ci(docker): fail push when trivy finds CRITICAL/HIGH issues

ci(trivy): use existing build_docker make target
ci: enable check-latest in docker and goreleaser workflows
2026-06-04 18:23:59 +08:00 · 2026-04-16 23:01:09 +08:00 · 2026-04-16 22:49:10 +08:00 · 2026-04-16 22:42:52 +08:00 · 2026-04-16 22:39:45 +08:00 · 2026-04-16 21:11:20 +08:00
43 changed files with 3259 additions and 851 deletions
@@ -1,84 +0,0 @@
-workspace:
-  base: /srv/app
-  path: src/github.com/appleboy/drone-scp
-
-pipeline:
-  # restore the cache from an sftp server
-  restore_cache:
-    image: appleboy/drone-sftp-cache
-    restore: true
-    mount: [ .glide, vendor ]
-    ignore_branch: true
-
-  test:
-    image: appleboy/golang-testing
-    pull: true
-    environment:
-      TAGS: netgo
-      GOPATH: /srv/app
-    commands:
-      - adduser -h /home/drone-scp -s /bin/bash -D -S drone-scp
-      - passwd -d drone-scp
-      - mkdir -p /home/drone-scp/.ssh
-      - chmod 700 /home/drone-scp/.ssh
-      - cp tests/.ssh/id_rsa.pub /home/drone-scp/.ssh/authorized_keys
-      - chown -R drone-scp /home/drone-scp/.ssh
-      # install ssh and start server
-      - apk update && apk add openssh openrc
-      - rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
-      - ./tests/entrypoint.sh /usr/sbin/sshd -D &
-      - make dep_install
-      - make vet
-      - make lint
-      - make test
-      - make coverage
-      - make build
-      # build binary for docker image
-      - make static_build
-    when:
-      event: [ push, tag, pull_request ]
-
-  release:
-    image: appleboy/golang-testing
-    pull: true
-    environment:
-      TAGS: netgo
-      GOPATH: /srv/app
-    commands:
-      - make release
-    when:
-      event: [ tag ]
-      branch: [ refs/tags/* ]
-
-  docker:
-    image: plugins/docker
-    repo: ${DRONE_REPO}
-    tags: [ '${DRONE_TAG}' ]
-    when:
-      event: [ tag ]
-      branch: [ refs/tags/* ]
-
-  docker:
-    image: plugins/docker
-    repo: ${DRONE_REPO}
-    tags: [ 'latest' ]
-    when:
-      event: [ push ]
-      branch: [ master ]
-
-  github:
-    image: plugins/github-release
-    files:
-      - dist/release/*
-    when:
-      event: [ tag ]
-      branch: [ refs/tags/* ]
-
-  # rebuild the cache on the sftp server
-  rebuild_cache:
-    image: appleboy/drone-sftp-cache
-    rebuild: true
-    mount: [ .glide, vendor ]
-    ignore_branch: true
-    when:
-      branch: master
@@ -1 +0,0 @@
-eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2dpdGh1Yi5jb20vYXBwbGVib3kvZHJvbmUtc2NwCgpwaXBlbGluZToKICAjIHJlc3RvcmUgdGhlIGNhY2hlIGZyb20gYW4gc2Z0cCBzZXJ2ZXIKICByZXN0b3JlX2NhY2hlOgogICAgaW1hZ2U6IGFwcGxlYm95L2Ryb25lLXNmdHAtY2FjaGUKICAgIHJlc3RvcmU6IHRydWUKICAgIG1vdW50OiBbIC5nbGlkZSwgdmVuZG9yIF0KICAgIGlnbm9yZV9icmFuY2g6IHRydWUKCiAgdGVzdDoKICAgIGltYWdlOiBhcHBsZWJveS9nb2xhbmctdGVzdGluZwogICAgcHVsbDogdHJ1ZQogICAgZW52aXJvbm1lbnQ6CiAgICAgIFRBR1M6IG5ldGdvCiAgICAgIEdPUEFUSDogL3Nydi9hcHAKICAgIGNvbW1hbmRzOgogICAgICAtIGFkZHVzZXIgLWggL2hvbWUvZHJvbmUtc2NwIC1zIC9iaW4vYmFzaCAtRCAtUyBkcm9uZS1zY3AKICAgICAgLSBwYXNzd2QgLWQgZHJvbmUtc2NwCiAgICAgIC0gbWtkaXIgLXAgL2hvbWUvZHJvbmUtc2NwLy5zc2gKICAgICAgLSBjaG1vZCA3MDAgL2hvbWUvZHJvbmUtc2NwLy5zc2gKICAgICAgLSBjcCB0ZXN0cy8uc3NoL2lkX3JzYS5wdWIgL2hvbWUvZHJvbmUtc2NwLy5zc2gvYXV0aG9yaXplZF9rZXlzCiAgICAgIC0gY2hvd24gLVIgZHJvbmUtc2NwIC9ob21lL2Ryb25lLXNjcC8uc3NoCiAgICAgICMgaW5zdGFsbCBzc2ggYW5kIHN0YXJ0IHNlcnZlcgogICAgICAtIGFwayB1cGRhdGUgJiYgYXBrIGFkZCBvcGVuc3NoIG9wZW5yYwogICAgICAtIHJtIC1yZiAvZXRjL3NzaC9zc2hfaG9zdF9yc2Ffa2V5IC9ldGMvc3NoL3NzaF9ob3N0X2RzYV9rZXkKICAgICAgLSAuL3Rlc3RzL2VudHJ5cG9pbnQuc2ggL3Vzci9zYmluL3NzaGQgLUQgJgogICAgICAtIG1ha2UgZGVwX2luc3RhbGwKICAgICAgLSBtYWtlIHZldAogICAgICAtIG1ha2UgbGludAogICAgICAtIG1ha2UgdGVzdAogICAgICAtIG1ha2UgY292ZXJhZ2UKICAgICAgLSBtYWtlIGJ1aWxkCiAgICAgICMgYnVpbGQgYmluYXJ5IGZvciBkb2NrZXIgaW1hZ2UKICAgICAgLSBtYWtlIHN0YXRpY19idWlsZAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICByZWxlYXNlOgogICAgaW1hZ2U6IGFwcGxlYm95L2dvbGFuZy10ZXN0aW5nCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgVEFHUzogbmV0Z28KICAgICAgR09QQVRIOiAvc3J2L2FwcAogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSByZWxlYXNlCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBkb2NrZXI6CiAgICBpbWFnZTogcGx1Z2lucy9kb2NrZXIKICAgIHJlcG86ICR7RFJPTkVfUkVQT30KICAgIHRhZ3M6IFsgJyR7RFJPTkVfVEFHfScgXQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZG9ja2VyOgogICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgICByZXBvOiAke0RST05FX1JFUE99CiAgICB0YWdzOiBbICdsYXRlc3QnIF0KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQogICAgICBicmFuY2g6IFsgbWFzdGVyIF0KCiAgZ2l0aHViOgogICAgaW1hZ2U6IHBsdWdpbnMvZ2l0aHViLXJlbGVhc2UKICAgIGZpbGVzOgogICAgICAtIGRpc3QvcmVsZWFzZS8qCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICAjIHJlYnVpbGQgdGhlIGNhY2hlIG9uIHRoZSBzZnRwIHNlcnZlcgogIHJlYnVpbGRfY2FjaGU6CiAgICBpbWFnZTogYXBwbGVib3kvZHJvbmUtc2Z0cC1jYWNoZQogICAgcmVidWlsZDogdHJ1ZQogICAgbW91bnQ6IFsgLmdsaWRlLCB2ZW5kb3IgXQogICAgaWdub3JlX2JyYW5jaDogdHJ1ZQogICAgd2hlbjoKICAgICAgYnJhbmNoOiBtYXN0ZXIK.iJq2DIBtHk-IH2ioZdNEkFcxDj-5mtNikSX66Jdt_pM
@@ -1,42 +0,0 @@
-# unifying the coding style for different editors and IDEs => editorconfig.org
-
-; indicate this is the root of the project
-root = true
-
-###########################################################
-; common
-###########################################################
-
-[*]
-charset = utf-8
-
-end_of_line = LF
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-indent_style = space
-indent_size = 2
-
-###########################################################
-; make
-###########################################################
-
-[Makefile]
-indent_style = tab
-
-[makefile]
-indent_style = tab
-
-###########################################################
-; markdown
-###########################################################
-
-[*.md]
-trim_trailing_whitespace = false
-
-###########################################################
-; golang
-###########################################################
-
-[*.go]
-indent_style = tab
@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://www.paypal.me/appleboy46']
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly
@@ -0,0 +1,54 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: "41 23 * * 6"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["go"]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
@@ -0,0 +1,103 @@
+name: Docker Image
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+  pull_request:
+    branches:
+      - "master"
+
+permissions:
+  contents: read
+  packages: write
+  security-events: write
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "^1"
+          check-latest: true
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Build binary
+        run: |
+          make build_docker
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: docker-meta
+        uses: docker/metadata-action@v6
+        with:
+          images: |
+            ${{ github.repository }}
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Build image for scanning
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: drone-scp:scan
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          image-ref: "drone-scp:scan"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "CRITICAL,HIGH"
+          exit-code: '1'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-image-results.sarif"
+          category: "trivy-docker-image"
+
+      - name: Build and push
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          file: docker/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker-meta.outputs.tags }}
+          labels: ${{ steps.docker-meta.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache,mode=max
@@ -0,0 +1,33 @@
+name: Goreleaser
+
+on:
+  push:
+    tags:
+      - "*"
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "^1"
+          check-latest: true
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v7
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,61 @@
+name: Lint and Testing
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Setup golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: v2.11
+          args: --verbose
+
+      - uses: hadolint/hadolint-action@v3.3.0
+        name: hadolint for Dockerfile
+        with:
+          dockerfile: docker/Dockerfile
+
+      # This step uses the Bearer GitHub Action to scan for sensitive data in the codebase.
+      # The 'uses' keyword specifies the action to be used, in this case, 'bearer/bearer-action' at version 'v2'.
+      # The 'with' keyword provides input parameters for the action:
+      # - 'diff: true' indicates that the action should only scan the changes in the current pull request or commit.
+      - name: Bearer
+        uses: bearer/bearer-action@v2
+        with:
+          diff: true
+
+  testing:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: ["1.25", "1.26"]
+    container:
+      image: golang:${{ matrix.go-version }}-alpine
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: setup sshd server
+        run: |
+          apk add git make curl perl bash build-base zlib-dev ucl-dev gpg
+          make ssh-server
+
+      - name: testing
+        run: |
+          make test
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5
@@ -0,0 +1,85 @@
+name: Trivy Security Scan
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    # Run daily at 00:00 UTC
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  trivy-repo-scan:
+    name: Trivy Repository Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Run Trivy vulnerability scanner (repo)
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          scan-type: "fs"
+          scan-ref: "."
+          format: "sarif"
+          output: "trivy-repo-results.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-repo-results.sarif"
+
+  trivy-image-scan:
+    name: Trivy Image Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Build binary
+        run: |
+          make build_docker
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Build Docker image for scanning
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: drone-scp:scan
+
+      - name: Run Trivy vulnerability scanner (image)
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          image-ref: "drone-scp:scan"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy image scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-image-results.sarif"
+          category: "trivy-image"
@@ -22,8 +22,11 @@ _testmain.go
 *.exe
 *.test
 *.prof
-vendor
 drone-scp
 coverage.txt
 .env
 dist
+.cover
+release
+bin
+.idea
@@ -0,0 +1,54 @@
+version: "2"
+linters:
+  enable:
+    - asciicheck
+    - durationcheck
+    - errorlint
+    - gosec
+    - misspell
+    - nakedret
+    - nilerr
+    - nolintlint
+    - perfsprint
+    - revive
+    - usestdlibvars
+    - wastedassign
+  settings:
+    gosec:
+      includes:
+        - G102
+        - G106
+        - G108
+        - G109
+        - G111
+        - G112
+        - G201
+        - G203
+    perfsprint:
+      int-conversion: true
+      err-error: true
+      errorf: true
+      sprintf1: true
+      strconcat: true
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
@@ -0,0 +1,123 @@
+before:
+  hooks:
+    - go mod tidy
+
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - darwin
+      - linux
+      - windows
+      - freebsd
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    goarm:
+      - "5"
+      - "6"
+      - "7"
+    ignore:
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: ppc64le
+      - goos: darwin
+        goarch: s390x
+      - goos: windows
+        goarch: ppc64le
+      - goos: windows
+        goarch: s390x
+      - goos: windows
+        goarch: arm
+        goarm: "5"
+      - goos: windows
+        goarch: arm
+        goarm: "6"
+      - goos: windows
+        goarch: arm
+        goarm: "7"
+      - goos: windows
+        goarch: arm64
+      - goos: freebsd
+        goarch: ppc64le
+      - goos: freebsd
+        goarch: s390x
+      - goos: freebsd
+        goarch: arm
+        goarm: "5"
+      - goos: freebsd
+        goarch: arm
+        goarm: "6"
+      - goos: freebsd
+        goarch: arm
+        goarm: "7"
+      - goos: freebsd
+        goarch: arm64
+    flags:
+      - -trimpath
+    ldflags:
+      - -s -w
+      - -X main.Version={{.Version}}
+    binary: >-
+      {{ .ProjectName }}-
+      {{- if .IsSnapshot }}{{ .Branch }}-
+      {{- else }}{{- .Version }}-{{ end }}
+      {{- .Os }}-
+      {{- if eq .Arch "amd64" }}amd64
+      {{- else if eq .Arch "amd64_v1" }}amd64
+      {{- else if eq .Arch "386" }}386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}-{{ .Arm }}{{ end }}
+    no_unique_dist_dir: true
+    hooks:
+      post:
+        - cmd: xz -k -9 {{ .Path }}
+          dir: ./dist/
+
+archives:
+  - format: binary
+    name_template: "{{ .Binary }}"
+    allow_different_binary_count: true
+
+checksum:
+  name_template: "checksums.txt"
+  extra_files:
+    - glob: ./**.xz
+
+snapshot:
+  name_template: "{{ incpatch .Version }}"
+
+release:
+  # You can add extra pre-existing files to the release.
+  # The filename on the release will be the last part of the path (base).
+  # If another file with the same name exists, the last one found will be used.
+  #
+  # Templates: allowed
+  extra_files:
+    - glob: ./**.xz
+
+changelog:
+  use: github
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: "Bug fixes"
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: "Enhancements"
+      regexp: "^.*chore[(\\w)]*:+.*$"
+      order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: "Build process updates"
+      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
+      order: 4
+    - title: "Documentation updates"
+      regexp: ^.*?docs?(\(.+\))??!?:.+$
+      order: 4
+    - title: Others
+      order: 999
@@ -0,0 +1,3 @@
+ignored:
+  - DL3018
+  - DL3008
@@ -1,30 +0,0 @@
-sudo: required
-language: go
-
-go:
-  - 1.6.x
-  - 1.7.x
-  - tip
-
-cache:
-  directories:
-    - vendor
-    - ${HOME}/.glide
-
-before_install:
-  - mkdir -p $GOPATH/bin
-  - curl https://glide.sh/get | sh
-  - sudo useradd -m -d /home/drone-scp -s /bin/bash drone-scp
-  - sudo mkdir -p /home/drone-scp/.ssh
-  - sudo chmod 700 /home/drone-scp/.ssh
-  - sudo cp tests/.ssh/id_rsa.pub /home/drone-scp/.ssh/authorized_keys
-  - sudo chown -R drone-scp /home/drone-scp/.ssh
-
-install:
-  - make dep_install
-
-script:
-  - make vet
-  - make lint
-  - make test
-  - make build
@@ -0,0 +1,302 @@
+---
+date: 2017-01-06T00:00:00+00:00
+title: SCP
+name: SCP
+description: Deploy artifacts using SSH/SCP
+author: appleboy
+tags: [ publish, ssh, scp ]
+logo: term.svg
+repo: appleboy/drone-scp
+image: appleboy/drone-scp
+containerImage: appleboy/drone-scp
+containerImageUrl: https://hub.docker.com/r/appleboy/drone-scp
+url: https://github.com/appleboy/drone-scp
+---
+
+The SCP plugin copy files and artifacts to target host machine via SSH. The below pipeline configuration demonstrates simple usage:
+
+```yaml
+- name: scp files
+  image: appleboy/drone-scp
+  settings:
+    host: example.com
+    username: foo
+    password: bar
+    port: 22
+    target: /var/www/deploy/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}
+    source: release.tar.gz
+```
+
+Example configuration with multiple source and target folder:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host: example.com
+      target:
+       - /home/deploy/web1
+       - /home/deploy/web2
+      source:
+       - release_1.tar.gz
+       - release_2.tar.gz
+```
+
+Example configuration with multiple host:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+-     host: example.com
+     host:
+       - example1.com
+       - example2.com
+      target: /home/deploy/web
+      source: release.tar.gz
+```
+
+Example configuration with wildcard pattern of source list:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      target: /home/deploy/web
+      source:
+-       - release/backend.tar.gz
+-       - release/images.tar.gz
+       - release/*.tar.gz
+```
+
+Remove target folder before copy files and artifacts to target:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      target: /home/deploy/web
+      source: release.tar.gz
+     rm: true
+```
+
+Example for remove the specified number of leading path elements:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host: example.com
+      target: /home/deploy/web
+      source: dist/release.tar.gz
+     strip_components: 1
+```
+
+Example configuration using ｀SSHProxyCommand｀:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      target: /home/deploy/web
+      source:
+        - release/*.tar.gz
+     proxy_host: 10.130.33.145
+     proxy_user: ubuntu
+     proxy_port: 22
+     proxy_password: 1234
+```
+
+Example configuration using password from secrets:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      user: ubuntu
+      port: 22
+-     password: 1234
+     password:
+       from_secret: ssh_password
+      target: /home/deploy/web
+      source:
+        - release/*.tar.gz
+```
+
+Example configuration using command timeout:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+      - example1.com
+      - example2.com
+      user: ubuntu
+      password:
+      from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
+     command_timeout: 2m
+      target: /home/deploy/web
+      source:
+      - release/*.tar.gz
+```
+
+Example configuration for ignore list:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      user: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+      command_timeout: 2m
+      target: /home/deploy/web
+      source:
+       - !release/README.md
+        - release/*
+```
+
+Example configuration for passphrase which protecting a private key:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      user: ubuntu
+     key:
+       from_secret: ssh_key
+     passphrase: 1234
+      port: 22
+      command_timeout: 2m
+      target: /home/deploy/web
+      source:
+        - release/*
+```
+
+## Parameter Reference
+
+host
+: target hostname or IP
+
+port
+: ssh port of target host
+
+username
+: account for target host user
+
+password
+: password for target host user
+
+key
+: plain text of user private key
+
+passphrase
+: The purpose of the passphrase is usually to encrypt the private key.
+
+fingerprint
+: fingerprint SHA256 of the host public key, default is to skip verification
+
+target
+: folder path of target host
+
+source
+: source lists you want to copy
+
+rm
+: remove target folder before copy files and artifacts
+
+timeout
+: Timeout is the maximum amount of time for the ssh connection to establish, default is 30 seconds.
+
+command_timeout
+: Command timeout is the maximum amount of time for the execute commands, default is 10 minutes.
+
+strip_components
+: remove the specified number of leading path elements
+
+tar_tmp_path
+: temporary path for tar file on the dest host
+
+tar_exec
+: alternative `tar` executable to on the dest host
+
+overwrite
+: use `--overwrite` flag with tar
+
+proxy_host
+: proxy hostname or IP
+
+proxy_port
+: ssh port of proxy host
+
+proxy_username
+: account for proxy host user
+
+proxy_password
+: password for proxy host user
+
+proxy_key
+: plain text of proxy private key
+
+proxy_key_path
+: key path of proxy private key
+
+proxy_passphrase
+: The purpose of the passphrase is usually to encrypt the private key.
+
+proxy_fingerprint
+: fingerprint SHA256 of the host public key, default is to skip verification
+
+## Template Reference
+
+repo.owner
+: repository owner
+
+repo.name
+: repository name
+
+build.status
+: build status type enumeration, either `success` or `failure`
+
+build.event
+: build event type enumeration, one of `push`, `pull_request`, `tag`, `deployment`
+
+build.number
+: build number
+
+build.commit
+: git sha for current commit
+
+build.branch
+: git branch for current commit
+
+build.tag
+: git tag for current commit
+
+build.ref
+: git ref for current commit
+
+build.author
+: git author for current commit
+
+build.link
+: link the the build results in drone
@@ -1,9 +0,0 @@
-FROM alpine:3.4
-
-RUN apk update && \
-  apk add ca-certificates && \
-  rm -rf /var/cache/apk/*
-
-ADD drone-scp /
-
-ENTRYPOINT ["/drone-scp"]
@@ -1,8 +0,0 @@
-FROM armhfbuild/alpine:3.4
-
-RUN apk update && \
-  apk add ca-certificates && \
-  rm -rf /var/cache/apk/*
-
-ADD drone-scp /bin/
-ENTRYPOINT ["/bin/drone-scp"]
@@ -1,17 +1,8 @@
-.PHONY: test drone-scp build fmt vet errcheck lint install update release-dirs release-build release-copy release-check release coverage
-
-DIST := dist
 EXECUTABLE := drone-scp
-
-# for dockerhub
-DEPLOY_ACCOUNT := appleboy
-DEPLOY_IMAGE := $(EXECUTABLE)
-
-TARGETS ?= linux darwin windows
-PACKAGES ?= $(shell go list ./... | grep -v /vendor/)
-SOURCES ?= $(shell find . -name "*.go" -type f)
-TAGS ?=
-LDFLAGS += -X 'main.Version=$(VERSION)'
+GOFMT ?= gofumpt -l -s -w
+GO ?= go
+GOFILES := $(shell find . -name "*.go" -type f)
+HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )

 ifneq ($(shell uname), Darwin)
 	EXTLDFLAGS = -extldflags "-static" $(null)
@@ -19,96 +10,97 @@ else
 	EXTLDFLAGS =
 endif

+ifeq ($(HAS_GO), GO)
+	GOPATH ?= $(shell $(GO) env GOPATH)
+	export PATH := $(GOPATH)/bin:$(PATH)
+
+	CGO_EXTRA_CFLAGS := -DSQLITE_MAX_VARIABLE_NUMBER=32766
+	CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
+endif
+
+ifeq ($(OS), Windows_NT)
+	GOFLAGS := -v -buildmode=exe
+	EXECUTABLE ?= $(EXECUTABLE).exe
+else ifeq ($(OS), Windows)
+	GOFLAGS := -v -buildmode=exe
+	EXECUTABLE ?= $(EXECUTABLE).exe
+else
+	GOFLAGS := -v
+	EXECUTABLE ?= $(EXECUTABLE)
+endif
+
 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(DRONE_TAG)
 else
 	VERSION ?= $(shell git describe --tags --always || git rev-parse --short HEAD)
 endif

+TAGS ?=
+LDFLAGS ?= -X 'main.Version=$(VERSION)'
+
 all: build

-fmt:
-	find . -name "*.go" -type f -not -path "./vendor/*" | xargs gofmt -s -w
+.PHONY: help
+help: ## Print this help message.
+	@echo "Usage: make [target]"
+	@echo ""
+	@echo "Targets:"
+	@echo ""
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

-vet:
-	go vet $(PACKAGES)
-
-errcheck:
-	@which errcheck > /dev/null; if [ $$? -ne 0 ]; then \
-		go get -u github.com/kisielk/errcheck; \
+fmt: ## Format the code
+	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install mvdan.cc/gofumpt@latest; \
 	fi
-	errcheck $(PACKAGES)
+	$(GOFMT) -w $(GOFILES)

-lint:
-	@which golint > /dev/null; if [ $$? -ne 0 ]; then \
-		go get -u github.com/golang/lint/golint; \
+vet: ## Run go vet
+	$(GO) vet ./...
+
+.PHONY: fmt-check
+fmt-check: ## Check if the code is formatted
+	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install mvdan.cc/gofumpt; \
 	fi
-	for PKG in $(PACKAGES); do golint -set_exit_status $$PKG || exit 1; done;
+	@diff=$$($(GOFMT) -d $(GOFILES)); \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make fmt' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi;

-test:
-	for PKG in $(PACKAGES); do go test -v -cover -coverprofile $$GOPATH/src/$$PKG/coverage.txt $$PKG || exit 1; done;
+test: ## Run tests
+	@$(GO) test -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1

-html:
-	go tool cover -html=coverage.txt
+install: $(GOFILES) ## Install the package
+	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'

-dep_install:
-	glide install
+build: $(EXECUTABLE) ## Build the package

-dep_update:
-	glide up
+$(EXECUTABLE): $(GOFILES) ## Build the package
+	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o bin/$@

-install: $(SOURCES)
-	go install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
+build_docker:
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/amd64/$(DEPLOY_IMAGE)
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/arm64/$(DEPLOY_IMAGE)

-build: $(EXECUTABLE)
+ssh-server: ## Run ssh server
+	adduser -h /home/drone-scp -s /bin/sh -D -S drone-scp
+	echo drone-scp:1234 | chpasswd
+	mkdir -p /home/drone-scp/.ssh
+	chmod 700 /home/drone-scp/.ssh
+	cat tests/.ssh/id_rsa.pub >> /home/drone-scp/.ssh/authorized_keys
+	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
+	chmod 600 /home/drone-scp/.ssh/authorized_keys
+	chown -R drone-scp /home/drone-scp/.ssh
+	apk add --update openssh openrc
+	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
+	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
+	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress ::/ListenAddress ::/g' /etc/ssh/sshd_config
+	./tests/entrypoint.sh /usr/sbin/sshd -D &

-$(EXECUTABLE): $(SOURCES)
-	go build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
-
-release: release-dirs release-build release-copy release-check
-
-release-dirs:
-	mkdir -p $(DIST)/binaries $(DIST)/release
-
-release-build:
-	@which gox > /dev/null; if [ $$? -ne 0 ]; then \
-		go get -u github.com/mitchellh/gox; \
-	fi
-	gox -os="$(TARGETS)" -arch="amd64 386" -tags="$(TAGS)" -ldflags="-s -w $(LDFLAGS)" -output="$(DIST)/binaries/$(EXECUTABLE)-$(VERSION)-{{.OS}}-{{.Arch}}"
-
-release-copy:
-	$(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),cp $(file) $(DIST)/release/$(notdir $(file));)
-
-release-check:
-	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/release/$(EXECUTABLE)-*),sha256sum $(notdir $(file)) > $(notdir $(file)).sha256;)
-
-# for docker.
-static_build:
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $(DEPLOY_IMAGE)
-
-docker_image:
-	docker build -t $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE) .
-
-docker: static_build docker_image
-
-docker_deploy:
-ifeq ($(tag),)
-	@echo "Usage: make $@ tag=<tag>"
-	@exit 1
-endif
-	# deploy image
-	docker tag $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):latest $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)
-	docker push $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)
-
-coverage:
-	sed -i '/main.go/d' coverage.txt
-	curl -s https://codecov.io/bash > .codecov && \
-	chmod +x .codecov && \
-	./.codecov -f coverage.txt
-
-clean:
-	go clean -x -i ./...
-	rm -rf coverage.txt $(EXECUTABLE) $(DIST) vendor
-
-version:
-	@echo $(VERSION)
+clean: ## Clean the build
+	$(GO) clean -x -i ./...
+	rm -rf coverage.txt $(EXECUTABLE)
@@ -1,83 +1,126 @@
 # drone-scp

-[![GoDoc](https://godoc.org/github.com/appleboy/drone-scp?status.svg)](https://godoc.org/github.com/appleboy/drone-scp) [![Build Status](http://drone.wu-boy.com/api/badges/appleboy/drone-scp/status.svg)](http://drone.wu-boy.com/appleboy/drone-scp) [![codecov](https://codecov.io/gh/appleboy/drone-scp/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-scp) [![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-scp)](https://goreportcard.com/report/github.com/appleboy/drone-scp) [![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-scp.svg)](https://hub.docker.com/r/appleboy/drone-scp/) [![](https://images.microbadger.com/badges/image/appleboy/drone-scp.svg)](https://microbadger.com/images/appleboy/drone-scp "Get your own image badge on microbadger.com")
+[繁體中文](README.zh-tw.md) | [簡體中文](README.zh-cn.md)

-[Drone](https://github.com/drone/drone) plugin to copy files and artifacts via SSH. 
+[![GoDoc](https://godoc.org/github.com/appleboy/drone-scp?status.svg)](https://godoc.org/github.com/appleboy/drone-scp)
+[![Lint and Testing](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml/badge.svg)](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml)
+[![Trivy Security Scan](https://github.com/appleboy/drone-scp/actions/workflows/trivy.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-scp/actions/workflows/trivy.yml)
+[![codecov](https://codecov.io/gh/appleboy/drone-scp/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-scp)
+[![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-scp)](https://goreportcard.com/report/github.com/appleboy/drone-scp)
+[![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-scp.svg)](https://hub.docker.com/r/appleboy/drone-scp/)

-## Feature
+Securely transfer files and artifacts via SSH using a standalone binary, Docker container, or [Drone CI](http://docs.drone.io/) integration.

-* [x] Support routines.
-* [x] Support send files to multiple host.
-* [x] Support send files to multiple target folder on host.
-* [x] Support load ssh key from absolute path or raw body.
+## Features
+
+- [x] Parallel file transfer with multiple routines
+- [x] Support for wildcard patterns in source file selection
+- [x] Ability to transfer files to multiple destination hosts
+- [x] Support for multiple target directories on each host
+- [x] Flexible SSH key authentication via file path or raw content
+- [x] Advanced networking with SSH ProxyCommand support
+
+```sh
+--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
+--------+       +----------+      +-----------+
+
+                   OR
+
+--------+       +----------+      +-----------+
+| Laptop | <-->  | Firewall | <--> | FooServer |
+--------+       +----------+      +-----------+
+192.168.1.5       121.1.2.3         10.10.29.68
+```
+
+## Breaking changes
+
+`v1.5.0`: change command timeout flag to `Duration`. See the following setting:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      username: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
+     command_timeout: 2m
+      target: /home/deploy/web
+      source:
+        - release/*.tar.gz
+```

 ## Build or Download a binary

 The pre-compiled binaries can be downloaded from [release page](https://github.com/appleboy/drone-scp/releases). Support the following OS type.

-* Windows amd64/386
-* Linux amd64/386
-* Darwin amd64/386
+- Windows amd64/386
+- Linux arm/amd64/386
+- Darwin amd64/386

 With `Go` installed

+```sh
+export GO111MODULE=on
+go get -u -v github.com/appleboy/drone-scp
 ```
-$ go get -u -v github.com/appleboy/drone-scp
-``` 

 or build the binary with the following command:

-```
-$ make build
+```sh
+export GOOS=linux
+export GOARCH=amd64
+export CGO_ENABLED=0
+export GO111MODULE=on
+
+go test -cover ./...
+
+go build -v -a -tags netgo -o release/linux/amd64/drone-scp .
 ```

 ## Docker

 Build the docker image with the following commands:

-```
-$ make docker
-```
-
-Please note incorrectly building the image for the correct x64 linux and with
-CGO disabled will result in an error when running the Docker image:
-
-```
-docker: Error response from daemon: Container command
-'/bin/drone-scp' not found or does not exist..
+```sh
+make docker
 ```

 ## Usage

 There are three ways to send notification.

-* [usage from binary](#usage-from-binary)
-* [usage from docker](#usage-from-docker)
-* [usage from drone ci](#usage-from-drone-ci)
+- [usage from binary](#usage-from-binary)
+- [usage from docker](#usage-from-docker)
+- [usage from drone ci](#usage-from-drone-ci)

-<a name="usage-from-binary"></a>
 ### Usage from binary

 #### Using public key

 ```bash
-drone-scp --host=example.com \
-  --port=22 \
-  --username=appleboy \
-  --key-path="${HOME}/.ssh/id_rsa" \
-  --target=/home/appleboy/test \
-  --source=your_local_folder_path
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --key-path "${HOME}/.ssh/id_rsa" \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
 ```

 #### Using password

 ```diff
-drone-scp --host=example.com \
-  --port=22 \
-  --username=appleboy \
-+  --password=xxxxxxx \
-  --target=/home/appleboy/test \
-  --source=your_local_folder_path
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+ --password xxxxxxx \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
 ```

 #### Using ssh-agent
@@ -90,38 +133,37 @@ eval `ssh-agent -s`

 Import your local public key `~/.ssh/id_rsa`

-```bash
-$ ssh-add
+```sh
+ssh-add
 ```

 You don't need to add `--password` or `--key-path` arguments.

 ```bash
-drone-scp --host=example.com \
-  --port=22 \
-  --username=appleboy \
-  --target=/home/appleboy/test \
-  --source=your_local_folder_path
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
 ```

 #### Send multiple source or target folder and hosts

 ```diff
-drone-scp --host=example1.com \
-+  --host=example2.com \
-  --port=22 \
-  --username=appleboy \
-  --password= xxxxxxx
-  --target=/home/appleboy/test1 \
-+  --target=/home/appleboy/test2 \
-  --source=your_local_folder_path_1
-+  --source=your_local_folder_path_2
+drone-scp --host example1.com \
+ --host example2.com \
+  --port 22 \
+  --username appleboy \
+  --password  xxxxxxx
+  --target /home/appleboy/test1 \
+ --target /home/appleboy/test2 \
+  --source your_local_folder_path_1
+ --source your_local_folder_path_2
 ```

-<a name="usage-from-docker"></a>
 ### Usage from docker

-#### Using public key
+Using public key

 ```bash
 docker run --rm \
@@ -136,14 +178,14 @@ docker run --rm \
  appleboy/drone-scp
 ```

-#### Using password
+Using password

 ```diff
 docker run --rm \
  -e SCP_HOST=example.com \
  -e SCP_USERNAME=xxxxxxx \
  -e SCP_PORT=22 \
-+  -e SCP_PASSWORD="xxxxxxx"
+ -e SCP_PASSWORD="xxxxxxx"
  -e SCP_SOURCE=SOURCE_FILE_LIST \
  -e SCP_TARGET=TARGET_FOLDER_PATH \
  -v $(pwd):$(pwd) \
@@ -151,9 +193,7 @@ docker run --rm \
  appleboy/drone-scp
 ```

-#### Using ssh-agent
-
-Start your local ssh agent:
+Using ssh-agent, start your local ssh agent:

 ```bash
 eval `ssh-agent -s`
@@ -161,11 +201,11 @@ eval `ssh-agent -s`

 Import your local public key `~/.ssh/id_rsa`

-```bash
-$ ssh-add
+```sh
+ssh-add
 ```

-You don't need to add `SCP_PASSWORD` or `SCP_KEY_PATH ` arguments.
+You don't need to add `SCP_PASSWORD` or `SCP_KEY_PATH` arguments.

 ```bash
 docker run --rm \
@@ -179,7 +219,7 @@ docker run --rm \
  appleboy/drone-scp
 ```

-#### Send multiple source or target folder and hosts
+Send multiple source or target folder and hosts

 ```bash
 docker run --rm \
@@ -194,7 +234,6 @@ docker run --rm \
  appleboy/drone-scp
 ```

-<a name="usage-from-drone-ci"></a>
 ### Usage from drone ci

 Execute from the working directory:
@@ -205,28 +244,21 @@ docker run --rm \
  -e PLUGIN_USERNAME=xxxxxxx \
  -e PLUGIN_PASSWORD=xxxxxxx \
  -e PLUGIN_PORT=xxxxxxx \
-  -e PLUGIN_KEY="$(cat ${HOME}/.ssh/id_rsa)"
  -e PLUGIN_SOURCE=SOURCE_FILE_LIST \
  -e PLUGIN_TARGET=TARGET_FOLDER_PATH \
  -e PLUGIN_RM=false \
-  -e PLUGIN_DEBUG=false \
-  -e DRONE_REPO_OWNER=appleboy \
-  -e DRONE_REPO_NAME=go-hello \
-  -e DRONE_COMMIT_SHA=e5e82b5eb3737205c25955dcc3dcacc839b7be52 \
-  -e DRONE_COMMIT_BRANCH=master \
-  -e DRONE_COMMIT_AUTHOR=appleboy \
-  -e DRONE_BUILD_NUMBER=1 \
-  -e DRONE_BUILD_STATUS=success \
-  -e DRONE_BUILD_LINK=http://github.com/appleboy/go-hello \
+  -e PLUGIN_DEBUG=true \
  -v $(pwd):$(pwd) \
  -w $(pwd) \
  appleboy/drone-scp
 ```

+You can get more [information](http://plugins.drone.io/appleboy/drone-scp/) about how to use scp in drone.
+
 ## Testing

 Test the package with the following command:

+```sh
+make test
 ```
-$ make test
-```
@@ -0,0 +1,265 @@
+# drone-scp
+
+[English](README.md) | [繁體中文](README.zh-tw.md)
+
+[![GoDoc](https://godoc.org/github.com/appleboy/drone-scp?status.svg)](https://godoc.org/github.com/appleboy/drone-scp)
+[![Lint and Testing](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml/badge.svg)](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml)
+[![codecov](https://codecov.io/gh/appleboy/drone-scp/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-scp)
+[![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-scp)](https://goreportcard.com/report/github.com/appleboy/drone-scp)
+[![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-scp.svg)](https://hub.docker.com/r/appleboy/drone-scp/)
+
+复制文件和工件通过 SSH 使用二进制文件、docker 或 [Drone CI](http://docs.drone.io/)。
+
+[English](README.md) | [繁體中文](README.zh-tw.md)
+
+## 功能
+
+- [x] 支持例程。
+- [x] 支持来源列表中的通配符模式。
+- [x] 支持将文件发送到多个主机。
+- [x] 支持将文件发送到主机上的多个目标文件夹。
+- [x] 支持从绝对路径或原始主体加载 ssh 密钥。
+- [x] 支持 SSH ProxyCommand。
+
+```sh
+--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
+--------+       +----------+      +-----------+
+
+                   OR
+
+--------+       +----------+      +-----------+
+| Laptop | <-->  | Firewall | <--> | FooServer |
+--------+       +----------+      +-----------+
+192.168.1.5       121.1.2.3         10.10.29.68
+```
+
+## Breaking changes
+
+`v1.5.0`: change command timeout flag to `Duration`. See the following setting:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      username: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
+     command_timeout: 2m
+      target: /home/deploy/web
+      source:
+        - release/*.tar.gz
+```
+
+## Build or Download a binary
+
+The pre-compiled binaries can be downloaded from [release page](https://github.com/appleboy/drone-scp/releases). Support the following OS type.
+
+- Windows amd64/386
+- Linux arm/amd64/386
+- Darwin amd64/386
+
+With `Go` installed
+
+```sh
+export GO111MODULE=on
+go get -u -v github.com/appleboy/drone-scp
+```
+
+or build the binary with the following command:
+
+```sh
+export GOOS=linux
+export GOARCH=amd64
+export CGO_ENABLED=0
+export GO111MODULE=on
+
+go test -cover ./...
+
+go build -v -a -tags netgo -o release/linux/amd64/drone-scp .
+```
+
+## Docker
+
+Build the docker image with the following commands:
+
+```sh
+make docker
+```
+
+## Usage
+
+There are three ways to send notification.
+
+- [usage from binary](#usage-from-binary)
+- [usage from docker](#usage-from-docker)
+- [usage from drone ci](#usage-from-drone-ci)
+
+### Usage from binary
+
+#### Using public key
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --key-path "${HOME}/.ssh/id_rsa" \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using password
+
+```diff
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+ --password xxxxxxx \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using ssh-agent
+
+Start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `--password` or `--key-path` arguments.
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Send multiple source or target folder and hosts
+
+```diff
+drone-scp --host example1.com \
+ --host example2.com \
+  --port 22 \
+  --username appleboy \
+  --password  xxxxxxx
+  --target /home/appleboy/test1 \
+ --target /home/appleboy/test2 \
+  --source your_local_folder_path_1
+ --source your_local_folder_path_2
+```
+
+### Usage from docker
+
+Using public key
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_KEY_PATH="${HOME}/.ssh/id_rsa"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using password
+
+```diff
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+ -e SCP_PASSWORD="xxxxxxx"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using ssh-agent, start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `SCP_PASSWORD` or `SCP_KEY_PATH` arguments.
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Send multiple source or target folder and hosts
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example1.com,example2.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PASSWORD=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST_1,SOURCE_FILE_LIST_2 \
+  -e SCP_TARGET=TARGET_FOLDER_PATH_1,TARGET_FOLDER_PATH_2 \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+### Usage from drone ci
+
+Execute from the working directory:
+
+```bash
+docker run --rm \
+  -e PLUGIN_HOST=example.com \
+  -e PLUGIN_USERNAME=xxxxxxx \
+  -e PLUGIN_PASSWORD=xxxxxxx \
+  -e PLUGIN_PORT=xxxxxxx \
+  -e PLUGIN_SOURCE=SOURCE_FILE_LIST \
+  -e PLUGIN_TARGET=TARGET_FOLDER_PATH \
+  -e PLUGIN_RM=false \
+  -e PLUGIN_DEBUG=true \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+You can get more [information](http://plugins.drone.io/appleboy/drone-scp/) about how to use scp in drone.
+
+## Testing
+
+Test the package with the following command:
+
+```sh
+make test
+```
@@ -0,0 +1,265 @@
+# drone-scp
+
+[English](README.md) | [簡體中文](README.zh-cn.md)
+
+[![GoDoc](https://godoc.org/github.com/appleboy/drone-scp?status.svg)](https://godoc.org/github.com/appleboy/drone-scp)
+[![Lint and Testing](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml/badge.svg)](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml)
+[![codecov](https://codecov.io/gh/appleboy/drone-scp/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-scp)
+[![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-scp)](https://goreportcard.com/report/github.com/appleboy/drone-scp)
+[![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-scp.svg)](https://hub.docker.com/r/appleboy/drone-scp/)
+
+複製檔案和工件通過 SSH 使用二進制檔案、docker 或 [Drone CI](http://docs.drone.io/)。
+
+[English](README.md) | [簡體中文](README.zh-cn.md)
+
+## 功能
+
+- [x] 支援例程。
+- [x] 支援來源列表中的萬用字元模式。
+- [x] 支援將檔案發送到多個主機。
+- [x] 支援將檔案發送到主機上的多個目標資料夾。
+- [x] 支援從絕對路徑或原始主體載入 ssh 金鑰。
+- [x] 支援 SSH ProxyCommand。
+
+```sh
+--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
+--------+       +----------+      +-----------+
+
+                   OR
+
+--------+       +----------+      +-----------+
+| Laptop | <-->  | Firewall | <--> | FooServer |
+--------+       +----------+      +-----------+
+192.168.1.5       121.1.2.3         10.10.29.68
+```
+
+## Breaking changes
+
+`v1.5.0`: change command timeout flag to `Duration`. See the following setting:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      username: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
+     command_timeout: 2m
+      target: /home/deploy/web
+      source:
+        - release/*.tar.gz
+```
+
+## Build or Download a binary
+
+The pre-compiled binaries can be downloaded from [release page](https://github.com/appleboy/drone-scp/releases). Support the following OS type.
+
+- Windows amd64/386
+- Linux arm/amd64/386
+- Darwin amd64/386
+
+With `Go` installed
+
+```sh
+export GO111MODULE=on
+go get -u -v github.com/appleboy/drone-scp
+```
+
+or build the binary with the following command:
+
+```sh
+export GOOS=linux
+export GOARCH=amd64
+export CGO_ENABLED=0
+export GO111MODULE=on
+
+go test -cover ./...
+
+go build -v -a -tags netgo -o release/linux/amd64/drone-scp .
+```
+
+## Docker
+
+Build the docker image with the following commands:
+
+```sh
+make docker
+```
+
+## Usage
+
+There are three ways to send notification.
+
+- [usage from binary](#usage-from-binary)
+- [usage from docker](#usage-from-docker)
+- [usage from drone ci](#usage-from-drone-ci)
+
+### Usage from binary
+
+#### Using public key
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --key-path "${HOME}/.ssh/id_rsa" \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using password
+
+```diff
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+ --password xxxxxxx \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using ssh-agent
+
+Start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `--password` or `--key-path` arguments.
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Send multiple source or target folder and hosts
+
+```diff
+drone-scp --host example1.com \
+ --host example2.com \
+  --port 22 \
+  --username appleboy \
+  --password  xxxxxxx
+  --target /home/appleboy/test1 \
+ --target /home/appleboy/test2 \
+  --source your_local_folder_path_1
+ --source your_local_folder_path_2
+```
+
+### Usage from docker
+
+Using public key
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_KEY_PATH="${HOME}/.ssh/id_rsa"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using password
+
+```diff
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+ -e SCP_PASSWORD="xxxxxxx"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using ssh-agent, start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `SCP_PASSWORD` or `SCP_KEY_PATH` arguments.
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Send multiple source or target folder and hosts
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example1.com,example2.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PASSWORD=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST_1,SOURCE_FILE_LIST_2 \
+  -e SCP_TARGET=TARGET_FOLDER_PATH_1,TARGET_FOLDER_PATH_2 \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+### Usage from drone ci
+
+Execute from the working directory:
+
+```bash
+docker run --rm \
+  -e PLUGIN_HOST=example.com \
+  -e PLUGIN_USERNAME=xxxxxxx \
+  -e PLUGIN_PASSWORD=xxxxxxx \
+  -e PLUGIN_PORT=xxxxxxx \
+  -e PLUGIN_SOURCE=SOURCE_FILE_LIST \
+  -e PLUGIN_TARGET=TARGET_FOLDER_PATH \
+  -e PLUGIN_RM=false \
+  -e PLUGIN_DEBUG=true \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+You can get more [information](http://plugins.drone.io/appleboy/drone-scp/) about how to use scp in drone.
+
+## Testing
+
+Test the package with the following command:
+
+```sh
+make test
+```
@@ -0,0 +1,29 @@
+disable-version-check: false
+log-level: info
+report:
+  fail-on-severity: critical,high,medium,low
+  format: ""
+  no-color: false
+  output: ""
+  report: security
+  severity: critical,high,medium,low,warning
+rule:
+  disable-default-rules: false
+  only-rule: []
+  skip-rule: ["go_lang_logger_leak"]
+scan:
+  context: ""
+  data_subject_mapping: ""
+  disable-domain-resolution: true
+  domain-resolution-timeout: 3s
+  exit-code: -1
+  external-rule-dir: []
+  force: false
+  hide_progress_bar: false
+  internal-domains: []
+  parallel: 0
+  quiet: false
+  scanner:
+    - sast
+  skip-path: []
+  skip-test: true
@@ -0,0 +1,29 @@
+package main
+
+// This function returns the appropriate command for removing a file/directory based on the operating system.
+func rmcmd(os, target string) string {
+	switch os {
+	case "windows":
+		// On Windows, use DEL command to delete files and folders recursively
+		return "DEL /F /S " + target
+	case "unix":
+		// On Unix-based systems, use rm command to delete files and folders recursively
+		return "rm -rf " + target
+	}
+	// Return an empty string if the operating system is not recognized
+	return ""
+}
+
+// This function returns the appropriate command for creating a directory based on the operating system.
+func mkdircmd(os, target string) string {
+	switch os {
+	case "windows":
+		// On Windows, use mkdir command to create directory and check if it exists
+		return "if not exist " + target + " mkdir " + target
+	case "unix":
+		// On Unix-based systems, use mkdir command with -p option to create directories recursively
+		return "mkdir -p " + target
+	}
+	// Return an empty string if the operating system is not recognized
+	return ""
+}
@@ -0,0 +1,42 @@
+package main
+
+import "testing"
+
+// Unit tests for rmcmd and mkdircmd
+func TestCommands(t *testing.T) {
+	// Test rmcmd on Windows
+	os1 := "windows"
+	target1 := "C:\\path\\to\\file"
+	expected1 := "DEL /F /S " + target1
+	actual1 := rmcmd(os1, target1)
+	if actual1 != expected1 {
+		t.Errorf("rmcmd(%s, %s) = %s; expected %s", os1, target1, actual1, expected1)
+	}
+
+	// Test rmcmd on Unix-based system
+	os2 := "unix"
+	target2 := "/path/to/folder"
+	expected2 := "rm -rf " + target2
+	actual2 := rmcmd(os2, target2)
+	if actual2 != expected2 {
+		t.Errorf("rmcmd(%s, %s) = %s; expected %s", os2, target2, actual2, expected2)
+	}
+
+	// Test mkdircmd on Windows
+	os3 := "windows"
+	target3 := "C:\\path\\to\\folder"
+	expected3 := "if not exist " + target3 + " mkdir " + target3
+	actual3 := mkdircmd(os3, target3)
+	if actual3 != expected3 {
+		t.Errorf("mkdircmd(%s, %s) = %s; expected %s", os3, target3, actual3, expected3)
+	}
+
+	// Test mkdircmd on Unix-based system
+	os4 := "unix"
+	target4 := "/path/to/folder"
+	expected4 := "mkdir -p " + target4
+	actual4 := mkdircmd(os4, target4)
+	if actual4 != expected4 {
+		t.Errorf("mkdircmd(%s, %s) = %s; expected %s", os4, target4, actual4, expected4)
+	}
+}
@@ -0,0 +1,34 @@
+FROM alpine:3.21
+
+ARG TARGETOS
+ARG TARGETARCH
+
+LABEL maintainer="Bo-Yi Wu <appleboy.tw@gmail.com>"
+
+LABEL org.opencontainers.image.source=https://github.com/appleboy/drone-scp
+LABEL org.opencontainers.image.description="Copy files and artifacts via SSH"
+LABEL org.opencontainers.image.licenses=MIT
+
+RUN apk add --no-cache ca-certificates && \
+  rm -rf /var/cache/apk/*
+
+RUN addgroup \
+  -S -g 1000 \
+  deploy && \
+  adduser \
+  -S -H -D \
+  -h /home/deploy \
+  -s /bin/sh \
+  -u 1000 \
+  -G deploy \
+  deploy
+
+RUN mkdir -p /home/deploy && \
+  chown deploy:deploy /home/deploy
+
+# deploy:deploy
+USER 1000:1000
+
+COPY release/${TARGETOS}/${TARGETARCH}/drone-scp /bin/
+
+ENTRYPOINT ["/bin/drone-scp"]
@@ -1,197 +0,0 @@
-// Package easyssh provides a simple implementation of some SSH protocol
-// features in Go. You can simply run a command on a remote server or get a file
-// even simpler than native console SSH client. You don't need to think about
-// Dials, sessions, defers, or public keys... Let easyssh think about it!
-package easyssh
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"os"
-	"path/filepath"
-
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/agent"
-)
-
-// MakeConfig Contains main authority information.
-// User field should be a name of user on remote server (ex. john in ssh john@example.com).
-// Server field should be a remote machine address (ex. example.com in ssh john@example.com)
-// Key is a path to private key on your local machine.
-// Port is SSH server port on remote machine.
-// Note: easyssh looking for private key in user's home directory (ex. /home/john + Key).
-// Then ensure your Key begins from '/' (ex. /.ssh/id_rsa)
-type MakeConfig struct {
-	User     string
-	Server   string
-	Key      string
-	KeyPath  string
-	Port     string
-	Password string
-}
-
-// returns ssh.Signer from user you running app home path + cutted key path.
-// (ex. pubkey,err := getKeyFile("/.ssh/id_rsa") )
-func getKeyFile(keypath string) (ssh.Signer, error) {
-	buf, err := ioutil.ReadFile(keypath)
-	if err != nil {
-		return nil, err
-	}
-
-	pubkey, err := ssh.ParsePrivateKey(buf)
-	if err != nil {
-		return nil, err
-	}
-
-	return pubkey, nil
-}
-
-// connects to remote server using MakeConfig struct and returns *ssh.Session
-func (ssh_conf *MakeConfig) connect() (*ssh.Session, error) {
-	// auths holds the detected ssh auth methods
-	auths := []ssh.AuthMethod{}
-
-	// figure out what auths are requested, what is supported
-	if ssh_conf.Password != "" {
-		auths = append(auths, ssh.Password(ssh_conf.Password))
-	}
-
-	if sshAgent, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")); err == nil {
-		auths = append(auths, ssh.PublicKeysCallback(agent.NewClient(sshAgent).Signers))
-		defer sshAgent.Close()
-	}
-
-	if ssh_conf.KeyPath != "" {
-		if pubkey, err := getKeyFile(ssh_conf.KeyPath); err == nil {
-			auths = append(auths, ssh.PublicKeys(pubkey))
-		}
-	}
-
-	if ssh_conf.Key != "" {
-		signer, _ := ssh.ParsePrivateKey([]byte(ssh_conf.Key))
-		auths = append(auths, ssh.PublicKeys(signer))
-	}
-
-	config := &ssh.ClientConfig{
-		User: ssh_conf.User,
-		Auth: auths,
-	}
-
-	client, err := ssh.Dial("tcp", ssh_conf.Server+":"+ssh_conf.Port, config)
-	if err != nil {
-		return nil, err
-	}
-
-	session, err := client.NewSession()
-	if err != nil {
-		return nil, err
-	}
-
-	return session, nil
-}
-
-// Stream returns one channel that combines the stdout and stderr of the command
-// as it is run on the remote machine, and another that sends true when the
-// command is done. The sessions and channels will then be closed.
-func (ssh_conf *MakeConfig) Stream(command string) (output chan string, done chan bool, err error) {
-	// connect to remote host
-	session, err := ssh_conf.connect()
-	if err != nil {
-		return output, done, err
-	}
-	// connect to both outputs (they are of type io.Reader)
-	outReader, err := session.StdoutPipe()
-	if err != nil {
-		return output, done, err
-	}
-	errReader, err := session.StderrPipe()
-	if err != nil {
-		return output, done, err
-	}
-	// combine outputs, create a line-by-line scanner
-	outputReader := io.MultiReader(outReader, errReader)
-	err = session.Start(command)
-	scanner := bufio.NewScanner(outputReader)
-	// continuously send the command's output over the channel
-	outputChan := make(chan string)
-	done = make(chan bool)
-	go func(scanner *bufio.Scanner, out chan string, done chan bool) {
-		defer close(outputChan)
-		defer close(done)
-		for scanner.Scan() {
-			outputChan <- scanner.Text()
-		}
-		// close all of our open resources
-		done <- true
-		session.Close()
-	}(scanner, outputChan, done)
-	return outputChan, done, err
-}
-
-// Run command on remote machine and returns its stdout as a string
-func (ssh_conf *MakeConfig) Run(command string) (outStr string, err error) {
-	outChan, doneChan, err := ssh_conf.Stream(command)
-	if err != nil {
-		return outStr, err
-	}
-	// read from the output channel until the done signal is passed
-	stillGoing := true
-	for stillGoing {
-		select {
-		case <-doneChan:
-			stillGoing = false
-		case line := <-outChan:
-			outStr += line + "\n"
-		}
-	}
-	// return the concatenation of all signals from the output channel
-	return outStr, err
-}
-
-// Scp uploads sourceFile to remote machine like native scp console app.
-func (ssh_conf *MakeConfig) Scp(sourceFile string) error {
-	session, err := ssh_conf.connect()
-
-	if err != nil {
-		return err
-	}
-	defer session.Close()
-
-	targetFile := filepath.Base(sourceFile)
-
-	src, srcErr := os.Open(sourceFile)
-
-	if srcErr != nil {
-		return srcErr
-	}
-
-	srcStat, statErr := src.Stat()
-
-	if statErr != nil {
-		return statErr
-	}
-
-	go func() {
-		w, _ := session.StdinPipe()
-
-		fmt.Fprintln(w, "C0644", srcStat.Size(), targetFile)
-
-		if srcStat.Size() > 0 {
-			io.Copy(w, src)
-			fmt.Fprint(w, "\x00")
-			w.Close()
-		} else {
-			fmt.Fprint(w, "\x00")
-			w.Close()
-		}
-	}()
-
-	if err := session.Run(fmt.Sprintf("scp -t %s", targetFile)); err != nil {
-		return err
-	}
-
-	return nil
-}
@@ -1,34 +0,0 @@
-hash: 324c76f4ece1989f584ec84aab8252020da4dcbc20e38990465a9a0b7400f8ec
-updated: 2016-12-28T15:52:54.896825557+08:00
-imports:
- name: github.com/appleboy/com
-  version: c2e1fea1b771a26cb55774843ebd8955d723ee4e
-  subpackages:
-  - random
- name: github.com/joho/godotenv
-  version: a01a834e1654b4c9ca5b3ad05159445cc9c7ad08
-  subpackages:
-  - autoload
- name: github.com/urfave/cli
-  version: 0bdeddeeb0f650497d603c4ad7b20cfe685682f6
- name: golang.org/x/crypto
-  version: c2f4947f41766b144bb09066e919466da5eddeae
-  subpackages:
-  - curve25519
-  - ed25519
-  - ed25519/internal/edwards25519
-  - ssh
-  - ssh/agent
-testImports:
- name: github.com/davecgh/go-spew
-  version: 6d212800a42e8ab5c146b8ace3490ee17e5225f9
-  subpackages:
-  - spew
- name: github.com/pmezard/go-difflib
-  version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
-  subpackages:
-  - difflib
- name: github.com/stretchr/testify
-  version: 69483b4bd14f5845b5a1e55bca19e954e827f1d0
-  subpackages:
-  - assert
@@ -1,20 +0,0 @@
-package: github.com/appleboy/drone-scp
-import:
- package: github.com/joho/godotenv
-  version: ^1.0.0
-  subpackages:
-  - autoload
- package: github.com/urfave/cli
-  version: ^1.19.1
- package: golang.org/x/crypto
-  subpackages:
-  - ssh
-  - ssh/agent
- package: github.com/appleboy/com
-  subpackages:
-  - random
-testImport:
- package: github.com/stretchr/testify
-  version: ^1.1.4
-  subpackages:
-  - assert
@@ -0,0 +1,28 @@
+module github.com/appleboy/drone-scp
+
+go 1.25.9
+
+require (
+	github.com/appleboy/com v1.1.0
+	github.com/appleboy/easyssh-proxy v1.5.0
+	github.com/fatih/color v1.18.0
+	github.com/joho/godotenv v1.5.1
+	github.com/stretchr/testify v1.8.4
+	github.com/urfave/cli/v2 v2.27.7
+	github.com/yassinebenaid/godump v0.11.1
+	golang.org/x/crypto v0.45.0
+)
+
+require (
+	github.com/ScaleFT/sshkeys v1.4.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
@@ -0,0 +1,43 @@
+github.com/ScaleFT/sshkeys v1.4.0 h1:Yqd0cKA5PUvwV0dgRI67BDHGTsMHtGQBZbLXh1dthmE=
+github.com/ScaleFT/sshkeys v1.4.0/go.mod h1:GineMkS8SEiELq8q5DzA2Wnrw65SqdD9a+hm8JOU1I4=
+github.com/appleboy/com v1.1.0 h1:HLgRzhtj+4PLuFPPutKexd9zI9F74ymgWhkgPfPtnkc=
+github.com/appleboy/com v1.1.0/go.mod h1:IbC1mLvqcIYn2YVNJgAYB9XnhbUh1xYKsOzdEOy0n+c=
+github.com/appleboy/easyssh-proxy v1.5.0 h1:OYdSPvYQN3mhnsMH5I2OF1TgwSEcSq33kvjQfTwvZww=
+github.com/appleboy/easyssh-proxy v1.5.0/go.mod h1:zcEMrStH91/tcUn3gUGP0KpQwUYLm8tX/Ook1AH98uc=
+github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
+github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
+github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU=
+github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAzt5X7s6266i6cSVkkFPS0TuXWbIg=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yassinebenaid/godump v0.11.1 h1:SPujx/XaYqGDfmNh7JI3dOyCUVrG0bG2duhO3Eh2EhI=
+github.com/yassinebenaid/godump v0.11.1/go.mod h1:dc/0w8wmg6kVIvNGAzbKH1Oa54dXQx8SNKh4dPRyW44=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -1,166 +1,325 @@
 package main

 import (
+	"log"
 	"os"
-	"runtime"
+	"strconv"
+	"time"

+	"github.com/appleboy/easyssh-proxy"
 	"github.com/joho/godotenv"
-	_ "github.com/joho/godotenv/autoload"
-	"github.com/urfave/cli"
+	"github.com/urfave/cli/v2"
+	"github.com/yassinebenaid/godump"
 )

 // Version set at compile-time
-var Version = "v1.0.0-dev"
-
-func init() {
-	runtime.GOMAXPROCS(runtime.NumCPU())
-}
+var (
+	Version string
+)

 func main() {
+	// Load env-file if it exists first
+	if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
+		_ = godotenv.Load(filename)
+	}
+
+	if _, err := os.Stat("/run/drone/env"); err == nil {
+		_ = godotenv.Overload("/run/drone/env")
+	}
+
 	app := cli.NewApp()
-	app.Name = "scp plugin"
-	app.Usage = "scp plugin"
+	app.Name = "Drone SCP"
+	app.Usage = "Copy files and artifacts via SSH."
+	app.Copyright = "Copyright (c) " + strconv.Itoa(time.Now().Year()) + " Bo-Yi Wu"
+	app.Version = Version
+	app.Authors = []*cli.Author{
+		{
+			Name:  "Bo-Yi Wu",
+			Email: "appleboy.tw@gmail.com",
+		},
+	}
 	app.Action = run
 	app.Version = Version
 	app.Flags = []cli.Flag{
-		cli.StringSliceFlag{
-			Name:   "host",
-			Usage:  "Server host",
-			EnvVar: "PLUGIN_HOST,SCP_HOST",
+		&cli.StringSliceFlag{
+			Name:     "host",
+			Aliases:  []string{"H"},
+			Usage:    "Remote server host address or IP",
+			EnvVars:  []string{"PLUGIN_HOST", "SSH_HOST", "INPUT_HOST"},
+			FilePath: ".host",
 		},
-		cli.StringFlag{
-			Name:   "port",
-			Value:  "22",
-			Usage:  "Server port, default to 22",
-			EnvVar: "PLUGIN_PORT,SCP_PORT",
+		&cli.IntFlag{
+			Name:    "port",
+			Aliases: []string{"p"},
+			Usage:   "SSH port number (default: 22)",
+			EnvVars: []string{"PLUGIN_PORT", "SSH_PORT", "INPUT_PORT"},
+			Value:   22,
 		},
-		cli.StringFlag{
-			Name:   "username",
-			Usage:  "Server username",
-			EnvVar: "PLUGIN_USERNAME,SCP_USERNAME",
+		&cli.StringFlag{
+			Name:    "protocol",
+			Usage:   "Network protocol to use (tcp, tcp4, tcp6)",
+			EnvVars: []string{"PLUGIN_PROTOCOL", "SSH_PROTOCOL", "INPUT_PROTOCOL"},
+			Value:   "tcp",
 		},
-		cli.StringFlag{
-			Name:   "password",
-			Usage:  "Password for password-based authentication",
-			EnvVar: "PLUGIN_PASSWORD,SCP_PASSWORD",
+		&cli.StringFlag{
+			Name:    "username",
+			Aliases: []string{"user", "u"},
+			Usage:   "SSH username for authentication",
+			EnvVars: []string{"PLUGIN_USERNAME", "PLUGIN_USER", "SSH_USERNAME", "INPUT_USERNAME"},
+			Value:   "root",
 		},
-		cli.StringFlag{
-			Name:   "key",
-			Usage:  "ssh private key",
-			EnvVar: "PLUGIN_KEY,SCP_KEY",
+		&cli.StringFlag{
+			Name:    "password",
+			Aliases: []string{"P"},
+			Usage:   "SSH password for authentication",
+			EnvVars: []string{"PLUGIN_PASSWORD", "SSH_PASSWORD", "INPUT_PASSWORD"},
 		},
-		cli.StringFlag{
-			Name:   "key-path",
-			Usage:  "ssh private key path",
-			EnvVar: "PLUGIN_KEY_PATH,SCP_KEY_PATH",
+		&cli.DurationFlag{
+			Name:    "timeout",
+			Usage:   "SSH connection timeout duration (default: 30s)",
+			EnvVars: []string{"PLUGIN_TIMEOUT", "SSH_TIMEOUT", "INPUT_TIMEOUT"},
+			Value:   30 * time.Second,
 		},
-		cli.StringSliceFlag{
-			Name:   "target",
-			Usage:  "Target path on the server",
-			EnvVar: "PLUGIN_TARGET,SCP_TARGET",
+		&cli.StringFlag{
+			Name:    "ssh-key",
+			Usage:   "SSH private key content for authentication",
+			EnvVars: []string{"PLUGIN_SSH_KEY", "PLUGIN_KEY", "SSH_KEY", "INPUT_KEY"},
 		},
-		cli.StringSliceFlag{
-			Name:   "source",
-			Usage:  "scp file list",
-			EnvVar: "PLUGIN_SOURCE,SCP_SOURCE",
+		&cli.StringFlag{
+			Name:    "ssh-passphrase",
+			Usage:   "Passphrase to decrypt the SSH private key",
+			EnvVars: []string{"PLUGIN_SSH_PASSPHRASE", "PLUGIN_PASSPHRASE", "SSH_PASSPHRASE", "INPUT_PASSPHRASE"},
 		},
-		cli.BoolFlag{
-			Name:   "rm",
-			Usage:  "remove target folder before upload data",
-			EnvVar: "PLUGIN_RM,SCP_RM",
+		&cli.StringFlag{
+			Name:    "key-path",
+			Aliases: []string{"i"},
+			Usage:   "Path to SSH private key file",
+			EnvVars: []string{"PLUGIN_KEY_PATH", "SSH_KEY_PATH", "INPUT_KEY_PATH"},
 		},
-		cli.StringFlag{
-			Name:   "repo.owner",
-			Usage:  "repository owner",
-			EnvVar: "DRONE_REPO_OWNER",
+		&cli.StringSliceFlag{
+			Name:    "ciphers",
+			Usage:   "List of allowed SSH encryption algorithms",
+			EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "INPUT_CIPHERS"},
 		},
-		cli.StringFlag{
-			Name:   "repo.name",
-			Usage:  "repository name",
-			EnvVar: "DRONE_REPO_NAME",
+		&cli.BoolFlag{
+			Name:    "useInsecureCipher",
+			Usage:   "Enable less secure encryption algorithms (not recommended)",
+			EnvVars: []string{"PLUGIN_USE_INSECURE_CIPHER", "SSH_USE_INSECURE_CIPHER", "INPUT_USE_INSECURE_CIPHER"},
 		},
-		cli.StringFlag{
-			Name:   "commit.sha",
-			Usage:  "git commit sha",
-			EnvVar: "DRONE_COMMIT_SHA",
+		&cli.StringFlag{
+			Name:    "fingerprint",
+			Usage:   "SHA256 fingerprint of host public key for verification",
+			EnvVars: []string{"PLUGIN_FINGERPRINT", "SSH_FINGERPRINT", "INPUT_FINGERPRINT"},
 		},
-		cli.StringFlag{
-			Name:   "commit.branch",
-			Value:  "master",
-			Usage:  "git commit branch",
-			EnvVar: "DRONE_COMMIT_BRANCH",
+		&cli.DurationFlag{
+			Name:    "command.timeout",
+			Usage:   "Maximum time allowed for command execution (default: 10m)",
+			EnvVars: []string{"PLUGIN_COMMAND_TIMEOUT", "SSH_COMMAND_TIMEOUT", "INPUT_COMMAND_TIMEOUT"},
+			Value:   10 * time.Minute,
 		},
-		cli.StringFlag{
-			Name:   "commit.author",
-			Usage:  "git author name",
-			EnvVar: "DRONE_COMMIT_AUTHOR",
+		&cli.StringSliceFlag{
+			Name:    "target",
+			Aliases: []string{"t"},
+			Usage:   "Destination path on remote server",
+			EnvVars: []string{"PLUGIN_TARGET", "SSH_TARGET", "INPUT_TARGET"},
 		},
-		cli.StringFlag{
-			Name:   "commit.message",
-			Usage:  "commit message",
-			EnvVar: "DRONE_COMMIT_MESSAGE",
+		&cli.StringSliceFlag{
+			Name:    "source",
+			Aliases: []string{"s"},
+			Usage:   "Local files/directories to copy",
+			EnvVars: []string{"PLUGIN_SOURCE", "SCP_SOURCE", "INPUT_SOURCE"},
 		},
-		cli.StringFlag{
-			Name:   "build.event",
-			Value:  "push",
-			Usage:  "build event",
-			EnvVar: "DRONE_BUILD_EVENT",
+		&cli.BoolFlag{
+			Name:    "rm",
+			Aliases: []string{"r"},
+			Usage:   "Delete destination folder before copying",
+			EnvVars: []string{"PLUGIN_RM", "SCP_RM", "INPUT_RM"},
 		},
-		cli.IntFlag{
-			Name:   "build.number",
-			Usage:  "build number",
-			EnvVar: "DRONE_BUILD_NUMBER",
+		// Proxy settings remain the same as they are already clear
+		&cli.StringFlag{
+			Name:    "proxy.host",
+			Usage:   "Proxy server host address or IP",
+			EnvVars: []string{"PLUGIN_PROXY_HOST", "PROXY_SSH_HOST", "INPUT_PROXY_HOST"},
 		},
-		cli.StringFlag{
-			Name:   "build.status",
-			Usage:  "build status",
-			Value:  "success",
-			EnvVar: "DRONE_BUILD_STATUS",
+		&cli.StringFlag{
+			Name:    "proxy.port",
+			Usage:   "Proxy server SSH port (default: 22)",
+			EnvVars: []string{"PLUGIN_PROXY_PORT", "PROXY_SSH_PORT", "INPUT_PROXY_PORT"},
+			Value:   "22",
 		},
-		cli.StringFlag{
-			Name:   "build.link",
-			Usage:  "build link",
-			EnvVar: "DRONE_BUILD_LINK",
+		&cli.StringFlag{
+			Name:    "proxy.protocol",
+			Usage:   "The IP protocol to use for the proxy. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
+			EnvVars: []string{"PLUGIN_PROXY_PROTOCOL", "SSH_PROXY_PROTOCOL", "INPUT_PROXY_PROTOCOL"},
+			Value:   "tcp",
 		},
-		cli.StringFlag{
-			Name:  "env-file",
-			Usage: "source env file",
+		&cli.StringFlag{
+			Name:    "proxy.username",
+			Usage:   "connect as user of proxy",
+			EnvVars: []string{"PLUGIN_PROXY_USERNAME", "PLUGIN_PROXY_USER", "PROXY_SSH_USERNAME", "INPUT_PROXY_USERNAME"},
+			Value:   "root",
+		},
+		&cli.StringFlag{
+			Name:    "proxy.password",
+			Usage:   "user password of proxy",
+			EnvVars: []string{"PLUGIN_PROXY_PASSWORD", "PROXY_SSH_PASSWORD", "INPUT_PROXY_PASSWORD"},
+		},
+		&cli.StringFlag{
+			Name:    "proxy.ssh-key",
+			Usage:   "private ssh key of proxy",
+			EnvVars: []string{"PLUGIN_PROXY_SSH_KEY", "PLUGIN_PROXY_KEY", "PROXY_SSH_KEY", "INPUT_PROXY_KEY"},
+		},
+		&cli.StringFlag{
+			Name:    "proxy.ssh-passphrase",
+			Usage:   "The purpose of the passphrase is usually to encrypt the private key.",
+			EnvVars: []string{"PLUGIN_PROXY_SSH_PASSPHRASE", "PLUGIN_PROXY_PASSPHRASE", "PROXY_SSH_PASSPHRASE", "INPUT_PROXY_PASSPHRASE"},
+		},
+		&cli.StringFlag{
+			Name:    "proxy.key-path",
+			Usage:   "ssh private key path of proxy",
+			EnvVars: []string{"PLUGIN_PROXY_KEY_PATH", "PROXY_SSH_KEY_PATH", "INPUT_PROXY_KEY_PATH"},
+		},
+		&cli.DurationFlag{
+			Name:    "proxy.timeout",
+			Usage:   "proxy connection timeout",
+			EnvVars: []string{"PLUGIN_PROXY_TIMEOUT", "PROXY_SSH_TIMEOUT", "INPUT_PROXY_TIMEOUT"},
+		},
+		&cli.StringSliceFlag{
+			Name:    "proxy.ciphers",
+			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVars: []string{"PLUGIN_PROXY_CIPHERS", "PROXY_SSH_CIPHERS", "INPUT_PROXY_CIPHERS"},
+		},
+		&cli.BoolFlag{
+			Name:    "proxy.useInsecureCipher",
+			Usage:   "include more ciphers with use_insecure_cipher",
+			EnvVars: []string{"PLUGIN_PROXY_USE_INSECURE_CIPHER", "PROXY_SSH_USE_INSECURE_CIPHER", "INPUT_PROXY_USE_INSECURE_CIPHER"},
+		},
+		&cli.StringFlag{
+			Name:    "proxy.fingerprint",
+			Usage:   "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVars: []string{"PLUGIN_PROXY_FINGERPRINT", "PROXY_SSH_FINGERPRINT", "PROXY_FINGERPRINT", "INPUT_PROXY_FINGERPRINT"},
+		},
+		&cli.IntFlag{
+			Name:    "strip.components",
+			Usage:   "Strip N leading components from file paths",
+			EnvVars: []string{"PLUGIN_STRIP_COMPONENTS", "TAR_STRIP_COMPONENTS", "INPUT_STRIP_COMPONENTS"},
+		},
+		&cli.StringFlag{
+			Name:    "tar.exec",
+			Usage:   "Custom tar executable path on remote host",
+			EnvVars: []string{"PLUGIN_TAR_EXEC", "SSH_TAR_EXEC", "INPUT_TAR_EXEC"},
+			Value:   "tar",
+		},
+		&cli.StringFlag{
+			Name:    "tar.tmp-path",
+			Usage:   "Temporary directory for tar files on remote host",
+			EnvVars: []string{"PLUGIN_TAR_TMP_PATH", "SSH_TAR_TMP_PATH", "INPUT_TAR_TMP_PATH"},
+		},
+		&cli.BoolFlag{
+			Name:    "debug",
+			Usage:   "Enable debug logging",
+			EnvVars: []string{"PLUGIN_DEBUG", "INPUT_DEBUG"},
+		},
+		&cli.BoolFlag{
+			Name:    "overwrite",
+			Usage:   "Force overwrite of existing files",
+			EnvVars: []string{"PLUGIN_OVERWRITE", "INPUT_OVERWRITE"},
+		},
+		&cli.BoolFlag{
+			Name:    "unlink.first",
+			Usage:   "Remove files before extracting new ones",
+			EnvVars: []string{"PLUGIN_UNLINK_FIRST", "INPUT_UNLINK_FIRST"},
+		},
+		&cli.BoolFlag{
+			Name:    "tar.dereference",
+			Usage:   "Follow symbolic links when copying",
+			EnvVars: []string{"PLUGIN_TAR_DEREFERENCE", "INPUT_TAR_DEREFERENCE"},
 		},
 	}
-	app.Run(os.Args)
+
+	// Override a template
+	cli.AppHelpTemplate = `
+________                                         ____________________________
+\______ \_______  ____   ____   ____            /   _____/\_   ___ \______   \
+ |    |  \_  __ \/  _ \ /    \_/ __ \   ______  \_____  \ /    \  \/|     ___/
+ |    |   \  | \(  <_> )   |  \  ___/  /_____/  /        \\     \___|    |
+/_______  /__|   \____/|___|  /\___  >         /_______  / \______  /____|
+        \/                  \/     \/                  \/         \/
+                                                            version: {{.Version}}
+NAME:
+   {{.Name}} - {{.Usage}}
+
+USAGE:
+   {{.HelpName}} {{if .VisibleFlags}}[global options]{{end}}{{if .Commands}} command [command options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}
+   {{if len .Authors}}
+AUTHOR:
+   {{range .Authors}}{{ . }}{{end}}
+   {{end}}{{if .Commands}}
+COMMANDS:
+{{range .Commands}}{{if not .HideHelp}}   {{join .Names ", "}}{{ "\t"}}{{.Usage}}{{ "\n" }}{{end}}{{end}}{{end}}{{if .VisibleFlags}}
+GLOBAL OPTIONS:
+   {{range .VisibleFlags}}{{.}}
+   {{end}}{{end}}{{if .Copyright }}
+COPYRIGHT:
+   {{.Copyright}}
+   {{end}}{{if .Version}}
+VERSION:
+   {{.Version}}
+   {{end}}
+REPOSITORY:
+    Github: https://github.com/appleboy/drone-scp
+`
+
+	if err := app.Run(os.Args); err != nil {
+		log.Fatal(err)
+	}
 }

 func run(c *cli.Context) error {
-	if c.String("env-file") != "" {
-		_ = godotenv.Load(c.String("env-file"))
+	plugin := Plugin{
+		Config: Config{
+			Host:              c.StringSlice("host"),
+			Port:              c.Int("port"),
+			Protocol:          easyssh.Protocol(c.String("protocol")),
+			Username:          c.String("username"),
+			Password:          c.String("password"),
+			Passphrase:        c.String("ssh-passphrase"),
+			Fingerprint:       c.String("fingerprint"),
+			Timeout:           c.Duration("timeout"),
+			CommandTimeout:    c.Duration("command.timeout"),
+			Key:               c.String("ssh-key"),
+			KeyPath:           c.String("key-path"),
+			Target:            c.StringSlice("target"),
+			Source:            c.StringSlice("source"),
+			Remove:            c.Bool("rm"),
+			Debug:             c.Bool("debug"),
+			StripComponents:   c.Int("strip.components"),
+			TarExec:           c.String("tar.exec"),
+			TarTmpPath:        c.String("tar.tmp-path"),
+			Overwrite:         c.Bool("overwrite"),
+			UnlinkFirst:       c.Bool("unlink.first"),
+			Ciphers:           c.StringSlice("ciphers"),
+			UseInsecureCipher: c.Bool("useInsecureCipher"),
+			TarDereference:    c.Bool("tar.dereference"),
+			Proxy: easyssh.DefaultConfig{
+				Key:               c.String("proxy.ssh-key"),
+				Passphrase:        c.String("proxy.ssh-passphrase"),
+				Fingerprint:       c.String("proxy.fingerprint"),
+				KeyPath:           c.String("proxy.key-path"),
+				User:              c.String("proxy.username"),
+				Password:          c.String("proxy.password"),
+				Server:            c.String("proxy.host"),
+				Port:              c.String("proxy.port"),
+				Protocol:          easyssh.Protocol(c.String("proxy.protocol")),
+				Timeout:           c.Duration("proxy.timeout"),
+				Ciphers:           c.StringSlice("proxy.ciphers"),
+				UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
+			},
+		},
 	}

-	plugin := Plugin{
-		Repo: Repo{
-			Owner: c.String("repo.owner"),
-			Name:  c.String("repo.name"),
-		},
-		Build: Build{
-			Number:  c.Int("build.number"),
-			Event:   c.String("build.event"),
-			Status:  c.String("build.status"),
-			Commit:  c.String("commit.sha"),
-			Branch:  c.String("commit.branch"),
-			Author:  c.String("commit.author"),
-			Message: c.String("commit.message"),
-			Link:    c.String("build.link"),
-		},
-		Config: Config{
-			Host:     c.StringSlice("host"),
-			Port:     c.String("port"),
-			Username: c.String("username"),
-			Password: c.String("password"),
-			Key:      c.String("key"),
-			KeyPath:  c.String("key-path"),
-			Target:   c.StringSlice("target"),
-			Source:   c.StringSlice("source"),
-			Remove:   c.Bool("rm"),
-		},
+	if plugin.Config.Debug {
+		_ = godump.Dump(plugin)
 	}

 	return plugin.Exec()
@@ -1,4 +1,5 @@
-// +build darwin dragonfly freebsd linux nacl netbsd openbsd solaris
+//go:build !windows
+// +build !windows

 package main

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows

 package main
@@ -7,5 +8,5 @@ import (
 )

 func getRealPath(path string) string {
-	return "/" + strings.Replace(strings.Replace(path, ":", "", -1), "\\", "/", -1)
+	return "/" + strings.ReplaceAll(strings.ReplaceAll(path, ":", ""), "\\", "/")
 }
@@ -1,6 +1,8 @@
 package main

-import "testing"
+import (
+	"testing"
+)

 func TestGetRealPath(t *testing.T) {
 	type args struct {
@@ -14,8 +16,8 @@ func TestGetRealPath(t *testing.T) {
 		{
 			"Test Windows Path",
 			"C:\\Users\\appleboy\\test.txt",
-			"/C/Users/appleboy/test.txt"
-		}
+			"/C/Users/appleboy/test.txt",
+		},
 	}
 	for _, tt := range tests {
 		if got := getRealPath(tt.args.path); got != tt.want {
@@ -3,174 +3,365 @@ package main
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
-	"log"
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"sync"
+	"time"

 	"github.com/appleboy/com/random"
-	"github.com/appleboy/drone-scp/easyssh"
+	"github.com/appleboy/easyssh-proxy"
+	"github.com/fatih/color"
+)
+
+var (
+	errMissingHost           = errors.New("Error: missing server host")
+	errMissingPasswordOrKey  = errors.New("Error: can't connect without a private SSH key or password")
+	errMissingSourceOrTarget = errors.New("missing source or target config")
 )

 type (
-	// Repo information.
-	Repo struct {
-		Owner string
-		Name  string
-	}
-
-	// Build information.
-	Build struct {
-		Event   string
-		Number  int
-		Commit  string
-		Message string
-		Branch  string
-		Author  string
-		Status  string
-		Link    string
-	}
-
 	// Config for the plugin.
 	Config struct {
-		Host     []string
-		Port     string
-		Username string
-		Password string
-		Key      string
-		KeyPath  string
-		Target   []string
-		Source   []string
-		Remove   bool
+		Host              []string
+		Port              int
+		Protocol          easyssh.Protocol
+		Username          string
+		Password          string
+		Key               string
+		Passphrase        string
+		Fingerprint       string
+		KeyPath           string
+		Timeout           time.Duration
+		CommandTimeout    time.Duration
+		Target            []string
+		Source            []string
+		Remove            bool
+		StripComponents   int
+		TarExec           string
+		TarTmpPath        string
+		Proxy             easyssh.DefaultConfig
+		Debug             bool
+		Overwrite         bool
+		UnlinkFirst       bool
+		Ciphers           []string
+		UseInsecureCipher bool
+		TarDereference    bool
 	}

 	// Plugin values.
 	Plugin struct {
-		Repo   Repo
-		Build  Build
-		Config Config
+		Config   Config
+		DestFile string
+	}
+
+	copyError struct {
+		host    string
+		message string
 	}
 )

-var wg sync.WaitGroup
+func (e copyError) Error() string {
+	return fmt.Sprintf("error copy file to dest: %s, error message: %s\n", e.host, e.message)
+}

-func trimPath(keys []string) []string {
-	var newKeys []string
+func globList(paths []string) fileList {
+	var list fileList

-	for _, value := range keys {
-		value = strings.Trim(value, " ")
-		if len(value) == 0 {
+	for _, pattern := range paths {
+		ignore := false
+		pattern = strings.TrimSpace(pattern)
+		if string(pattern[0]) == "!" {
+			pattern = pattern[1:]
+			ignore = true
+		}
+		matches, err := filepath.Glob(pattern)
+		if err != nil {
+			fmt.Printf("Glob error for %q: %s\n", pattern, err)
 			continue
 		}

-		newKeys = append(newKeys, value)
+		if ignore {
+			list.Ignore = append(list.Ignore, matches...)
+		} else {
+			list.Source = append(list.Source, matches...)
+		}
 	}

-	return newKeys
+	return list
 }

 func (p Plugin) log(host string, message ...interface{}) {
-	log.Printf("%s: %s", host, fmt.Sprintln(message...))
+	if count := len(p.Config.Host); count == 1 {
+		fmt.Printf("%s", fmt.Sprintln(message...))
+	} else {
+		fmt.Printf("%s: %s", host, fmt.Sprintln(message...))
+	}
 }

-// Exec executes the plugin.
-func (p Plugin) Exec() error {
-
-	if len(p.Config.Host) == 0 || len(p.Config.Username) == 0 {
-		return errors.New("missing ssh config (Host, Username)")
-	}
-
-	if len(p.Config.Source) == 0 || len(p.Config.Target) == 0 {
-		return errors.New("missing source or target config")
-	}
-
-	files := trimPath(p.Config.Source)
-	dest := fmt.Sprintf("%s.tar", random.String(10))
-
-	// create a temporary file for the archive
-	dir, err := ioutil.TempDir("", "")
+func (p *Plugin) removeDestFile(os string, ssh *easyssh.MakeConfig) error {
+	p.log(ssh.Server, "remove file", p.DestFile)
+	_, errStr, _, err := ssh.Run(rmcmd(os, p.DestFile), p.Config.CommandTimeout)
 	if err != nil {
 		return err
 	}
-	tar := filepath.Join(dir, dest)

+	if errStr != "" {
+		return errors.New(errStr)
+	}
+
+	return nil
+}
+
+func (p *Plugin) removeAllDestFile() error {
+	for _, h := range trimValues(p.Config.Host) {
+		host, port := p.hostPort(h)
+		ssh := &easyssh.MakeConfig{
+			Server:            host,
+			User:              p.Config.Username,
+			Password:          p.Config.Password,
+			Port:              port,
+			Protocol:          p.Config.Protocol,
+			Key:               p.Config.Key,
+			KeyPath:           p.Config.KeyPath,
+			Passphrase:        p.Config.Passphrase,
+			Timeout:           p.Config.Timeout,
+			Ciphers:           p.Config.Ciphers,
+			Fingerprint:       p.Config.Fingerprint,
+			UseInsecureCipher: p.Config.UseInsecureCipher,
+			Proxy: easyssh.DefaultConfig{
+				Server:            p.Config.Proxy.Server,
+				User:              p.Config.Proxy.User,
+				Password:          p.Config.Proxy.Password,
+				Port:              p.Config.Proxy.Port,
+				Protocol:          p.Config.Proxy.Protocol,
+				Key:               p.Config.Proxy.Key,
+				KeyPath:           p.Config.Proxy.KeyPath,
+				Passphrase:        p.Config.Proxy.Passphrase,
+				Timeout:           p.Config.Proxy.Timeout,
+				Ciphers:           p.Config.Proxy.Ciphers,
+				Fingerprint:       p.Config.Proxy.Fingerprint,
+				UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
+			},
+		}
+
+		_, _, _, err := ssh.Run("ver", p.Config.CommandTimeout)
+		systemType := "unix"
+		if err == nil {
+			systemType = "windows"
+		}
+
+		// remove tar file
+		err = p.removeDestFile(systemType, ssh)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+type fileList struct {
+	Ignore []string
+	Source []string
+}
+
+func (p *Plugin) buildTarArgs(src string) []string {
+	files := globList(trimValues(p.Config.Source))
+	args := []string{}
+	if len(files.Ignore) > 0 {
+		for _, v := range files.Ignore {
+			args = append(args, "--exclude")
+			args = append(args, v)
+		}
+	}
+
+	if p.Config.TarDereference {
+		args = append(args, "--dereference")
+	}
+
+	args = append(args, "-zcf")
+	args = append(args, getRealPath(src))
+	args = append(args, files.Source...)
+
+	return args
+}
+
+func (p *Plugin) buildUnTarArgs(target string) []string {
+	args := []string{}
+
+	args = append(args,
+		p.Config.TarExec,
+		"-zxf",
+		p.DestFile,
+	)
+
+	if p.Config.StripComponents > 0 {
+		args = append(args, "--strip-components")
+		args = append(args, strconv.Itoa(p.Config.StripComponents))
+	}
+
+	if p.Config.Overwrite {
+		args = append(args, "--overwrite")
+	}
+
+	if p.Config.UnlinkFirst {
+		args = append(args, "--unlink-first")
+	}
+
+	args = append(args,
+		"-C",
+		target,
+	)
+
+	return args
+}
+
+// Exec executes the plugin.
+func (p *Plugin) Exec() error {
+	if len(p.Config.Key) == 0 && len(p.Config.Password) == 0 && len(p.Config.KeyPath) == 0 {
+		return errMissingPasswordOrKey
+	}
+
+	if len(p.Config.Source) == 0 || len(p.Config.Target) == 0 {
+		return errMissingSourceOrTarget
+	}
+
+	hosts := trimValues(p.Config.Host)
+	if len(hosts) == 0 {
+		return errMissingHost
+	}
+
+	p.DestFile = random.String(10) + ".tar.gz"
+
+	// create a temporary file for the archive
+	dir := os.TempDir()
+	src := filepath.Join(dir, p.DestFile)
+
+	// show current version
+	fmt.Println("drone-scp version: " + Version)
 	// run archive command
-	log.Println("tar all files into " + tar)
-	args := append(append([]string{}, "-cf", getRealPath(tar)), files...)
-
-	cmd := exec.Command("tar", args...)
+	fmt.Println("tar all files into " + src)
+	args := p.buildTarArgs(src)
+	cmd := exec.Command(p.Config.TarExec, args...)
+	if p.Config.Debug {
+		fmt.Println("$", strings.Join(cmd.Args, " "))
+	}
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	if err := cmd.Run(); err != nil {
 		return err
 	}

+	wg := sync.WaitGroup{}
 	wg.Add(len(p.Config.Host))
-	errChannel := make(chan error, 1)
-	finished := make(chan bool, 1)
-	for _, host := range p.Config.Host {
-		go func(host string) {
+	errChannel := make(chan error)
+	finished := make(chan struct{})
+	for _, host := range hosts {
+		go func(h string) {
+			defer wg.Done()
+			host, port := p.hostPort(h)
 			// Create MakeConfig instance with remote username, server address and path to private key.
 			ssh := &easyssh.MakeConfig{
-				Server:   host,
-				User:     p.Config.Username,
-				Password: p.Config.Password,
-				Port:     p.Config.Port,
-				Key:      p.Config.Key,
-				KeyPath:  p.Config.KeyPath,
+				Server:            host,
+				User:              p.Config.Username,
+				Password:          p.Config.Password,
+				Port:              port,
+				Key:               p.Config.Key,
+				KeyPath:           p.Config.KeyPath,
+				Passphrase:        p.Config.Passphrase,
+				Timeout:           p.Config.Timeout,
+				Ciphers:           p.Config.Ciphers,
+				Fingerprint:       p.Config.Fingerprint,
+				UseInsecureCipher: p.Config.UseInsecureCipher,
+				Proxy: easyssh.DefaultConfig{
+					Server:            p.Config.Proxy.Server,
+					User:              p.Config.Proxy.User,
+					Password:          p.Config.Proxy.Password,
+					Port:              p.Config.Proxy.Port,
+					Key:               p.Config.Proxy.Key,
+					KeyPath:           p.Config.Proxy.KeyPath,
+					Passphrase:        p.Config.Proxy.Passphrase,
+					Timeout:           p.Config.Proxy.Timeout,
+					Ciphers:           p.Config.Proxy.Ciphers,
+					Fingerprint:       p.Config.Proxy.Fingerprint,
+					UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
+				},
 			}

+			systemType := "unix"
+			_, _, _, err := ssh.Run("ver", p.Config.CommandTimeout)
+			if err == nil {
+				systemType = "windows"
+			}
+
+			// upload file to the tmp path
+			p.DestFile = fmt.Sprintf("%s%s", p.Config.TarTmpPath, p.DestFile)
+
+			p.log(host, "remote server os type is "+systemType)
 			// Call Scp method with file you want to upload to remote server.
 			p.log(host, "scp file to server.")
-			err = ssh.Scp(tar)
-
-			// Handle errors
+			err = ssh.Scp(src, p.DestFile)
 			if err != nil {
-				errChannel <- err
+				errChannel <- copyError{host, err.Error()}
+				return
 			}

 			for _, target := range p.Config.Target {
-				// remove target before upload data
+				target = strings.ReplaceAll(target, " ", "\\ ")
+				// remove target folder before upload data
 				if p.Config.Remove {
 					p.log(host, "Remove target folder:", target)

-					_, err := ssh.Run(fmt.Sprintf("rm -rf %s", target))
-
+					_, _, _, err := ssh.Run(rmcmd(systemType, target), p.Config.CommandTimeout)
 					if err != nil {
 						errChannel <- err
+						return
 					}
 				}

-				// mkdir path
 				p.log(host, "create folder", target)
-				response, _ := ssh.Run(fmt.Sprintf("mkdir -p %s", target))
+				_, errStr, _, err := ssh.Run(mkdircmd(systemType, target), p.Config.CommandTimeout)
+				if err != nil {
+					errChannel <- err
+					return
+				}

-				if response != "" {
-					errChannel <- errors.New(response)
+				if len(errStr) != 0 {
+					errChannel <- fmt.Errorf("%s", errStr)
+					return
 				}

 				// untar file
-				p.log(host, "untar file", dest)
-				_, err = ssh.Run(fmt.Sprintf("tar -xf %s -C %s", dest, target))
+				p.log(host, "untar file", p.DestFile)
+				commamd := strings.Join(p.buildUnTarArgs(target), " ")
+				if p.Config.Debug {
+					fmt.Println("$", commamd)
+				}
+				outStr, errStr, _, err := ssh.Run(commamd, p.Config.CommandTimeout)
+
+				if outStr != "" {
+					p.log(host, "output: ", outStr)
+				}
+
+				if errStr != "" {
+					p.log(host, "error: ", errStr)
+				}

 				if err != nil {
 					errChannel <- err
+					return
 				}
 			}

 			// remove tar file
-			p.log(host, "remove file", dest)
-			_, err = ssh.Run(fmt.Sprintf("rm -rf %s", dest))
-
+			err = p.removeDestFile(systemType, ssh)
 			if err != nil {
 				errChannel <- err
+				return
 			}
-
-			wg.Done()
-
 		}(host)
 	}

@@ -183,12 +374,50 @@ func (p Plugin) Exec() error {
 	case <-finished:
 	case err := <-errChannel:
 		if err != nil {
-			fmt.Println("drone-scp error: ", err)
+			c := color.New(color.FgRed)
+			c.Println("drone-scp error: ", err)
+			var cerr copyError
+			if !errors.As(err, &cerr) {
+				fmt.Println("drone-scp rollback: remove all target tmp file")
+				if err := p.removeAllDestFile(); err != nil {
+					return err
+				}
+			}
 			return err
 		}
 	}

-	fmt.Println("Successfully executed transfer data to all host.")
+	fmt.Println("===================================================")
+	fmt.Println("✅ Successfully executed transfer data to all host")
+	fmt.Println("===================================================")

 	return nil
 }
+
+func (p Plugin) hostPort(host string) (string, string) {
+	hosts := strings.Split(host, ":")
+	port := strconv.Itoa(p.Config.Port)
+	if len(hosts) > 1 &&
+		(p.Config.Protocol == easyssh.PROTOCOL_TCP ||
+			p.Config.Protocol == easyssh.PROTOCOL_TCP4) {
+		host = hosts[0]
+		port = hosts[1]
+	}
+
+	return host, port
+}
+
+func trimValues(keys []string) []string {
+	var newKeys []string
+
+	for _, value := range keys {
+		value = strings.TrimSpace(value)
+		if len(value) == 0 {
+			continue
+		}
+
+		newKeys = append(newKeys, value)
+	}
+
+	return newKeys
+}
@@ -1,12 +1,19 @@
 package main

 import (
-	"github.com/stretchr/testify/assert"
-
+	"io"
+	"log"
 	"os"
 	"os/exec"
 	"os/user"
+	"path/filepath"
+	"reflect"
 	"testing"
+	"time"
+
+	"github.com/appleboy/easyssh-proxy"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/crypto/ssh"
 )

 func TestMissingAllConfig(t *testing.T) {
@@ -35,7 +42,7 @@ func TestMissingSourceConfig(t *testing.T) {
 		Config: Config{
 			Host:     []string{"example.com"},
 			Username: "ubuntu",
-			Port:     "443",
+			Port:     443,
 			Password: "1234",
 		},
 	}
@@ -51,17 +58,19 @@ func TestTrimElement(t *testing.T) {
 	input = []string{"1", "     ", "3"}
 	result = []string{"1", "3"}

-	assert.Equal(t, result, trimPath(input))
+	assert.Equal(t, result, trimValues(input))

 	input = []string{"1", "2"}
 	result = []string{"1", "2"}

-	assert.Equal(t, result, trimPath(input))
+	assert.Equal(t, result, trimValues(input))
 }

 func TestSCPFileFromPublicKey(t *testing.T) {
 	if os.Getenv("SSH_AUTH_SOCK") != "" {
-		exec.Command("eval", "`ssh-agent -k`").Run()
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
 	}

 	u, err := user.Lookup("drone-scp")
@@ -71,12 +80,14 @@ func TestSCPFileFromPublicKey(t *testing.T) {

 	plugin := Plugin{
 		Config: Config{
-			Host:     []string{"localhost"},
-			Username: "drone-scp",
-			Port:     "22",
-			KeyPath:  "tests/.ssh/id_rsa",
-			Source:   []string{"tests/a.txt", "tests/b.txt"},
-			Target:   []string{u.HomeDir + "/test"},
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			KeyPath:        "tests/.ssh/id_rsa",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
 		},
 	}

@@ -84,11 +95,11 @@ func TestSCPFileFromPublicKey(t *testing.T) {
 	assert.Nil(t, err)

 	// check file exist
-	if _, err := os.Stat(u.HomeDir + "/test/tests/a.txt"); os.IsNotExist(err) {
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test/tests/a.txt")); os.IsNotExist(err) {
 		t.Fatalf("SCP-error: %v", err)
 	}

-	if _, err := os.Stat(u.HomeDir + "/test/tests/b.txt"); os.IsNotExist(err) {
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test/tests/b.txt")); os.IsNotExist(err) {
 		t.Fatalf("SCP-error: %v", err)
 	}

@@ -100,7 +111,323 @@ func TestSCPFileFromPublicKey(t *testing.T) {
 	assert.Nil(t, err)

 	// check file exist
-	if _, err := os.Stat(u.HomeDir + "/test/tests/b.txt"); os.IsExist(err) {
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test/tests/b.txt")); os.IsExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestSCPFileFromPublicKeyWithPassphrase(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			KeyPath:        "tests/.ssh/test",
+			Passphrase:     "1234",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/a.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/b.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestWrongFingerprint(t *testing.T) {
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+			Fingerprint:    "wrong",
+		},
+	}
+
+	err = plugin.Exec()
+	log.Println(err)
+	assert.NotNil(t, err)
+}
+
+func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
+	var pubkey ssh.PublicKey
+	var err error
+	buf, err := os.ReadFile(keypath)
+	if err != nil {
+		return nil, err
+	}
+
+	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return pubkey, nil
+}
+
+func TestSCPFileFromPublicKeyWithFingerprint(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	hostKey, err := getHostPublicKeyFile("/etc/ssh/ssh_host_rsa_key.pub")
+	assert.NoError(t, err)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Fingerprint:    ssh.FingerprintSHA256(hostKey),
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/a.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/b.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestSCPWildcardFileList(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			KeyPath:        "tests/.ssh/id_rsa",
+			Source:         []string{"tests/global/*"},
+			Target:         []string{filepath.Join(u.HomeDir, "abc")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "abc/tests/global/c.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "abc/tests/global/d.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestSCPFromProxySetting(t *testing.T) {
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			KeyPath:        "tests/.ssh/id_rsa",
+			Source:         []string{"tests/global/*"},
+			Target:         []string{filepath.Join(u.HomeDir, "def")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+			Proxy: easyssh.DefaultConfig{
+				Server:  "localhost",
+				User:    "drone-scp",
+				Port:    "22",
+				KeyPath: "./tests/.ssh/id_rsa",
+			},
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "def/tests/global/c.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "def/tests/global/d.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestStripComponentsFlag(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:            []string{"localhost"},
+			Username:        "drone-scp",
+			Port:            22,
+			KeyPath:         "tests/.ssh/id_rsa",
+			Source:          []string{"tests/global/*"},
+			StripComponents: 2,
+			Target:          []string{filepath.Join(u.HomeDir, "123")},
+			CommandTimeout:  60 * time.Second,
+			TarExec:         "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123/c.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123/d.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestUseInsecureCipherFlag(t *testing.T) {
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:              []string{"localhost"},
+			Username:          "drone-scp",
+			Port:              22,
+			KeyPath:           "tests/.ssh/id_rsa",
+			Source:            []string{"tests/global/*"},
+			StripComponents:   2,
+			Target:            []string{filepath.Join(u.HomeDir, "123")},
+			CommandTimeout:    60 * time.Second,
+			TarExec:           "tar",
+			UseInsecureCipher: true,
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123/c.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123/d.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestIgnoreList(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:            []string{"localhost"},
+			Username:        "drone-scp",
+			Port:            22,
+			KeyPath:         "tests/.ssh/id_rsa",
+			Source:          []string{"tests/global/*", "!tests/global/c.txt", "!tests/global/e.txt"},
+			StripComponents: 2,
+			Target:          []string{filepath.Join(u.HomeDir, "ignore")},
+			CommandTimeout:  60 * time.Second,
+			TarExec:         "tar",
+			Debug:           true,
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "ignore/c.txt")); !os.IsNotExist(err) {
+		t.Fatal("c.txt file exist")
+	}
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "ignore/e.txt")); !os.IsNotExist(err) {
+		t.Fatal("c.txt file exist")
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "ignore/d.txt")); os.IsNotExist(err) {
 		t.Fatalf("SCP-error: %v", err)
 	}
 }
@@ -154,12 +481,14 @@ func TestSCPFileFromPublicKey(t *testing.T) {
 func TestIncorrectPassword(t *testing.T) {
 	plugin := Plugin{
 		Config: Config{
-			Host:     []string{"localhost"},
-			Username: "drone-scp",
-			Port:     "22",
-			Password: "123456",
-			Source:   []string{"tests/a.txt", "tests/b.txt"},
-			Target:   []string{"/home"},
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			Password:       "123456",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{"/home"},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
 		},
 	}

@@ -168,33 +497,490 @@ func TestIncorrectPassword(t *testing.T) {
 }

 func TestNoPermissionCreateFolder(t *testing.T) {
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
 	plugin := Plugin{
 		Config: Config{
-			Host:     []string{"localhost"},
-			Username: "drone-scp",
-			Port:     "22",
-			KeyPath:  "tests/.ssh/id_rsa",
-			Source:   []string{"tests/a.txt", "tests/b.txt"},
-			Target:   []string{"/etc/test"},
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           22,
+			KeyPath:        "tests/.ssh/id_rsa",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{"/etc/test"},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
 		},
 	}

-	err := plugin.Exec()
+	err = plugin.Exec()
 	assert.NotNil(t, err)
+
+	// check tmp file exist
+	if _, err = os.Stat(filepath.Join(u.HomeDir, plugin.DestFile)); os.IsExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
 }

-func TestSourceNotFound(t *testing.T) {
+func TestGlobList(t *testing.T) {
+	// wrong patern
+	paterns := []string{"[]a]", "tests/?.txt"}
+	expects := []string{"tests/a.txt", "tests/b.txt"}
+	assert.Equal(t, expects, globList(paterns).Source)
+
+	paterns = []string{"tests/*.txt", "tests/.ssh/*", "abc*"}
+	expects = []string{"tests/a.txt", "tests/b.txt", "tests/.ssh/id_rsa", "tests/.ssh/id_rsa.pub", "tests/.ssh/test", "tests/.ssh/test.pub"}
+	assert.Equal(t, expects, globList(paterns).Source)
+
+	paterns = []string{"tests/?.txt"}
+	expects = []string{"tests/a.txt", "tests/b.txt"}
+	assert.Equal(t, expects, globList(paterns).Source)
+
+	// remove item which file not found.
+	paterns = []string{"tests/aa.txt", "tests/b.txt"}
+	expects = []string{"tests/b.txt"}
+	assert.Equal(t, expects, globList(paterns).Source)
+
+	paterns = []string{"./tests/b.txt"}
+	expects = []string{"./tests/b.txt"}
+	assert.Equal(t, expects, globList(paterns).Source)
+
+	paterns = []string{"./tests/*.txt", "!./tests/b.txt"}
+	expectSources := []string{"tests/a.txt", "tests/b.txt"}
+	expectIgnores := []string{"./tests/b.txt"}
+	result := globList(paterns)
+	assert.Equal(t, expectSources, result.Source)
+	assert.Equal(t, expectIgnores, result.Ignore)
+}
+
+func TestRemoveDestFile(t *testing.T) {
+	ssh := &easyssh.MakeConfig{
+		Server:  "localhost",
+		User:    "drone-scp",
+		Port:    "22",
+		KeyPath: "tests/.ssh/id_rsa",
+		// io timeout
+		Timeout: 1,
+	}
 	plugin := Plugin{
 		Config: Config{
-			Host:     []string{"localhost"},
-			Username: "drone-scp",
-			Port:     "22",
-			KeyPath:  "tests/.ssh/id_rsa",
-			Source:   []string{"tests/aa.txt", "tests/b.txt"},
-			Target:   []string{"/test"},
+			CommandTimeout: 60 * time.Second,
+		},
+		DestFile: "/etc/resolv.conf",
+	}
+
+	_, _, _, err := ssh.Run("ver", plugin.Config.CommandTimeout)
+	systemType := "unix"
+	if err == nil {
+		systemType = "windows"
+	}
+
+	// ssh io timeout
+	err = plugin.removeDestFile(systemType, ssh)
+	assert.Error(t, err)
+
+	ssh.Timeout = 0
+
+	// permission denied
+	err = plugin.removeDestFile(systemType, ssh)
+	assert.Error(t, err)
+}
+
+func TestPlugin_buildUnTarArgs(t *testing.T) {
+	type fields struct {
+		Config   Config
+		DestFile string
+	}
+	type args struct {
+		target string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   []string
+	}{
+		{
+			name: "default command",
+			fields: fields{
+				Config: Config{
+					Overwrite:   false,
+					UnlinkFirst: false,
+					TarExec:     "tar",
+				},
+				DestFile: "foo.tar.gz",
+			},
+			args: args{
+				target: "foo",
+			},
+			want: []string{"tar", "-zxf", "foo.tar.gz", "-C", "foo"},
+		},
+		{
+			name: "strip components",
+			fields: fields{
+				Config: Config{
+					Overwrite:       false,
+					UnlinkFirst:     false,
+					TarExec:         "tar",
+					StripComponents: 2,
+				},
+				DestFile: "foo.tar.gz",
+			},
+			args: args{
+				target: "foo",
+			},
+			want: []string{"tar", "-zxf", "foo.tar.gz", "--strip-components", "2", "-C", "foo"},
+		},
+		{
+			name: "overwrite",
+			fields: fields{
+				Config: Config{
+					TarExec:         "tar",
+					StripComponents: 2,
+					Overwrite:       true,
+					UnlinkFirst:     false,
+				},
+				DestFile: "foo.tar.gz",
+			},
+			args: args{
+				target: "foo",
+			},
+			want: []string{"tar", "-zxf", "foo.tar.gz", "--strip-components", "2", "--overwrite", "-C", "foo"},
+		},
+		{
+			name: "unlink first",
+			fields: fields{
+				Config: Config{
+					TarExec:         "tar",
+					StripComponents: 2,
+					Overwrite:       true,
+					UnlinkFirst:     true,
+				},
+				DestFile: "foo.tar.gz",
+			},
+			args: args{
+				target: "foo",
+			},
+			want: []string{"tar", "-zxf", "foo.tar.gz", "--strip-components", "2", "--overwrite", "--unlink-first", "-C", "foo"},
+		},
+		{
+			name: "output folder path with space",
+			fields: fields{
+				Config: Config{
+					TarExec:         "tar",
+					StripComponents: 2,
+					Overwrite:       true,
+					UnlinkFirst:     true,
+				},
+				DestFile: "foo.tar.gz",
+			},
+			args: args{
+				target: "foo\\ bar",
+			},
+			want: []string{"tar", "-zxf", "foo.tar.gz", "--strip-components", "2", "--overwrite", "--unlink-first", "-C", "foo\\ bar"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := &Plugin{
+				Config:   tt.fields.Config,
+				DestFile: tt.fields.DestFile,
+			}
+			if got := p.buildUnTarArgs(tt.args.target); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("Plugin.buildArgs() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestPlugin_buildTarArgs(t *testing.T) {
+	type fields struct {
+		Config Config
+	}
+	type args struct {
+		src string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   []string
+	}{
+		{
+			name: "default command",
+			fields: fields{
+				Config: Config{
+					TarExec: "tar",
+				},
+			},
+			args: args{
+				src: "foo.tar.gz",
+			},
+			want: []string{"-zcf", "foo.tar.gz"},
+		},
+		{
+			name: "ignore list",
+			fields: fields{
+				Config: Config{
+					TarExec: "tar",
+					Source: []string{
+						"tests/*.txt",
+						"!tests/a.txt",
+					},
+				},
+			},
+			args: args{
+				src: "foo.tar.gz",
+			},
+			want: []string{"--exclude", "tests/a.txt", "-zcf", "foo.tar.gz", "tests/a.txt", "tests/b.txt"},
+		},
+		{
+			name: "dereference flag",
+			fields: fields{
+				Config: Config{
+					TarExec:        "tar",
+					TarDereference: true,
+					Source: []string{
+						"tests/*.txt",
+						"!tests/a.txt",
+					},
+				},
+			},
+			args: args{
+				src: "foo.tar.gz",
+			},
+			want: []string{"--exclude", "tests/a.txt", "--dereference", "-zcf", "foo.tar.gz", "tests/a.txt", "tests/b.txt"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := &Plugin{
+				Config: tt.fields.Config,
+			}
+			if got := p.buildTarArgs(tt.args.src); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("Plugin.buildTarArgs() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestTargetFolderWithSpaces(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:            []string{"localhost"},
+			Username:        "drone-scp",
+			Port:            22,
+			KeyPath:         "tests/.ssh/id_rsa",
+			Source:          []string{"tests/global/*"},
+			StripComponents: 2,
+			Target:          []string{filepath.Join(u.HomeDir, "123 456 789")},
+			CommandTimeout:  60 * time.Second,
+			TarExec:         "tar",
 		},
 	}

-	err := plugin.Exec()
-	assert.NotNil(t, err)
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123 456 789", "c.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "123 456 789", "d.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+func TestHostPortString(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:            []string{"localhost:22", "localhost:22"},
+			Username:        "drone-scp",
+			Protocol:        easyssh.PROTOCOL_TCP4,
+			Port:            8080,
+			KeyPath:         "tests/.ssh/id_rsa",
+			Source:          []string{"tests/global/*"},
+			StripComponents: 2,
+			Target:          []string{filepath.Join(u.HomeDir, "1234")},
+			CommandTimeout:  60 * time.Second,
+			TarExec:         "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "1234", "c.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "1234", "d.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
+// Unit test for hostPort
+func TestHostPort(t *testing.T) {
+	p := Plugin{
+		Config: Config{
+			Port:     8080,
+			Protocol: easyssh.PROTOCOL_TCP4,
+		},
+	}
+
+	// Test case 1: host string with port
+	host1 := "example.com:1234"
+	expectedHost1 := "example.com"
+	expectedPort1 := "1234"
+	actualHost1, actualPort1 := p.hostPort(host1)
+	if actualHost1 != expectedHost1 || actualPort1 != expectedPort1 {
+		t.Errorf("hostPort(%s) = (%s, %s); expected (%s, %s)", host1, actualHost1, actualPort1, expectedHost1, expectedPort1)
+	}
+
+	// Test case 2: host string without port
+	host2 := "example.com"
+	expectedHost2 := "example.com"
+	expectedPort2 := "8080" // default port
+	actualHost2, actualPort2 := p.hostPort(host2)
+	if actualHost2 != expectedHost2 || actualPort2 != expectedPort2 {
+		t.Errorf("hostPort(%s) = (%s, %s); expected (%s, %s)", host2, actualHost2, actualPort2, expectedHost2, expectedPort2)
+	}
+}
+
+func TestPlugin_hostPort(t *testing.T) {
+	type fields struct {
+		Config Config
+		Writer io.Writer
+	}
+	type args struct {
+		h string
+	}
+	tests := []struct {
+		name     string
+		fields   fields
+		args     args
+		wantHost string
+		wantPort string
+	}{
+		{
+			name: "default host and port",
+			fields: fields{
+				Config: Config{
+					Port: 22,
+				},
+			},
+			args: args{
+				h: "localhost",
+			},
+			wantHost: "localhost",
+			wantPort: "22",
+		},
+		{
+			name: "different port",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP4,
+				},
+			},
+			args: args{
+				h: "localhost:443",
+			},
+			wantHost: "localhost",
+			wantPort: "443",
+		},
+		{
+			name: "ipv6",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP6,
+				},
+			},
+			args: args{
+				h: "::1",
+			},
+			wantHost: "::1",
+			wantPort: "22",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := Plugin{
+				Config: tt.fields.Config,
+			}
+			gotHost, gotPort := p.hostPort(tt.args.h)
+			if gotHost != tt.wantHost {
+				t.Errorf("Plugin.hostPort() gotHost = %v, want %v", gotHost, tt.wantHost)
+			}
+			if gotPort != tt.wantPort {
+				t.Errorf("Plugin.hostPort() gotPort = %v, want %v", gotPort, tt.wantPort)
+			}
+		})
+	}
+}
+
+func TestIgnoreFolder(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Protocol:       easyssh.PROTOCOL_TCP4,
+			Port:           22,
+			KeyPath:        "tests/.ssh/id_rsa",
+			Source:         []string{"tests/*", "!tests/global"},
+			Target:         []string{filepath.Join(u.HomeDir, "test_ignore")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "test_ignore", "global", "c.txt")); !os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "test_ignore", "global", "d.txt")); !os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
 }
@@ -0,0 +1,50 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZka7A7i
+FscMeJBPyPteclAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2o
+nnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mh
+HBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+
+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMG
+vX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv
+9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOr
+b93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mr
+D2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jI
+NHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE
+3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpv
+jwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQAAB1CnEMQGwAKZbd3F1DJqwfPf
+KWjoUJKbTRiav6h5pQr65JaqDe/7YE2ZHYo5917AC2vPLwPxAnoHFMsbObd5mWcmpATg/0
+K/qkN5Z4Ml5U3bwr51wfSPh1MiAP21Aickt09BDstIJzNNwwgcY31O3k/d6VBjqyM6Ezop
+66LI4s/IIni1BI+cALyEfzE4Qu16GfzIeM+JVxildP4VImhvNBESmmbBL8rNmSzlQ+FTuF
+JVmowUbcon1O0CppM1MRVPeG805XDwjxHXKwOp5O7MdTz7H8JeORoe8D6+4rNfJE0eQGY7
+Nm4+Wa97HzAFbT9IS433rxoGx9Qps3LAySFONso2JWSOEfo8rxnqO04DrfVHQhY3DkkwQt
+FsDnMtkthJa+ZzUYc75fnS0DBPGuF9DZUCqrev5oAUHP6C4Vc4b33JJQD4FZJ+ehk3Xsci
+cwJQsmgLyc5Jdh543Dm7kZoM9ku7HDNrB4H/1p45Vo6aBZMAY50x+fTdBeTgCzzhzzTbf+
+0IF8W3yW3/BYD+S2Byo3JKp6NH0Q8cgPJrGTl6GltGfpVuc6kLjMZ5zvxRbyWaqtIygM46
+W1izbA+9jwbHhitCtOk42e/ff6iEB1MVC13LqPty3gPNR8Pv0rDUDjJS4KiVwXqUY+bMr0
+C8l/hx93euHjLUJ49Ru6uy/2fBlHZEj6GmEAJhu/i6t2c1Rq0HBLis9X356oQT+YZnIai2
+ym0MknPxjeYBAItOV3zhRd1cYnk7CDcl1XALcnh0tqP712x24IJ+Ytqg7nvB2NZV8T469I
+8Fp254Nr89HOMAXaZD0UcIPm7D2rfWV+YJFI3ZcJ/8DM99H3tpXe2j4oHMdmAbBd++09sx
+KBRdFLcvnBfd1lqwxpA7hbxzrxi/yehYCqzh5KQGaf2UXej6TPiVzBWVYbp34cMZtsT6mF
+K8SS3l5TXoNK2DNEk30o8K3q+vngQpfC9GZ/id4B7LS/3ybellxemZHXQoU4PxDkLKt7jd
+AAsd5WO13dv3n/qgyu8iBRiFU+W66NX0RJGkp+lZMnta0YzukafM2n6GDn/r/Cx/y21PAi
+ah8i41ByI1QLI4m1r+bRHdUxAarS/XJw4tTSFiZu3zddMYrlzeG9O3VUX9zBvBtfQbSmeJ
+omml0zlr/qD7TMsORiujy7XIn7sMW+Ls/NA8TvX8oRnACjXe/MYNEZ8WDu2rkZuY/Dfc+o
+NyYWO7kZ3kcejQZ1NusJSA7MG0FFGYSIaC9T9CWqYd5IcRSJW4dZnCt9z8CIJ6TSUFqMb/
+H1Y5Rmi0IIX+8qbGGXVBDIBk5y9xtS43+nz1nsdXwDmkTiXN9+ZX+GDsLxCWoHGryrWDbk
+EuOAlqpvxFKzEkNsx+AC5wae6i/hBeiEce9bm4nZp+hFv1ic1Z9WS8B37YOFgJ4utGeOjB
+6hnywUUJ3aH0LnCQNB3UzeFR7BmEaxmYD/phJodmjA5SD3CWpeizdXfrUjtqXGhYlr2jzq
+vBAeeYEO4uaHIGxg8GqoqtaseqVcIdtouHxrVAxxXkjShV2ji7oJ/AtrLZNlkKYxMk0TpX
+fFiKqL/uKfS78FfvVOhOkHZTD6ZeMgmdL/uOghEAtrf08ChyRvdp7QLjA802aio9eUVIQm
+lHb1ltPEbIZNuvQ5kTIwk2eM6EAkOh0MBMoAYOxOpIb00XHNRDGJYuLewByjMQa8EoT6VM
+NoiFIzJU9lLAXE6yz6JswctpTpLHK9Aq5vY7ObaOvrmpCQqsXfOuVUo2nR/FyEes97zuXG
+E4aKaHK4IAW4UY/oGYk7pU/yRpudhiNRMXzmcQXfVmBEHuvDrh2chg8lDYn++07F7RWqkI
+nfMAOWR8UEl4xp4zJtThDjRxNW6QLl8E1ADjndA9wVaKNSzv2i1TLXKBr5luFqY9MSJ2rm
+yBR5EwairH/Qn9TUxaDD+0p6J+E9iz1l8UPTJa/cjtwiySljahY/6tHHnr9YQVnox92yfU
+UXpfINGjYrpqh6EFwmyRw9fryIMvMhgZYo6ZoCRBCK2GfGAB0VTzJy2FGs4GecZK5ptXKu
+sOX8BgGX/Q/nAJ7PWf9hgYlX2YyjmLjQZDMWECp05VFx9znEETNKlwF1FX5/E/37ISyz4d
+I1LVSKOEccJX7jCR32LzvRW1UBX47Z+q3LVE4sa0QAV/JoISq6Qn6zAsVIV0yEPmVbd/xx
+aX2uBUGHhmd99YJDh81xJIoYEMRzoGVfp0JjfYcDUc+2I6JdrOMF9/KmMA5wsZl4OKiu/F
+cTRGjUkgw/cF2EFRGWknee2esYRB7tOr4y56qZ4gxqw8q9rYXhyB42jbdTvt5xcCm/ynid
+sn4InokRRoIiMIPL5Ur7FZQHOP+915MWUBsrTJtkCWQuqJheYUi3mCzh/7NadAKplRpaKb
+rS/DJIOOkjnGni/sDxJzPq7STDBVy4WStwQl6NI5hq+/c+JvN9GI4Vu/kz0z8qUcdShLaH
+l4njcaMpg4tpQMHtCBOicGyV0=
+-----END OPENSSH PRIVATE KEY-----
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh
@@ -0,0 +1 @@
+appleboy
				`@@ -1 +0,0 @@`
				eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2dpdGh1Yi5jb20vYXBwbGVib3kvZHJvbmUtc2NwCgpwaXBlbGluZToKICAjIHJlc3RvcmUgdGhlIGNhY2hlIGZyb20gYW4gc2Z0cCBzZXJ2ZXIKICByZXN0b3JlX2NhY2hlOgogICAgaW1hZ2U6IGFwcGxlYm95L2Ryb25lLXNmdHAtY2FjaGUKICAgIHJlc3RvcmU6IHRydWUKICAgIG1vdW50OiBbIC5nbGlkZSwgdmVuZG9yIF0KICAgIGlnbm9yZV9icmFuY2g6IHRydWUKCiAgdGVzdDoKICAgIGltYWdlOiBhcHBsZWJveS9nb2xhbmctdGVzdGluZwogICAgcHVsbDogdHJ1ZQogICAgZW52aXJvbm1lbnQ6CiAgICAgIFRBR1M6IG5ldGdvCiAgICAgIEdPUEFUSDogL3Nydi9hcHAKICAgIGNvbW1hbmRzOgogICAgICAtIGFkZHVzZXIgLWggL2hvbWUvZHJvbmUtc2NwIC1zIC9iaW4vYmFzaCAtRCAtUyBkcm9uZS1zY3AKICAgICAgLSBwYXNzd2QgLWQgZHJvbmUtc2NwCiAgICAgIC0gbWtkaXIgLXAgL2hvbWUvZHJvbmUtc2NwLy5zc2gKICAgICAgLSBjaG1vZCA3MDAgL2hvbWUvZHJvbmUtc2NwLy5zc2gKICAgICAgLSBjcCB0ZXN0cy8uc3NoL2lkX3JzYS5wdWIgL2hvbWUvZHJvbmUtc2NwLy5zc2gvYXV0aG9yaXplZF9rZXlzCiAgICAgIC0gY2hvd24gLVIgZHJvbmUtc2NwIC9ob21lL2Ryb25lLXNjcC8uc3NoCiAgICAgICMgaW5zdGFsbCBzc2ggYW5kIHN0YXJ0IHNlcnZlcgogICAgICAtIGFwayB1cGRhdGUgJiYgYXBrIGFkZCBvcGVuc3NoIG9wZW5yYwogICAgICAtIHJtIC1yZiAvZXRjL3NzaC9zc2hfaG9zdF9yc2Ffa2V5IC9ldGMvc3NoL3NzaF9ob3N0X2RzYV9rZXkKICAgICAgLSAuL3Rlc3RzL2VudHJ5cG9pbnQuc2ggL3Vzci9zYmluL3NzaGQgLUQgJgogICAgICAtIG1ha2UgZGVwX2luc3RhbGwKICAgICAgLSBtYWtlIHZldAogICAgICAtIG1ha2UgbGludAogICAgICAtIG1ha2UgdGVzdAogICAgICAtIG1ha2UgY292ZXJhZ2UKICAgICAgLSBtYWtlIGJ1aWxkCiAgICAgICMgYnVpbGQgYmluYXJ5IGZvciBkb2NrZXIgaW1hZ2UKICAgICAgLSBtYWtlIHN0YXRpY19idWlsZAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICByZWxlYXNlOgogICAgaW1hZ2U6IGFwcGxlYm95L2dvbGFuZy10ZXN0aW5nCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgVEFHUzogbmV0Z28KICAgICAgR09QQVRIOiAvc3J2L2FwcAogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSByZWxlYXNlCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBkb2NrZXI6CiAgICBpbWFnZTogcGx1Z2lucy9kb2NrZXIKICAgIHJlcG86ICR7RFJPTkVfUkVQT30KICAgIHRhZ3M6IFsgJyR7RFJPTkVfVEFHfScgXQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZG9ja2VyOgogICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgICByZXBvOiAke0RST05FX1JFUE99CiAgICB0YWdzOiBbICdsYXRlc3QnIF0KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQogICAgICBicmFuY2g6IFsgbWFzdGVyIF0KCiAgZ2l0aHViOgogICAgaW1hZ2U6IHBsdWdpbnMvZ2l0aHViLXJlbGVhc2UKICAgIGZpbGVzOgogICAgICAtIGRpc3QvcmVsZWFzZS8qCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICAjIHJlYnVpbGQgdGhlIGNhY2hlIG9uIHRoZSBzZnRwIHNlcnZlcgogIHJlYnVpbGRfY2FjaGU6CiAgICBpbWFnZTogYXBwbGVib3kvZHJvbmUtc2Z0cC1jYWNoZQogICAgcmVidWlsZDogdHJ1ZQogICAgbW91bnQ6IFsgLmdsaWRlLCB2ZW5kb3IgXQogICAgaWdub3JlX2JyYW5jaDogdHJ1ZQogICAgd2hlbjoKICAgICAgYnJhbmNoOiBtYXN0ZXIK.iJq2DIBtHk-IH2ioZdNEkFcxDj-5mtNikSX66Jdt_pM
				`@@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh