ci(docker): fail push when trivy finds CRITICAL/HIGH issues

- Add independent trivy.yml workflow with repo scan and image scan jobs
- Add Trivy image scan step in docker.yml before pushing Docker image
- Add security-events permission for SARIF upload
- Add Trivy Security Scan badge to README

.github/workflows/codeql.yml

@@ -13,12 +13,12 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master]
   schedule:
-    - cron: '41 23 * * 6'
+    - cron: "41 23 * * 6"
 
 jobs:
   analyze:
@@ -32,23 +32,23 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go' ]
+        language: ["go"]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v6
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4

.github/workflows/docker.yml

@@ -5,56 +5,56 @@ on:
     branches:
       - master
     tags:
-      - 'v*'
+      - "v*"
   pull_request:
     branches:
-      - 'master'
+      - "master"
+
+permissions:
+  contents: read
+  packages: write
+  security-events: write
 
 jobs:
   build-docker:
     runs-on: ubuntu-latest
     steps:
       - name: Setup go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
-          go-version: '^1'
+          go-version: "^1"
+          check-latest: true
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Build binary
-        run : |
-          make build_linux_amd64
-          make build_linux_arm
-          make build_linux_arm64
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        run: |
+          make build_docker
 
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v4
 
-      -
-        name: Login to Docker Hub
-        uses: docker/login-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      -
-        name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      -
-        name: Docker meta
+      - name: Docker meta
         id: docker-meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v6
         with:
           images: |
             ${{ github.repository }}
@@ -65,13 +65,39 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
 
-      -
-        name: Build and push
-        uses: docker/build-push-action@v4
+      - name: Build image for scanning
+        uses: docker/build-push-action@v7
         with:
           context: .
-          platforms: linux/amd64,linux/arm,linux/arm64
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: drone-scp:scan
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          image-ref: "drone-scp:scan"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "CRITICAL,HIGH"
+          exit-code: '1'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-image-results.sarif"
+          category: "trivy-docker-image"
+
+      - name: Build and push
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
           file: docker/Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.docker-meta.outputs.tags }}
           labels: ${{ steps.docker-meta.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache,mode=max

.github/workflows/goreleaser.yml

@@ -3,7 +3,7 @@ name: Goreleaser
 on:
   push:
     tags:
-      - '*'
+      - "*"
 
 permissions:
   contents: write
@@ -12,24 +12,22 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
-      -
-        name: Setup go
-        uses: actions/setup-go@v5
+      - name: Setup go
+        uses: actions/setup-go@v6
         with:
-          go-version: '^1'
+          go-version: "^1"
+          check-latest: true
 
-      -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v7
         with:
           # either 'goreleaser' (default) or 'goreleaser-pro'
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yml

@@ -1,45 +0,0 @@
-name: Lint and Testing
-
-on:
-  push:
-  pull_request:
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "^1"
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Setup golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: latest
-          args: --verbose
-
-      - uses: hadolint/hadolint-action@v3.1.0
-        name: hadolint for Dockerfile
-        with:
-          dockerfile: docker/Dockerfile
-
-  testing:
-    runs-on: ubuntu-latest
-    container: golang:1.21-alpine
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      - name: setup sshd server
-        run: |
-          apk add git make curl perl bash build-base zlib-dev ucl-dev
-          make ssh-server
-
-      - name: testing
-        run: |
-          make test
-
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3

.github/workflows/testing.yml

@@ -0,0 +1,61 @@
+name: Lint and Testing
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Setup golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: v2.11
+          args: --verbose
+
+      - uses: hadolint/hadolint-action@v3.3.0
+        name: hadolint for Dockerfile
+        with:
+          dockerfile: docker/Dockerfile
+
+      # This step uses the Bearer GitHub Action to scan for sensitive data in the codebase.
+      # The 'uses' keyword specifies the action to be used, in this case, 'bearer/bearer-action' at version 'v2'.
+      # The 'with' keyword provides input parameters for the action:
+      # - 'diff: true' indicates that the action should only scan the changes in the current pull request or commit.
+      - name: Bearer
+        uses: bearer/bearer-action@v2
+        with:
+          diff: true
+
+  testing:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: ["1.25", "1.26"]
+    container:
+      image: golang:${{ matrix.go-version }}-alpine
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: setup sshd server
+        run: |
+          apk add git make curl perl bash build-base zlib-dev ucl-dev gpg
+          make ssh-server
+
+      - name: testing
+        run: |
+          make test
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5

.github/workflows/trivy.yml

@@ -0,0 +1,85 @@
+name: Trivy Security Scan
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    # Run daily at 00:00 UTC
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  trivy-repo-scan:
+    name: Trivy Repository Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Run Trivy vulnerability scanner (repo)
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          scan-type: "fs"
+          scan-ref: "."
+          format: "sarif"
+          output: "trivy-repo-results.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-repo-results.sarif"
+
+  trivy-image-scan:
+    name: Trivy Image Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Build binary
+        run: |
+          make build_docker
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Build Docker image for scanning
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: drone-scp:scan
+
+      - name: Run Trivy vulnerability scanner (image)
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          image-ref: "drone-scp:scan"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy image scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-image-results.sarif"
+          category: "trivy-image"

.gitignore

@@ -29,3 +29,4 @@ dist
 .cover
 release
 bin
+.idea

.golangci.yaml

@@ -0,0 +1,54 @@
+version: "2"
+linters:
+  enable:
+    - asciicheck
+    - durationcheck
+    - errorlint
+    - gosec
+    - misspell
+    - nakedret
+    - nilerr
+    - nolintlint
+    - perfsprint
+    - revive
+    - usestdlibvars
+    - wastedassign
+  settings:
+    gosec:
+      includes:
+        - G102
+        - G106
+        - G108
+        - G109
+        - G111
+        - G112
+        - G201
+        - G203
+    perfsprint:
+      int-conversion: true
+      err-error: true
+      errorf: true
+      sprintf1: true
+      strconcat: true
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

.goreleaser.yaml

@@ -3,78 +3,78 @@ before:
     - go mod tidy
 
 builds:
-- env:
-  - CGO_ENABLED=0
-  goos:
-  - darwin
-  - linux
-  - windows
-  - freebsd
-  goarch:
-  - amd64
-  - arm
-  - arm64
-  goarm:
-  - "5"
-  - "6"
-  - "7"
-  ignore:
-    - goos: darwin
-      goarch: arm
-    - goos: darwin
-      goarch: ppc64le
-    - goos: darwin
-      goarch: s390x
-    - goos: windows
-      goarch: ppc64le
-    - goos: windows
-      goarch: s390x
-    - goos: windows
-      goarch: arm
-      goarm: "5"
-    - goos: windows
-      goarch: arm
-      goarm: "6"
-    - goos: windows
-      goarch: arm
-      goarm: "7"
-    - goos: windows
-      goarch: arm64
-    - goos: freebsd
-      goarch: ppc64le
-    - goos: freebsd
-      goarch: s390x
-    - goos: freebsd
-      goarch: arm
-      goarm: "5"
-    - goos: freebsd
-      goarch: arm
-      goarm: "6"
-    - goos: freebsd
-      goarch: arm
-      goarm: "7"
-    - goos: freebsd
-      goarch: arm64
-  flags:
-  - -trimpath
-  ldflags:
-  - -s -w
-  - -X main.Version={{.Version}}
-  binary: >-
-    {{ .ProjectName }}-
-    {{- if .IsSnapshot }}{{ .Branch }}-
-    {{- else }}{{- .Version }}-{{ end }}
-    {{- .Os }}-
-    {{- if eq .Arch "amd64" }}amd64
-    {{- else if eq .Arch "amd64_v1" }}amd64
-    {{- else if eq .Arch "386" }}386
-    {{- else }}{{ .Arch }}{{ end }}
-    {{- if .Arm }}-{{ .Arm }}{{ end }}
-  no_unique_dist_dir: true
-  hooks:
-    post:
-      - cmd: xz -k -9 {{ .Path }}
-        dir: ./dist/
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - darwin
+      - linux
+      - windows
+      - freebsd
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    goarm:
+      - "5"
+      - "6"
+      - "7"
+    ignore:
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: ppc64le
+      - goos: darwin
+        goarch: s390x
+      - goos: windows
+        goarch: ppc64le
+      - goos: windows
+        goarch: s390x
+      - goos: windows
+        goarch: arm
+        goarm: "5"
+      - goos: windows
+        goarch: arm
+        goarm: "6"
+      - goos: windows
+        goarch: arm
+        goarm: "7"
+      - goos: windows
+        goarch: arm64
+      - goos: freebsd
+        goarch: ppc64le
+      - goos: freebsd
+        goarch: s390x
+      - goos: freebsd
+        goarch: arm
+        goarm: "5"
+      - goos: freebsd
+        goarch: arm
+        goarm: "6"
+      - goos: freebsd
+        goarch: arm
+        goarm: "7"
+      - goos: freebsd
+        goarch: arm64
+    flags:
+      - -trimpath
+    ldflags:
+      - -s -w
+      - -X main.Version={{.Version}}
+    binary: >-
+      {{ .ProjectName }}-
+      {{- if .IsSnapshot }}{{ .Branch }}-
+      {{- else }}{{- .Version }}-{{ end }}
+      {{- .Os }}-
+      {{- if eq .Arch "amd64" }}amd64
+      {{- else if eq .Arch "amd64_v1" }}amd64
+      {{- else if eq .Arch "386" }}386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}-{{ .Arm }}{{ end }}
+    no_unique_dist_dir: true
+    hooks:
+      post:
+        - cmd: xz -k -9 {{ .Path }}
+          dir: ./dist/
 
 archives:
   - format: binary
@@ -82,9 +82,9 @@ archives:
     allow_different_binary_count: true
 
 checksum:
-  name_template: 'checksums.txt'
+  name_template: "checksums.txt"
   extra_files:
-      - glob: ./**.xz
+    - glob: ./**.xz
 
 snapshot:
   name_template: "{{ incpatch .Version }}"
@@ -97,3 +97,27 @@ release:
   # Templates: allowed
   extra_files:
     - glob: ./**.xz
+
+changelog:
+  use: github
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: "Bug fixes"
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: "Enhancements"
+      regexp: "^.*chore[(\\w)]*:+.*$"
+      order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: "Build process updates"
+      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
+      order: 4
+    - title: "Documentation updates"
+      regexp: ^.*?docs?(\(.+\))??!?:.+$
+      order: 4
+    - title: Others
+      order: 999

DOCS.md

@@ -1,11 +1,16 @@
 ---
 date: 2017-01-06T00:00:00+00:00
 title: SCP
+name: SCP
+description: Deploy artifacts using SSH/SCP
 author: appleboy
 tags: [ publish, ssh, scp ]
 logo: term.svg
 repo: appleboy/drone-scp
 image: appleboy/drone-scp
+containerImage: appleboy/drone-scp
+containerImageUrl: https://hub.docker.com/r/appleboy/drone-scp
+url: https://github.com/appleboy/drone-scp
 ---
 
 The SCP plugin copy files and artifacts to target host machine via SSH. The below pipeline configuration demonstrates simple usage:

Makefile

@@ -1,19 +1,8 @@
-DIST := dist
 EXECUTABLE := drone-scp
-GOFMT ?= gofumpt -l
-DIST := dist
-DIST_DIRS := $(DIST)/binaries $(DIST)/release
+GOFMT ?= gofumpt -l -s -w
 GO ?= go
-SHASUM ?= shasum -a 256
 GOFILES := $(shell find . -name "*.go" -type f)
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
-XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-XGO_VERSION := go-1.19.x
-GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
-
-LINUX_ARCHS ?= linux/amd64,linux/arm64
-DARWIN_ARCHS ?= darwin-10.12/amd64,darwin-10.12/arm64
-WINDOWS_ARCHS ?= windows/*
 
 ifneq ($(shell uname), Darwin)
 	EXTLDFLAGS = -extldflags "-static" $(null)
@@ -51,17 +40,25 @@ LDFLAGS ?= -X 'main.Version=$(VERSION)'
 
 all: build
 
-fmt:
+.PHONY: help
+help: ## Print this help message.
+	@echo "Usage: make [target]"
+	@echo ""
+	@echo "Targets:"
+	@echo ""
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+fmt: ## Format the code
 	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) install mvdan.cc/gofumpt; \
+		$(GO) install mvdan.cc/gofumpt@latest; \
 	fi
 	$(GOFMT) -w $(GOFILES)
 
-vet:
+vet: ## Run go vet
 	$(GO) vet ./...
 
 .PHONY: fmt-check
-fmt-check:
+fmt-check: ## Check if the code is formatted
 	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) install mvdan.cc/gofumpt; \
 	fi
@@ -72,30 +69,22 @@ fmt-check:
 		exit 1; \
 	fi;
 
-test:
+test: ## Run tests
 	@$(GO) test -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 
-install: $(GOFILES)
+install: $(GOFILES) ## Install the package
 	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
 
-build: $(EXECUTABLE)
+build: $(EXECUTABLE) ## Build the package
 
-$(EXECUTABLE): $(GOFILES)
+$(EXECUTABLE): $(GOFILES) ## Build the package
 	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o bin/$@
 
-build_linux_amd64:
+build_docker:
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/amd64/$(DEPLOY_IMAGE)
-
-build_linux_i386:
-	CGO_ENABLED=0 GOOS=linux GOARCH=386 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/i386/$(DEPLOY_IMAGE)
-
-build_linux_arm64:
 	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/arm64/$(DEPLOY_IMAGE)
 
-build_linux_arm:
-	CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/arm/$(DEPLOY_IMAGE)
-
-ssh-server:
+ssh-server: ## Run ssh server
 	adduser -h /home/drone-scp -s /bin/sh -D -S drone-scp
 	echo drone-scp:1234 | chpasswd
 	mkdir -p /home/drone-scp/.ssh
@@ -108,59 +97,10 @@ ssh-server:
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
 	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress ::/ListenAddress ::/g' /etc/ssh/sshd_config
 	./tests/entrypoint.sh /usr/sbin/sshd -D &
 
-coverage:
-	sed -i '/main.go/d' coverage.txt
-
-.PHONY: deps-backend
-deps-backend:
-	$(GO) mod download
-	$(GO) install $(GXZ_PAGAGE)
-	$(GO) install $(XGO_PACKAGE)
-
-.PHONY: release
-release: release-linux release-darwin release-windows release-copy release-compress release-check
-
-$(DIST_DIRS):
-	mkdir -p $(DIST_DIRS)
-
-.PHONY: release-windows
-release-windows: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(WINDOWS_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
-ifeq ($(CI),true)
-	cp -r /build/* $(DIST)/binaries/
-endif
-
-.PHONY: release-linux
-release-linux: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
-ifeq ($(CI),true)
-	cp -r /build/* $(DIST)/binaries/
-endif
-
-.PHONY: release-darwin
-release-darwin: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets '$(DARWIN_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
-ifeq ($(CI),true)
-	cp -r /build/* $(DIST)/binaries/
-endif
-
-.PHONY: release-copy
-release-copy: | $(DIST_DIRS)
-	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
-
-.PHONY: release-check
-release-check: | $(DIST_DIRS)
-	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;
-
-.PHONY: release-compress
-release-compress: | $(DIST_DIRS)
-	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;
-
-clean:
+clean: ## Clean the build
 	$(GO) clean -x -i ./...
-	rm -rf coverage.txt $(EXECUTABLE) $(DIST)
-
-version:
-	@echo $(VERSION)
+	rm -rf coverage.txt $(EXECUTABLE)

README.md

@@ -1,21 +1,24 @@
 # drone-scp
 
+[繁體中文](README.zh-tw.md) | [簡體中文](README.zh-cn.md)
+
 [![GoDoc](https://godoc.org/github.com/appleboy/drone-scp?status.svg)](https://godoc.org/github.com/appleboy/drone-scp)
-[![Lint and Testing](https://github.com/appleboy/drone-scp/actions/workflows/lint.yml/badge.svg)](https://github.com/appleboy/drone-scp/actions/workflows/lint.yml)
+[![Lint and Testing](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml/badge.svg)](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml)
+[![Trivy Security Scan](https://github.com/appleboy/drone-scp/actions/workflows/trivy.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-scp/actions/workflows/trivy.yml)
 [![codecov](https://codecov.io/gh/appleboy/drone-scp/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-scp)
 [![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-scp)](https://goreportcard.com/report/github.com/appleboy/drone-scp)
 [![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-scp.svg)](https://hub.docker.com/r/appleboy/drone-scp/)
 
-Copy files and artifacts via SSH using a binary, docker or [Drone CI](http://docs.drone.io/).
+Securely transfer files and artifacts via SSH using a standalone binary, Docker container, or [Drone CI](http://docs.drone.io/) integration.
 
-## Feature
+## Features
 
-* [x] Support routines.
-* [x] Support wildcard pattern on source list.
-* [x] Support send files to multiple host.
-* [x] Support send files to multiple target folder on host.
-* [x] Support load ssh key from absolute path or raw body.
-* [x] Support SSH ProxyCommand.
+- [x] Parallel file transfer with multiple routines
+- [x] Support for wildcard patterns in source file selection
+- [x] Ability to transfer files to multiple destination hosts
+- [x] Support for multiple target directories on each host
+- [x] Flexible SSH key authentication via file path or raw content
+- [x] Advanced networking with SSH ProxyCommand support
 
 ```sh
 +--------+       +----------+      +-----------+
@@ -56,9 +59,9 @@ Copy files and artifacts via SSH using a binary, docker or [Drone CI](http://doc
 
 The pre-compiled binaries can be downloaded from [release page](https://github.com/appleboy/drone-scp/releases). Support the following OS type.
 
-* Windows amd64/386
-* Linux arm/amd64/386
-* Darwin amd64/386
+- Windows amd64/386
+- Linux arm/amd64/386
+- Darwin amd64/386
 
 With `Go` installed
 
@@ -92,9 +95,9 @@ make docker
 
 There are three ways to send notification.
 
-* [usage from binary](#usage-from-binary)
-* [usage from docker](#usage-from-docker)
-* [usage from drone ci](#usage-from-drone-ci)
+- [usage from binary](#usage-from-binary)
+- [usage from docker](#usage-from-docker)
+- [usage from drone ci](#usage-from-drone-ci)
 
 ### Usage from binary
 

README.zh-cn.md

@@ -0,0 +1,265 @@
+# drone-scp
+
+[English](README.md) | [繁體中文](README.zh-tw.md)
+
+[![GoDoc](https://godoc.org/github.com/appleboy/drone-scp?status.svg)](https://godoc.org/github.com/appleboy/drone-scp)
+[![Lint and Testing](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml/badge.svg)](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml)
+[![codecov](https://codecov.io/gh/appleboy/drone-scp/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-scp)
+[![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-scp)](https://goreportcard.com/report/github.com/appleboy/drone-scp)
+[![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-scp.svg)](https://hub.docker.com/r/appleboy/drone-scp/)
+
+复制文件和工件通过 SSH 使用二进制文件、docker 或 [Drone CI](http://docs.drone.io/)。
+
+[English](README.md) | [繁體中文](README.zh-tw.md)
+
+## 功能
+
+- [x] 支持例程。
+- [x] 支持来源列表中的通配符模式。
+- [x] 支持将文件发送到多个主机。
+- [x] 支持将文件发送到主机上的多个目标文件夹。
+- [x] 支持从绝对路径或原始主体加载 ssh 密钥。
+- [x] 支持 SSH ProxyCommand。
+
+```sh
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
++--------+       +----------+      +-----------+
+
+                   OR
+
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Firewall | <--> | FooServer |
++--------+       +----------+      +-----------+
+192.168.1.5       121.1.2.3         10.10.29.68
+```
+
+## Breaking changes
+
+`v1.5.0`: change command timeout flag to `Duration`. See the following setting:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      username: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
++     command_timeout: 2m
+      target: /home/deploy/web
+      source:
+        - release/*.tar.gz
+```
+
+## Build or Download a binary
+
+The pre-compiled binaries can be downloaded from [release page](https://github.com/appleboy/drone-scp/releases). Support the following OS type.
+
+- Windows amd64/386
+- Linux arm/amd64/386
+- Darwin amd64/386
+
+With `Go` installed
+
+```sh
+export GO111MODULE=on
+go get -u -v github.com/appleboy/drone-scp
+```
+
+or build the binary with the following command:
+
+```sh
+export GOOS=linux
+export GOARCH=amd64
+export CGO_ENABLED=0
+export GO111MODULE=on
+
+go test -cover ./...
+
+go build -v -a -tags netgo -o release/linux/amd64/drone-scp .
+```
+
+## Docker
+
+Build the docker image with the following commands:
+
+```sh
+make docker
+```
+
+## Usage
+
+There are three ways to send notification.
+
+- [usage from binary](#usage-from-binary)
+- [usage from docker](#usage-from-docker)
+- [usage from drone ci](#usage-from-drone-ci)
+
+### Usage from binary
+
+#### Using public key
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --key-path "${HOME}/.ssh/id_rsa" \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using password
+
+```diff
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
++ --password xxxxxxx \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using ssh-agent
+
+Start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `--password` or `--key-path` arguments.
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Send multiple source or target folder and hosts
+
+```diff
+drone-scp --host example1.com \
++ --host example2.com \
+  --port 22 \
+  --username appleboy \
+  --password  xxxxxxx
+  --target /home/appleboy/test1 \
++ --target /home/appleboy/test2 \
+  --source your_local_folder_path_1
++ --source your_local_folder_path_2
+```
+
+### Usage from docker
+
+Using public key
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_KEY_PATH="${HOME}/.ssh/id_rsa"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using password
+
+```diff
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
++ -e SCP_PASSWORD="xxxxxxx"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using ssh-agent, start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `SCP_PASSWORD` or `SCP_KEY_PATH` arguments.
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Send multiple source or target folder and hosts
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example1.com,example2.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PASSWORD=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST_1,SOURCE_FILE_LIST_2 \
+  -e SCP_TARGET=TARGET_FOLDER_PATH_1,TARGET_FOLDER_PATH_2 \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+### Usage from drone ci
+
+Execute from the working directory:
+
+```bash
+docker run --rm \
+  -e PLUGIN_HOST=example.com \
+  -e PLUGIN_USERNAME=xxxxxxx \
+  -e PLUGIN_PASSWORD=xxxxxxx \
+  -e PLUGIN_PORT=xxxxxxx \
+  -e PLUGIN_SOURCE=SOURCE_FILE_LIST \
+  -e PLUGIN_TARGET=TARGET_FOLDER_PATH \
+  -e PLUGIN_RM=false \
+  -e PLUGIN_DEBUG=true \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+You can get more [information](http://plugins.drone.io/appleboy/drone-scp/) about how to use scp in drone.
+
+## Testing
+
+Test the package with the following command:
+
+```sh
+make test
+```

README.zh-tw.md

@@ -0,0 +1,265 @@
+# drone-scp
+
+[English](README.md) | [簡體中文](README.zh-cn.md)
+
+[![GoDoc](https://godoc.org/github.com/appleboy/drone-scp?status.svg)](https://godoc.org/github.com/appleboy/drone-scp)
+[![Lint and Testing](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml/badge.svg)](https://github.com/appleboy/drone-scp/actions/workflows/testing.yml)
+[![codecov](https://codecov.io/gh/appleboy/drone-scp/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-scp)
+[![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-scp)](https://goreportcard.com/report/github.com/appleboy/drone-scp)
+[![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-scp.svg)](https://hub.docker.com/r/appleboy/drone-scp/)
+
+複製檔案和工件通過 SSH 使用二進制檔案、docker 或 [Drone CI](http://docs.drone.io/)。
+
+[English](README.md) | [簡體中文](README.zh-cn.md)
+
+## 功能
+
+- [x] 支援例程。
+- [x] 支援來源列表中的萬用字元模式。
+- [x] 支援將檔案發送到多個主機。
+- [x] 支援將檔案發送到主機上的多個目標資料夾。
+- [x] 支援從絕對路徑或原始主體載入 ssh 金鑰。
+- [x] 支援 SSH ProxyCommand。
+
+```sh
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Jumphost | <--> | FooServer |
++--------+       +----------+      +-----------+
+
+                   OR
+
++--------+       +----------+      +-----------+
+| Laptop | <-->  | Firewall | <--> | FooServer |
++--------+       +----------+      +-----------+
+192.168.1.5       121.1.2.3         10.10.29.68
+```
+
+## Breaking changes
+
+`v1.5.0`: change command timeout flag to `Duration`. See the following setting:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      username: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
++     command_timeout: 2m
+      target: /home/deploy/web
+      source:
+        - release/*.tar.gz
+```
+
+## Build or Download a binary
+
+The pre-compiled binaries can be downloaded from [release page](https://github.com/appleboy/drone-scp/releases). Support the following OS type.
+
+- Windows amd64/386
+- Linux arm/amd64/386
+- Darwin amd64/386
+
+With `Go` installed
+
+```sh
+export GO111MODULE=on
+go get -u -v github.com/appleboy/drone-scp
+```
+
+or build the binary with the following command:
+
+```sh
+export GOOS=linux
+export GOARCH=amd64
+export CGO_ENABLED=0
+export GO111MODULE=on
+
+go test -cover ./...
+
+go build -v -a -tags netgo -o release/linux/amd64/drone-scp .
+```
+
+## Docker
+
+Build the docker image with the following commands:
+
+```sh
+make docker
+```
+
+## Usage
+
+There are three ways to send notification.
+
+- [usage from binary](#usage-from-binary)
+- [usage from docker](#usage-from-docker)
+- [usage from drone ci](#usage-from-drone-ci)
+
+### Usage from binary
+
+#### Using public key
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --key-path "${HOME}/.ssh/id_rsa" \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using password
+
+```diff
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
++ --password xxxxxxx \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Using ssh-agent
+
+Start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `--password` or `--key-path` arguments.
+
+```bash
+drone-scp --host example.com \
+  --port 22 \
+  --username appleboy \
+  --target /home/appleboy/test \
+  --source your_local_folder_path
+```
+
+#### Send multiple source or target folder and hosts
+
+```diff
+drone-scp --host example1.com \
++ --host example2.com \
+  --port 22 \
+  --username appleboy \
+  --password  xxxxxxx
+  --target /home/appleboy/test1 \
++ --target /home/appleboy/test2 \
+  --source your_local_folder_path_1
++ --source your_local_folder_path_2
+```
+
+### Usage from docker
+
+Using public key
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_KEY_PATH="${HOME}/.ssh/id_rsa"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using password
+
+```diff
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
++ -e SCP_PASSWORD="xxxxxxx"
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Using ssh-agent, start your local ssh agent:
+
+```bash
+eval `ssh-agent -s`
+```
+
+Import your local public key `~/.ssh/id_rsa`
+
+```sh
+ssh-add
+```
+
+You don't need to add `SCP_PASSWORD` or `SCP_KEY_PATH` arguments.
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST \
+  -e SCP_TARGET=TARGET_FOLDER_PATH \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+Send multiple source or target folder and hosts
+
+```bash
+docker run --rm \
+  -e SCP_HOST=example1.com,example2.com \
+  -e SCP_USERNAME=xxxxxxx \
+  -e SCP_PASSWORD=xxxxxxx \
+  -e SCP_PORT=22 \
+  -e SCP_SOURCE=SOURCE_FILE_LIST_1,SOURCE_FILE_LIST_2 \
+  -e SCP_TARGET=TARGET_FOLDER_PATH_1,TARGET_FOLDER_PATH_2 \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+### Usage from drone ci
+
+Execute from the working directory:
+
+```bash
+docker run --rm \
+  -e PLUGIN_HOST=example.com \
+  -e PLUGIN_USERNAME=xxxxxxx \
+  -e PLUGIN_PASSWORD=xxxxxxx \
+  -e PLUGIN_PORT=xxxxxxx \
+  -e PLUGIN_SOURCE=SOURCE_FILE_LIST \
+  -e PLUGIN_TARGET=TARGET_FOLDER_PATH \
+  -e PLUGIN_RM=false \
+  -e PLUGIN_DEBUG=true \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  appleboy/drone-scp
+```
+
+You can get more [information](http://plugins.drone.io/appleboy/drone-scp/) about how to use scp in drone.
+
+## Testing
+
+Test the package with the following command:
+
+```sh
+make test
+```

bearer.yml

@@ -0,0 +1,29 @@
+disable-version-check: false
+log-level: info
+report:
+  fail-on-severity: critical,high,medium,low
+  format: ""
+  no-color: false
+  output: ""
+  report: security
+  severity: critical,high,medium,low,warning
+rule:
+  disable-default-rules: false
+  only-rule: []
+  skip-rule: ["go_lang_logger_leak"]
+scan:
+  context: ""
+  data_subject_mapping: ""
+  disable-domain-resolution: true
+  domain-resolution-timeout: 3s
+  exit-code: -1
+  external-rule-dir: []
+  force: false
+  hide_progress_bar: false
+  internal-domains: []
+  parallel: 0
+  quiet: false
+  scanner:
+    - sast
+  skip-path: []
+  skip-test: true

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.17
+FROM alpine:3.21
 
 ARG TARGETOS
 ARG TARGETARCH

go.mod

@@ -1,27 +1,28 @@
 module github.com/appleboy/drone-scp
 
-go 1.18
+go 1.25.9
 
 require (
-	github.com/appleboy/com v0.1.7
-	github.com/appleboy/easyssh-proxy v1.3.10
-	github.com/fatih/color v1.15.0
+	github.com/appleboy/com v1.1.0
+	github.com/appleboy/easyssh-proxy v1.5.0
+	github.com/fatih/color v1.18.0
 	github.com/joho/godotenv v1.5.1
 	github.com/stretchr/testify v1.8.4
-	github.com/urfave/cli/v2 v2.25.5
-	golang.org/x/crypto v0.9.0
+	github.com/urfave/cli/v2 v2.27.7
+	github.com/yassinebenaid/godump v0.11.1
+	golang.org/x/crypto v0.45.0
 )
 
 require (
-	github.com/ScaleFT/sshkeys v1.2.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/ScaleFT/sshkeys v1.4.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	golang.org/x/sys v0.8.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect
+	golang.org/x/sys v0.38.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,53 +1,43 @@
-github.com/ScaleFT/sshkeys v1.2.0 h1:5BRp6rTVIhJzXT3VcUQrKgXR8zWA3sOsNeuyW15WUA8=
-github.com/ScaleFT/sshkeys v1.2.0/go.mod h1:gxOHeajFfvGQh/fxlC8oOKBe23xnnJTif00IFFbiT+o=
-github.com/appleboy/com v0.1.7 h1:4lYTFNoMAAXGGIC8lDxVg/NY+1aXbYqfAWN05cZhd0M=
-github.com/appleboy/com v0.1.7/go.mod h1:JUK+oH0SXCLRH57pDMJx6VWVsm8CPdajalmRSWwamBE=
-github.com/appleboy/easyssh-proxy v1.3.10 h1:iriF68tlrYoxgWhS7t7Wyr0FA+hJlOem5tMfm+RDlx4=
-github.com/appleboy/easyssh-proxy v1.3.10/go.mod h1:T81pu/Cxx/zf/7YXhFCFiucBa4xeQ81ci5b0PFnMRJc=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/ScaleFT/sshkeys v1.4.0 h1:Yqd0cKA5PUvwV0dgRI67BDHGTsMHtGQBZbLXh1dthmE=
+github.com/ScaleFT/sshkeys v1.4.0/go.mod h1:GineMkS8SEiELq8q5DzA2Wnrw65SqdD9a+hm8JOU1I4=
+github.com/appleboy/com v1.1.0 h1:HLgRzhtj+4PLuFPPutKexd9zI9F74ymgWhkgPfPtnkc=
+github.com/appleboy/com v1.1.0/go.mod h1:IbC1mLvqcIYn2YVNJgAYB9XnhbUh1xYKsOzdEOy0n+c=
+github.com/appleboy/easyssh-proxy v1.5.0 h1:OYdSPvYQN3mhnsMH5I2OF1TgwSEcSq33kvjQfTwvZww=
+github.com/appleboy/easyssh-proxy v1.5.0/go.mod h1:zcEMrStH91/tcUn3gUGP0KpQwUYLm8tX/Ook1AH98uc=
+github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
+github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/urfave/cli/v2 v2.25.5 h1:d0NIAyhh5shGscroL7ek/Ya9QYQE0KNabJgiUinIQkc=
-github.com/urfave/cli/v2 v2.25.5/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200219091948-cb0a6d8edb6c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU=
+github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAzt5X7s6266i6cSVkkFPS0TuXWbIg=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yassinebenaid/godump v0.11.1 h1:SPujx/XaYqGDfmNh7JI3dOyCUVrG0bG2duhO3Eh2EhI=
+github.com/yassinebenaid/godump v0.11.1/go.mod h1:dc/0w8wmg6kVIvNGAzbKH1Oa54dXQx8SNKh4dPRyW44=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -9,6 +9,7 @@ import (
 	"github.com/appleboy/easyssh-proxy"
 	"github.com/joho/godotenv"
 	"github.com/urfave/cli/v2"
+	"github.com/yassinebenaid/godump"
 )
 
 // Version set at compile-time
@@ -22,6 +23,10 @@ func main() {
 		_ = godotenv.Load(filename)
 	}
 
+	if _, err := os.Stat("/run/drone/env"); err == nil {
+		_ = godotenv.Overload("/run/drone/env")
+	}
+
 	app := cli.NewApp()
 	app.Name = "Drone SCP"
 	app.Usage = "Copy files and artifacts via SSH."
@@ -39,102 +44,115 @@ func main() {
 		&cli.StringSliceFlag{
 			Name:     "host",
 			Aliases:  []string{"H"},
-			Usage:    "connect to host",
+			Usage:    "Remote server host address or IP",
 			EnvVars:  []string{"PLUGIN_HOST", "SSH_HOST", "INPUT_HOST"},
 			FilePath: ".host",
 		},
 		&cli.IntFlag{
 			Name:    "port",
 			Aliases: []string{"p"},
-			Usage:   "connect to port",
+			Usage:   "SSH port number (default: 22)",
 			EnvVars: []string{"PLUGIN_PORT", "SSH_PORT", "INPUT_PORT"},
 			Value:   22,
 		},
+		&cli.StringFlag{
+			Name:    "protocol",
+			Usage:   "Network protocol to use (tcp, tcp4, tcp6)",
+			EnvVars: []string{"PLUGIN_PROTOCOL", "SSH_PROTOCOL", "INPUT_PROTOCOL"},
+			Value:   "tcp",
+		},
 		&cli.StringFlag{
 			Name:    "username",
 			Aliases: []string{"user", "u"},
-			Usage:   "connect as user",
+			Usage:   "SSH username for authentication",
 			EnvVars: []string{"PLUGIN_USERNAME", "PLUGIN_USER", "SSH_USERNAME", "INPUT_USERNAME"},
 			Value:   "root",
 		},
 		&cli.StringFlag{
 			Name:    "password",
 			Aliases: []string{"P"},
-			Usage:   "user password",
+			Usage:   "SSH password for authentication",
 			EnvVars: []string{"PLUGIN_PASSWORD", "SSH_PASSWORD", "INPUT_PASSWORD"},
 		},
 		&cli.DurationFlag{
 			Name:    "timeout",
-			Usage:   "connection timeout",
+			Usage:   "SSH connection timeout duration (default: 30s)",
 			EnvVars: []string{"PLUGIN_TIMEOUT", "SSH_TIMEOUT", "INPUT_TIMEOUT"},
 			Value:   30 * time.Second,
 		},
 		&cli.StringFlag{
 			Name:    "ssh-key",
-			Usage:   "private ssh key",
+			Usage:   "SSH private key content for authentication",
 			EnvVars: []string{"PLUGIN_SSH_KEY", "PLUGIN_KEY", "SSH_KEY", "INPUT_KEY"},
 		},
 		&cli.StringFlag{
 			Name:    "ssh-passphrase",
-			Usage:   "The purpose of the passphrase is usually to encrypt the private key.",
+			Usage:   "Passphrase to decrypt the SSH private key",
 			EnvVars: []string{"PLUGIN_SSH_PASSPHRASE", "PLUGIN_PASSPHRASE", "SSH_PASSPHRASE", "INPUT_PASSPHRASE"},
 		},
 		&cli.StringFlag{
 			Name:    "key-path",
 			Aliases: []string{"i"},
-			Usage:   "ssh private key path",
+			Usage:   "Path to SSH private key file",
 			EnvVars: []string{"PLUGIN_KEY_PATH", "SSH_KEY_PATH", "INPUT_KEY_PATH"},
 		},
 		&cli.StringSliceFlag{
 			Name:    "ciphers",
-			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			Usage:   "List of allowed SSH encryption algorithms",
 			EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "INPUT_CIPHERS"},
 		},
 		&cli.BoolFlag{
 			Name:    "useInsecureCipher",
-			Usage:   "include more ciphers with use_insecure_cipher",
+			Usage:   "Enable less secure encryption algorithms (not recommended)",
 			EnvVars: []string{"PLUGIN_USE_INSECURE_CIPHER", "SSH_USE_INSECURE_CIPHER", "INPUT_USE_INSECURE_CIPHER"},
 		},
 		&cli.StringFlag{
 			Name:    "fingerprint",
-			Usage:   "fingerprint SHA256 of the host public key, default is to skip verification",
+			Usage:   "SHA256 fingerprint of host public key for verification",
 			EnvVars: []string{"PLUGIN_FINGERPRINT", "SSH_FINGERPRINT", "INPUT_FINGERPRINT"},
 		},
 		&cli.DurationFlag{
 			Name:    "command.timeout",
-			Usage:   "command timeout",
+			Usage:   "Maximum time allowed for command execution (default: 10m)",
 			EnvVars: []string{"PLUGIN_COMMAND_TIMEOUT", "SSH_COMMAND_TIMEOUT", "INPUT_COMMAND_TIMEOUT"},
 			Value:   10 * time.Minute,
 		},
 		&cli.StringSliceFlag{
 			Name:    "target",
 			Aliases: []string{"t"},
-			Usage:   "Target path on the server",
+			Usage:   "Destination path on remote server",
 			EnvVars: []string{"PLUGIN_TARGET", "SSH_TARGET", "INPUT_TARGET"},
 		},
 		&cli.StringSliceFlag{
 			Name:    "source",
 			Aliases: []string{"s"},
-			Usage:   "scp file list",
+			Usage:   "Local files/directories to copy",
 			EnvVars: []string{"PLUGIN_SOURCE", "SCP_SOURCE", "INPUT_SOURCE"},
 		},
 		&cli.BoolFlag{
 			Name:    "rm",
 			Aliases: []string{"r"},
-			Usage:   "remove target folder before upload data",
+			Usage:   "Delete destination folder before copying",
 			EnvVars: []string{"PLUGIN_RM", "SCP_RM", "INPUT_RM"},
 		},
+		// Proxy settings remain the same as they are already clear
 		&cli.StringFlag{
 			Name:    "proxy.host",
-			Usage:   "connect to host of proxy",
+			Usage:   "Proxy server host address or IP",
 			EnvVars: []string{"PLUGIN_PROXY_HOST", "PROXY_SSH_HOST", "INPUT_PROXY_HOST"},
 		},
 		&cli.StringFlag{
 			Name:    "proxy.port",
-			Usage:   "connect to port of proxy",
+			Usage:   "Proxy server SSH port (default: 22)",
 			EnvVars: []string{"PLUGIN_PROXY_PORT", "PROXY_SSH_PORT", "INPUT_PROXY_PORT"},
 			Value:   "22",
 		},
+		&cli.StringFlag{
+			Name:    "proxy.protocol",
+			Usage:   "The IP protocol to use for the proxy. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
+			EnvVars: []string{"PLUGIN_PROXY_PROTOCOL", "SSH_PROXY_PROTOCOL", "INPUT_PROXY_PROTOCOL"},
+			Value:   "tcp",
+		},
 		&cli.StringFlag{
 			Name:    "proxy.username",
 			Usage:   "connect as user of proxy",
@@ -183,38 +201,38 @@ func main() {
 		},
 		&cli.IntFlag{
 			Name:    "strip.components",
-			Usage:   "Remove the specified number of leading path elements.",
+			Usage:   "Strip N leading components from file paths",
 			EnvVars: []string{"PLUGIN_STRIP_COMPONENTS", "TAR_STRIP_COMPONENTS", "INPUT_STRIP_COMPONENTS"},
 		},
 		&cli.StringFlag{
 			Name:    "tar.exec",
-			Usage:   "Alternative `tar` executable to on the dest host",
+			Usage:   "Custom tar executable path on remote host",
 			EnvVars: []string{"PLUGIN_TAR_EXEC", "SSH_TAR_EXEC", "INPUT_TAR_EXEC"},
 			Value:   "tar",
 		},
 		&cli.StringFlag{
 			Name:    "tar.tmp-path",
-			Usage:   "Temporary path for tar file on the dest host",
+			Usage:   "Temporary directory for tar files on remote host",
 			EnvVars: []string{"PLUGIN_TAR_TMP_PATH", "SSH_TAR_TMP_PATH", "INPUT_TAR_TMP_PATH"},
 		},
 		&cli.BoolFlag{
 			Name:    "debug",
-			Usage:   "remove target folder before upload data",
+			Usage:   "Enable debug logging",
 			EnvVars: []string{"PLUGIN_DEBUG", "INPUT_DEBUG"},
 		},
 		&cli.BoolFlag{
 			Name:    "overwrite",
-			Usage:   "use --overwrite flag with tar",
+			Usage:   "Force overwrite of existing files",
 			EnvVars: []string{"PLUGIN_OVERWRITE", "INPUT_OVERWRITE"},
 		},
 		&cli.BoolFlag{
 			Name:    "unlink.first",
-			Usage:   "use --unlink-first flag with tar",
+			Usage:   "Remove files before extracting new ones",
 			EnvVars: []string{"PLUGIN_UNLINK_FIRST", "INPUT_UNLINK_FIRST"},
 		},
 		&cli.BoolFlag{
 			Name:    "tar.dereference",
-			Usage:   "use --dereference flag with tar",
+			Usage:   "Follow symbolic links when copying",
 			EnvVars: []string{"PLUGIN_TAR_DEREFERENCE", "INPUT_TAR_DEREFERENCE"},
 		},
 	}
@@ -261,7 +279,8 @@ func run(c *cli.Context) error {
 	plugin := Plugin{
 		Config: Config{
 			Host:              c.StringSlice("host"),
-			Port:              c.String("port"),
+			Port:              c.Int("port"),
+			Protocol:          easyssh.Protocol(c.String("protocol")),
 			Username:          c.String("username"),
 			Password:          c.String("password"),
 			Passphrase:        c.String("ssh-passphrase"),
@@ -291,6 +310,7 @@ func run(c *cli.Context) error {
 				Password:          c.String("proxy.password"),
 				Server:            c.String("proxy.host"),
 				Port:              c.String("proxy.port"),
+				Protocol:          easyssh.Protocol(c.String("proxy.protocol")),
 				Timeout:           c.Duration("proxy.timeout"),
 				Ciphers:           c.StringSlice("proxy.ciphers"),
 				UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
@@ -298,5 +318,9 @@ func run(c *cli.Context) error {
 		},
 	}
 
+	if plugin.Config.Debug {
+		_ = godump.Dump(plugin)
+	}
+
 	return plugin.Exec()
 }

path_windows.go

@@ -8,5 +8,5 @@ import (
 )
 
 func getRealPath(path string) string {
-	return "/" + strings.Replace(strings.Replace(path, ":", "", -1), "\\", "/", -1)
+	return "/" + strings.ReplaceAll(strings.ReplaceAll(path, ":", ""), "\\", "/")
 }

plugin.go

@@ -26,7 +26,8 @@ type (
 	// Config for the plugin.
 	Config struct {
 		Host              []string
-		Port              string
+		Port              int
+		Protocol          easyssh.Protocol
 		Username          string
 		Password          string
 		Key               string
@@ -115,12 +116,14 @@ func (p *Plugin) removeDestFile(os string, ssh *easyssh.MakeConfig) error {
 }
 
 func (p *Plugin) removeAllDestFile() error {
-	for _, host := range trimValues(p.Config.Host) {
+	for _, h := range trimValues(p.Config.Host) {
+		host, port := p.hostPort(h)
 		ssh := &easyssh.MakeConfig{
 			Server:            host,
 			User:              p.Config.Username,
 			Password:          p.Config.Password,
-			Port:              p.Config.Port,
+			Port:              port,
+			Protocol:          p.Config.Protocol,
 			Key:               p.Config.Key,
 			KeyPath:           p.Config.KeyPath,
 			Passphrase:        p.Config.Passphrase,
@@ -133,6 +136,7 @@ func (p *Plugin) removeAllDestFile() error {
 				User:              p.Config.Proxy.User,
 				Password:          p.Config.Proxy.Password,
 				Port:              p.Config.Proxy.Port,
+				Protocol:          p.Config.Proxy.Protocol,
 				Key:               p.Config.Proxy.Key,
 				KeyPath:           p.Config.Proxy.KeyPath,
 				Passphrase:        p.Config.Proxy.Passphrase,
@@ -230,7 +234,7 @@ func (p *Plugin) Exec() error {
 		return errMissingHost
 	}
 
-	p.DestFile = fmt.Sprintf("%s.tar.gz", random.String(10))
+	p.DestFile = random.String(10) + ".tar.gz"
 
 	// create a temporary file for the archive
 	dir := os.TempDir()
@@ -306,7 +310,7 @@ func (p *Plugin) Exec() error {
 			}
 
 			for _, target := range p.Config.Target {
-				target = strings.Replace(target, " ", "\\ ", -1)
+				target = strings.ReplaceAll(target, " ", "\\ ")
 				// remove target folder before upload data
 				if p.Config.Remove {
 					p.log(host, "Remove target folder:", target)
@@ -326,7 +330,7 @@ func (p *Plugin) Exec() error {
 				}
 
 				if len(errStr) != 0 {
-					errChannel <- fmt.Errorf(errStr)
+					errChannel <- fmt.Errorf("%s", errStr)
 					return
 				}
 
@@ -372,7 +376,8 @@ func (p *Plugin) Exec() error {
 		if err != nil {
 			c := color.New(color.FgRed)
 			c.Println("drone-scp error: ", err)
-			if _, ok := err.(copyError); !ok {
+			var cerr copyError
+			if !errors.As(err, &cerr) {
 				fmt.Println("drone-scp rollback: remove all target tmp file")
 				if err := p.removeAllDestFile(); err != nil {
 					return err
@@ -389,19 +394,16 @@ func (p *Plugin) Exec() error {
 	return nil
 }
 
-// This function takes a Plugin struct and a host string and returns the host and port as separate strings.
 func (p Plugin) hostPort(host string) (string, string) {
-	// Split the host string by colon (":") to get the host and port
 	hosts := strings.Split(host, ":")
-	// Get the default port from the Plugin's Config field
-	port := p.Config.Port
-	// If the host string contains a port (i.e. it has more than one element after splitting), set the port to that value
-	if len(hosts) > 1 {
+	port := strconv.Itoa(p.Config.Port)
+	if len(hosts) > 1 &&
+		(p.Config.Protocol == easyssh.PROTOCOL_TCP ||
+			p.Config.Protocol == easyssh.PROTOCOL_TCP4) {
 		host = hosts[0]
 		port = hosts[1]
 	}
 
-	// Return the host and port as separate strings
 	return host, port
 }
 

plugin_test.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"io"
 	"log"
 	"os"
 	"os/exec"
@@ -41,7 +42,7 @@ func TestMissingSourceConfig(t *testing.T) {
 		Config: Config{
 			Host:     []string{"example.com"},
 			Username: "ubuntu",
-			Port:     "443",
+			Port:     443,
 			Password: "1234",
 		},
 	}
@@ -81,7 +82,7 @@ func TestSCPFileFromPublicKey(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			KeyPath:        "tests/.ssh/id_rsa",
 			Source:         []string{"tests/a.txt", "tests/b.txt"},
 			Target:         []string{filepath.Join(u.HomeDir, "/test")},
@@ -131,7 +132,7 @@ func TestSCPFileFromPublicKeyWithPassphrase(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			KeyPath:        "tests/.ssh/test",
 			Passphrase:     "1234",
 			Source:         []string{"tests/a.txt", "tests/b.txt"},
@@ -164,7 +165,7 @@ func TestWrongFingerprint(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			KeyPath:        "./tests/.ssh/id_rsa",
 			Source:         []string{"tests/a.txt", "tests/b.txt"},
 			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
@@ -188,7 +189,6 @@ func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
 	}
 
 	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
-
 	if err != nil {
 		return nil, err
 	}
@@ -215,7 +215,7 @@ func TestSCPFileFromPublicKeyWithFingerprint(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			KeyPath:        "./tests/.ssh/id_rsa",
 			Fingerprint:    ssh.FingerprintSHA256(hostKey),
 			Source:         []string{"tests/a.txt", "tests/b.txt"},
@@ -254,7 +254,7 @@ func TestSCPWildcardFileList(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			KeyPath:        "tests/.ssh/id_rsa",
 			Source:         []string{"tests/global/*"},
 			Target:         []string{filepath.Join(u.HomeDir, "abc")},
@@ -286,7 +286,7 @@ func TestSCPFromProxySetting(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			KeyPath:        "tests/.ssh/id_rsa",
 			Source:         []string{"tests/global/*"},
 			Target:         []string{filepath.Join(u.HomeDir, "def")},
@@ -330,7 +330,7 @@ func TestStripComponentsFlag(t *testing.T) {
 		Config: Config{
 			Host:            []string{"localhost"},
 			Username:        "drone-scp",
-			Port:            "22",
+			Port:            22,
 			KeyPath:         "tests/.ssh/id_rsa",
 			Source:          []string{"tests/global/*"},
 			StripComponents: 2,
@@ -363,7 +363,7 @@ func TestUseInsecureCipherFlag(t *testing.T) {
 		Config: Config{
 			Host:              []string{"localhost"},
 			Username:          "drone-scp",
-			Port:              "22",
+			Port:              22,
 			KeyPath:           "tests/.ssh/id_rsa",
 			Source:            []string{"tests/global/*"},
 			StripComponents:   2,
@@ -403,7 +403,7 @@ func TestIgnoreList(t *testing.T) {
 		Config: Config{
 			Host:            []string{"localhost"},
 			Username:        "drone-scp",
-			Port:            "22",
+			Port:            22,
 			KeyPath:         "tests/.ssh/id_rsa",
 			Source:          []string{"tests/global/*", "!tests/global/c.txt", "!tests/global/e.txt"},
 			StripComponents: 2,
@@ -483,7 +483,7 @@ func TestIncorrectPassword(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			Password:       "123456",
 			Source:         []string{"tests/a.txt", "tests/b.txt"},
 			Target:         []string{"/home"},
@@ -506,7 +506,7 @@ func TestNoPermissionCreateFolder(t *testing.T) {
 		Config: Config{
 			Host:           []string{"localhost"},
 			Username:       "drone-scp",
-			Port:           "22",
+			Port:           22,
 			KeyPath:        "tests/.ssh/id_rsa",
 			Source:         []string{"tests/a.txt", "tests/b.txt"},
 			Target:         []string{"/etc/test"},
@@ -782,7 +782,7 @@ func TestTargetFolderWithSpaces(t *testing.T) {
 		Config: Config{
 			Host:            []string{"localhost"},
 			Username:        "drone-scp",
-			Port:            "22",
+			Port:            22,
 			KeyPath:         "tests/.ssh/id_rsa",
 			Source:          []string{"tests/global/*"},
 			StripComponents: 2,
@@ -821,7 +821,8 @@ func TestHostPortString(t *testing.T) {
 		Config: Config{
 			Host:            []string{"localhost:22", "localhost:22"},
 			Username:        "drone-scp",
-			Port:            "8080",
+			Protocol:        easyssh.PROTOCOL_TCP4,
+			Port:            8080,
 			KeyPath:         "tests/.ssh/id_rsa",
 			Source:          []string{"tests/global/*"},
 			StripComponents: 2,
@@ -848,7 +849,8 @@ func TestHostPortString(t *testing.T) {
 func TestHostPort(t *testing.T) {
 	p := Plugin{
 		Config: Config{
-			Port: "8080",
+			Port:     8080,
+			Protocol: easyssh.PROTOCOL_TCP4,
 		},
 	}
 
@@ -870,3 +872,115 @@ func TestHostPort(t *testing.T) {
 		t.Errorf("hostPort(%s) = (%s, %s); expected (%s, %s)", host2, actualHost2, actualPort2, expectedHost2, expectedPort2)
 	}
 }
+
+func TestPlugin_hostPort(t *testing.T) {
+	type fields struct {
+		Config Config
+		Writer io.Writer
+	}
+	type args struct {
+		h string
+	}
+	tests := []struct {
+		name     string
+		fields   fields
+		args     args
+		wantHost string
+		wantPort string
+	}{
+		{
+			name: "default host and port",
+			fields: fields{
+				Config: Config{
+					Port: 22,
+				},
+			},
+			args: args{
+				h: "localhost",
+			},
+			wantHost: "localhost",
+			wantPort: "22",
+		},
+		{
+			name: "different port",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP4,
+				},
+			},
+			args: args{
+				h: "localhost:443",
+			},
+			wantHost: "localhost",
+			wantPort: "443",
+		},
+		{
+			name: "ipv6",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP6,
+				},
+			},
+			args: args{
+				h: "::1",
+			},
+			wantHost: "::1",
+			wantPort: "22",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := Plugin{
+				Config: tt.fields.Config,
+			}
+			gotHost, gotPort := p.hostPort(tt.args.h)
+			if gotHost != tt.wantHost {
+				t.Errorf("Plugin.hostPort() gotHost = %v, want %v", gotHost, tt.wantHost)
+			}
+			if gotPort != tt.wantPort {
+				t.Errorf("Plugin.hostPort() gotPort = %v, want %v", gotPort, tt.wantPort)
+			}
+		})
+	}
+}
+
+func TestIgnoreFolder(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Protocol:       easyssh.PROTOCOL_TCP4,
+			Port:           22,
+			KeyPath:        "tests/.ssh/id_rsa",
+			Source:         []string{"tests/*", "!tests/global"},
+			Target:         []string{filepath.Join(u.HomeDir, "test_ignore")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "test_ignore", "global", "c.txt")); !os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "test_ignore", "global", "d.txt")); !os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}