remove support i386

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
chore: support multiple port (#168 )
2026-06-16 14:49:25 +08:00 · 2020-11-17 10:34:26 +08:00 · 2020-11-17 10:14:11 +08:00 · 2020-09-25 22:22:21 +08:00 · 2020-09-25 22:21:39 +08:00 · 2020-09-25 22:12:48 +08:00
9 changed files with 390 additions and 113 deletions
@@ -9,7 +9,7 @@ platform:
 steps:
 - name: vet
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
  - make vet
  volumes:
@@ -18,7 +18,7 @@ steps:

 - name: lint
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
  - make lint
  volumes:
@@ -27,7 +27,7 @@ steps:

 - name: misspell
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
  - make misspell-check
  volumes:
@@ -36,7 +36,7 @@ steps:

 - name: test
  pull: always
-  image: golang:1.13-alpine
+  image: golang:1.15-alpine
  commands:
  - apk add git make curl perl bash build-base zlib-dev ucl-dev
  - make ssh-server
@@ -68,9 +68,9 @@ platform:
 steps:
 - name: build-push
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-ssh
+  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-ssh"
  environment:
    CGO_ENABLED: 0
  when:
@@ -80,9 +80,9 @@ steps:

 - name: build-tag
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-ssh
+  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-ssh"
  environment:
    CGO_ENABLED: 0
  when:
@@ -91,7 +91,7 @@ steps:

 - name: executable
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
  - ./release/linux/amd64/drone-ssh --help

@@ -130,8 +130,8 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
+  - "refs/pull/**"
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -147,9 +147,9 @@ platform:
 steps:
 - name: build-push
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-ssh
+  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-ssh"
  environment:
    CGO_ENABLED: 0
  when:
@@ -159,9 +159,9 @@ steps:

 - name: build-tag
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-ssh
+  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-ssh"
  environment:
    CGO_ENABLED: 0
  when:
@@ -170,7 +170,7 @@ steps:

 - name: executable
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
  - ./release/linux/arm64/drone-ssh --help

@@ -209,8 +209,8 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
+  - "refs/pull/**"
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -226,9 +226,9 @@ platform:
 steps:
 - name: build-push
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-ssh
+  - "go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-ssh"
  environment:
    CGO_ENABLED: 0
  when:
@@ -238,9 +238,9 @@ steps:

 - name: build-tag
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-ssh
+  - "go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-ssh"
  environment:
    CGO_ENABLED: 0
  when:
@@ -249,7 +249,7 @@ steps:

 - name: executable
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
  - ./release/linux/arm/drone-ssh --help

@@ -288,8 +288,8 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
+  - "refs/pull/**"
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -305,7 +305,7 @@ platform:
 steps:
 - name: build-all-binary
  pull: always
-  image: golang:1.13
+  image: golang:1.15
  commands:
  - make release
  when:
@@ -319,14 +319,14 @@ steps:
    api_key:
      from_secret: github_release_api_key
    files:
-    - dist/release/*
+    - "dist/release/*"
  when:
    event:
    - tag

 trigger:
  ref:
-  - refs/tags/**
+  - "refs/tags/**"

 depends_on:
 - testing
@@ -354,7 +354,7 @@ steps:
 trigger:
  ref:
  - refs/heads/master
-  - refs/tags/**
+  - "refs/tags/**"

 depends_on:
 - linux-amd64
@@ -112,6 +112,8 @@ Example configuration for exporting custom secrets:
 ```diff
  - name: ssh commands
    image: appleboy/drone-ssh
+    environment:
+      commit: ${DRONE_BUILD_NUMBER}
    settings:
      host: foo.com
      username: root
@@ -119,8 +121,10 @@ Example configuration for exporting custom secrets:
      port: 22
 +     envs:
        - aws_access_key_id
+        - commit
      script:
        - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
+        - echo $commit
 ```

 Example configuration for stoping script after first failure:
@@ -139,6 +143,23 @@ Example configuration for stoping script after first failure:
        - echo "you can't see the steps."
 ```

+Example configuration for passphrase which protecting a private key:
+
+```diff
+  - name: ssh commands
+    image: appleboy/drone-ssh
+    settings:
+      host: foo.com
+      username: root
+     key:
+       from_secret: ssh_key
+     passphrase: 1234
+      port: 22
+      script:
+        - mkdir abc/def/efg
+        - echo "you can't see the steps."
+```
+
 ## Secret Reference

 ssh_username
@@ -147,6 +168,9 @@ ssh_username
 ssh_password
 : password for target host user

+ssh_passphrase
+: The purpose of the passphrase is usually to encrypt the private key.
+
 ssh_key
 : plain text of user private key

@@ -156,6 +180,9 @@ proxy_ssh_username
 proxy_ssh_password
 : password for user of proxy server

+proxy_ssh_passphrase
+: The purpose of the passphrase is usually to encrypt the private key.
+
 proxy_ssh_key
 : plain text of user private key for proxy server

@@ -8,8 +8,7 @@ DEPLOY_ACCOUNT := appleboy
 DEPLOY_IMAGE := $(EXECUTABLE)

 TARGETS ?= linux darwin windows
-ARCHS ?= amd64 386
-PACKAGES ?= $(shell $(GO) list ./...)
+ARCHS ?= amd64
 SOURCES ?= $(shell find . -name "*.go" -type f)
 TAGS ?=
 LDFLAGS ?= -X 'main.Version=$(VERSION)'
@@ -32,7 +31,7 @@ fmt:
 	$(GOFMT) -w $(SOURCES)

 vet:
-	$(GO) vet $(PACKAGES)
+	$(GO) vet ./...

 lint:
 	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
@@ -64,7 +63,7 @@ fmt-check:
 	fi;

 test: fmt-check
-	@$(GO) test -v -cover -coverprofile coverage.txt $(PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 install: $(SOURCES)
 	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
@@ -118,16 +117,18 @@ endif
 	docker push $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)

 ssh-server:
-	adduser -h /home/drone-scp -s /bin/bash -D -S drone-scp
+	adduser -h /home/drone-scp -s /bin/sh -D -S drone-scp
 	echo drone-scp:1234 | chpasswd
 	mkdir -p /home/drone-scp/.ssh
 	chmod 700 /home/drone-scp/.ssh
 	cat tests/.ssh/id_rsa.pub >> /home/drone-scp/.ssh/authorized_keys
 	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
+	chmod 600 /home/drone-scp/.ssh/authorized_keys
 	chown -R drone-scp /home/drone-scp/.ssh
 	# install ssh and start server
 	apk add --update openssh openrc
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
+	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
 	./tests/entrypoint.sh /usr/sbin/sshd -D &

@@ -1,10 +1,11 @@
 module github.com/appleboy/drone-ssh

-go 1.13
+go 1.14

 require (
-	github.com/appleboy/easyssh-proxy v1.3.0
+	github.com/appleboy/easyssh-proxy v1.3.7
 	github.com/joho/godotenv v1.3.0
-	github.com/stretchr/testify v1.4.0
-	github.com/urfave/cli v1.22.1
+	github.com/stretchr/testify v1.6.1
+	github.com/urfave/cli v1.22.4
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
 )
@@ -1,8 +1,8 @@
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0xINSaSYH0Whtvem64/4+Ef0+Y5pE=
 github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
-github.com/appleboy/easyssh-proxy v1.3.0 h1:ToH+hZDPWP9/9E58lwxDLJQSHvgGgDAQ9ZVx6x5oofI=
-github.com/appleboy/easyssh-proxy v1.3.0/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
+github.com/appleboy/easyssh-proxy v1.3.7 h1:4XsChI8PuAd6jwTIKvTCH97vWmknvMJGxYi0PLiULG8=
+github.com/appleboy/easyssh-proxy v1.3.7/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
@@ -17,17 +17,20 @@ github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
+github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876 h1:sKJQZMuxjOAR/Uo2LBfU90onWEf1dF4C+0hPJCc9Mpc=
 golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -36,3 +39,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -7,7 +7,6 @@ import (

 	"github.com/appleboy/easyssh-proxy"
 	"github.com/joho/godotenv"
-	_ "github.com/joho/godotenv/autoload"
 	"github.com/urfave/cli"
 )

@@ -20,6 +19,10 @@ func main() {
 		_ = godotenv.Load(filename)
 	}

+	if _, err := os.Stat("/run/drone/env"); err == nil {
+		godotenv.Overload("/run/drone/env")
+	}
+
 	app := cli.NewApp()
 	app.Name = "Drone SSH"
 	app.Usage = "Executing remote ssh commands"
@@ -40,7 +43,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "ssh-passphrase",
-			Usage:  "ssh passphrase",
+			Usage:  "The purpose of the passphrase is usually to encrypt the private key.",
 			EnvVar: "PLUGIN_SSH_PASSPHRASE,PLUGIN_PASSPHRASE,SSH_PASSPHRASE,PASSPHRASE,INPUT_PASSPHRASE",
 		},
 		cli.StringFlag{
@@ -60,9 +63,25 @@ func main() {
 			EnvVar: "PLUGIN_PASSWORD,SSH_PASSWORD,PASSWORD,INPUT_PASSWORD",
 		},
 		cli.StringSliceFlag{
-			Name:   "host,H",
-			Usage:  "connect to host",
-			EnvVar: "PLUGIN_HOST,SSH_HOST,HOST,INPUT_HOST",
+			Name:   "ciphers",
+			Usage:  "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVar: "PLUGIN_CIPHERS,SSH_CIPHERS,CIPHERS,INPUT_CIPHERS",
+		},
+		cli.BoolFlag{
+			Name:   "useInsecureCipher",
+			Usage:  "include more ciphers with use_insecure_cipher",
+			EnvVar: "PLUGIN_USE_INSECURE_CIPHER,SSH_USE_INSECURE_CIPHER,USE_INSECURE_CIPHER,INPUT_USE_INSECURE_CIPHER",
+		},
+		cli.StringFlag{
+			Name:   "fingerprint",
+			Usage:  "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVar: "PLUGIN_FINGERPRINT,SSH_FINGERPRINT,FINGERPRINT,INPUT_FINGERPRINT",
+		},
+		cli.StringSliceFlag{
+			Name:     "host,H",
+			Usage:    "connect to host",
+			EnvVar:   "PLUGIN_HOST,SSH_HOST,HOST,INPUT_HOST",
+			FilePath: ".host",
 		},
 		cli.IntFlag{
 			Name:   "port,p",
@@ -109,7 +128,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "proxy.ssh-passphrase",
-			Usage:  "proxy ssh passphrase",
+			Usage:  "The purpose of the passphrase is usually to encrypt the private key.",
 			EnvVar: "PLUGIN_PROXY_SSH_PASSPHRASE,PLUGIN_PROXY_PASSPHRASE,PROXY_SSH_PASSPHRASE,PROXY_PASSPHRASE,INPUT_PROXY_PASSPHRASE",
 		},
 		cli.StringFlag{
@@ -144,6 +163,21 @@ func main() {
 			Usage:  "proxy connection timeout",
 			EnvVar: "PLUGIN_PROXY_TIMEOUT,PROXY_SSH_TIMEOUT,INPUT_PROXY_TIMEOUT",
 		},
+		cli.StringSliceFlag{
+			Name:   "proxy.ciphers",
+			Usage:  "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVar: "PLUGIN_PROXY_CIPHERS,SSH_PROXY_CIPHERS,PROXY_CIPHERS,INPUT_PROXY_CIPHERS",
+		},
+		cli.BoolFlag{
+			Name:   "proxy.useInsecureCipher",
+			Usage:  "include more ciphers with use_insecure_cipher",
+			EnvVar: "PLUGIN_PROXY_USE_INSECURE_CIPHER,SSH_PROXY_USE_INSECURE_CIPHER,PROXY_USE_INSECURE_CIPHER,INPUT_PROXY_USE_INSECURE_CIPHER",
+		},
+		cli.StringFlag{
+			Name:   "proxy.fingerprint",
+			Usage:  "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVar: "PLUGIN_PROXY_FINGERPRINT,SSH_PROXY_FINGERPRINT,PROXY_FINGERPRINT,INPUT_PROXY_FINGERPRINT",
+		},
 		cli.StringSliceFlag{
 			Name:   "envs",
 			Usage:  "pass environment variable to shell script",
@@ -201,29 +235,35 @@ func run(c *cli.Context) error {
 	}
 	plugin := Plugin{
 		Config: Config{
-			Key:            c.String("ssh-key"),
-			KeyPath:        c.String("key-path"),
-			Username:       c.String("user"),
-			Password:       c.String("password"),
-			Passphrase:     c.String("ssh-passphrase"),
-			Host:           c.StringSlice("host"),
-			Port:           c.Int("port"),
-			Timeout:        c.Duration("timeout"),
-			CommandTimeout: c.Duration("command.timeout"),
-			Script:         scripts,
-			ScriptStop:     c.Bool("script.stop"),
-			Envs:           c.StringSlice("envs"),
-			Debug:          c.Bool("debug"),
-			Sync:           c.Bool("sync"),
+			Key:               c.String("ssh-key"),
+			KeyPath:           c.String("key-path"),
+			Username:          c.String("user"),
+			Password:          c.String("password"),
+			Passphrase:        c.String("ssh-passphrase"),
+			Fingerprint:       c.String("fingerprint"),
+			Host:              c.StringSlice("host"),
+			Port:              c.Int("port"),
+			Timeout:           c.Duration("timeout"),
+			CommandTimeout:    c.Duration("command.timeout"),
+			Script:            scripts,
+			ScriptStop:        c.Bool("script.stop"),
+			Envs:              c.StringSlice("envs"),
+			Debug:             c.Bool("debug"),
+			Sync:              c.Bool("sync"),
+			Ciphers:           c.StringSlice("ciphers"),
+			UseInsecureCipher: c.Bool("useInsecureCipher"),
 			Proxy: easyssh.DefaultConfig{
-				Key:        c.String("proxy.ssh-key"),
-				KeyPath:    c.String("proxy.key-path"),
-				User:       c.String("proxy.username"),
-				Password:   c.String("proxy.password"),
-				Passphrase: c.String("proxy.ssh-passphrase"),
-				Server:     c.String("proxy.host"),
-				Port:       c.String("proxy.port"),
-				Timeout:    c.Duration("proxy.timeout"),
+				Key:               c.String("proxy.ssh-key"),
+				KeyPath:           c.String("proxy.key-path"),
+				User:              c.String("proxy.username"),
+				Password:          c.String("proxy.password"),
+				Passphrase:        c.String("proxy.ssh-passphrase"),
+				Fingerprint:       c.String("proxy.fingerprint"),
+				Server:            c.String("proxy.host"),
+				Port:              c.String("proxy.port"),
+				Timeout:           c.Duration("proxy.timeout"),
+				Ciphers:           c.StringSlice("proxy.ciphers"),
+				UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
 			},
 		},
 		Writer: os.Stdout,
@@ -9,7 +9,7 @@
    steps: [
      {
        name: 'vet',
-        image: 'golang:1.13',
+        image: 'golang:1.15',
        pull: 'always',
        commands: [
          'make vet',
@@ -23,7 +23,7 @@
      },
      {
        name: 'lint',
-        image: 'golang:1.13',
+        image: 'golang:1.15',
        pull: 'always',
        commands: [
          'make lint',
@@ -37,7 +37,7 @@
      },
      {
        name: 'misspell',
-        image: 'golang:1.13',
+        image: 'golang:1.15',
        pull: 'always',
        commands: [
          'make misspell-check',
@@ -51,7 +51,7 @@
      },
      {
        name: 'test',
-        image: 'golang:1.13-alpine',
+        image: 'golang:1.15-alpine',
        pull: 'always',
        commands: [
          'apk add git make curl perl bash build-base zlib-dev ucl-dev',
@@ -93,7 +93,7 @@
    steps: [
      {
        name: 'build-push',
-        image: 'golang:1.13',
+        image: 'golang:1.15',
        pull: 'always',
        environment: {
          CGO_ENABLED: '0',
@@ -109,7 +109,7 @@
      },
      {
        name: 'build-tag',
-        image: 'golang:1.13',
+        image: 'golang:1.15',
        pull: 'always',
        environment: {
          CGO_ENABLED: '0',
@@ -123,7 +123,7 @@
      },
      {
        name: 'executable',
-        image: 'golang:1.13',
+        image: 'golang:1.15',
        pull: 'always',
        commands: [
          './release/' + os + '/' + arch + '/' + name + ' --help',
@@ -188,7 +188,7 @@
    steps: [
      {
        name: 'build-all-binary',
-        image: 'golang:1.13',
+        image: 'golang:1.15',
        pull: 'always',
        commands: [
          'make release'
@@ -23,21 +23,24 @@ var (
 type (
 	// Config for the plugin.
 	Config struct {
-		Key            string
-		Passphrase     string
-		KeyPath        string
-		Username       string
-		Password       string
-		Host           []string
-		Port           int
-		Timeout        time.Duration
-		CommandTimeout time.Duration
-		Script         []string
-		ScriptStop     bool
-		Envs           []string
-		Proxy          easyssh.DefaultConfig
-		Debug          bool
-		Sync           bool
+		Key               string
+		Passphrase        string
+		KeyPath           string
+		Username          string
+		Password          string
+		Host              []string
+		Port              int
+		Fingerprint       string
+		Timeout           time.Duration
+		CommandTimeout    time.Duration
+		Script            []string
+		ScriptStop        bool
+		Envs              []string
+		Proxy             easyssh.DefaultConfig
+		Debug             bool
+		Sync              bool
+		Ciphers           []string
+		UseInsecureCipher bool
 	}

 	// Plugin structure
@@ -51,26 +54,44 @@ func escapeArg(arg string) string {
 	return "'" + strings.Replace(arg, "'", `'\''`, -1) + "'"
 }

+func (p Plugin) hostPort(host string) (string, string) {
+	hosts := strings.Split(host, ":")
+	port := strconv.Itoa(p.Config.Port)
+	if len(hosts) > 1 {
+		host = hosts[0]
+		port = hosts[1]
+	}
+
+	return host, port
+}
+
 func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
+	host, port := p.hostPort(host)
 	// Create MakeConfig instance with remote username, server address and path to private key.
 	ssh := &easyssh.MakeConfig{
-		Server:     host,
-		User:       p.Config.Username,
-		Password:   p.Config.Password,
-		Port:       strconv.Itoa(p.Config.Port),
-		Key:        p.Config.Key,
-		KeyPath:    p.Config.KeyPath,
-		Passphrase: p.Config.Passphrase,
-		Timeout:    p.Config.Timeout,
+		Server:            host,
+		User:              p.Config.Username,
+		Password:          p.Config.Password,
+		Port:              port,
+		Key:               p.Config.Key,
+		KeyPath:           p.Config.KeyPath,
+		Passphrase:        p.Config.Passphrase,
+		Timeout:           p.Config.Timeout,
+		Ciphers:           p.Config.Ciphers,
+		Fingerprint:       p.Config.Fingerprint,
+		UseInsecureCipher: p.Config.UseInsecureCipher,
 		Proxy: easyssh.DefaultConfig{
-			Server:     p.Config.Proxy.Server,
-			User:       p.Config.Proxy.User,
-			Password:   p.Config.Proxy.Password,
-			Port:       p.Config.Proxy.Port,
-			Key:        p.Config.Proxy.Key,
-			KeyPath:    p.Config.Proxy.KeyPath,
-			Passphrase: p.Config.Proxy.Passphrase,
-			Timeout:    p.Config.Proxy.Timeout,
+			Server:            p.Config.Proxy.Server,
+			User:              p.Config.Proxy.User,
+			Password:          p.Config.Proxy.Password,
+			Port:              p.Config.Proxy.Port,
+			Key:               p.Config.Proxy.Key,
+			KeyPath:           p.Config.Proxy.KeyPath,
+			Passphrase:        p.Config.Proxy.Passphrase,
+			Timeout:           p.Config.Proxy.Timeout,
+			Ciphers:           p.Config.Proxy.Ciphers,
+			Fingerprint:       p.Config.Proxy.Fingerprint,
+			UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
 		},
 	}

@@ -198,11 +219,12 @@ func (p Plugin) scriptCommands() []string {
 	commands := make([]string, 0)

 	for _, cmd := range scripts {
+		cmd = strings.TrimSpace(cmd)
 		if strings.TrimSpace(cmd) == "" {
 			continue
 		}
 		commands = append(commands, cmd)
-		if p.Config.ScriptStop {
+		if p.Config.ScriptStop && cmd[(len(cmd)-1):] != "\\" {
 			commands = append(commands, "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;")
 		}
 	}
@@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"io"
+	"io/ioutil"
 	"os"
 	"reflect"
 	"strings"
@@ -11,6 +12,7 @@ import (

 	"github.com/appleboy/easyssh-proxy"
 	"github.com/stretchr/testify/assert"
+	"golang.org/x/crypto/ssh"
 )

 func TestMissingHostOrUser(t *testing.T) {
@@ -384,6 +386,80 @@ func TestCommandOutput(t *testing.T) {
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }

+func TestWrongFingerprint(t *testing.T) {
+	var (
+		buffer bytes.Buffer
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Fingerprint: "wrong",
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.NotNil(t, err)
+}
+
+func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
+	var pubkey ssh.PublicKey
+	var err error
+	buf, err := ioutil.ReadFile(keypath)
+	if err != nil {
+		return nil, err
+	}
+
+	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return pubkey, nil
+}
+
+func TestFingerprint(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			whoami
+			======END======
+			out: drone-scp
+		`
+	)
+
+	hostKey, err := getHostPublicKeyFile("/etc/ssh/ssh_host_rsa_key.pub")
+	assert.NoError(t, err)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Fingerprint:    ssh.FingerprintSHA256(hostKey),
+			CommandTimeout: 10 * time.Second,
+		},
+		Writer: &buffer,
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
 func TestScriptStop(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
@@ -570,6 +646,17 @@ func TestPlugin_scriptCommands(t *testing.T) {
 			},
 			want: []string{"mkdir a", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;", "mkdir c", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;", "mkdir b", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;"},
 		},
+		// See: https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
+		{
+			name: "Multiline SSH commands interpreted as single lines",
+			fields: fields{
+				Config: Config{
+					Script:     []string{"ls \\ ", "-lah", "mkdir a"},
+					ScriptStop: true,
+				},
+			},
+			want: []string{"ls \\", "-lah", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;", "mkdir a", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;"},
+		},
 		{
 			name: "trim space",
 			fields: fields{
@@ -593,3 +680,97 @@ func TestPlugin_scriptCommands(t *testing.T) {
 		})
 	}
 }
+
+func TestUseInsecureCipher(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			mkdir a/b/c
+			mkdir d/e/f
+			======END======
+			err: mkdir: can't create directory 'a/b/c': No such file or directory
+			err: mkdir: can't create directory 'd/e/f': No such file or directory
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"mkdir a/b/c",
+				"mkdir d/e/f",
+			},
+			CommandTimeout:    10 * time.Second,
+			UseInsecureCipher: true,
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.NotNil(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestPlugin_hostPort(t *testing.T) {
+	type fields struct {
+		Config Config
+		Writer io.Writer
+	}
+	type args struct {
+		h string
+	}
+	tests := []struct {
+		name     string
+		fields   fields
+		args     args
+		wantHost string
+		wantPort string
+	}{
+		{
+			name: "default host and port",
+			fields: fields{
+				Config: Config{
+					Port: 22,
+				},
+			},
+			args: args{
+				h: "localhost",
+			},
+			wantHost: "localhost",
+			wantPort: "22",
+		},
+		{
+			name: "different port",
+			fields: fields{
+				Config: Config{
+					Port: 22,
+				},
+			},
+			args: args{
+				h: "localhost:443",
+			},
+			wantHost: "localhost",
+			wantPort: "443",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := Plugin{
+				Config: tt.fields.Config,
+				Writer: tt.fields.Writer,
+			}
+			gotHost, gotPort := p.hostPort(tt.args.h)
+			if gotHost != tt.wantHost {
+				t.Errorf("Plugin.hostPort() gotHost = %v, want %v", gotHost, tt.wantHost)
+			}
+			if gotPort != tt.wantPort {
+				t.Errorf("Plugin.hostPort() gotPort = %v, want %v", gotPort, tt.wantPort)
+			}
+		})
+	}
+}
Author	SHA1	Message	Date
Bo-Yi Wu	76fb630345	remove support i386 Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-11-17 10:34:26 +08:00
Bo-Yi Wu	e059b33708	chore: support multiple port (#168 ) Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-11-17 10:14:11 +08:00
Bo-Yi Wu	bb733a53de	chore: update docs Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-09-25 22:22:21 +08:00
Bo-Yi Wu	f725d02d7b	chore: add drone env Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-09-25 22:21:39 +08:00
Bo-Yi Wu	ac47ca3480	chore: upgrade to go1.15 Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-09-25 22:12:48 +08:00
Bo-Yi Wu	66bbf9b7cd	chore: support Multiline SSH commands interpreted as single lines (#160 ) https://github.com/appleboy/ssh-action/issues/75	2020-08-08 15:31:57 +08:00
Bo-Yi Wu	77a818a94d	chore: update go module	2020-08-08 14:50:04 +08:00
Bo-Yi Wu	1d89d2d875	chore: load env from /run/drone/env path	2020-07-17 23:23:31 +08:00
Bo-Yi Wu	b447da961e	chore: remove auto load .env file Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-06-15 16:37:09 +08:00
Bo-Yi Wu	4d46a02d53	chore: bump easyssh to 1.3.7	2020-05-24 13:57:02 +08:00
Bo-Yi Wu	7994d5555e	chore: update dependency	2020-05-24 12:43:43 +08:00
Bo-Yi Wu	c7d8b0f2e9	chore: upgrade easy-ssh	2020-05-24 12:05:38 +08:00
Bo-Yi Wu	7755fdb39f	chore: upgrade easy-ssh	2020-05-24 12:04:21 +08:00
Bo-Yi Wu	83417639b9	chore: clean up go module	2020-05-24 10:46:44 +08:00
Bo-Yi Wu	7344ac6529	chore: support UseInsecureCipher (#158 )	2020-05-24 10:43:11 +08:00
Bo-Yi Wu	1288a4b20d	docs: update fingerprint comment. Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-05-19 14:11:26 +08:00
Bo-Yi Wu	11ec0bec7e	update makefile Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-05-19 14:02:15 +08:00
Bo-Yi Wu	a2c6be3c19	support Fingerprint (#157 )	2020-05-19 14:01:28 +08:00
Bo-Yi Wu	923defc397	easyssh-proxy upgrade => v1.3.5 Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-05-19 12:55:32 +08:00
Bo-Yi Wu	ec9d02ec38	missing Ciphers config Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-04-30 15:49:00 +08:00
Bo-Yi Wu	9c9e7914ce	support custom Ciphers value Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-04-30 15:38:46 +08:00
techknowlogick	9e205a756f	Add option to use file for host info (#156 )	2020-04-29 14:21:31 +08:00
Bo-Yi Wu	99f63aaaa8	upgrade easyssh-proxy Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-04-16 15:27:12 +08:00
Bo-Yi Wu	6bdace5138	update to go 1.14 Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-02-27 09:58:32 +08:00
Bo-Yi Wu	54cdb693e4	update module Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2020-02-07 13:25:48 +08:00
Bo-Yi Wu	81d0430ffd	chore(makefile): remove GOPACKAGE variable	2020-02-01 00:42:50 +08:00
Bo-Yi Wu	a046be092b	docs: add passphrase example Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2019-12-31 09:46:38 +08:00