update golang to 1.11

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

.drone.yml

@@ -1,6 +1,6 @@
 workspace:
-  base: /srv/app
-  path: src/github.com/appleboy/drone-ssh
+  base: /go/src
+  path: github.com/appleboy/drone-ssh
 
 clone:
   git:
@@ -9,67 +9,88 @@ clone:
     tags: true
 
 pipeline:
+  lint:
+    image: golang:1.11
+    pull: true
+    group: golang
+    commands:
+      - make vet
+      - make lint
+      - make test-vendor
+
+  linux_amd64:
+    image: golang:1.11
+    pull: true
+    group: golang
+    commands:
+      - make linux_amd64
+
+  linux_arm64:
+    image: golang:1.11
+    pull: true
+    group: golang
+    commands:
+      - make linux_arm64
+
+  linux_arm:
+    image: golang:1.11
+    pull: true
+    group: golang
+    commands:
+      - make linux_arm
+
   test:
     image: appleboy/golang-testing
     pull: true
-    environment:
-      TAGS: netgo
-      GOPATH: /srv/app
-    secrets: [ codecov_token ]
+    group: golang
     commands:
       - make ssh-server
-      - make vet
-      - make lint
-      # - make test
-      - coverage all
+      - make test
       - make coverage
-      - make build
-      # build binary for docker image
-      - make static_build
-    when:
-      event: [ push, tag, pull_request ]
-
-  publish_latest:
-    image: plugins/docker
-    repo: ${DRONE_REPO}
-    tags: [ 'latest' ]
-    secrets: [ docker_username, docker_password ]
-    when:
-      event: [ push ]
-      branch: [ master ]
-      local: false
 
   release:
-    image: appleboy/golang-testing
+    image: golang:1.11
     pull: true
-    environment:
-      TAGS: netgo
-      GOPATH: /srv/app
     commands:
       - make release
     when:
       event: [ tag ]
-      branch: [ refs/tags/* ]
       local: false
 
-  publish_tag:
+  codecov:
+    image: robertstettner/drone-codecov
+    secrets: [ codecov_token ]
+    files:
+      - .cover/coverage.txt
+    when:
+      event: [ push, pull_request ]
+      status: [ success ]
+
+  publish:
     image: plugins/docker
+    pull: true
     repo: ${DRONE_REPO}
-    tags: [ '${DRONE_TAG}' ]
+    default_tags: true
     secrets: [ docker_username, docker_password ]
     group: release
     when:
-      event: [ tag ]
-      branch: [ refs/tags/* ]
+      event: [ push, tag ]
       local: false
 
   release_tag:
     image: plugins/github-release
+    pull: true
     secrets: [ github_release_api_key ]
     group: release
     files:
       - dist/release/*
     when:
       event: [ tag ]
-      branch: [ refs/tags/* ]
       local: false
+
+  discord:
+    image: appleboy/drone-discord
+    pull: true
+    secrets: [ discord_webhook_id, discord_webhook_token ]
+    when:
+      status: [ changed, failure ]

.editorconfig

@@ -0,0 +1,42 @@
+# unifying the coding style for different editors and IDEs => editorconfig.org
+
+; indicate this is the root of the project
+root = true
+
+###########################################################
+; common
+###########################################################
+
+[*]
+charset = utf-8
+
+end_of_line = LF
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+indent_style = space
+indent_size = 2
+
+###########################################################
+; make
+###########################################################
+
+[Makefile]
+indent_style = tab
+
+[makefile]
+indent_style = tab
+
+###########################################################
+; markdown
+###########################################################
+
+[*.md]
+trim_trailing_whitespace = false
+
+###########################################################
+; golang
+###########################################################
+
+[*.go]
+indent_style = tab

.gitignore

@@ -25,5 +25,6 @@ _testmain.go
 .env
 
 coverage.txt
+release
 drone-ssh
 .cover

DOCS.md

@@ -40,38 +40,6 @@ pipeline:
       - echo world
 ```
 
-Example configuration for login with user private key:
-
-```diff
-pipeline:
-  ssh:
-    image: appleboy/drone-ssh
-    host: foo.com
-    username: root
--   password: 1234
-+   key: ${DEPLOY_KEY}
-    port: 22
-    script:
-      - echo hello
-      - echo world
-```
-
-Example configuration for login with file path of user private key:
-
-```diff
-pipeline:
-  ssh:
-    image: appleboy/drone-ssh
-    host: foo.com
-    username: root
--   password: 1234
-+   key_path: ./deploy/key.pem
-    port: 22
-    script:
-      - echo hello
-      - echo world
-```
-
 Example configuration for command timeout (unit: second), default value is 60 seconds:
 
 ```diff
@@ -82,7 +50,7 @@ pipeline:
     username: root
     password: 1234
     port: 22
-+   command_timeout: 10
++   command_timeout: 120
     script:
       - echo hello
       - echo world
@@ -96,18 +64,49 @@ pipeline:
     image: appleboy/drone-ssh
     host: foo.com
     username: root
+    password: 1234
     port: 22
-    key: ${DEPLOY_KEY}
     script:
       - echo hello
       - echo world
 +   proxy_host: 10.130.33.145
 +   proxy_user: ubuntu
 +   proxy_port: 22
-+   proxy_key: ${PROXY_KEY}
++   proxy_password: 1234
 ```
 
-Example configuration for success build:
+Example configuration using password from secrets:
+
+```diff
+pipeline:
+  ssh:
+    image: appleboy/drone-ssh
+    host: foo.com
+    username: root
+-   password: 1234
+    port: 22
++   secrets: [ ssh_password ]
+    script:
+      - echo hello
+      - echo world
+```
+
+Example configuration using ssh key from secrets:
+
+```diff
+pipeline:
+  ssh:
+    image: appleboy/drone-ssh
+    host: foo.com
+    username: root
+    port: 22
++   secrets: [ ssh_key ]
+    script:
+      - echo hello
+      - echo world
+```
+
+Example configuration for exporting custom secrets:
 
 ```diff
 pipeline:
@@ -117,30 +116,31 @@ pipeline:
     username: root
     password: 1234
     port: 22
++   secrets: [ aws_access_key_id ]
++   envs: [ aws_access_key_id ]
     script:
-      - echo hello
-      - echo world
-+   when:
-+     status: success
+      - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
 ```
 
-Example configuration for tag event:
+# Secret Reference
 
-```diff
-pipeline:
-  ssh:
-    image: appleboy/drone-ssh
-    host: foo.com
-    username: root
-    password: 1234
-    port: 22
-    script:
-      - echo hello
-      - echo world
-+   when:
-+     status: success
-+     event: tag
-```
+ssh_username
+: account for target host user
+
+ssh_password
+: password for target host user
+
+ssh_key
+: plain text of user private key
+
+proxy_ssh_username
+: account for user of proxy server
+
+proxy_ssh_password
+: password for user of proxy server
+
+proxy_ssh_key
+: plain text of user private key for proxy server
 
 # Parameter Reference
 
@@ -162,6 +162,9 @@ key
 key_path
 : key path of user private key
 
+envs
+: custom secrets which are made available in the script section
+
 script
 : execute commands on a remote server
 

Dockerfile

@@ -1,10 +1,16 @@
 FROM alpine:3.4
 
 RUN apk update && \
-  apk add \
-    ca-certificates \
-    openssh-client && \
+  apk add -U --no-cache \
+  ca-certificates \
+  openssh-client && \
   rm -rf /var/cache/apk/*
 
-ADD drone-ssh /bin/
+LABEL org.label-schema.version=latest
+LABEL org.label-schema.vcs-url="https://github.com/appleboy/drone-ssh.git"
+LABEL org.label-schema.name="drone-ssh"
+LABEL org.label-schema.vendor="Bo-Yi Wu"
+LABEL org.label-schema.schema-version="1.0"
+
+ADD release/linux/amd64/drone-ssh /bin/
 ENTRYPOINT ["/bin/drone-ssh"]

Makefile

@@ -2,6 +2,7 @@
 
 DIST := dist
 EXECUTABLE := drone-ssh
+GO ?= go
 
 # for dockerhub
 DEPLOY_ACCOUNT := appleboy
@@ -9,11 +10,12 @@ DEPLOY_IMAGE := $(EXECUTABLE)
 GOFMT ?= gofmt "-s"
 
 TARGETS ?= linux darwin windows
-PACKAGES ?= $(shell go list ./... | grep -v /vendor/)
+PACKAGES ?= $(shell $(GO) list ./... | grep -v /vendor/)
 GOFILES := $(shell find . -name "*.go" -type f -not -path "./vendor/*")
 SOURCES ?= $(shell find . -name "*.go" -type f)
 TAGS ?=
-LDFLAGS ?= -X 'main.Version=$(VERSION)'
+LDFLAGS ?= -X 'main.Version=$(VERSION)' -X 'main.build=$(NUMBER)'
+TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'tempdir')
 
 ifneq ($(shell uname), Darwin)
 	EXTLDFLAGS = -extldflags "-static" $(null)
@@ -23,6 +25,10 @@ endif
 
 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(DRONE_TAG)
+endif
+
+ifneq ($(DRONE_BUILD_NUMBER),)
+	NUMBER ?= $(DRONE_BUILD_NUMBER)
 else
 	VERSION ?= $(shell git describe --tags --always || git rev-parse --short HEAD)
 endif
@@ -31,7 +37,6 @@ all: build
 
 .PHONY: fmt-check
 fmt-check:
-	# get all go files and run go fmt on them
 	@diff=$$($(GOFMT) -d $(GOFILES)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
@@ -39,43 +44,56 @@ fmt-check:
 		exit 1; \
 	fi;
 
+.PHONY: test-vendor
+test-vendor:
+	@hash govendor > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/kardianos/govendor; \
+	fi
+	govendor list +unused | tee "$(TMPDIR)/wc-gitea-unused"
+	[ $$(cat "$(TMPDIR)/wc-gitea-unused" | wc -l) -eq 0 ] || echo "Warning: /!\\ Some vendor are not used /!\\"
+
+	govendor list +outside | tee "$(TMPDIR)/wc-gitea-outside"
+	[ $$(cat "$(TMPDIR)/wc-gitea-outside" | wc -l) -eq 0 ] || exit 1
+
+	govendor status || exit 1
+
 fmt:
 	$(GOFMT) -w $(GOFILES)
 
 vet:
-	go vet $(PACKAGES)
+	$(GO) vet $(PACKAGES)
 
 errcheck:
 	@hash errcheck > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		go get -u github.com/kisielk/errcheck; \
+		$(GO) get -u github.com/kisielk/errcheck; \
 	fi
 	errcheck $(PACKAGES)
 
 lint:
 	@hash golint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		go get -u github.com/golang/lint/golint; \
+		$(GO) get -u github.com/golang/lint/golint; \
 	fi
 	for PKG in $(PACKAGES); do golint -set_exit_status $$PKG || exit 1; done;
 
 unconvert:
 	@hash unconvert > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		go get -u github.com/mdempsky/unconvert; \
+		$(GO) get -u github.com/mdempsky/unconvert; \
 	fi
 	for PKG in $(PACKAGES); do unconvert -v $$PKG || exit 1; done;
 
 test: fmt-check
-	for PKG in $(PACKAGES); do go test -v -cover -coverprofile $$GOPATH/src/$$PKG/coverage.txt $$PKG || exit 1; done;
+	for PKG in $(PACKAGES); do $(GO) test -v -cover -coverprofile $$GOPATH/src/$$PKG/coverage.txt $$PKG || exit 1; done;
 
 html:
-	go tool cover -html=coverage.txt
+	$(GO) tool cover -html=coverage.txt
 
 install: $(SOURCES)
-	go install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
+	$(GO) install -v -tags '$(TAGS)' -ldflags "$(EXTLDFLAGS)-s -w $(LDFLAGS)"
 
 build: $(EXECUTABLE)
 
 $(EXECUTABLE): $(SOURCES)
-	go build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
+	$(GO) build -v -tags '$(TAGS)' -ldflags "$(EXTLDFLAGS)-s -w $(LDFLAGS)" -o $@
 
 release: release-dirs release-build release-copy release-check
 
@@ -84,7 +102,7 @@ release-dirs:
 
 release-build:
 	@hash gox > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		go get -u github.com/mitchellh/gox; \
+		$(GO) get -u github.com/mitchellh/gox; \
 	fi
 	gox -os="$(TARGETS)" -arch="amd64 386" -tags="$(TAGS)" -ldflags="-s -w $(LDFLAGS)" -output="$(DIST)/binaries/$(EXECUTABLE)-$(VERSION)-{{.OS}}-{{.Arch}}"
 
@@ -94,15 +112,18 @@ release-copy:
 release-check:
 	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/release/$(EXECUTABLE)-*),sha256sum $(notdir $(file)) > $(notdir $(file)).sha256;)
 
-# for docker.
-static_build:
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $(DEPLOY_IMAGE)
+linux_amd64:
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GO) build -a -tags '$(TAGS)' -ldflags "$(EXTLDFLAGS)-s -w $(LDFLAGS)" -o release/linux/amd64/$(EXECUTABLE)
+
+linux_arm64:
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 $(GO) build -a -tags '$(TAGS)' -ldflags "$(EXTLDFLAGS)-s -w $(LDFLAGS)" -o release/linux/arm64/$(EXECUTABLE)
+
+linux_arm:
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 $(GO) build -a -tags '$(TAGS)' -ldflags "$(EXTLDFLAGS)-s -w $(LDFLAGS)" -o release/arm/amd64/$(EXECUTABLE)
 
 docker_image:
 	docker build -t $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE) .
 
-docker: static_build docker_image
-
 docker_deploy:
 ifeq ($(tag),)
 	@echo "Usage: make $@ tag=<tag>"
@@ -113,13 +134,10 @@ endif
 	docker push $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)
 
 coverage:
-	sed -i '/main.go/d' .cover/coverage.txt
-	curl -s https://codecov.io/bash > .codecov && \
-	chmod +x .codecov && \
-	./.codecov -f .cover/coverage.txt
+	sed -i '/main.go/d' coverage.txt
 
 clean:
-	go clean -x -i ./...
+	$(GO) clean -x -i ./...
 	rm -rf coverage.txt $(EXECUTABLE) $(DIST) vendor
 
 ssh-server:
@@ -134,5 +152,10 @@ ssh-server:
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
 	./tests/entrypoint.sh /usr/sbin/sshd -D &
 
+# Show source statistics.
+cloc:
+	@cloc -exclude-dir=vendor,node_modules .
+.PHONY: cloc
+
 version:
 	@echo $(VERSION)

README.md

@@ -50,3 +50,26 @@ docker run --rm \
   -w $(pwd) \
   appleboy/drone-ssh
 ```
+
+## Mount key from file path
+
+Please make sure that enable the `trusted` mode in project setting.
+
+![trusted mode](./screenshot/trust.png)
+
+Mount private key in `volumes` setting of `.drone.yml` config
+
+```diff
+pipeline:
+  ssh:
+    image: appleboy/drone-ssh
+    host: xxxxx.com
+    username: deploy
++   volumes:
++     - /root/drone_rsa:/root/ssh/drone_rsa
+    key_path: /root/ssh/drone_rsa
+    script:
+      - echo "test ssh"
+```
+
+See the detail of [issue comment](https://github.com/appleboy/drone-ssh/issues/51#issuecomment-336732928).

main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"fmt"
 	"os"
 
 	"github.com/appleboy/easyssh-proxy"
@@ -9,10 +10,22 @@ import (
 	"github.com/urfave/cli"
 )
 
+// build number set at compile-time
+var build = "0"
+
 // Version set at compile-time
-var Version = "v1.1.0-dev"
+var Version string
 
 func main() {
+	if Version == "" {
+		Version = fmt.Sprintf("1.3.1+%s", build)
+	}
+
+	// Load env-file if it exists first
+	if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
+		_ = godotenv.Load(filename)
+	}
+
 	app := cli.NewApp()
 	app.Name = "Drone SSH"
 	app.Usage = "Executing remote ssh commands"
@@ -58,6 +71,11 @@ func main() {
 			EnvVar: "PLUGIN_PORT,SSH_PORT",
 			Value:  22,
 		},
+		cli.BoolFlag{
+			Name:   "sync",
+			Usage:  "sync mode",
+			EnvVar: "PLUGIN_SYNC",
+		},
 		cli.DurationFlag{
 			Name:   "timeout,t",
 			Usage:  "connection timeout",
@@ -74,9 +92,10 @@ func main() {
 			Usage:  "execute commands",
 			EnvVar: "PLUGIN_SCRIPT,SSH_SCRIPT",
 		},
-		cli.StringFlag{
-			Name:  "env-file",
-			Usage: "source env file",
+		cli.BoolFlag{
+			Name:   "script.stop",
+			Usage:  "stop script after first failure",
+			EnvVar: "PLUGIN_SCRIPT_STOP",
 		},
 		cli.StringFlag{
 			Name:   "proxy.ssh-key",
@@ -115,6 +134,21 @@ func main() {
 			Usage:  "proxy connection timeout",
 			EnvVar: "PLUGIN_PROXY_TIMEOUT,PROXY_SSH_TIMEOUT",
 		},
+		cli.StringSliceFlag{
+			Name:   "secrets",
+			Usage:  "plugin secret",
+			EnvVar: "PLUGIN_SECRETS",
+		},
+		cli.StringSliceFlag{
+			Name:   "envs",
+			Usage:  "Pass envs",
+			EnvVar: "PLUGIN_ENVS",
+		},
+		cli.BoolFlag{
+			Name:   "debug",
+			Usage:  "debug mode",
+			EnvVar: "PLUGIN_DEBUG",
+		},
 	}
 
 	// Override a template
@@ -150,14 +184,13 @@ REPOSITORY:
     Github: https://github.com/appleboy/drone-ssh
 `
 
-	app.Run(os.Args)
+	if err := app.Run(os.Args); err != nil {
+		fmt.Println("drone-ssh error: ", err)
+		os.Exit(1)
+	}
 }
 
 func run(c *cli.Context) error {
-	if c.String("env-file") != "" {
-		_ = godotenv.Load(c.String("env-file"))
-	}
-
 	plugin := Plugin{
 		Config: Config{
 			Key:            c.String("ssh-key"),
@@ -169,6 +202,11 @@ func run(c *cli.Context) error {
 			Timeout:        c.Duration("timeout"),
 			CommandTimeout: c.Int("command.timeout"),
 			Script:         c.StringSlice("script"),
+			ScriptStop:     c.Bool("script.stop"),
+			Secrets:        c.StringSlice("secrets"),
+			Envs:           c.StringSlice("envs"),
+			Debug:          c.Bool("debug"),
+			Sync:           c.Bool("sync"),
 			Proxy: easyssh.DefaultConfig{
 				Key:      c.String("proxy.ssh-key"),
 				KeyPath:  c.String("proxy.key-path"),
@@ -179,6 +217,7 @@ func run(c *cli.Context) error {
 				Timeout:  c.Duration("proxy.timeout"),
 			},
 		},
+		Writer: os.Stdout,
 	}
 
 	return plugin.Exec()

plugin.go

@@ -2,6 +2,8 @@ package main
 
 import (
 	"fmt"
+	"io"
+	"os"
 	"strconv"
 	"strings"
 	"sync"
@@ -29,20 +31,107 @@ type (
 		Timeout        time.Duration
 		CommandTimeout int
 		Script         []string
+		ScriptStop     bool
+		Secrets        []string
+		Envs           []string
 		Proxy          easyssh.DefaultConfig
+		Debug          bool
+		Sync           bool
 	}
 
 	// Plugin structure
 	Plugin struct {
 		Config Config
+		Writer io.Writer
 	}
 )
 
-func (p Plugin) log(host string, message ...interface{}) {
-	if count := len(p.Config.Host); count == 1 {
-		fmt.Printf("%s", fmt.Sprintln(message...))
+func escapeArg(arg string) string {
+	return "'" + strings.Replace(arg, "'", `'\''`, -1) + "'"
+}
+
+func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
+	// Create MakeConfig instance with remote username, server address and path to private key.
+	ssh := &easyssh.MakeConfig{
+		Server:   host,
+		User:     p.Config.UserName,
+		Password: p.Config.Password,
+		Port:     strconv.Itoa(p.Config.Port),
+		Key:      p.Config.Key,
+		KeyPath:  p.Config.KeyPath,
+		Timeout:  p.Config.Timeout,
+		Proxy: easyssh.DefaultConfig{
+			Server:   p.Config.Proxy.Server,
+			User:     p.Config.Proxy.User,
+			Password: p.Config.Proxy.Password,
+			Port:     p.Config.Proxy.Port,
+			Key:      p.Config.Proxy.Key,
+			KeyPath:  p.Config.Proxy.KeyPath,
+			Timeout:  p.Config.Proxy.Timeout,
+		},
+	}
+
+	p.log(host, "======CMD======")
+	p.log(host, strings.Join(p.Config.Script, "\n"))
+	p.log(host, "======END======")
+
+	env := []string{}
+	for _, key := range p.Config.Envs {
+		key = strings.ToUpper(key)
+		if val, found := os.LookupEnv(key); found {
+			env = append(env, key+"="+escapeArg(val))
+		}
+	}
+
+	p.Config.Script = append(env, p.scriptCommands()...)
+
+	if p.Config.Debug {
+		p.log(host, "======ENV======")
+		p.log(host, strings.Join(env, "\n"))
+		p.log(host, "======END======")
+	}
+
+	stdoutChan, stderrChan, doneChan, errChan, err := ssh.Stream(strings.Join(p.Config.Script, "\n"), p.Config.CommandTimeout)
+	if err != nil {
+		errChannel <- err
 	} else {
-		fmt.Printf("%s: %s", host, fmt.Sprintln(message...))
+		// read from the output channel until the done signal is passed
+		isTimeout := true
+	loop:
+		for {
+			select {
+			case isTimeout = <-doneChan:
+				break loop
+			case outline := <-stdoutChan:
+				p.log(host, "out:", outline)
+			case errline := <-stderrChan:
+				p.log(host, "err:", errline)
+			case err = <-errChan:
+			}
+		}
+
+		// get exit code or command error.
+		if err != nil {
+			errChannel <- err
+		}
+
+		// command time out
+		if !isTimeout {
+			errChannel <- fmt.Errorf(commandTimeOut)
+		}
+	}
+
+	wg.Done()
+}
+
+func (p Plugin) log(host string, message ...interface{}) {
+	if p.Writer == nil {
+		p.Writer = os.Stdout
+	}
+	if count := len(p.Config.Host); count == 1 {
+		fmt.Fprintf(p.Writer, "%s", fmt.Sprintln(message...))
+	} else {
+		fmt.Fprintf(p.Writer, "%s: %s", host, fmt.Sprintln(message...))
 	}
 }
 
@@ -65,60 +154,11 @@ func (p Plugin) Exec() error {
 	errChannel := make(chan error, 1)
 	finished := make(chan bool, 1)
 	for _, host := range p.Config.Host {
-		go func(host string) {
-			// Create MakeConfig instance with remote username, server address and path to private key.
-			ssh := &easyssh.MakeConfig{
-				Server:   host,
-				User:     p.Config.UserName,
-				Password: p.Config.Password,
-				Port:     strconv.Itoa(p.Config.Port),
-				Key:      p.Config.Key,
-				KeyPath:  p.Config.KeyPath,
-				Timeout:  p.Config.Timeout,
-				Proxy: easyssh.DefaultConfig{
-					Server:   p.Config.Proxy.Server,
-					User:     p.Config.Proxy.User,
-					Password: p.Config.Proxy.Password,
-					Port:     p.Config.Proxy.Port,
-					Key:      p.Config.Proxy.Key,
-					KeyPath:  p.Config.Proxy.KeyPath,
-					Timeout:  p.Config.Proxy.Timeout,
-				},
-			}
-
-			p.log(host, "commands: ", strings.Join(p.Config.Script, "\n"))
-			stdoutChan, stderrChan, doneChan, errChan, err := ssh.Stream(strings.Join(p.Config.Script, "\n"), p.Config.CommandTimeout)
-			if err != nil {
-				errChannel <- err
-			} else {
-				// read from the output channel until the done signal is passed
-				isTimeout := true
-			loop:
-				for {
-					select {
-					case isTimeout = <-doneChan:
-						break loop
-					case outline := <-stdoutChan:
-						p.log(host, "out:", outline)
-					case errline := <-stderrChan:
-						p.log(host, "err:", errline)
-					case err = <-errChan:
-					}
-				}
-
-				// get exit code or command error.
-				if err != nil {
-					errChannel <- err
-				}
-
-				// command time out
-				if !isTimeout {
-					errChannel <- fmt.Errorf(commandTimeOut)
-				}
-			}
-
-			wg.Done()
-		}(host)
+		if p.Config.Sync {
+			p.exec(host, &wg, errChannel)
+		} else {
+			go p.exec(host, &wg, errChannel)
+		}
 	}
 
 	go func() {
@@ -130,7 +170,6 @@ func (p Plugin) Exec() error {
 	case <-finished:
 	case err := <-errChannel:
 		if err != nil {
-			fmt.Println("drone-ssh error: ", err)
 			return err
 		}
 	}
@@ -141,3 +180,22 @@ func (p Plugin) Exec() error {
 
 	return nil
 }
+
+func (p Plugin) scriptCommands() []string {
+	numCommands := len(p.Config.Script)
+	if p.Config.ScriptStop {
+		numCommands *= 2
+	}
+
+	commands := make([]string, numCommands)
+
+	for _, cmd := range p.Config.Script {
+		if p.Config.ScriptStop {
+			commands = append(commands, "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;")
+		}
+
+		commands = append(commands, cmd)
+	}
+
+	return commands
+}

plugin_test.go

@@ -1,6 +1,9 @@
 package main
 
 import (
+	"bytes"
+	"os"
+	"strings"
 	"testing"
 
 	"github.com/appleboy/easyssh-proxy"
@@ -22,6 +25,7 @@ func TestMissingKeyOrPassword(t *testing.T) {
 			Host:     []string{"localhost"},
 			UserName: "ubuntu",
 		},
+		os.Stdout,
 	}
 
 	err := plugin.Exec()
@@ -38,6 +42,7 @@ func TestSetPasswordAndKey(t *testing.T) {
 			Password: "1234",
 			Key:      "1234",
 		},
+		os.Stdout,
 	}
 
 	err := plugin.Exec()
@@ -229,3 +234,297 @@ func TestSSHCommandExitCodeError(t *testing.T) {
 	err := plugin.Exec()
 	assert.NotNil(t, err)
 }
+
+func TestSetENV(t *testing.T) {
+	os.Setenv("FOO", `'  1)  '`)
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			UserName:       "drone-scp",
+			Port:           22,
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Secrets:        []string{"FOO"},
+			Envs:           []string{"foo"},
+			Debug:          true,
+			Script:         []string{"whoami; echo $FOO"},
+			CommandTimeout: 1,
+			Proxy: easyssh.DefaultConfig{
+				Server:  "localhost",
+				User:    "drone-scp",
+				Port:    "22",
+				KeyPath: "./tests/.ssh/id_rsa",
+			},
+		},
+	}
+
+	err := plugin.Exec()
+	assert.Nil(t, err)
+}
+
+func TestSetExistingENV(t *testing.T) {
+	os.Setenv("FOO", "Value for foo")
+	os.Setenv("BAR", "")
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			UserName:       "drone-scp",
+			Port:           22,
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Secrets:        []string{"FOO"},
+			Envs:           []string{"foo", "bar", "baz"},
+			Debug:          true,
+			Script:         []string{"export FOO", "export BAR", "export BAZ", "env | grep -q '^FOO=Value for foo$'", "env | grep -q '^BAR=$'", "if env | grep -q BAZ; then false; else true; fi"},
+			CommandTimeout: 1,
+			Proxy: easyssh.DefaultConfig{
+				Server:  "localhost",
+				User:    "drone-scp",
+				Port:    "22",
+				KeyPath: "./tests/.ssh/id_rsa",
+			},
+		},
+	}
+
+	err := plugin.Exec()
+	assert.Nil(t, err)
+}
+
+func TestSyncMode(t *testing.T) {
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost", "127.0.0.1"},
+			UserName:       "drone-scp",
+			Port:           22,
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Script:         []string{"whoami", "for i in {1..3}; do echo ${i}; sleep 1; done", "echo 'done'"},
+			CommandTimeout: 60,
+			Sync:           true,
+		},
+	}
+
+	err := plugin.Exec()
+	assert.Nil(t, err)
+}
+
+func Test_escapeArg(t *testing.T) {
+	type args struct {
+		arg string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "escape nothing",
+			args: args{
+				arg: "Hi I am appleboy",
+			},
+			want: `'Hi I am appleboy'`,
+		},
+		{
+			name: "escape single quote",
+			args: args{
+				arg: "Hi I am 'appleboy'",
+			},
+			want: `'Hi I am '\''appleboy'\'''`,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := escapeArg(tt.args.arg)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestCommandOutput(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			localhost: ======CMD======
+			localhost: pwd
+			whoami
+			uname
+			localhost: ======END======
+			localhost: out: /home/drone-scp
+			localhost: out: drone-scp
+			localhost: out: Linux
+			127.0.0.1: ======CMD======
+			127.0.0.1: pwd
+			whoami
+			uname
+			127.0.0.1: ======END======
+			127.0.0.1: out: /home/drone-scp
+			127.0.0.1: out: drone-scp
+			127.0.0.1: out: Linux
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost", "127.0.0.1"},
+			UserName: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"pwd",
+				"whoami",
+				"uname",
+			},
+			CommandTimeout: 60,
+			Sync:           true,
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.Nil(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestScriptStop(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			mkdir a/b/c
+			mkdir d/e/f
+			======END======
+			err: mkdir: can't create directory 'a/b/c': No such file or directory
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			UserName: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"mkdir a/b/c",
+				"mkdir d/e/f",
+			},
+			CommandTimeout: 10,
+			ScriptStop:     true,
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.NotNil(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestNoneScriptStop(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			mkdir a/b/c
+			mkdir d/e/f
+			======END======
+			err: mkdir: can't create directory 'a/b/c': No such file or directory
+			err: mkdir: can't create directory 'd/e/f': No such file or directory
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			UserName: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"mkdir a/b/c",
+				"mkdir d/e/f",
+			},
+			CommandTimeout: 10,
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.NotNil(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestEnvOutput(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			echo "[${ENV_1}]"
+			echo "[${ENV_2}]"
+			echo "[${ENV_3}]"
+			echo "[${ENV_4}]"
+			echo "[${ENV_5}]"
+			echo "[${ENV_6}]"
+			echo "[${ENV_7}]"
+			======END======
+			======ENV======
+			ENV_1='test'
+			ENV_2='test test'
+			ENV_3='test '
+			ENV_4='  test  test  '
+			ENV_5='test'\'''
+			ENV_6='test"'
+			ENV_7='test,!#;?.@$~'\''"'
+			======END======
+			out: [test]
+			out: [test test]
+			out: [test ]
+			out: [  test  test  ]
+			out: [test']
+			out: [test"]
+			out: [test,!#;?.@$~'"]
+		`
+	)
+
+	os.Setenv("ENV_1", `test`)
+	os.Setenv("ENV_2", `test test`)
+	os.Setenv("ENV_3", `test `)
+	os.Setenv("ENV_4", `  test  test  `)
+	os.Setenv("ENV_5", `test'`)
+	os.Setenv("ENV_6", `test"`)
+	os.Setenv("ENV_7", `test,!#;?.@$~'"`)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			UserName: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Envs:     []string{"env_1", "env_2", "env_3", "env_4", "env_5", "env_6", "env_7"},
+			Debug:    true,
+			Script: []string{
+				`echo "[${ENV_1}]"`,
+				`echo "[${ENV_2}]"`,
+				`echo "[${ENV_3}]"`,
+				`echo "[${ENV_4}]"`,
+				`echo "[${ENV_5}]"`,
+				`echo "[${ENV_6}]"`,
+				`echo "[${ENV_7}]"`,
+			},
+			CommandTimeout: 10,
+			Proxy: easyssh.DefaultConfig{
+				Server:  "localhost",
+				User:    "drone-scp",
+				Port:    "22",
+				KeyPath: "./tests/.ssh/id_rsa",
+			},
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.Nil(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func unindent(text string) string {
+	return strings.TrimSpace(strings.Replace(text, "\t", "", -1))
+}