appleboy / scp-action Goto Github PK

View Code? Open in Web Editor NEW

1.2K 7.0 135.0 269 KB

GitHub Action that copy files and artifacts via SSH.

Home Page: https://github.com/marketplace/actions/scp-command-to-transfer-files

License: MIT License

Dockerfile 43.80% Shell 56.20%

github-actions github-action scp

scp-action's Introduction

🚀 SCP for GitHub Actions

GitHub Action for copying files and artifacts via SSH.

Important: Only support Linux docker container.

Usage

Copy files and artifacts via SSH:

name: scp files
on: [push]
jobs:

  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: copy file via ssh password
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        port: ${{ secrets.PORT }}
        source: "tests/a.txt,tests/b.txt"
        target: your_server_target_folder_path

Input variables

See the action.yml file for more detail information.

host - scp remote host
port - scp remote port, default is 22
username - scp username
password - scp password
passphrase - the passphrase is usually to encrypt the private key
fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
timeout - timeout for ssh to remote host, default is 30s
command_timeout - timeout for scp command, default is 10m
key - content of ssh private key. ex raw content of ~/.ssh/id_rsa
key_path - path of ssh private key
target - target path on the server, must be a directory (required)
source - scp file list (required)
rm - remove target folder before upload data, default is false
strip_components - remove the specified number of leading path elements.
overwrite - use --overwrite flag with tar, overwrite existing files when extracting
tar_tmp_path - temporary path for tar file on the dest host
tar_exec - path to tar executable on the dest host. default is tar
tar_dereference - use --dereference flag with tar, follow symlinks; archive and dump the files they point to
use_insecure_cipher - include more ciphers with use_insecure_cipher (see #15)

SSH Proxy Setting:

proxy_host - proxy host
proxy_port - proxy port, default is 22
proxy_username - proxy username
proxy_password - proxy password
proxy_passphrase - the passphrase is usually to encrypt the private key
proxy_timeout - timeout for ssh to proxy host, default is 30s
proxy_key - content of ssh proxy private key.
proxy_key_path - path of ssh proxy private key
proxy_fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see #15)

Setting up a SSH Key

Make sure to follow the below steps while creating SSH Keys and using them. The best practice is create the SSH Keys on local machine not remote machine. Login with username specified in Github Secrets. Generate a RSA Key-Pair:

# rsa
ssh-keygen -t rsa -b 4096 -C "[email protected]"

# ed25519
ssh-keygen -t ed25519 -a 200 -C "[email protected]"

Add newly generated key into Authorized keys. Read more about authorized keys here.

# rsa
cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'

# d25519
cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys'

Copy Private Key content and paste in Github Secrets.

# rsa
clip < ~/.ssh/id_rsa

# ed25519
clip < ~/.ssh/id_ed25519

See the detail information about SSH login without password.

A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:

Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700
Change the permissions of .ssh/authorized_keys2 to 640

If you are using OpenSSH

If you are currently using OpenSSH and are getting the following error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]

Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either /etc/ssh/sshd_config or a drop-in file under /etc/ssh/sshd_config.d/):

CASignatureAlgorithms +ssh-rsa

Alternatively, ed25519 keys are accepted by default in OpenSSH. You could use this instead of rsa if needed:

ssh-keygen -t ed25519 -a 200 -C "[email protected]"

Example

Copy file via a SSH password:

- name: copy file via ssh password
  uses: appleboy/[email protected]
  with:
    host: example.com
    username: foo
    password: bar
    port: 22
    source: "tests/a.txt,tests/b.txt"
    target: your_server_target_folder_path

Copy file via a SSH key:

- name: copy file via ssh key
  uses: appleboy/[email protected]
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    port: ${{ secrets.PORT }}
    key: ${{ secrets.KEY }}
    source: "tests/a.txt,tests/b.txt"
    target: your_server_target_folder_path

Example configuration for ignore list:

- name: copy file via ssh key
  uses: appleboy/[email protected]
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    port: ${{ secrets.PORT }}
    key: ${{ secrets.KEY }}
    source: "tests/*.txt,!tests/a.txt"
    target: your_server_target_folder_path

Example configuration for multiple servers:

  uses: appleboy/[email protected]
  with:
-   host: "example.com"
+   host: "foo.com,bar.com"
    username: foo
    password: bar
    port: 22
    source: "tests/a.txt,tests/b.txt"
    target: your_server_target_folder_path

Example configuration for exclude custom files:

  uses: appleboy/[email protected]
  with:
    host: "example.com"
    username: foo
    password: bar
    port: 22
-   source: "tests/*.txt"
+   source: "tests/*.txt,!tests/a.txt,!tests/b.txt"
    target: your_server_target_folder_path

Upload artifact files to remote server:

  deploy:
    name: deploy artifact
    runs-on: ubuntu-latest
    steps:
    - name: checkout
      uses: actions/checkout@v4

    - run: echo hello > world.txt

    - uses: actions/upload-artifact@v4
      with:
        name: my-artifact
        path: world.txt

    - uses: actions/download-artifact@v4
      with:
        name: my-artifact
        path: distfiles

    - name: copy file to server
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        port: ${{ secrets.PORT }}
        source: distfiles/*
        target: your_server_target_folder_path

Remove the specified number of leading path elements:

- name: remove the specified number of leading path elements
  uses: appleboy/[email protected]
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    key: ${{ secrets.KEY }}
    port: ${{ secrets.PORT }}
    source: "tests/a.txt,tests/b.txt"
    target: your_server_target_folder_path
    strip_components: 1

Old target structure:

foobar
  └── tests
    ├── a.txt
    └── b.txt

New target structure:

foobar
  ├── a.txt
  └── b.txt

Only copy files that are newer than the corresponding destination files:

  changes:
    name: test changed-files
    runs-on: ubuntu-latest
    steps:
    - name: checkout
      uses: actions/checkout@v4

    - name: Get changed files
      id: changed-files
      uses: tj-actions/changed-files@v35
      with:
        since_last_remote_commit: true
        separator: ","

    - name: copy file to server
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        port: ${{ secrets.PORT }}
        source: ${{ steps.changed-files.outputs.all_changed_files }}
        target: your_server_target_folder_path

Protecting a Private Key. The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems.

  - name: ssh key with passphrase
    uses: appleboy/[email protected]
    with:
      host: ${{ secrets.HOST }}
      username: ${{ secrets.USERNAME }}
      key: ${{ secrets.SSH2 }}
+     passphrase: ${{ secrets.PASSPHRASE }}
      port: ${{ secrets.PORT }}
      source: "tests/a.txt,tests/b.txt"
      target: your_server_target_folder_path

When copying files from a Linux runner to a Windows server, you should:

Download git for Windows
Change the default OpenSSH shell to git bach with the following powershell command.
Set tar_dereference and rm variable to true in the YAML file
Avoid putting the port value through a variable
Convert the target path to a Unix path: /c/path/to/target/

Change the default OpenSSH shell to git bach with the following powershell command.

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "$env:Programfiles\Git\bin\bash.exe" -PropertyType String -Force

Convert the target path to a Unix path: /c/path/to/target/

  - name: Copy to Windows
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.SSH_PRIVATE_KEY }}
        port: 22
        source: 'your_source_path'
-       target: 'C:\path\to\target'
+       target: '/c/path/to/target/'
+       tar_dereference: true
+       rm: true

scp-action's People

Contributors

Stargazers

Watchers

Forkers

teamgroove aminadav shunsuke-excite digitaltoad happy-ferret khirose2 ocean90 lyy99 gaisaiyuno denzel-datature mfeiertag ashish-padakannaya davidp94 yeasinhossain-dsi saikatkumar-official chigakuishi elks-dap think-me thuongnht bugfyi thomasaunvik marathonmyanmar odin- niyoko nerd4ever karankumarshreds ahmedelshafaie magikmaker assassin-king fureweb-com sreeramprabhakar tendulkar-dexios emanuelgi tseknet evgen25-max ysurac fallenleavesguy fabianofps khalleb sam-37 asternic devmarcos24 mohammadgh devmk2 rajeshcn02 stat-alex louiscklaw vazmin suxiaolong rafante saranyathangavel1907 martinquesada tauraloke johntheprime thomas-lud tinyrewards shawnmullings arthur-derksen dragon3dgraff atif0519 iamhabib syllogy suryatmodulus jonaspereirar fatihbakir moomiji summitrabz minias-tdi ps-jspitler sabatex-fork isoctcolo hiepns devjaime crazyming9528 luckyxyj igor-dynko g3n3s1sl4b esso23 luo-junmin ajeepsave marfatech shesnake vladpnix sahrul-maulana semanticexperts-actions less-js ideag lunchcard seeeverything lucas-huang-tfs zeroken5969 xueyue1314 qk11 vijayrana99 lkjhnm korrio feelchi1star knwachuk hfahlstedt byxapuh

scp-action's Issues

Don' t remove the target folder with option "rm", empty it instead

I don't think to remove the target folder and then recreate it is a good idea, consider empty the sub-files and sub-folders in the target folder.

I think this could avoid some problems like docker's mounting

Cannot open: File exists

What seems to be the problem: Automated deploy was working perfectly until now I got this error when I push changes:

Any help I'll be appreciated.

Have to set environment variables not like README

It appears that the following works:

    - name: copy files
      uses: appleboy/scp-action@master
      env:
        HOST: ${{ secrets.HOST }}
        USERNAME: ${{ secrets.USERNAME }}
        PORT: ${{ secrets.PORT }}
        KEY: ${{ secrets.KEY }}
        PASSPHRASE: ${{ secrets.PASSPHRASE }}
      with:
        source: "*"
        target: "test"
        rm: true

But this does not work (config similar to README):

    - name: copy files
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        port: ${{ secrets.PORT }}
        key: ${{ secrets.KEY }}
        passphrase: ${{ secrets.PASSPHRASE }}
        source: "*"
        target: "test"
        rm: true

scp-action doesn't respect default working-directory

Config:

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: bash
        working-directory: scraper
    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js
      uses: actions/setup-node@v1
      with:
        node-version: '15.14.0'
    - name: Cache Node.js modules
      uses: actions/cache@v2
      with:
        # npm cache files are stored in `~/.npm` on Linux/macOS
        path: ~/.npm
        key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
        restore-keys: |
          ${{ runner.OS }}-node-
          ${{ runner.OS }}-
    - name: Install dependencies
      run: npm ci
    - name: Build Artifacts
      run: npm run start
    - name: copy file via ssh password
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        password: ${{ secrets.PASSWORD }}
        port: ${{ secrets.PORT }}
        source: "scraper/dist"
        target: "path/to/target"
        use_insecure_cipher: true

To be clear, the above config is working, but I have to enter scraper in as the source when I would expect the command to be executed from within that directory because of jobs.<job-id>.defaults.run.working-directory

How to scp a directory recursively?

SCP Proxy Not working - SSH Handshake Failed

Hi,

I am getting the following error when attempting to SCP a file using a jump host (proxy):

error copy file to dest: ***, error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

More details from that output:

Run appleboy/scp-action@master
  with:
    host: ***
    username: ***
    key: ***
    port: ***
    proxy_host: ***
    proxy_username: ***
    proxy_key: ***
    proxy_port: ***
    source: deploy/deploy.zip
    target: ~/
    use_insecure_cipher: false
    proxy_use_insecure_cipher: false
    timeout: 30s
    command_timeout: 10m
    rm: false
    debug: false
    strip_components: 0
    overwrite: false
    proxy_timeout: 30s
  env:
    BUILD_NUMBER: 12

redacted

tar all files into /tmp/130780587/yLVqwr7IQG.tar
scp file to server.
2020/06/30 12:57:27 error copy file to dest: ***, error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
drone-scp error:  error copy file to dest: ***, error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

My config:

   - name: Upload deploy to Webserver
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.WEBSERVER_HOST }}
        username: ${{ secrets.WEBSERVER_USERNAME }}
        key: ${{ secrets.BASTION_KEY }}
        port: ${{ secrets.WEBSERVER_PORT }}
        proxy_host: ${{ secrets.BASTION_HOST }}
        proxy_username: ${{ secrets.BASTION_USERNAME }}
        proxy_key: ${{ secrets.BASTION_KEY }}
        proxy_port: ${{ secrets.BASTION_PORT }}
        source: "deploy/deploy.zip"
        target: "~/"

The really strange part is if I use ssh-action (https://github.com/appleboy/ssh-action) with the same config I can run commands just fine...

Here is that config:

- name: Connect to Webserver and deploy
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.WEBSERVER_HOST }}
        username: ${{ secrets.WEBSERVER_USERNAME }}
        key: ${{ secrets.BASTION_KEY }}
        port: ${{ secrets.WEBSERVER_PORT }}
        proxy_host: ${{ secrets.BASTION_HOST }}
        proxy_username: ${{ secrets.BASTION_USERNAME }}
        proxy_key: ${{ secrets.BASTION_KEY }}
        proxy_port: ${{ secrets.BASTION_PORT }}
        script: |
          ls -al

And output from that:

with:
    host: ***
    username: ***
    key: ***
    port: ***
    proxy_host: ***
    proxy_username: ***
    proxy_key: ***
    proxy_port: ***
    script: ls -al
  
    sync: false
    use_insecure_cipher: false
    timeout: 30s
    command_timeout: 10m
    proxy_timeout: 30s
    proxy_use_insecure_cipher: false
    script_stop: false
    debug: false

======CMD======
ls -al

======END======
out: total 40
out: drwxr-xr-x 5 *** *** 4096 Jun 16 08:39 .
out: drwxr-xr-x 3 root   root   4096 Jun 15 09:49 ..
out: -rw------- 1 *** ***  641 Jun 30 11:21 .bash_history
out: -rw-r--r-- 1 *** ***  ***0 Apr  4  2018 .bash_logout
out: -rw-r--r-- 1 *** *** 3771 Apr  4  2018 .bashrc
out: drwx------ 2 *** *** 4096 Jun 15 10:11 .cache
out: drwx------ 3 *** *** 4096 Jun 15 10:11 .gnupg
out: -rw------- 1 *** ***  400 Jun 16 08:57 .joe_state
out: -rw-r--r-- 1 *** ***  807 Apr  4  2018 .profile
out: drwx------ 2 *** *** 4096 Jun 15 09:49 .ssh
out: -rw-r--r-- 1 *** ***    0 Jun 15 10:11 .sudo_as_admin_successful
==============================================
✅ Successfully executed commands to all host.
==============================================

Any ideas?

Thanks
Ian

Trying to connect thru port 4000 automatically

    source: docker-compose-production.yaml
    target: dashboard
    port: 22
    timeout: 30s
    command_timeout: 10m
    rm: false
    strip_components: 0
    overwrite: false
    proxy_port: 22
    proxy_timeout: 30s
  env:
    CLOUDSDK_METRICS_ENVIRONMENT: github-actions-setup-gcloud
    HOST: applytics.in
    USERNAME: git_bot
    KEY: ***
    port: 22
/usr/bin/docker run --name c1a94c5af5c4c8e4676a4d6488ed2e9088e_09a627 --label 430c1a --workdir /github/workspace --rm -e CLOUDSDK_METRICS_ENVIRONMENT -e HOST -e USERNAME -e KEY -e port -e INPUT_SOURCE -e INPUT_TARGET -e INPUT_HOST -e INPUT_PORT -e INPUT_USERNAME -e INPUT_PASSWORD -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY -e INPUT_KEY_PATH -e INPUT_PASSPHRASE -e INPUT_RM -e INPUT_STRIP_COMPONENTS -e INPUT_OVERWRITE -e INPUT_TAR_TMP_PATH -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_PASSPHRASE -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/Applytics_Dashboard/Applytics_Dashboard":"/github/workspace" 430c1a:94c5af5c4c8e4676a4d6488ed2e9088e
tar all files into /tmp/356018460/byIbqeZby0.tar
scp file to server.
2020/04/21 08:58:19 error copy file to dest: applytics.in, error message: dial tcp 35.236.194.252:4000: connect: connection refused
drone-scp error:  error copy file to dest: applytics.in, error message: dial tcp 35.236.194.252:4000: connect: connection refused

How to solve this issue

How to ignore a folder, and how to set rm env?

Hi,
This is a very useful GitHub action plugin, thanks for your hard work.

I got two issues when copying the artifacts to a remote machine:

how to ignore some folder in the source. The example only shows how to ignore a single file, and I tried to set it as below, however it does not works.
source: "folder1/,folder2/,!node_modules/"
I expect the target folder was removed before copying, so I would like to set rm. However, I am not sure what the value of rm should look like. A bool value, or a folder(to be removed)?

Can you please help?

if else statement example?

- name: copy file via ssh key
        uses: appleboy/scp-action@master
        env:
          HOST: ${{ env.HOST }}
          USERNAME: ${{ secrets.REMOTE_USER }}
          PORT: ${{ secrets.HOST_PORT }}
          KEY: ${{ secrets.CICD_SSH_KEY }} # private ssh
        with:
          source: "./dist"
          target: "/var/www/html/wms/" # <--- if else statement on github branch push
          strip_components: 3 
          rm: true

CentOS - Inappropriate ioctl for device

I am trying to deploy a statically generated site to a CentOS server. After some playing around I managed to make authentication work, but now I am permanently stuck with drone-scp error: stty: standard input: Inappropriate ioctl for device error. Are there any solutions for that?

dial tcp :: connect: connection timed out

Hi!

My pipeline worked fine before, but after some time of inactivity, i keep getting this error periodically. I have few steps with this plugin, one step runs fine, but second step - i get this error. Next run - opposite, first step fails.

deploy:
    needs: build
    runs-on: ubuntu-latest
    steps:
- name: Upload Artifacts to Host
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.SCP_DEP_HOST }}
        port: ${{ secrets.SCP_DEP_PORT }}
        username: ${{ secrets.SCP_DEP_LOGIN }}
        password: ${{ secrets.SCP_DEP_PASSWORD }}
        timeout: 5m
        command_timeout: 20m
        target: /
        source: ./package.zip
        rm: true
     
- name: Deploy Artifacts
  uses: appleboy/ssh-action@master
  with:
    host: ${{ secrets.SCP_DEP_HOST }}
    username: ${{ secrets.SCP_DEP_LOGIN }}
    password: ${{ secrets.SCP_DEP_PASSWORD }}
    port: ${{ secrets.SCP_DEP_PORT }}
    script: |

Log:

 Upload Artifacts to Host2m 11s
    proxy_use_insecure_cipher: false
    port: ***
    username: ***
    password: ***
    timeout: 5m
    command_timeout: 20m
    target: /
    source: ./package.zip
    rm: true
    use_insecure_cipher: false
    debug: false
    strip_components: 0
    overwrite: false
    proxy_port: 22
    proxy_timeout: 30s
    proxy_use_insecure_cipher: false
/usr/bin/docker run --name d3bffe8c1d0bd641cfb39dfaab147212d4_577fdd --label 3888d3 --workdir /github/workspace --rm -e INPUT_HOST -e INPUT_PORT -e INPUT_USERNAME -e INPUT_PASSWORD -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_TARGET -e INPUT_SOURCE -e INPUT_RM -e INPUT_KEY -e INPUT_KEY_PATH -e INPUT_PASSPHRASE -e INPUT_FINGERPRINT -e INPUT_USE_INSECURE_CIPHER -e INPUT_DEBUG -e INPUT_STRIP_COMPONENTS -e INPUT_OVERWRITE -e INPUT_TAR_TMP_PATH -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_PASSPHRASE -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e INPUT_PROXY_FINGERPRINT -e INPUT_PROXY_USE_INSECURE_CIPHER -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/repo/repo":"/github/workspace" 3888d3:bffe8c1d0bd641cfb39dfaab147212d4
tar all files into /tmp/053165802/SNY0dNo24S.tar
scp file to server.
2020/06/24 20:17:08 error copy file to dest: ***, error message: dial tcp ***:***: connect: connection timed out
drone-scp error:  error copy file to dest: ***, error message: dial tcp ***:***: connect: connection timed out

Can i upload all files of a source directory?

dial tcp: lookup on ***: no such host

Hi there,

scp-action keeps failing randomly. It is able to upload the files, create folders, etc. But when it's finished, it throws this error and removes all uploaded files again.

Any idea why?

https://github.com/refinedmods/website/runs/768264891?check_suite_focus=true

Can't use environment variable for target

This does not seem to work:

    - name: Upload
      uses: appleboy/[email protected]
      with:
        host: $HOST
        username: $USERNAME
        key: ${{ secrets.STAGING_MAIN_KEY }}
        source: ${{ github.sha }}.zip
        target: $TARGET_PATH        # <---- using environment variable

(I have my env vars defined at the top-level.)

It prints the following output:

tar all files into /tmp/941631237/O7WrNb0QY9.tar
scp file to server.
create folder $TARGET_PATH
drone-scp error:  Process exited with status 1
drone-scp rollback: remove all target tmp file
remove file O7WrNb0QY9.tar
2020/06/24 06:46:37 Process exited with status 1

It says literally $TARGET_PATH in there, instead of the value of $TARGET_PATH.

Untar as SUDO?

Getting permission denied for the target. I assume it needs to untar as root? Any flag for that?

error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [[email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]

I'm getting this error

error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [[email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]

complete log

Run appleboy/scp-action@master
/usr/bin/docker run --name e87b527fba6baf54c84d1986dd256d118c9a77_72534a --label e87b52 --workdir /github/workspace --rm -e INPUT_HOST -e INPUT_USERNAME -e INPUT_PASSWORD -e INPUT_PORT -e INPUT_SOURCE -e INPUT_TARGET -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY -e INPUT_KEY_PATH -e INPUT_PASSPHRASE -e INPUT_RM -e INPUT_STRIP_COMPONENTS -e INPUT_OVERWRITE -e INPUT_TAR_TMP_PATH -e INPUT_PROXY_HOST -e INPUT_PROXY_PORT -e INPUT_PROXY_USERNAME -e INPUT_PROXY_PASSWORD -e INPUT_PROXY_PASSPHRASE -e INPUT_PROXY_TIMEOUT -e INPUT_PROXY_KEY -e INPUT_PROXY_KEY_PATH -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/b-hero/b-hero":"/github/workspace" e87b52:7fba6baf54c84d1986dd256d118c9a77
tar all files into /tmp/743109829/wrZAXlscBR.tar
scp file to server.
2020/03/22 17:47:08 error copy file to dest: ***, error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [[email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]
drone-scp error:  error copy file to dest: ***, error message: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [[email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1], server offered: [diffie-hellman-group-exchange-sha256]

Tmp creation timestamp issue

Hello, I have successfully build job but no files on target server.
In action log I got this:

tar all files into /tmp/487751054/cO92IVCaby.tar
scp file to server.
create folder ***
untar file cO92IVCaby.tar
error:  tar: .: time stamp 2020-04-14 11:48:00 is 3.417555878 s in the future
remove file cO92IVCaby.tar

Isn't job supposed to fail if some error happens?
Anyways, do you know how to get around this?

Can you explain what the tar stuff does?

Does this always tar the files first and then untar them on the server?

Better to provide job status in output.

It's better to add output with job status in action.yml. More outputs(like job duration) are better.

I think it's better to use steps.<step id>.outputs.status rather than if: ${{ success() }}.

How can i believe the security behind this?

Even I am saving the SSHKEY on the secret, how I can ensure that the overall cycle is secure one. Means, the theft of the SSHKEY. Can you please confirm that, our SSHKEY is secure one and not to share with anybody?

error copy file to dest: ***, error message: Process exited with status 1

It's a duplicate of #8. So I am getting this error:

tar all files into /tmp/745735171/nZiZOczyk2.tar
scp file to server.
2021/03/03 07:08:04 error copy file to dest: ***, error message: Process exited with status 1
drone-scp error: error copy file to dest: ***, error message: Process exited with status 1

Can somebody help? I am trying to run it on self-hosted GH Actions.

Let execute some commands before moving files

Hi,

I ran into some issues with current action. On my server I have files (dot files like .htacess and .env), which need to stay untouched, while other files need to be replaced. As some of the files to replace contain hash in their names, there are multiple copies of the same file on the server (after every new deployment a new one comes). So ideally I would like delete all files in the target directory but dot files and then move rest of the files from my repository.

Right now it is impossible or is there some other methods to do that?

Ignore files with extension

I'm trying to skip all the files with .spec.js extension in any folder, but it's not working, these files are also copied

      - name: Copy files to production
        uses: appleboy/scp-action@master
        with:
          host: ${{ secrets.SSH_HOST }}
          username: ${{ secrets.SSH_USER }}
          port: ${{ secrets.SSH_PORT }}
          key: ${{ secrets.SSH_KEY }}
          source: "package.json,yarn.lock,dist,tmp,uploads,!**/*.spec.js"
          target: "~/app"

What am I missing?

source to target file copying, kinda confusing

   - name: copy file via ssh key
      uses: appleboy/scp-action@master
      env:
        HOST: domain.com
        USERNAME: user
        PORT: 22
        KEY: ${{ secrets.forSSH }}
      with:
        source: "./dist/pwa/"
        target: "/home/user/domain.com/pwa/"

So I build angular with ng build --prod. The files end up in the ./dist/pwa folder

I want to copy contents (only the contents of) the ./dist/pwa folder, into the server, at /home/user/domain.com/pwa

To put in perspective, here's how I do with a normal scp command
scp -r ./dist/pwa/* [email protected]://home/user/domain.com/pwa

What am I missing? With the above github action, it copies the file to here:

/home/user/domain.com/pwa/dist/pwa instead of /home/user/domain.com/pwa

environment variables not like README

This is related to #27

For me this works as expected:

name: Deploy

on:
  push:
    branches:
      - master
jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2

    - name: Copy file via scp
      uses: appleboy/scp-action@master
      env:
+       HOST: ${{ secrets.HOST }}
+       USERNAME: ${{ secrets.USERNAME }}
+       PORT: ${{ secrets.PORT }}
+       KEY: ${{ secrets.SSHKEY }}
+       PASSPHRASE:  ${{secrets.PASSPHRASE}}
      with:
        source: "."
        target: ${{ secrets.TARGET }}

Error: Input required and not supplied: key

I receive this error:

Run shimataro/ssh-key-action@v2
  with:
    name: id_rsa
    if_key_exists: fail
  env:
    GOROOT: /opt/hostedtoolcache/go/1.16.3/x64
Error: Input required and not supplied: key

My action:

on: [ 'push' ]

jobs:
  nyrah-build:
    runs-on: ubuntu-latest

    steps:
      - name: Update branch to latest
        uses: actions/checkout@v2
      - name: Set up go
        uses: actions/setup-go@v2
        with:
          go-version: ^1.16.3
      - name: Download dependencies
        working-directory: ${{ github.workspace }}/src
        run: go get -v -d all
      - name: Build go project
        working-directory: ${{ github.workspace }}/src
        run: go build
      - name: deub
        run: echo $KNOWN_HOSTS
        env:
          KEY: ${{ secrets.DEDICATED_1_SSH_KEY }}
          KNOWN_HOSTS: ${{ secrets.KNOWN_HOSTS }}
      - name: Set up SSH key
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.DEDICATED_1_SSH_KEY }}
      - name: Deploy to all servers
        run: scp ${{ github.workspace }}/src/nyrah ${{ secrets.DEDICATED_1_USER }}@${{ secrets.DEDICATED_1_HOST }}:/root

My secrets

missing source or target config

Hi, I received this error when trying to publish the files to server:

I'm using SSH configuration with the secrets key.

Can you please help me?
Thanks.

Unable to upload contents of local folder to remote folder

My content of source folder are dist/* and want to upload all the files and folders recursively into /var/www/html or remote

It is uploading them to /var/www/html/dist

ssh: command mkdir -p test failed

Hello,

I'm afraid I'm failing to use this action properly. I'm trying to upload files to the root folder of my ssh user account but wasn't able to get past the error below when executing scp-action step in my workflow. I've finally tried with a target folder name but still getting the same error.

14 tar all files into /tmp/236545441/HvzhGMeDQa.tar
15 scp file to server.
16 create folder test
17 drone-scp error: ssh: command mkdir -p test failed
18 drone-scp rollback: remove all target tmp file
19 remove file HvzhGMeDQa.tar
20 2019/10/08 00:46:29 ssh: command mkdir -p test failed
21 ##[error]Docker run failed with exit code 1

my yaml file is like below

- name: Deploy to staging
  uses: appleboy/scp-action@master
  with:
    host: ${{ secrets.STAGING_HOST }}
    username: ${{ secrets.STAGING_USER }}
    password: ${{ secrets.STAGING_PASS }}
    source: "*"
    target: "test"

Tried both with an existing and non-existing folder. Both failed with same error.
I can see the HvzhGMeDQa.tar and other tar files from previous attempts in the root folder.
I can create folders with the same username and password via SFTP.

Thank you

migrate HCL to yaml

How to upload a file/folder as another name

Is there any equivalent to the following command

# file
scp -i /key.pem /file root@ip:/my_file

# folder
scp -i /key.pem -r /folder root@ip:/my_folder

Something seems weird with connections

Everytime I use twice in a roll one of your actions, the second one can't be completed due a time out.

This first time it happened after I used the scp to copy my frontend files then the backends files. Always the backend files ended up with time out. So I've decided to split in two workflows, one looking for the frontend folder and the other for the frontend.

But even after that, the backend stills receiving time outs, not at the SCP anymore, but while using ssh-action.

Look:

So, I really thing there's something weird, maybe the connection stills open and the other action can't use it?

SCP to Windows Server Successful Transfer, Fails to send to send to the correct folder.

tar all files into /tmp/015153750/RT1CGuDSlw.tar
scp file to server.
create folder ***
drone-scp error:  Process exited with status 1
drone-scp rollback: remove all target tmp file
remove file RT1CGuDSlw.tar
2020/09/16 14:40:30 Process exited with status 1

SCP Action fails, but SSH Action works (when it is above SCP Action), which implies that there is nothing wrong with the ssh connection.

STAGING_TARGET_UPLOAD tested with these inputs:

C:\Users\username\targetFolder
C:\Users\username\targetFolder\
targetFolder

    - name: Upload to Staging
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.STAGING_SSH_HOST }}
        port: ${{ secrets.STAGING_SSH_PORT }}
        username: ${{ secrets.STAGING_SSH_USERNAME }}
        key: ${{ secrets.STAGING_SSH_KEY }}
        passphrase: ${{ secrets.STAGING_SSH_PASSPHRASE }}
        source: ProductionInsight/Web/bin/Release/netcoreapp3.1/publish/
        target: ${{ secrets.STAGING_TARGET_UPLOAD }}

    - name: Execute Extraction Command
      uses: appleboy/ssh-action@master
      with:
          host: ${{ secrets.STAGING_SSH_HOST }}
          port: ${{ secrets.STAGING_SSH_PORT }}
          username: ${{ secrets.STAGING_SSH_USERNAME }}
          key: ${{ secrets.STAGING_SSH_KEY }}
          passphrase: ${{ secrets.STAGING_SSH_PASSPHRASE }}
          script: ${{ secrets.STAGING_EXTRACT_SCRIPT }}

Is there a way to debug this error, cause there is not much useful information given.

Add documentation to let users know how to upload entire repo

Maybe like source: '*/*.*, *.*' would help. Most use cases would be to upload the entire code repo.

This phrase will upload the entire set of repo files and unwrap the tar in the destination. This would be great add on to the GitHub Actions listing.

FYI. @appleboy

How to use work-directory setting?

I find the work-directory setting in yml is ignored.

Error: Empty tar archive with artifact download

Hello everyone,
i'm experience the following error

tar all files into /tmp/934282472/j1Gg65oXbW.tar
tar: empty archive
exit status 1

when trying to upload the files/directories of an artifact to a server with the following workflow:

deploy-dive-staging-gh:
  runs-on: ubuntu-latest
  needs: build
  steps:
    - uses: actions/checkout@v2
    - run: mkdir ~/distfiles
    - uses: actions/download-artifact@v2
      with:
        name: distfiles
        path: ~/distfiles

    - name: Deploy dive preview
      uses: appleboy/[email protected]
      with:
        host: ${{ secrets.SERVER }}
        username: ${{ secrets.USER }}
        key: ${{ secrets.SSH_PRIVATE_KEY }}
        rm: true
        source: "/home/runner/distfiles"
        target: "${{ secrets.TARGET_DIR }}"

I have verified that the source-directory is not empty and all files are there (verfiead vai adding - run: ls -R ~/distfiles.

So why do i get this error?

How to handle file ownership

The ownership of the files we deploy is wrong. Is it possible for you to add an option to set owner (user and group) after deployment?

SCP Vice Versa

Is it possible to copy from a remote server to the local runner?

Would be nice to download artifacts which have been generated using your ssh-action ;-)

tar: empty archive - Docker run failed with exit code 1

I could not understand which variable could be wrong?
We maybe need a better error message?

  with:
    host: ***
    username: ***
    key: ***
    port: 22
    source: ~/exportServer/backup.sql
    target: ~/backup.sql
    timeout: 30s
    command_timeout: 10m
    strip_components: 0
    overwrite: false
/usr/bin/docker run --name ee6078d19cbf8da4672854dd240c06f80c0_3b33ce --label 671ee6 --workdir /github/workspace --rm -e INPUT_HOST -e INPUT_USERNAME -e INPUT_KEY -e INPUT_PORT -e INPUT_SOURCE -e INPUT_TARGET -e INPUT_PASSWORD -e INPUT_TIMEOUT -e INPUT_COMMAND_TIMEOUT -e INPUT_KEY_PATH -e INPUT_RM -e INPUT_STRIP_COMPONENTS -e INPUT_OVERWRITE -e INPUT_TAR_TMP_PATH -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/nacho/nacho":"/github/workspace" 671ee6:078d19cbf8da4672854dd240c06f80c0
tar: empty archive
tar all files into /tmp/640661935/xqJM6FeoeL.tar
exit status 1
##[error]Docker run failed with exit code 1

with colors:

error copy file to dest: ***, error message: Process exited with status 1

I'm getting an issue where I can't deploy the file because of the issue above. I have created an ssh user, and the folder I am trying to push to is a subdirectory of the user's home. I have tried giving the user root perms, but not working.

How to exclude node modules and copy all directory

I want to exclude node_modules and copy all directory to a remote server? How to do that?

The path to the source file will be copied

example:

name: coupon-backend deploy
on: push

jobs:
  deloy:
    runs-on: ubuntu-latest
    steps:
uses: appleboy/[email protected]
        env:
          HOST: ${{ secrets.SSH_HOST }}
          PASSWORD: ${{ secrets.SSH_PASSWORD }}
          USERNAME: ${{ secrets.SSH_USER }}
          SOURCE: target/${{ steps.setenv.outputs.JAR_FILE }}
          TARGET: /usr/coupon/

after action, cat file on server:

[root@VM_0_8_centos coupon]# cd /usr/coupon/
[root@VM_0_8_centos coupon]# ls
keystore.p12  target
[root@VM_0_8_centos coupon]#ls target
coupon-0.0.1-SNAPSHOT.jar

so , the issues is：
The path to the source file will be copied。
Unlike executing the cp command on the host。

Thanks～

Is it possible to add `env` support? My `target` is stored as an `env`

jobs:
  deploy:
    runs-on: ubuntu-latest
    env:
      DEPLOY_PATH: /var/www/bcapp-wp/wp/wp-content/plugins/custom-admin-plugin
...
   - name: Copy file via scp
        uses: appleboy/scp-action@master
        with:
          rm: true
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.KEY }}
          source: "."
          target: $DEPLOY_PATH
...

Right now the above fails and there is no way for me to pass envs to the action as https://github.com/marketplace/actions/ssh-remote-commands.

What is the best way to pass DEPLOY_PATH to the action?

Step "Run actions/checkout@master" started to fail

Hello!

I've used this action successfully for a while. Last time I used it was 2020-04-13. Today I pushed another commit to the master branch but discovered that this action now failed. No changes has been made to the repository or the Github settings for it in this time period.

It fails on the step "Run actions/checkout@master":

Fetching the repository
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +7eb330784af3dfa9a43fe441df0a2d9c023***452:refs/remotes/origin/master
  remote: Repository not found.
  ##[error]fatal: repository 'https://github.com/***/***.me/' not found
  The process '/usr/bin/git' failed with exit code 128

When I look at this part of the step from 13th of April, it looks like:

Fetching the repository
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +b89cd8a4f3f670120874fa7d4ea5854c154b791b:refs/remotes/origin/master
  remote: Enumerating objects: 26, done.        
  remote: Counting objects:   3% (1/26)
[...]        
...

Any ideas what can have happended here for this Action to break?
If there's any way I can provide more information I'd be happy to!

Can we send the entire source folder?

I am going to send the entire folder using scp. But there's an error. Is it because I put the folder name in the source parameter?

The error is as follows.

... .. tar all files into /tmp/224126534/uNyJo54J6q.tar tar: empty archive exit status 1

error copy file to dest: , error message: dial tcp i/o timeout

I have been using this actions in one of my projects. So far it works fine, but sometimes I get the following error:

tar all files into /tmp/979006019/KQmgptshHs.tar
scp file to server.
2021/03/19 12:52:01 error copy file to dest: ***, error message: dial tcp **.**.**.**:***: i/o timeout
drone-scp error:  error copy file to dest: ***, error message: dial tcp **.**.**.**:***: i/o timeout

source path is not working as expected

Below code copying the code inside /home/user1/web/user1/public_html/dist/note/ ?

        name: deploy with scp
        uses: appleboy/scp-action@master
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          password: ${{ secrets.PASSWORD }}
          source: "./dist/note/*"
          target: "/home/user1/web/user1/public_html"
          overwrite: true
          rm: true

But it should copy the code from ./dist/note/* to /home/user1/web/user1/public_html

How can we copy file from server to local?

I am able to push a file from local to server using below script.

 - name: Copy File Via Ssh Password
        uses: appleboy/scp-action@master
        with:
          host: ${{ secrets.SSH_HOST }}
          username: ${{ secrets.SSH_USERNAME }}
          key: ${{ secrets.SSH_PRIVKEY }}
          port: ${{ secrets.SSH_PORT }}
          source: "*.tar.xz"
          target: "~"

How can I do vice versa? How can I pull file from server?

Make it clear this does not work on Windows

Hi team, I built this awesome workflow around scp-action, ran it, then cried when I saw

##[error]Container action is only supported on Linux

I don't see mention of this limitation in any of the documentation.

tmp file conflict running two runners on the same host

Running three runners on the same host it seems that two of the runner which apparently finished almost at the same time run into an upload failure on both workflows. It seems the two workflows used the same tmp file name:

Runner 2

 tar all files into /tmp/495458086/thELhqp4kO.tar
scp file to server.
create folder ***/6.0.dev20201***0/
untar file thELhqp4kO.tar
error:  tar: Skipping to next header
tar: Exiting with failure status due to previous errors

drone-scp error:  Process exited with status 2
drone-scp rollback: remove all target tmp file
remove file thELhqp4kO.tar
2020/12/20 19:45:29 Process exited with status 2

Runner 3

 tar all files into /tmp/696865611/thELhqp4kO.tar
scp file to server.
create folder ***/6.0.dev20201***0/
untar file thELhqp4kO.tar
error:  tar: thELhqp4kO.tar: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now

drone-scp error:  Process exited with status 2
drone-scp rollback: remove all target tmp file
remove file thELhqp4kO.tar
2020/12/20 19:45:31 Process exited with status 2

How is the tmpfile name generated?