync-deployments/tree/5.2  (alpine 3.15.0)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2.1  (alpine 3.16.1)
 - https://github.com/Burnett01/rsync-deployments/tree/5.2.2  (alpine 3.17.2)
-- 
+
 ---
 
-## Version 4.0 & 4.1
+## Version 4.0 & 4.1 (EOL)
 
 Check here: 
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -6,12 +6,13 @@ The following versions are currently being supported with security updates:
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 6.x   | :white_check_mark: |
-| 5.x   | :white_check_mark: |
-| 4.x   | :white_check_mark: |
-| 3.0   | :x: |
-| 2.0   | :x:                |
-| 1.0   | :x:                |
+| 7.x   | :white_check_mark: |
+| 6.x   | :information_source: MAINTENANCE |
+| 5.x   | :warning: DEPRECATED |
+| 4.x   | :x: EOL |
+| 3.0   | :x: EOL |
+| 2.0   | :x: EOL               |
+| 1.0   | :x: EOL               |
 
 ## Reporting a Vulnerability
 

diff --git a/action.yml b/action.yml
@@ -9,6 +9,10 @@ inputs:
     description: 'The remote shell argument'
     required: false
     default: ''
+  legacy_allow_rsa_hostkeys:
+    description: 'Enables support for legacy RSA host keys on OpenSSH 8.8+'
+    required: false
+    default: 'false'
   path:
     description: 'The local path'
     required: false

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -13,8 +13,11 @@ echo "$INPUT_REMOTE_KEY" | SSH_PASS="$INPUT_REMOTE_KEY_PASS" agent-add
 set -eu
 
 # Variables.
+LEGACY_RSA_HOSTKEYS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
+LEGACY_RSA_HOSTKEYS=$([ "$INPUT_LEGACY_ALLOW_RSA_HOSTKEYS" = "true" ] && echo "$LEGACY_RSA_HOSTKEYS" || echo "")
+
 SWITCHES="$INPUT_SWITCHES"
-RSH="ssh -o StrictHostKeyChecking=no -p $INPUT_REMOTE_PORT $INPUT_RSH"
+RSH="ssh -o StrictHostKeyChecking=no $LEGACY_RSA_HOSTKEYS -p $INPUT_REMOTE_PORT $INPUT_RSH"
 LOCAL_PATH="$GITHUB_WORKSPACE/$INPUT_PATH"
 DSN="$INPUT_REMOTE_USER@$INPUT_REMOTE_HOST"