Rsync Deployments Action
ActionsTags
(2)
This GitHub Action (amd64) deploys files in GITHUB_WORKSPACE to a remote folder via rsync over ssh.
Use this action in a CD workflow which leaves deployable code in GITHUB_WORKSPACE.
The base-image drinternet/rsync of this action is very small and is based on Alpine 3.22.1 (no cache) which results in fast deployments.
Alpine version: 3.22.1 Rsync version: 3.4.1-r0
-
switches* - The first is for any initial/required rsync flags, eg:-avzr --delete -
rsh- Remote shell commands -
legacy_allow_rsa_hostkeys- Enables support for legacy RSA host keys on OpenSSH 8.8+. ("true" / "false") -
path- The source path. Defaults to GITHUB_WORKSPACE and is relative to it -
remote_path* - The deployment target path -
remote_host* - The remote host -
remote_port- The remote port. Defaults to 22 -
remote_user* - The remote user -
remote_key* - The remote ssh private key -
remote_key_pass- The remote ssh private key passphrase (if any)
* = Required
This action needs secret variables for the ssh private key of your key pair. The public key part should be added to the authorized_keys file on the server that receives the deployment. The secret variable should be set in the Github secrets section of your org/repo and then referenced as the remote_key input.
Always use secrets when dealing with sensitive inputs!
For simplicity, we are using REMOTE_* as the secret variables throughout the examples.
Simple:
name: DEPLOY
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: rsync deployments
uses: burnett01/[email protected]
with:
switches: -avzr --delete
path: src/
remote_path: /var/www/html/
remote_host: example.com
remote_user: debian
remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}Advanced:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: rsync deployments
uses: burnett01/[email protected]
with:
switches: -avzr --delete --exclude="" --include="" --filter=""
path: src/
remote_path: /var/www/html/
remote_host: example.com
remote_port: 5555
remote_user: debian
remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}For better security, I suggest you create additional secrets for remote_host, remote_port, remote_user and remote_path inputs.
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: rsync deployments
uses: burnett01/[email protected]
with:
switches: -avzr --delete
path: src/
remote_path: ${{ secrets.REMOTE_PATH }}
remote_host: ${{ secrets.REMOTE_HOST }}
remote_port: ${{ secrets.REMOTE_PORT }}
remote_user: ${{ secrets.REMOTE_USER }}
remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}If your private key is passphrase protected you should use:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: rsync deployments
uses: burnett01/[email protected]
with:
switches: -avzr --delete
path: src/
remote_path: ${{ secrets.REMOTE_PATH }}
remote_host: ${{ secrets.REMOTE_HOST }}
remote_port: ${{ secrets.REMOTE_PORT }}
remote_user: ${{ secrets.REMOTE_USER }}
remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}
remote_key_pass: ${{ secrets.REMOTE_PRIVATE_KEY_PASS }}If your remote OpenSSH Server still uses RSA hostkeys, then you have to
manually enable legacy support for this by using legacy_allow_rsa_hostkeys: "true".
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: rsync deployments
uses: burnett01/[email protected]
with:
switches: -avzr --delete
legacy_allow_rsa_hostkeys: "true"
path: src/
remote_path: ${{ secrets.REMOTE_PATH }}
remote_host: ${{ secrets.REMOTE_HOST }}
remote_port: ${{ secrets.REMOTE_PORT }}
remote_user: ${{ secrets.REMOTE_USER }}
remote_key: ${{ secrets.REMOTE_PRIVATE_KEY }}See #49 and #24 for more information.
Note: Only use this if necessary. It's recommended to upgrade your remote OpenSSH server instead.
--
For advanced rsync configuration options and switches, refer to the rsync manual.
If you encounter "Permission denied (publickey,password)" errors, here are the most common solutions:
Ensure your SSH key pair is correctly generated and configured:
# Generate a new SSH key pair (recommended: Ed25519 or RSA 4096-bit)
ssh-keygen -t ed25519 -C "deploy@yourproject" -f ~/.ssh/deploy_yourproject -N ""
# OR for RSA:
ssh-keygen -t rsa -b 4096 -C "deploy@yourproject" -f ~/.ssh/deploy_yourproject -N ""Important Steps:
- Add the public key (
.pubfile) to your server's~/.ssh/authorized_keys - Add the private key (without
.pubextension) to GitHub Secrets asREMOTE_PRIVATE_KEY - Ensure correct file permissions on your server:
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
For detailed information on creating and managing SSH keys, see GitHub's SSH Key Guide.
Make sure the remote_user has write access to remote_path.
See: #81 (comment)
If your remote server has firewall restrictions:
- Option A: Whitelist GitHub Actions IP ranges (Azure-based)
- Option B: Use self-hosted runners on your server (recommended for strict firewall environments)
By default, rsync copies dot files and folder if present at path:. To exclude them, you can use the --exclude switch:
switches: -avzr --delete --exclude='.git/'Other common exclusions:
switches: -avzr --delete --exclude='.git/' --exclude='node_modules/' --exclude='.env'More advanced examples:
If the action fails with "rsync: command not found" or similar errors, rsync is not installed on your remote server. Install it using your system's package manager:
Ubuntu/Debian:
sudo apt-get update && sudo apt-get install rsyncCentOS/RHEL/Rocky/AlmaLinux:
sudo yum install rsync
# OR on newer versions:
sudo dnf install rsyncAlpine Linux:
sudo apk add rsyncCheck here:
- https://github.com/Burnett01/rsync-deployments/tree/7.0.2 (alpine 3.19.1)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/7.0.0 (alpine 3.19.1)
- https://github.com/Burnett01/rsync-deployments/tree/7.0.1 (alpine 3.19.1)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/6.0 (alpine 3.17.2)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/5.0 (alpine 3.11.x)
- https://github.com/Burnett01/rsync-deployments/tree/5.1 (alpine 3.14.1)
- https://github.com/Burnett01/rsync-deployments/tree/5.2 (alpine 3.15.0)
- https://github.com/Burnett01/rsync-deployments/tree/5.2.1 (alpine 3.16.1)
- https://github.com/Burnett01/rsync-deployments/tree/5.2.2 (alpine 3.17.2)
Check here:
- https://github.com/Burnett01/rsync-deployments/tree/4.0
- https://github.com/Burnett01/rsync-deployments/tree/4.1
Version 4.0 & 4.1 use the drinternet/rsync:1.0.1 base-image.
Check here: https://github.com/Burnett01/rsync-deployments/tree/3.0
Version 3.0 uses the alpine:latest base-image directly.
Consider upgrading to 4.0 that uses a docker-image drinternet/rsync:1.0.1 that is
based on alpine:latestand heavily optimized for rsync.
Check here: https://github.com/Burnett01/rsync-deployments/tree/2.0
Version 2.0 uses a larger base-image (ubuntu:latest).
Consider upgrading to 3.0 for even faster deployments.
Check here: https://github.com/Burnett01/rsync-deployments/tree/1.0
Please note that version 1.0 has reached end of life state.
- This project is a fork of Contention/rsync-deployments
- Base image JoshPiper/rsync-docker
This action was featured in multiple blogs across the globe:
Disclaimer: The author & co-authors are not responsible for the content of the site-links below.
Resources
Rsync Deployments Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Tags
(2)Resources
Rsync Deployments Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.