chore: bump go directive to 1.25.10

- Update go.mod go directive from 1.25.9 to 1.25.10

.dockerignore

@@ -0,0 +1,2 @@
+*
+!release/

.drone.jsonnet

@@ -1,16 +0,0 @@
-local pipeline = import 'pipeline.libsonnet';
-local name = 'drone-ssh';
-
-[
-  pipeline.test,
-  pipeline.build(name, 'linux', 'amd64'),
-  pipeline.build(name, 'linux', 'arm64'),
-  pipeline.build(name, 'linux', 'arm'),
-  pipeline.release,
-  pipeline.notifications(depends_on=[
-    'linux-amd64',
-    'linux-arm64',
-    'linux-arm',
-    'release-binary',
-  ]),
-]

.drone.yml

@@ -1,365 +0,0 @@
----
-kind: pipeline
-name: testing
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: vet
-  pull: always
-  image: golang:1.14
-  commands:
-  - make vet
-  volumes:
-  - name: gopath
-    path: /go
-
-- name: lint
-  pull: always
-  image: golang:1.14
-  commands:
-  - make lint
-  volumes:
-  - name: gopath
-    path: /go
-
-- name: misspell
-  pull: always
-  image: golang:1.14
-  commands:
-  - make misspell-check
-  volumes:
-  - name: gopath
-    path: /go
-
-- name: test
-  pull: always
-  image: golang:1.14-alpine
-  commands:
-  - apk add git make curl perl bash build-base zlib-dev ucl-dev
-  - make ssh-server
-  - make test
-  - make coverage
-  volumes:
-  - name: gopath
-    path: /go
-
-- name: codecov
-  pull: always
-  image: robertstettner/drone-codecov
-  settings:
-    token:
-      from_secret: codecov_token
-
-volumes:
-- name: gopath
-  temp: {}
-
----
-kind: pipeline
-name: linux-amd64
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: build-push
-  pull: always
-  image: golang:1.14
-  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-ssh
-  environment:
-    CGO_ENABLED: 0
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  pull: always
-  image: golang:1.14
-  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/amd64/drone-ssh
-  environment:
-    CGO_ENABLED: 0
-  when:
-    event:
-    - tag
-
-- name: executable
-  pull: always
-  image: golang:1.14
-  commands:
-  - ./release/linux/amd64/drone-ssh --help
-
-- name: dryrun
-  pull: always
-  image: plugins/docker:linux-amd64
-  settings:
-    cache_from: appleboy/drone-ssh
-    dockerfile: docker/Dockerfile.linux.amd64
-    dry_run: true
-    repo: appleboy/drone-ssh
-    tags: linux-amd64
-  when:
-    event:
-    - pull_request
-
-- name: publish
-  pull: always
-  image: plugins/docker:linux-amd64
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-amd64
-    cache_from: appleboy/drone-ssh
-    daemon_off: false
-    dockerfile: docker/Dockerfile.linux.amd64
-    password:
-      from_secret: docker_password
-    repo: appleboy/drone-ssh
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
-
-depends_on:
-- testing
-
----
-kind: pipeline
-name: linux-arm64
-
-platform:
-  os: linux
-  arch: arm64
-
-steps:
-- name: build-push
-  pull: always
-  image: golang:1.14
-  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-ssh
-  environment:
-    CGO_ENABLED: 0
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  pull: always
-  image: golang:1.14
-  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm64/drone-ssh
-  environment:
-    CGO_ENABLED: 0
-  when:
-    event:
-    - tag
-
-- name: executable
-  pull: always
-  image: golang:1.14
-  commands:
-  - ./release/linux/arm64/drone-ssh --help
-
-- name: dryrun
-  pull: always
-  image: plugins/docker:linux-arm64
-  settings:
-    cache_from: appleboy/drone-ssh
-    dockerfile: docker/Dockerfile.linux.arm64
-    dry_run: true
-    repo: appleboy/drone-ssh
-    tags: linux-arm64
-  when:
-    event:
-    - pull_request
-
-- name: publish
-  pull: always
-  image: plugins/docker:linux-arm64
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-arm64
-    cache_from: appleboy/drone-ssh
-    daemon_off: false
-    dockerfile: docker/Dockerfile.linux.arm64
-    password:
-      from_secret: docker_password
-    repo: appleboy/drone-ssh
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
-
-depends_on:
-- testing
-
----
-kind: pipeline
-name: linux-arm
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build-push
-  pull: always
-  image: golang:1.14
-  commands:
-  - go build -v -ldflags '-X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-ssh
-  environment:
-    CGO_ENABLED: 0
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  pull: always
-  image: golang:1.14
-  commands:
-  - go build -v -ldflags '-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}' -a -o release/linux/arm/drone-ssh
-  environment:
-    CGO_ENABLED: 0
-  when:
-    event:
-    - tag
-
-- name: executable
-  pull: always
-  image: golang:1.14
-  commands:
-  - ./release/linux/arm/drone-ssh --help
-
-- name: dryrun
-  pull: always
-  image: plugins/docker:linux-arm
-  settings:
-    cache_from: appleboy/drone-ssh
-    dockerfile: docker/Dockerfile.linux.arm
-    dry_run: true
-    repo: appleboy/drone-ssh
-    tags: linux-arm
-  when:
-    event:
-    - pull_request
-
-- name: publish
-  pull: always
-  image: plugins/docker:linux-arm
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-arm
-    cache_from: appleboy/drone-ssh
-    daemon_off: false
-    dockerfile: docker/Dockerfile.linux.arm
-    password:
-      from_secret: docker_password
-    repo: appleboy/drone-ssh
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - refs/pull/**
-  - refs/tags/**
-
-depends_on:
-- testing
-
----
-kind: pipeline
-name: release-binary
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: build-all-binary
-  pull: always
-  image: golang:1.14
-  commands:
-  - make release
-  when:
-    event:
-    - tag
-
-- name: deploy-all-binary
-  pull: always
-  image: plugins/github-release
-  settings:
-    api_key:
-      from_secret: github_release_api_key
-    files:
-    - dist/release/*
-  when:
-    event:
-    - tag
-
-trigger:
-  ref:
-  - refs/tags/**
-
-depends_on:
-- testing
-
----
-kind: pipeline
-name: notifications
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: manifest
-  pull: always
-  image: plugins/manifest
-  settings:
-    ignore_missing: true
-    password:
-      from_secret: docker_password
-    spec: docker/manifest.tmpl
-    username:
-      from_secret: docker_username
-
-trigger:
-  ref:
-  - refs/heads/master
-  - refs/tags/**
-
-depends_on:
-- linux-amd64
-- linux-arm64
-- linux-arm
-- release-binary
-
-...

.editorconfig

@@ -1,42 +0,0 @@
-# unifying the coding style for different editors and IDEs => editorconfig.org
-
-; indicate this is the root of the project
-root = true
-
-###########################################################
-; common
-###########################################################
-
-[*]
-charset = utf-8
-
-end_of_line = LF
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-indent_style = space
-indent_size = 2
-
-###########################################################
-; make
-###########################################################
-
-[Makefile]
-indent_style = tab
-
-[makefile]
-indent_style = tab
-
-###########################################################
-; markdown
-###########################################################
-
-[*.md]
-trim_trailing_whitespace = false
-
-###########################################################
-; golang
-###########################################################
-
-[*.go]
-indent_style = tab

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://www.paypal.me/appleboy46']

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly

.github/workflows/codeql.yml

@@ -0,0 +1,54 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: "41 23 * * 6"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["go"]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4

.github/workflows/docker.yml

@@ -0,0 +1,104 @@
+name: Docker Image
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+  pull_request:
+    branches:
+      - "master"
+
+permissions:
+  contents: read
+  packages: write
+  security-events: write
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Build binary
+        run: |
+          make build_linux_amd64
+          make build_linux_arm64
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: docker-meta
+        uses: docker/metadata-action@v6
+        with:
+          images: |
+            ${{ github.repository }}
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Build image for scanning
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: drone-ssh:scan
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          image-ref: "drone-ssh:scan"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "CRITICAL,HIGH"
+          exit-code: '1'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-image-results.sarif"
+          category: "trivy-docker-image"
+
+      - name: Build and push
+        if: success()
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          file: docker/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker-meta.outputs.tags }}
+          labels: ${{ steps.docker-meta.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache,mode=max

.github/workflows/goreleaser.yml

@@ -0,0 +1,34 @@
+name: Goreleaser
+
+on:
+  push:
+    tags:
+      - "*"
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v7
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/testing.yml

@@ -0,0 +1,55 @@
+name: Lint and Testing
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Setup golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: v2.12
+          args: --verbose
+
+      - uses: hadolint/hadolint-action@v3.3.0
+        name: hadolint for Dockerfile
+        with:
+          dockerfile: docker/Dockerfile
+
+  testing:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: ["1.25", "1.26"]
+    container:
+      image: golang:${{ matrix.go-version }}-alpine
+      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: setup sshd server
+        run: |
+          apk add git make curl perl bash build-base zlib-dev ucl-dev sudo gpg
+          make ssh-server
+
+      - name: testing
+        run: |
+          make test
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v6
+        with:
+          flags: go-${{ matrix.go-version }}

.github/workflows/trivy.yml

@@ -0,0 +1,85 @@
+name: Trivy Security Scan
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    # Run daily at 00:00 UTC
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  trivy-repo-scan:
+    name: Trivy Repository Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Run Trivy vulnerability scanner (repo)
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          scan-type: "fs"
+          scan-ref: "."
+          format: "sarif"
+          output: "trivy-repo-results.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-repo-results.sarif"
+
+  trivy-image-scan:
+    name: Trivy Image Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Build binary
+        run: |
+          make build_linux_amd64
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Build Docker image for scanning
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: drone-ssh:scan
+
+      - name: Run Trivy vulnerability scanner (image)
+        uses: aquasecurity/trivy-action@v0.36.0
+        with:
+          image-ref: "drone-ssh:scan"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy image scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: "trivy-image-results.sarif"
+          category: "trivy-image"

.gitignore

@@ -28,3 +28,5 @@ coverage.txt
 release
 drone-ssh
 .cover
+dist
+bin

.golangci.yaml

@@ -0,0 +1,114 @@
+version: "2"
+output:
+  sort-order:
+    - file
+linters:
+  default: none
+  enable:
+    - bidichk
+    - bodyclose
+    - depguard
+    - errcheck
+    - forbidigo
+    - gocheckcompilerdirectives
+    - gocritic
+    - govet
+    - ineffassign
+    - mirror
+    - modernize
+    - nakedret
+    - nilnil
+    - nolintlint
+    - perfsprint
+    - revive
+    - staticcheck
+    - testifylint
+    - unconvert
+    - unparam
+    - unused
+    - usestdlibvars
+    - usetesting
+    - wastedassign
+  settings:
+    depguard:
+      rules:
+        main:
+          deny:
+            - pkg: io/ioutil
+              desc: use os or io instead
+            - pkg: golang.org/x/exp
+              desc: it's experimental and unreliable
+            - pkg: github.com/pkg/errors
+              desc: use builtin errors package instead
+    nolintlint:
+      allow-unused: false
+      require-explanation: true
+      require-specific: true
+    gocritic:
+      enabled-checks:
+        - equalFold
+      disabled-checks: []
+    revive:
+      severity: error
+      rules:
+        - name: blank-imports
+        - name: constant-logical-expr
+        - name: context-as-argument
+        - name: context-keys-type
+        - name: dot-imports
+        - name: empty-lines
+        - name: error-return
+        - name: error-strings
+        - name: exported
+        - name: identical-branches
+        - name: if-return
+        - name: increment-decrement
+        - name: modifies-value-receiver
+        - name: package-comments
+        - name: redefines-builtin-id
+        - name: superfluous-else
+        - name: time-naming
+        - name: unexported-return
+        - name: var-declaration
+        - name: var-naming
+          disabled: true
+    staticcheck:
+      checks:
+        - all
+    testifylint: {}
+    usetesting:
+      os-temp-dir: true
+    perfsprint:
+      concat-loop: false
+    govet:
+      enable:
+        - nilness
+        - unusedwrite
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - errcheck
+          - staticcheck
+          - unparam
+        path: _test\.go
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+formatters:
+  enable:
+    - gofmt
+    - gofumpt
+    - golines
+  settings:
+    gofumpt:
+      extra-rules: true
+  exclusions:
+    generated: lax
+run:
+  timeout: 10m

.goreleaser.yaml

@@ -0,0 +1,123 @@
+before:
+  hooks:
+    - go mod tidy
+
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - darwin
+      - linux
+      - windows
+      - freebsd
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    goarm:
+      - "5"
+      - "6"
+      - "7"
+    ignore:
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: ppc64le
+      - goos: darwin
+        goarch: s390x
+      - goos: windows
+        goarch: ppc64le
+      - goos: windows
+        goarch: s390x
+      - goos: windows
+        goarch: arm
+        goarm: "5"
+      - goos: windows
+        goarch: arm
+        goarm: "6"
+      - goos: windows
+        goarch: arm
+        goarm: "7"
+      - goos: windows
+        goarch: arm64
+      - goos: freebsd
+        goarch: ppc64le
+      - goos: freebsd
+        goarch: s390x
+      - goos: freebsd
+        goarch: arm
+        goarm: "5"
+      - goos: freebsd
+        goarch: arm
+        goarm: "6"
+      - goos: freebsd
+        goarch: arm
+        goarm: "7"
+      - goos: freebsd
+        goarch: arm64
+    flags:
+      - -trimpath
+    ldflags:
+      - -s -w
+      - -X main.Version={{.Version}}
+    binary: >-
+      {{ .ProjectName }}-
+      {{- if .IsSnapshot }}{{ .Branch }}-
+      {{- else }}{{- .Version }}-{{ end }}
+      {{- .Os }}-
+      {{- if eq .Arch "amd64" }}amd64
+      {{- else if eq .Arch "amd64_v1" }}amd64
+      {{- else if eq .Arch "386" }}386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}-{{ .Arm }}{{ end }}
+    no_unique_dist_dir: true
+    hooks:
+      post:
+        - cmd: xz -k -9 {{ .Path }}
+          dir: ./dist/
+
+archives:
+  - format: binary
+    name_template: "{{ .Binary }}"
+    allow_different_binary_count: true
+
+checksum:
+  name_template: "checksums.txt"
+  extra_files:
+    - glob: ./**.xz
+
+snapshot:
+  name_template: "{{ incpatch .Version }}"
+
+release:
+  # You can add extra pre-existing files to the release.
+  # The filename on the release will be the last part of the path (base).
+  # If another file with the same name exists, the last one found will be used.
+  #
+  # Templates: allowed
+  extra_files:
+    - glob: ./**.xz
+
+changelog:
+  use: github
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: "Bug fixes"
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: "Enhancements"
+      regexp: "^.*chore[(\\w)]*:+.*$"
+      order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: "Build process updates"
+      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
+      order: 4
+    - title: "Documentation updates"
+      regexp: ^.*?docs?(\(.+\))??!?:.+$
+      order: 4
+    - title: Others
+      order: 999

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3018
+  - DL3008

.revive.toml

@@ -1,25 +0,0 @@
-ignoreGeneratedHeader = false
-severity = "warning"
-confidence = 0.8
-errorCode = 1
-warningCode = 1
-
-[rule.blank-imports]
-[rule.context-as-argument]
-[rule.context-keys-type]
-[rule.dot-imports]
-[rule.error-return]
-[rule.error-strings]
-[rule.error-naming]
-[rule.exported]
-[rule.if-return]
-[rule.increment-decrement]
-[rule.var-naming]
-[rule.var-declaration]
-[rule.package-comments]
-[rule.range]
-[rule.receiver-naming]
-[rule.time-naming]
-[rule.unexported-return]
-[rule.indent-error-flow]
-[rule.errorf]

DOCS.md

@@ -5,14 +5,14 @@ author: appleboy
 tags: [ deploy, publish, ssh ]
 repo: appleboy/drone-ssh
 logo: term.svg
-image: appleboy/drone-ssh
+image: ghcr.io/appleboy/drone-ssh
 ---
 
 Use the SSH plugin to execute commands on a remote server. The below pipeline configuration demonstrates simple usage:
 
 ```yaml
 - name: ssh commands
-  image: appleboy/drone-ssh
+  image: ghcr.io/appleboy/drone-ssh
   settings:
     host: foo.com
     username: root
@@ -27,7 +27,7 @@ Example configuration in your `.drone.yml` file for multiple hosts:
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host:
 +       - foo.com
@@ -40,11 +40,28 @@ Example configuration in your `.drone.yml` file for multiple hosts:
       - echo world
 ```
 
+Example configuration for multiple hosts with different port:
+
+```diff
+  - name: ssh commands
+    image: ghcr.io/appleboy/drone-ssh
+    settings:
+      host:
++       - foo.com:1234
++       - bar.com:5678
+      username: root
+      password: 1234
+-     port: 22
+      script:
+      - echo hello
+      - echo world
+```
+
 Example configuration for command timeout, default value is 60 seconds:
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host: foo.com
       username: root
@@ -60,7 +77,7 @@ Example configuration for execute commands on a remote server using ｀SSHProxyC
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host: foo.com
       username: root
@@ -79,7 +96,7 @@ Example configuration using password from secrets:
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host: foo.com
       username: root
@@ -95,7 +112,7 @@ Example configuration using ssh key from secrets:
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host: foo.com
       username: root
@@ -111,23 +128,28 @@ Example configuration for exporting custom secrets:
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
+    environment:
+      # MUST BE in UPPERCASE
+      COMMIT:
+        from_secret: commit
     settings:
       host: foo.com
       username: root
       password: 1234
       port: 22
 +     envs:
-        - aws_access_key_id
+        # can be in lowercase (uppercased in code)
+        - commit
       script:
-        - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
+        - echo $COMMIT
 ```
 
 Example configuration for stoping script after first failure:
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host: foo.com
       username: root
@@ -143,7 +165,7 @@ Example configuration for passphrase which protecting a private key:
 
 ```diff
   - name: ssh commands
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host: foo.com
       username: root
@@ -156,81 +178,56 @@ Example configuration for passphrase which protecting a private key:
         - echo "you can't see the steps."
 ```
 
+Example configuration for forcing protocol to IPv4 only:
+
+```diff
+  - name: ssh commands
+    image: ghcr.io/appleboy/drone-ssh
+    settings:
+      host: foo.com
+      username: root
+      password: 1234
+      port: 22
++     protocol: tcp4
+      script:
+        - echo hello
+        - echo world
+```
+
+
 ## Secret Reference
 
-ssh_username
-: account for target host user
-
-ssh_password
-: password for target host user
-
-ssh_passphrase
-: The purpose of the passphrase is usually to encrypt the private key.
-
-ssh_key
-: plain text of user private key
-
-proxy_ssh_username
-: account for user of proxy server
-
-proxy_ssh_password
-: password for user of proxy server
-
-proxy_ssh_passphrase
-: The purpose of the passphrase is usually to encrypt the private key.
-
-proxy_ssh_key
-: plain text of user private key for proxy server
+| Key | Description |
+|-----|-------------|
+| `ssh_username` | account for target host user |
+| `ssh_password` | password for target host user | |
+| `ssh_passphrase` | The purpose of the passphrase is usually to encrypt the private key. |
+| `ssh_key` | plain text of user private key |
+| `proxy_ssh_username` | account for user of proxy server |
+| `proxy_ssh_password` | password for user of proxy server |
+| `proxy_ssh_passphrase` | The purpose of the passphrase is usually to encrypt the private key. |
+| `proxy_ssh_key` | plain text of user private key for proxy server |
 
 ## Parameter Reference
 
-host
-: target hostname or IP
-
-port
-: ssh port of target host
-
-username
-: account for target host user
-
-password
-: password for target host user
-
-key
-: plain text of user private key
-
-key_path
-: key path of user private key
-
-envs
-: custom secrets which are made available in the script section
-
-script
-: execute commands on a remote server
-
-script_stop
-: stop script after first failure
-
-timeout
-: Timeout is the maximum amount of time for the ssh connection to establish, default is 30 seconds.
-
-command_timeout
-: Command timeout is the maximum amount of time for the execute commands, default is 10 minutes.
-
-proxy_host
-: proxy hostname or IP
-
-proxy_port
-: ssh port of proxy host
-
-proxy_username
-: account for proxy host user
-
-proxy_password
-: password for proxy host user
-
-proxy_key
-: plain text of proxy private key
-
-proxy_key_path
-: key path of proxy private key
+| Key | Description |
+|-----|-------------|
+| `host` | target hostname or IP |
+| `port` | ssh port of target host |
+| `protocol` | IP protocol to use: either tcp, tcp4 or tcp6 |
+| `username` | account for target host user |
+| `password` | password for target host user |
+| `key` | plain text of user private key |
+| `key_path` | key path of user private key |
+| `envs` | custom secrets which are made available in the script section |
+| `script` | execute commands on a remote server |
+| `script_stop` | stop script after first failure |
+| `timeout` | Timeout is the maximum amount of time for the ssh connection to establish, default is 30 seconds. |
+| `command_timeout` | Command timeout is the maximum amount of time for the execute commands, default is 10 minutes. |
+| `proxy_host` | proxy hostname or IP |
+| `proxy_port` | ssh port of proxy host |
+| `proxy_protocol` | IP protocol to use for the proxy: either tcp, tcp4 or tcp6 |
+| `proxy_username` | account for proxy host user |
+| `proxy_password` | password for proxy host user |
+| `proxy_key` | plain text of proxy private key |
+| `proxy_key_path` | key path of proxy private key |

Makefile

@@ -1,17 +1,19 @@
 DIST := dist
 EXECUTABLE := drone-ssh
-GOFMT ?= gofmt "-s"
+GOFMT ?= gofumpt -l
+DIST := dist
+DIST_DIRS := $(DIST)/binaries $(DIST)/release
 GO ?= go
+SHASUM ?= shasum -a 256
+GOFILES := $(shell find . -name "*.go" -type f)
+HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
+XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
+XGO_VERSION := go-1.19.x
+GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
 
-# for dockerhub
-DEPLOY_ACCOUNT := appleboy
-DEPLOY_IMAGE := $(EXECUTABLE)
-
-TARGETS ?= linux darwin windows
-ARCHS ?= amd64 386
-SOURCES ?= $(shell find . -name "*.go" -type f)
-TAGS ?=
-LDFLAGS ?= -X 'main.Version=$(VERSION)'
+LINUX_ARCHS ?= linux/amd64,linux/arm64
+DARWIN_ARCHS ?= darwin-10.12/amd64,darwin-10.12/arm64
+WINDOWS_ARCHS ?= windows/*
 
 ifneq ($(shell uname), Darwin)
 	EXTLDFLAGS = -extldflags "-static" $(null)
@@ -19,76 +21,67 @@ else
 	EXTLDFLAGS =
 endif
 
+ifeq ($(HAS_GO), GO)
+	GOPATH ?= $(shell $(GO) env GOPATH)
+	export PATH := $(GOPATH)/bin:$(PATH)
+
+	CGO_EXTRA_CFLAGS := -DSQLITE_MAX_VARIABLE_NUMBER=32766
+	CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
+endif
+
+ifeq ($(OS), Windows_NT)
+	GOFLAGS := -v -buildmode=exe
+	EXECUTABLE ?= $(EXECUTABLE).exe
+else ifeq ($(OS), Windows)
+	GOFLAGS := -v -buildmode=exe
+	EXECUTABLE ?= $(EXECUTABLE).exe
+else
+	GOFLAGS := -v
+	EXECUTABLE ?= $(EXECUTABLE)
+endif
+
 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(DRONE_TAG)
 else
 	VERSION ?= $(shell git describe --tags --always || git rev-parse --short HEAD)
 endif
 
+TAGS ?=
+LDFLAGS ?= -X 'main.Version=$(VERSION)'
+
 all: build
 
 fmt:
-	$(GOFMT) -w $(SOURCES)
+	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install mvdan.cc/gofumpt; \
+	fi
+	$(GOFMT) -w $(GOFILES)
 
 vet:
 	$(GO) vet ./...
 
-lint:
-	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/mgechev/revive; \
-	fi
-	revive -config .revive.toml ./... || exit 1
-
-.PHONY: misspell-check
-misspell-check:
-	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
-	fi
-	misspell -error $(SOURCES)
-
-.PHONY: misspell
-misspell:
-	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
-	fi
-	misspell -w $(SOURCES)
-
 .PHONY: fmt-check
 fmt-check:
-	@diff=$$($(GOFMT) -d $(SOURCES)); \
+	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install mvdan.cc/gofumpt; \
+	fi
+	@diff=$$($(GOFMT) -d $(GOFILES)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi;
 
-test: fmt-check
+test:
 	@$(GO) test -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 
-install: $(SOURCES)
+install: $(GOFILES)
 	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
 
 build: $(EXECUTABLE)
 
-$(EXECUTABLE): $(SOURCES)
-	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
-
-release: release-dirs release-build release-copy release-check
-
-release-dirs:
-	mkdir -p $(DIST)/binaries $(DIST)/release
-
-release-build:
-	@which gox > /dev/null; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/mitchellh/gox; \
-	fi
-	gox -os="$(TARGETS)" -arch="$(ARCHS)" -tags="$(TAGS)" -ldflags="-s -w $(LDFLAGS)" -output="$(DIST)/binaries/$(EXECUTABLE)-$(VERSION)-{{.OS}}-{{.Arch}}"
-
-release-copy:
-	$(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),cp $(file) $(DIST)/release/$(notdir $(file));)
-
-release-check:
-	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/release/$(EXECUTABLE)-*),sha256sum $(notdir $(file)) > $(notdir $(file)).sha256;)
+$(EXECUTABLE): $(GOFILES)
+	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o bin/$@
 
 build_linux_amd64:
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/amd64/$(DEPLOY_IMAGE)
@@ -102,37 +95,80 @@ build_linux_arm64:
 build_linux_arm:
 	CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 $(GO) build -a -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o release/linux/arm/$(DEPLOY_IMAGE)
 
-docker_image:
-	docker build -t $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE) .
-
-docker: docker_image
-
-docker_deploy:
-ifeq ($(tag),)
-	@echo "Usage: make $@ tag=<tag>"
-	@exit 1
-endif
-	# deploy image
-	docker tag $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):latest $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)
-	docker push $(DEPLOY_ACCOUNT)/$(DEPLOY_IMAGE):$(tag)
-
 ssh-server:
-	adduser -h /home/drone-scp -s /bin/bash -D -S drone-scp
+	adduser -h /home/drone-scp -s /bin/sh -D -S drone-scp
 	echo drone-scp:1234 | chpasswd
 	mkdir -p /home/drone-scp/.ssh
 	chmod 700 /home/drone-scp/.ssh
 	cat tests/.ssh/id_rsa.pub >> /home/drone-scp/.ssh/authorized_keys
 	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
+	chmod 600 /home/drone-scp/.ssh/authorized_keys
 	chown -R drone-scp /home/drone-scp/.ssh
+	# add public key to root user
+	mkdir -p /root/.ssh
+	chmod 700 /root/.ssh
+	cat tests/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
+	cat tests/.ssh/test.pub >> /root/.ssh/authorized_keys
+	chmod 600 /root/.ssh/authorized_keys
+	# Append the following entry to run ALL command without a password for a user named drone-scp:
+	cat tests/sudoers >> /etc/sudoers.d/sudoers
 	# install ssh and start server
 	apk add --update openssh openrc
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
+	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress ::/ListenAddress ::/g' /etc/ssh/sshd_config
 	./tests/entrypoint.sh /usr/sbin/sshd -D &
 
 coverage:
 	sed -i '/main.go/d' coverage.txt
 
+.PHONY: deps-backend
+deps-backend:
+	$(GO) mod download
+	$(GO) install $(GXZ_PAGAGE)
+	$(GO) install $(XGO_PACKAGE)
+
+.PHONY: release
+release: release-linux release-darwin release-windows release-copy release-compress release-check
+
+$(DIST_DIRS):
+	mkdir -p $(DIST_DIRS)
+
+.PHONY: release-windows
+release-windows: | $(DIST_DIRS)
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(WINDOWS_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
+ifeq ($(CI),true)
+	cp -r /build/* $(DIST)/binaries/
+endif
+
+.PHONY: release-linux
+release-linux: | $(DIST_DIRS)
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
+ifeq ($(CI),true)
+	cp -r /build/* $(DIST)/binaries/
+endif
+
+.PHONY: release-darwin
+release-darwin: | $(DIST_DIRS)
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets '$(DARWIN_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
+ifeq ($(CI),true)
+	cp -r /build/* $(DIST)/binaries/
+endif
+
+.PHONY: release-copy
+release-copy: | $(DIST_DIRS)
+	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
+
+.PHONY: release-check
+release-check: | $(DIST_DIRS)
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;
+
+.PHONY: release-compress
+release-compress: | $(DIST_DIRS)
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;
+
 clean:
 	$(GO) clean -x -i ./...
 	rm -rf coverage.txt $(EXECUTABLE) $(DIST)

README.md

@@ -1,30 +1,42 @@
 # drone-ssh
 
+> **English** | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md)
+
 ![sshlog](images/ssh.png)
 
 [![GitHub tag](https://img.shields.io/github/tag/appleboy/drone-ssh.svg)](https://github.com/appleboy/drone-ssh/releases)
 [![GoDoc](https://godoc.org/github.com/appleboy/drone-ssh?status.svg)](https://godoc.org/github.com/appleboy/drone-ssh)
-[![Build Status](https://cloud.drone.io/api/badges/appleboy/drone-ssh/status.svg)](https://cloud.drone.io/appleboy/drone-ssh)
+[![Lint and Testing](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml)
+[![Trivy Security Scan](https://github.com/appleboy/drone-ssh/actions/workflows/trivy.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/trivy.yml)
 [![codecov](https://codecov.io/gh/appleboy/drone-ssh/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-ssh)
 [![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-ssh)](https://goreportcard.com/report/github.com/appleboy/drone-ssh)
 [![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-ssh.svg)](https://hub.docker.com/r/appleboy/drone-ssh/)
-[![micro badger](https://images.microbadger.com/badges/image/appleboy/drone-ssh.svg)](https://microbadger.com/images/appleboy/drone-ssh "Get your own image badge on microbadger.com")
 
-Drone plugin to execute commands on a remote host through SSH. For the usage
-information and a listing of the available options please take a look at [the docs](http://plugins.drone.io/appleboy/drone-ssh/).
+A Drone plugin for executing commands on remote hosts via SSH. For usage instructions and a list of available options, please refer to [the documentation](http://plugins.drone.io/appleboy/drone-ssh/).
 
-**Note: Please update your image config path to `appleboy/drone-ssh` for drone. `plugins/ssh` is no longer maintained.**
+**Note: Please update your Drone image config path to `appleboy/drone-ssh`. The `plugins/ssh` image is no longer maintained.**
 
 ![demo](./images/demo2017.05.10.gif)
 
-## Breaking changes
+## Table of Contents
 
-`v1.5.0`: change command timeout flag to `Duration`. See the following setting:
+- [drone-ssh](#drone-ssh)
+  - [Table of Contents](#table-of-contents)
+  - [Breaking Changes](#breaking-changes)
+  - [Build or Download a Binary](#build-or-download-a-binary)
+  - [Docker](#docker)
+  - [Usage](#usage)
+  - [Mount Key from File Path](#mount-key-from-file-path)
+  - [Configuration](#configuration)
+
+## Breaking Changes
+
+As of `v1.5.0`, the command timeout flag has changed to use the `Duration` format. See the following example:
 
 ```diff
 pipeline:
   scp:
-    image: appleboy/drone-scp
+    image: ghcr.io/appleboy/drone-ssh
     settings:
       host:
         - example1.com
@@ -39,21 +51,21 @@ pipeline:
         - echo "Hello World"
 ```
 
-## Build or Download a binary
+## Build or Download a Binary
 
-The pre-compiled binaries can be downloaded from [release page](https://github.com/appleboy/drone-ssh/releases). Support the following OS type.
+Pre-compiled binaries are available on the [releases page](https://github.com/appleboy/drone-ssh/releases), supporting the following operating systems:
 
-* Windows amd64/386
-* Linux arm/amd64/386
-* Darwin amd64/386
+- Windows amd64/386
+- Linux arm/amd64/386
+- macOS (Darwin) amd64/386
 
-With `Go` installed
+If you have `Go` installed:
 
 ```sh
-go get -u -v github.com/appleboy/drone-ssh
+go install github.com/appleboy/drone-ssh@latest
 ```
 
-or build the binary with the following command:
+Or build the binary manually with the following commands:
 
 ```sh
 export GOOS=linux
@@ -68,7 +80,7 @@ go build -v -a -tags netgo -o release/linux/amd64/drone-ssh .
 
 ## Docker
 
-Build the docker image with the following commands:
+Build the Docker image with the following command:
 
 ```sh
 make docker
@@ -76,7 +88,7 @@ make docker
 
 ## Usage
 
-Execute from the working directory:
+Run from your working directory:
 
 ```sh
 docker run --rm \
@@ -86,21 +98,21 @@ docker run --rm \
   -e PLUGIN_SCRIPT=whoami \
   -v $(pwd):$(pwd) \
   -w $(pwd) \
-  appleboy/drone-ssh
+  ghcr.io/appleboy/drone-ssh
 ```
 
-## Mount key from file path
+## Mount Key from File Path
 
-Please make sure that enable the `trusted` mode in project setting for [drone 0.8 version](https://0-8-0.docs.drone.io/).
+Make sure to enable `trusted` mode in your project settings (for [Drone 0.8 version](https://0-8-0.docs.drone.io/)).
 
 ![trusted mode](./images/trust.png)
 
-Mount private key in `volumes` setting of `.drone.yml` config
+Mount the private key in the `volumes` section of your `.drone.yml` config:
 
 ```diff
 pipeline:
   ssh:
-    image: appleboy/drone-ssh
+    image: ghcr.io/appleboy/drone-ssh
     host: xxxxx.com
     username: deploy
 +   volumes:
@@ -110,4 +122,16 @@ pipeline:
       - echo "test ssh"
 ```
 
-See the detail of [issue comment](https://github.com/appleboy/drone-ssh/issues/51#issuecomment-336732928).
+See details in [this issue comment](https://github.com/appleboy/drone-ssh/issues/51#issuecomment-336732928).
+
+## Configuration
+
+See [DOCS.md](./DOCS.md) for examples and full configuration options.
+
+Configuration options are loaded from multiple sources:
+
+0. Hardcoded drone-ssh defaults. See [main.go CLI Flags](https://github.com/appleboy/drone-ssh/blob/6d9d6acc6aef1f9166118c6ba8bd214d3a582bdb/main.go#L39) for more information.
+1. From a dotenv file at a path specified by the `PLUGIN_ENV_FILE` environment variable.
+2. From your `.drone.yml` Drone configuration.
+
+Later sources override earlier ones. For example, if `PORT` is set in an `.env` file committed in the repository or created by previous test steps, it will override the default set in `main.go`.

README.zh-cn.md

@@ -0,0 +1,141 @@
+# drone-ssh
+
+> [English](./README.md) | [繁體中文](./README.zh-tw.md) | **简体中文**
+
+![sshlog](images/ssh.png)
+
+<!-- 图片说明：SSH 日志画面，内容与原文一致 -->
+
+[![GitHub tag](https://img.shields.io/github/tag/appleboy/drone-ssh.svg)](https://github.com/appleboy/drone-ssh/releases)
+[![GoDoc](https://godoc.org/github.com/appleboy/drone-ssh?status.svg)](https://godoc.org/github.com/appleboy/drone-ssh)
+[![Lint and Testing](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml)
+[![Trivy Security Scan](https://github.com/appleboy/drone-ssh/actions/workflows/trivy.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/trivy.yml)
+[![codecov](https://codecov.io/gh/appleboy/drone-ssh/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-ssh)
+[![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-ssh)](https://goreportcard.com/report/github.com/appleboy/drone-ssh)
+[![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-ssh.svg)](https://hub.docker.com/r/appleboy/drone-ssh/)
+
+Drone 插件，可通过 SSH 在远程主机执行命令。使用方法和可用选项请参考[官方文档](http://plugins.drone.io/appleboy/drone-ssh/)。
+
+**注意：请将 Drone 的 image config 路径更新为 `appleboy/drone-ssh`。`plugins/ssh` 已不再维护。**
+
+![demo](./images/demo2017.05.10.gif)
+
+<!-- 图片说明：SSH 命令执行演示动画，内容与原文一致 -->
+
+## 目录
+
+- [drone-ssh](#drone-ssh)
+  - [目录](#目录)
+  - [重大变更](#重大变更)
+  - [构建或下载二进制文件](#构建或下载二进制文件)
+  - [Docker](#docker)
+  - [使用方法](#使用方法)
+  - [通过文件路径挂载密钥](#通过文件路径挂载密钥)
+  - [配置说明](#配置说明)
+
+## 重大变更
+
+`v1.5.0`：将命令超时参数更改为 `Duration` 格式。设置示例如下：
+
+```diff
+pipeline:
+  scp:
+    image: ghcr.io/appleboy/drone-ssh
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      username: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
++     command_timeout: 2m
+      script:
+        - echo "Hello World"
+```
+
+## 构建或下载二进制文件
+
+可在[发布页面](https://github.com/appleboy/drone-ssh/releases)下载预编译的二进制文件，支持以下操作系统：
+
+- Windows amd64/386
+- Linux arm/amd64/386
+- macOS (Darwin) amd64/386
+
+如已安装 `Go`，可执行：
+
+```sh
+go install github.com/appleboy/drone-ssh@latest
+```
+
+或使用以下命令手动构建二进制文件：
+
+```sh
+export GOOS=linux
+export GOARCH=amd64
+export CGO_ENABLED=0
+export GO111MODULE=on
+
+go test -cover ./...
+
+go build -v -a -tags netgo -o release/linux/amd64/drone-ssh .
+```
+
+## Docker
+
+可使用以下命令构建 Docker 镜像：
+
+```sh
+make docker
+```
+
+## 使用方法
+
+在工作目录下执行：
+
+```sh
+docker run --rm \
+  -e PLUGIN_HOST=foo.com \
+  -e PLUGIN_USERNAME=root \
+  -e PLUGIN_KEY="$(cat ${HOME}/.ssh/id_rsa)" \
+  -e PLUGIN_SCRIPT=whoami \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  ghcr.io/appleboy/drone-ssh
+```
+
+## 通过文件路径挂载密钥
+
+请确保已在项目设置中启用 `trusted` 模式（适用于 [Drone 0.8 版本](https://0-8-0.docs.drone.io/)）。
+
+![trusted mode](./images/trust.png)
+
+在 `.drone.yml` 配置文件的 `volumes` 部分挂载私钥：
+
+```diff
+pipeline:
+  ssh:
+    image: ghcr.io/appleboy/drone-ssh
+    host: xxxxx.com
+    username: deploy
++   volumes:
++     - /root/drone_rsa:/root/ssh/drone_rsa
+    key_path: /root/ssh/drone_rsa
+    script:
+      - echo "test ssh"
+```
+
+详情请参考 [此 issue comment](https://github.com/appleboy/drone-ssh/issues/51#issuecomment-336732928)。
+
+## 配置说明
+
+更多示例和完整配置选项请参考 [DOCS.md](./DOCS.md)。
+
+配置选项来源如下：
+
+0. 内置 drone-ssh 默认值。详见 [main.go CLI Flags](https://github.com/appleboy/drone-ssh/blob/6d9d6acc6aef1f9166118c6ba8bd214d3a582bdb/main.go#L39)。
+1. 由 `PLUGIN_ENV_FILE` 环境变量指定的 dotenv 文件。
+2. `.drone.yml` Drone 配置文件。
+
+后面的来源会覆盖前面的设置。例如，`.env` 文件中的 `PORT` 会覆盖 main.go 的默认值。

README.zh-tw.md

@@ -0,0 +1,141 @@
+# drone-ssh
+
+> [English](./README.md) | **繁體中文** | [简体中文](./README.zh-cn.md)
+
+![sshlog](images/ssh.png)
+
+<!-- 圖片說明：SSH 日誌畫面，圖片內容與原文相同 -->
+
+[![GitHub tag](https://img.shields.io/github/tag/appleboy/drone-ssh.svg)](https://github.com/appleboy/drone-ssh/releases)
+[![GoDoc](https://godoc.org/github.com/appleboy/drone-ssh?status.svg)](https://godoc.org/github.com/appleboy/drone-ssh)
+[![Lint and Testing](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml)
+[![Trivy Security Scan](https://github.com/appleboy/drone-ssh/actions/workflows/trivy.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/trivy.yml)
+[![codecov](https://codecov.io/gh/appleboy/drone-ssh/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-ssh)
+[![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-ssh)](https://goreportcard.com/report/github.com/appleboy/drone-ssh)
+[![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-ssh.svg)](https://hub.docker.com/r/appleboy/drone-ssh/)
+
+Drone 外掛程式，可透過 SSH 在遠端主機執行指令。使用方式與可用選項請參考[官方文件](http://plugins.drone.io/appleboy/drone-ssh/)。
+
+**注意：請將 Drone 的 image config 路徑更新為 `appleboy/drone-ssh`。`plugins/ssh` 已不再維護。**
+
+![demo](./images/demo2017.05.10.gif)
+
+<!-- 圖片說明：SSH 指令執行示意動畫，內容與原文相同 -->
+
+## 目錄
+
+- [drone-ssh](#drone-ssh)
+  - [目錄](#目錄)
+  - [重大變更](#重大變更)
+  - [建置或下載執行檔](#建置或下載執行檔)
+  - [Docker](#docker)
+  - [使用方式](#使用方式)
+  - [以檔案路徑掛載金鑰](#以檔案路徑掛載金鑰)
+  - [設定說明](#設定說明)
+
+## 重大變更
+
+`v1.5.0`：將指令逾時參數改為 `Duration` 格式。設定範例如下：
+
+```diff
+pipeline:
+  scp:
+    image: ghcr.io/appleboy/drone-ssh
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      username: ubuntu
+      password:
+        from_secret: ssh_password
+      port: 22
+-     command_timeout: 120
++     command_timeout: 2m
+      script:
+        - echo "Hello World"
+```
+
+## 建置或下載執行檔
+
+可於[發行頁面](https://github.com/appleboy/drone-ssh/releases)下載預先編譯的執行檔，支援以下作業系統：
+
+- Windows amd64/386
+- Linux arm/amd64/386
+- macOS (Darwin) amd64/386
+
+若已安裝 `Go`，可執行：
+
+```sh
+go install github.com/appleboy/drone-ssh@latest
+```
+
+或使用下列指令手動建置執行檔：
+
+```sh
+export GOOS=linux
+export GOARCH=amd64
+export CGO_ENABLED=0
+export GO111MODULE=on
+
+go test -cover ./...
+
+go build -v -a -tags netgo -o release/linux/amd64/drone-ssh .
+```
+
+## Docker
+
+可使用下列指令建置 Docker 映像檔：
+
+```sh
+make docker
+```
+
+## 使用方式
+
+於工作目錄下執行：
+
+```sh
+docker run --rm \
+  -e PLUGIN_HOST=foo.com \
+  -e PLUGIN_USERNAME=root \
+  -e PLUGIN_KEY="$(cat ${HOME}/.ssh/id_rsa)" \
+  -e PLUGIN_SCRIPT=whoami \
+  -v $(pwd):$(pwd) \
+  -w $(pwd) \
+  ghcr.io/appleboy/drone-ssh
+```
+
+## 以檔案路徑掛載金鑰
+
+請確認已於專案設定中啟用 `trusted` 模式（適用於 [Drone 0.8 版本](https://0-8-0.docs.drone.io/)）。
+
+![trusted mode](./images/trust.png)
+
+於 `.drone.yml` 設定檔的 `volumes` 區段掛載私鑰：
+
+```diff
+pipeline:
+  ssh:
+    image: ghcr.io/appleboy/drone-ssh
+    host: xxxxx.com
+    username: deploy
++   volumes:
++     - /root/drone_rsa:/root/ssh/drone_rsa
+    key_path: /root/ssh/drone_rsa
+    script:
+      - echo "test ssh"
+```
+
+詳情請參考 [此 issue comment](https://github.com/appleboy/drone-ssh/issues/51#issuecomment-336732928)。
+
+## 設定說明
+
+更多範例與完整設定選項請參考 [DOCS.md](./DOCS.md)。
+
+設定選項來源如下：
+
+0. 內建 drone-ssh 預設值。詳見 [main.go CLI Flags](https://github.com/appleboy/drone-ssh/blob/6d9d6acc6aef1f9166118c6ba8bd214d3a582bdb/main.go#L39)。
+1. 由 `PLUGIN_ENV_FILE` 環境變數指定的 dotenv 檔案。
+2. `.drone.yml` Drone 設定檔。
+
+後面的來源會覆蓋前面的設定。例如，`.env` 檔案中的 `PORT` 會覆蓋 main.go 的預設值。

docker/Dockerfile

@@ -0,0 +1,37 @@
+FROM alpine:3.21
+
+ARG TARGETOS
+ARG TARGETARCH
+
+LABEL maintainer="Bo-Yi Wu <appleboy.tw@gmail.com>" \
+  org.label-schema.name="SSH Plugin" \
+  org.label-schema.vendor="Bo-Yi Wu" \
+  org.label-schema.schema-version="1.0"
+
+LABEL org.opencontainers.image.source=https://github.com/appleboy/drone-ssh
+LABEL org.opencontainers.image.description="Execute commands on a remote host through SSH"
+LABEL org.opencontainers.image.licenses=MIT
+
+RUN apk add --no-cache ca-certificates tzdata && \
+  rm -rf /var/cache/apk/*
+
+RUN addgroup \
+  -S -g 1000 \
+  deploy && \
+  adduser \
+  -S -H -D \
+  -h /home/deploy \
+  -s /bin/sh \
+  -u 1000 \
+  -G deploy \
+  deploy
+
+RUN mkdir -p /home/deploy && \
+  chown deploy:deploy /home/deploy
+
+# deploy:deploy
+USER 1000:1000
+
+COPY release/${TARGETOS}/${TARGETARCH}/drone-ssh /bin/
+
+ENTRYPOINT ["/bin/drone-ssh"]

docker/Dockerfile.linux.amd64

@@ -1,12 +0,0 @@
-FROM plugins/base:linux-amd64
-
-LABEL maintainer="Bo-Yi Wu <appleboy.tw@gmail.com>" \
-  org.label-schema.name="Drone SSH" \
-  org.label-schema.vendor="Bo-Yi Wu" \
-  org.label-schema.schema-version="1.0"
-
-RUN apk add --no-cache ca-certificates && \
-  rm -rf /var/cache/apk/*
-
-ADD release/linux/amd64/drone-ssh /bin/
-ENTRYPOINT ["/bin/drone-ssh"]

docker/Dockerfile.linux.arm

@@ -1,12 +0,0 @@
-FROM plugins/base:linux-arm
-
-LABEL maintainer="Bo-Yi Wu <appleboy.tw@gmail.com>" \
-  org.label-schema.name="Drone SSH" \
-  org.label-schema.vendor="Bo-Yi Wu" \
-  org.label-schema.schema-version="1.0"
-
-RUN apk add --no-cache ca-certificates && \
-  rm -rf /var/cache/apk/*
-
-ADD release/linux/arm/drone-ssh /bin/
-ENTRYPOINT ["/bin/drone-ssh"]

docker/Dockerfile.linux.arm64

@@ -1,12 +0,0 @@
-FROM plugins/base:linux-arm64
-
-LABEL maintainer="Bo-Yi Wu <appleboy.tw@gmail.com>" \
-  org.label-schema.name="Drone SSH" \
-  org.label-schema.vendor="Bo-Yi Wu" \
-  org.label-schema.schema-version="1.0"
-
-RUN apk add --no-cache ca-certificates && \
-  rm -rf /var/cache/apk/*
-
-ADD release/linux/arm64/drone-ssh /bin/
-ENTRYPOINT ["/bin/drone-ssh"]

docker/Dockerfile.windows.amd64

@@ -1,9 +0,0 @@
-FROM microsoft/nanoserver:10.0.14393.1884
-
-LABEL maintainer="Bo-Yi Wu <appleboy.tw@gmail.com>" \
-  org.label-schema.name="Drone SSH" \
-  org.label-schema.vendor="Bo-Yi Wu" \
-  org.label-schema.schema-version="1.0"
-
-ADD drone-ssh.exe /drone-ssh.exe
-ENTRYPOINT [ "\\drone-ssh.exe" ]

docker/manifest.tmpl

@@ -1,25 +0,0 @@
-image: appleboy/drone-ssh:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
-{{#if build.tags}}
-tags:
-{{#each build.tags}}
-  - {{this}}
-{{/each}}
-{{/if}}
-manifests:
-  -
-    image: appleboy/drone-ssh:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
-    platform:
-      architecture: amd64
-      os: linux
-  -
-    image: appleboy/drone-ssh:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
-    platform:
-      architecture: arm64
-      os: linux
-      variant: v8
-  -
-    image: appleboy/drone-ssh:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7

go.mod

@@ -1,10 +1,69 @@
 module github.com/appleboy/drone-ssh
 
-go 1.14
+go 1.25.10
 
 require (
-	github.com/appleboy/easyssh-proxy v1.3.1
-	github.com/joho/godotenv v1.3.0
-	github.com/stretchr/testify v1.3.0
-	github.com/urfave/cli v1.22.4
+	github.com/appleboy/easyssh-proxy v1.5.2
+	github.com/joho/godotenv v1.5.1
+	github.com/stretchr/testify v1.11.1
+	github.com/testcontainers/testcontainers-go v0.42.0
+	github.com/urfave/cli/v2 v2.27.7
+	github.com/yassinebenaid/godump v0.11.1
+	golang.org/x/crypto v0.49.0
+)
+
+require (
+	dario.cat/mergo v1.0.2 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ScaleFT/sshkeys v1.4.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/containerd/errdefs v1.0.0 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/platforms v0.2.1 // indirect
+	github.com/cpuguy83/dockercfg v0.3.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-connections v0.6.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/ebitengine/purego v0.10.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/klauspost/compress v1.18.5 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/magiconair/properties v1.8.10 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/go-archive v0.2.0 // indirect
+	github.com/moby/moby/api v1.54.1 // indirect
+	github.com/moby/moby/client v0.4.0 // indirect
+	github.com/moby/patternmatcher v0.6.1 // indirect
+	github.com/moby/sys/sequential v0.6.0 // indirect
+	github.com/moby/sys/user v0.4.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
+	github.com/moby/term v0.5.2 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/shirou/gopsutil/v4 v4.26.3 // indirect
+	github.com/sirupsen/logrus v1.9.4 // indirect
+	github.com/tklauser/go-sysconf v0.3.16 // indirect
+	github.com/tklauser/numcpus v0.11.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect
+	github.com/yusufpapurcu/wmi v1.2.4 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
+	go.opentelemetry.io/otel v1.41.0 // indirect
+	go.opentelemetry.io/otel/metric v1.41.0 // indirect
+	go.opentelemetry.io/otel/trace v1.41.0 // indirect
+	golang.org/x/sys v0.43.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,34 +1,153 @@
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0xINSaSYH0Whtvem64/4+Ef0+Y5pE=
-github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
-github.com/appleboy/easyssh-proxy v1.3.1 h1:zj5u800KIRPziMlJouhd2R6jufz6ihGlFSmojzXYSOw=
-github.com/appleboy/easyssh-proxy v1.3.1/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
+dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/ScaleFT/sshkeys v1.4.0 h1:Yqd0cKA5PUvwV0dgRI67BDHGTsMHtGQBZbLXh1dthmE=
+github.com/ScaleFT/sshkeys v1.4.0/go.mod h1:GineMkS8SEiELq8q5DzA2Wnrw65SqdD9a+hm8JOU1I4=
+github.com/appleboy/easyssh-proxy v1.5.2 h1:Fe4/RMNtoU/l36w5DvOEyMX3VcpwUbqZYBdPugqODOs=
+github.com/appleboy/easyssh-proxy v1.5.2/go.mod h1:cv8OlpCbAdxVNYgY/vQcM7f/Ep51UG5oyLK+J2kZhEc=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
+github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
+github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
+github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
+github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GKorA=
+github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
+github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
+github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
+github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
 github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
-github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
+github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU=
+github.com/ebitengine/purego v0.10.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
+github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE=
+github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
+github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
+github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
+github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
+github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8=
+github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU=
+github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4=
+github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs=
+github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw=
+github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g=
+github.com/moby/patternmatcher v0.6.1 h1:qlhtafmr6kgMIJjKJMDmMWq7WLkKIo23hsrpR3x084U=
+github.com/moby/patternmatcher v0.6.1/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
+github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
+github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
+github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
+github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
+github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
+github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876 h1:sKJQZMuxjOAR/Uo2LBfU90onWEf1dF4C+0hPJCc9Mpc=
-golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shirou/gopsutil/v4 v4.26.3 h1:2ESdQt90yU3oXF/CdOlRCJxrP+Am1aBYubTMTfxJ1qc=
+github.com/shirou/gopsutil/v4 v4.26.3/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ=
+github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
+github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
+github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4=
+github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/testcontainers/testcontainers-go v0.42.0 h1:He3IhTzTZOygSXLJPMX7n44XtK+qhjat1nI9cneBbUY=
+github.com/testcontainers/testcontainers-go v0.42.0/go.mod h1:vZjdY1YmUA1qEForxOIOazfsrdyORJAbhi0bp8plN30=
+github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
+github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
+github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
+github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
+github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU=
+github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAzt5X7s6266i6cSVkkFPS0TuXWbIg=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yassinebenaid/godump v0.11.1 h1:SPujx/XaYqGDfmNh7JI3dOyCUVrG0bG2duhO3Eh2EhI=
+github.com/yassinebenaid/godump v0.11.1/go.mod h1:dc/0w8wmg6kVIvNGAzbKH1Oa54dXQx8SNKh4dPRyW44=
+github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
+github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
+go.opentelemetry.io/otel v1.41.0 h1:YlEwVsGAlCvczDILpUXpIpPSL/VPugt7zHThEMLce1c=
+go.opentelemetry.io/otel v1.41.0/go.mod h1:Yt4UwgEKeT05QbLwbyHXEwhnjxNO6D8L5PQP51/46dE=
+go.opentelemetry.io/otel/metric v1.41.0 h1:rFnDcs4gRzBcsO9tS8LCpgR0dxg4aaxWlJxCno7JlTQ=
+go.opentelemetry.io/otel/metric v1.41.0/go.mod h1:xPvCwd9pU0VN8tPZYzDZV/BMj9CM9vs00GuBjeKhJps=
+go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
+go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
+go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
+go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
+go.opentelemetry.io/otel/trace v1.41.0 h1:Vbk2co6bhj8L59ZJ6/xFTskY+tGAbOnCtQGVVa9TIN0=
+go.opentelemetry.io/otel/trace v1.41.0/go.mod h1:U1NU4ULCoxeDKc09yCWdWe+3QoyweJcISEVa1RBzOis=
+golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
+golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
+golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
+gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

main.go

@@ -3,12 +3,13 @@ package main
 import (
 	"log"
 	"os"
+	"strconv"
 	"time"
 
-	"github.com/appleboy/easyssh-proxy"
+	easyssh "github.com/appleboy/easyssh-proxy"
 	"github.com/joho/godotenv"
-	_ "github.com/joho/godotenv/autoload"
-	"github.com/urfave/cli"
+	"github.com/urfave/cli/v2"
+	"github.com/yassinebenaid/godump"
 )
 
 // Version set at compile-time
@@ -20,11 +21,15 @@ func main() {
 		_ = godotenv.Load(filename)
 	}
 
+	if _, err := os.Stat("/run/drone/env"); err == nil {
+		_ = godotenv.Overload("/run/drone/env")
+	}
+
 	app := cli.NewApp()
 	app.Name = "Drone SSH"
 	app.Usage = "Executing remote ssh commands"
-	app.Copyright = "Copyright (c) 2019 Bo-Yi Wu"
-	app.Authors = []cli.Author{
+	app.Copyright = "Copyright (c) " + strconv.Itoa(time.Now().Year()) + " Bo-Yi Wu"
+	app.Authors = []*cli.Author{
 		{
 			Name:  "Bo-Yi Wu",
 			Email: "appleboy.tw@gmail.com",
@@ -33,126 +38,247 @@ func main() {
 	app.Action = run
 	app.Version = Version
 	app.Flags = []cli.Flag{
-		cli.StringFlag{
-			Name:   "ssh-key",
-			Usage:  "private ssh key",
-			EnvVar: "PLUGIN_SSH_KEY,PLUGIN_KEY,SSH_KEY,KEY,INPUT_KEY",
+		&cli.StringSliceFlag{
+			Name:     "host",
+			Aliases:  []string{"H"},
+			Usage:    "connect to host",
+			EnvVars:  []string{"PLUGIN_HOST", "SSH_HOST", "INPUT_HOST"},
+			FilePath: ".host",
 		},
-		cli.StringFlag{
-			Name:   "ssh-passphrase",
-			Usage:  "The purpose of the passphrase is usually to encrypt the private key.",
-			EnvVar: "PLUGIN_SSH_PASSPHRASE,PLUGIN_PASSPHRASE,SSH_PASSPHRASE,PASSPHRASE,INPUT_PASSPHRASE",
+		&cli.IntFlag{
+			Name:    "port",
+			Aliases: []string{"p"},
+			Usage:   "connect to port",
+			EnvVars: []string{"PLUGIN_PORT", "SSH_PORT", "INPUT_PORT"},
+			Value:   22,
 		},
-		cli.StringFlag{
-			Name:   "key-path,i",
-			Usage:  "ssh private key path",
-			EnvVar: "PLUGIN_KEY_PATH,SSH_KEY_PATH,INPUT_KEY_PATH",
+		&cli.StringFlag{
+			Name:    "protocol",
+			Usage:   "The IP protocol to use. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
+			EnvVars: []string{"PLUGIN_PROTOCOL", "SSH_PROTOCOL", "INPUT_PROTOCOL"},
+			Value:   "tcp",
 		},
-		cli.StringFlag{
-			Name:   "username,user,u",
-			Usage:  "connect as user",
-			EnvVar: "PLUGIN_USERNAME,PLUGIN_USER,SSH_USERNAME,USERNAME,INPUT_USERNAME",
-			Value:  "root",
+		&cli.StringFlag{
+			Name:    "username",
+			Aliases: []string{"user", "u"},
+			Usage:   "connect as user",
+			EnvVars: []string{"PLUGIN_USERNAME", "PLUGIN_USER", "SSH_USERNAME", "INPUT_USERNAME"},
+			Value:   "root",
 		},
-		cli.StringFlag{
-			Name:   "password,P",
-			Usage:  "user password",
-			EnvVar: "PLUGIN_PASSWORD,SSH_PASSWORD,PASSWORD,INPUT_PASSWORD",
+		&cli.StringFlag{
+			Name:    "password",
+			Aliases: []string{"P"},
+			Usage:   "user password",
+			EnvVars: []string{"PLUGIN_PASSWORD", "SSH_PASSWORD", "INPUT_PASSWORD"},
 		},
-		cli.StringSliceFlag{
-			Name:   "host,H",
-			Usage:  "connect to host",
-			EnvVar: "PLUGIN_HOST,SSH_HOST,HOST,INPUT_HOST",
+		&cli.DurationFlag{
+			Name:    "timeout",
+			Aliases: []string{"t"},
+			Usage:   "connection timeout",
+			EnvVars: []string{"PLUGIN_TIMEOUT", "SSH_TIMEOUT", "INPUT_TIMEOUT"},
+			Value:   30 * time.Second,
 		},
-		cli.IntFlag{
-			Name:   "port,p",
-			Usage:  "connect to port",
-			EnvVar: "PLUGIN_PORT,SSH_PORT,PORT,INPUT_PORT",
-			Value:  22,
+		&cli.StringFlag{
+			Name:    "ssh-key",
+			Usage:   "private ssh key",
+			EnvVars: []string{"PLUGIN_SSH_KEY", "PLUGIN_KEY", "SSH_KEY", "INPUT_KEY"},
 		},
-		cli.BoolFlag{
-			Name:   "sync",
-			Usage:  "sync mode",
-			EnvVar: "PLUGIN_SYNC,SYNC,INPUT_SYNC",
+		&cli.StringFlag{
+			Name:  "ssh-passphrase",
+			Usage: "The purpose of the passphrase is usually to encrypt the private key.",
+			EnvVars: []string{
+				"PLUGIN_SSH_PASSPHRASE",
+				"PLUGIN_PASSPHRASE",
+				"SSH_PASSPHRASE",
+				"INPUT_PASSPHRASE",
+			},
 		},
-		cli.DurationFlag{
-			Name:   "timeout,t",
-			Usage:  "connection timeout",
-			EnvVar: "PLUGIN_TIMEOUT,SSH_TIMEOUT,TIMEOUT,INPUT_TIMEOUT",
-			Value:  30 * time.Second,
+		&cli.StringFlag{
+			Name:    "key-path",
+			Aliases: []string{"i"},
+			Usage:   "ssh private key path",
+			EnvVars: []string{"PLUGIN_KEY_PATH", "SSH_KEY_PATH", "INPUT_KEY_PATH"},
 		},
-		cli.DurationFlag{
-			Name:   "command.timeout,T",
-			Usage:  "command timeout",
-			EnvVar: "PLUGIN_COMMAND_TIMEOUT,SSH_COMMAND_TIMEOUT,COMMAND_TIMEOUT,INPUT_COMMAND_TIMEOUT",
-			Value:  10 * time.Minute,
+		&cli.StringSliceFlag{
+			Name:    "ciphers",
+			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "INPUT_CIPHERS"},
 		},
-		cli.StringSliceFlag{
-			Name:   "script,s",
-			Usage:  "execute commands",
-			EnvVar: "PLUGIN_SCRIPT,SSH_SCRIPT,SCRIPT",
+		&cli.BoolFlag{
+			Name:  "useInsecureCipher",
+			Usage: "include more ciphers with use_insecure_cipher",
+			EnvVars: []string{
+				"PLUGIN_USE_INSECURE_CIPHER",
+				"SSH_USE_INSECURE_CIPHER",
+				"INPUT_USE_INSECURE_CIPHER",
+			},
 		},
-		cli.StringFlag{
-			Name:   "script.string",
-			Usage:  "execute single commands for github action",
-			EnvVar: "INPUT_SCRIPT",
+		&cli.StringFlag{
+			Name:    "fingerprint",
+			Usage:   "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVars: []string{"PLUGIN_FINGERPRINT", "SSH_FINGERPRINT", "INPUT_FINGERPRINT"},
 		},
-		cli.BoolFlag{
-			Name:   "script.stop",
-			Usage:  "stop script after first failure",
-			EnvVar: "PLUGIN_SCRIPT_STOP,STOP,INPUT_SCRIPT_STOP",
+		&cli.BoolFlag{
+			Name:    "sync",
+			Usage:   "sync mode",
+			EnvVars: []string{"PLUGIN_SYNC", "INPUT_SYNC"},
 		},
-		cli.StringFlag{
-			Name:   "proxy.ssh-key",
-			Usage:  "private ssh key of proxy",
-			EnvVar: "PLUGIN_PROXY_SSH_KEY,PLUGIN_PROXY_KEY,PROXY_SSH_KEY,INPUT_PROXY_KEY",
+		&cli.DurationFlag{
+			Name:    "command.timeout",
+			Aliases: []string{"T"},
+			Usage:   "command timeout",
+			EnvVars: []string{
+				"PLUGIN_COMMAND_TIMEOUT",
+				"SSH_COMMAND_TIMEOUT",
+				"INPUT_COMMAND_TIMEOUT",
+			},
+			Value: 10 * time.Minute,
 		},
-		cli.StringFlag{
-			Name:   "proxy.ssh-passphrase",
-			Usage:  "The purpose of the passphrase is usually to encrypt the private key.",
-			EnvVar: "PLUGIN_PROXY_SSH_PASSPHRASE,PLUGIN_PROXY_PASSPHRASE,PROXY_SSH_PASSPHRASE,PROXY_PASSPHRASE,INPUT_PROXY_PASSPHRASE",
+		&cli.StringSliceFlag{
+			Name:    "script",
+			Aliases: []string{"s"},
+			Usage:   "execute commands",
+			EnvVars: []string{"PLUGIN_SCRIPT", "SSH_SCRIPT"},
 		},
-		cli.StringFlag{
-			Name:   "proxy.key-path",
-			Usage:  "ssh private key path of proxy",
-			EnvVar: "PLUGIN_PROXY_KEY_PATH,PROXY_SSH_KEY_PATH,INPUT_PROXY_KEY_PATH",
+		&cli.StringFlag{
+			Name:    "script.string",
+			Usage:   "execute single commands for github action",
+			EnvVars: []string{"INPUT_SCRIPT"},
 		},
-		cli.StringFlag{
-			Name:   "proxy.username",
-			Usage:  "connect as user of proxy",
-			EnvVar: "PLUGIN_PROXY_USERNAME,PLUGIN_PROXY_USER,PROXY_SSH_USERNAME,INPUT_PROXY_USERNAME",
-			Value:  "root",
+		&cli.StringFlag{
+			Name:    "script.file",
+			Usage:   "execute commands from a file for github action",
+			EnvVars: []string{"PLUGIN_SCRIPT_FILE", "INPUT_SCRIPT_FILE"},
 		},
-		cli.StringFlag{
-			Name:   "proxy.password",
-			Usage:  "user password of proxy",
-			EnvVar: "PLUGIN_PROXY_PASSWORD,PROXY_SSH_PASSWORD,INPUT_PROXY_PASSWORD",
+		&cli.BoolFlag{
+			Name:    "script.stop",
+			Usage:   "stop script after first failure",
+			EnvVars: []string{"PLUGIN_SCRIPT_STOP", "INPUT_SCRIPT_STOP"},
 		},
-		cli.StringFlag{
-			Name:   "proxy.host",
-			Usage:  "connect to host of proxy",
-			EnvVar: "PLUGIN_PROXY_HOST,PROXY_SSH_HOST,INPUT_PROXY_HOST",
+		&cli.StringFlag{
+			Name:    "proxy.host",
+			Usage:   "connect to host of proxy",
+			EnvVars: []string{"PLUGIN_PROXY_HOST", "PROXY_SSH_HOST", "INPUT_PROXY_HOST"},
 		},
-		cli.StringFlag{
-			Name:   "proxy.port",
-			Usage:  "connect to port of proxy",
-			EnvVar: "PLUGIN_PROXY_PORT,PROXY_SSH_PORT,INPUT_PROXY_PORT",
-			Value:  "22",
+		&cli.StringFlag{
+			Name:    "proxy.port",
+			Usage:   "connect to port of proxy",
+			EnvVars: []string{"PLUGIN_PROXY_PORT", "PROXY_SSH_PORT", "INPUT_PROXY_PORT"},
+			Value:   "22",
 		},
-		cli.DurationFlag{
-			Name:   "proxy.timeout",
-			Usage:  "proxy connection timeout",
-			EnvVar: "PLUGIN_PROXY_TIMEOUT,PROXY_SSH_TIMEOUT,INPUT_PROXY_TIMEOUT",
+		&cli.StringFlag{
+			Name:  "proxy.protocol",
+			Usage: "The IP protocol to use for the proxy. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
+			EnvVars: []string{
+				"PLUGIN_PROXY_PROTOCOL",
+				"SSH_PROXY_PROTOCOL",
+				"INPUT_PROXY_PROTOCOL",
+			},
+			Value: "tcp",
 		},
-		cli.StringSliceFlag{
-			Name:   "envs",
-			Usage:  "pass environment variable to shell script",
-			EnvVar: "PLUGIN_ENVS,INPUT_ENVS",
+		&cli.StringFlag{
+			Name:  "proxy.username",
+			Usage: "connect as user of proxy",
+			EnvVars: []string{
+				"PLUGIN_PROXY_USERNAME",
+				"PLUGIN_PROXY_USER",
+				"PROXY_SSH_USERNAME",
+				"INPUT_PROXY_USERNAME",
+			},
+			Value: "root",
 		},
-		cli.BoolFlag{
-			Name:   "debug",
-			Usage:  "debug mode",
-			EnvVar: "PLUGIN_DEBUG,DEBUG,INPUT_DEBUG",
+		&cli.StringFlag{
+			Name:  "proxy.password",
+			Usage: "user password of proxy",
+			EnvVars: []string{
+				"PLUGIN_PROXY_PASSWORD",
+				"PROXY_SSH_PASSWORD",
+				"INPUT_PROXY_PASSWORD",
+			},
+		},
+		&cli.StringFlag{
+			Name:  "proxy.ssh-key",
+			Usage: "private ssh key of proxy",
+			EnvVars: []string{
+				"PLUGIN_PROXY_SSH_KEY",
+				"PLUGIN_PROXY_KEY",
+				"PROXY_SSH_KEY",
+				"INPUT_PROXY_KEY",
+			},
+		},
+		&cli.StringFlag{
+			Name:  "proxy.ssh-passphrase",
+			Usage: "The purpose of the passphrase is usually to encrypt the private key.",
+			EnvVars: []string{
+				"PLUGIN_PROXY_SSH_PASSPHRASE",
+				"PLUGIN_PROXY_PASSPHRASE",
+				"PROXY_SSH_PASSPHRASE",
+				"INPUT_PROXY_PASSPHRASE",
+			},
+		},
+		&cli.StringFlag{
+			Name:  "proxy.key-path",
+			Usage: "ssh private key path of proxy",
+			EnvVars: []string{
+				"PLUGIN_PROXY_KEY_PATH",
+				"PROXY_SSH_KEY_PATH",
+				"INPUT_PROXY_KEY_PATH",
+			},
+		},
+		&cli.DurationFlag{
+			Name:    "proxy.timeout",
+			Usage:   "proxy connection timeout",
+			EnvVars: []string{"PLUGIN_PROXY_TIMEOUT", "PROXY_SSH_TIMEOUT", "INPUT_PROXY_TIMEOUT"},
+		},
+		&cli.StringSliceFlag{
+			Name:    "proxy.ciphers",
+			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVars: []string{"PLUGIN_PROXY_CIPHERS", "PROXY_SSH_CIPHERS", "INPUT_PROXY_CIPHERS"},
+		},
+		&cli.BoolFlag{
+			Name:  "proxy.useInsecureCipher",
+			Usage: "include more ciphers with use_insecure_cipher",
+			EnvVars: []string{
+				"PLUGIN_PROXY_USE_INSECURE_CIPHER",
+				"PROXY_SSH_USE_INSECURE_CIPHER",
+				"INPUT_PROXY_USE_INSECURE_CIPHER",
+			},
+		},
+		&cli.StringFlag{
+			Name:  "proxy.fingerprint",
+			Usage: "fingerprint SHA256 of the host public key, default is to skip verification",
+			EnvVars: []string{
+				"PLUGIN_PROXY_FINGERPRINT",
+				"PROXY_SSH_FINGERPRINT",
+				"PROXY_FINGERPRINT",
+				"INPUT_PROXY_FINGERPRINT",
+			},
+		},
+		&cli.StringSliceFlag{
+			Name:    "envs",
+			Usage:   "pass environment variable to shell script",
+			EnvVars: []string{"PLUGIN_ENVS", "INPUT_ENVS"},
+		},
+		&cli.BoolFlag{
+			Name:    "debug",
+			Usage:   "debug mode",
+			EnvVars: []string{"PLUGIN_DEBUG", "INPUT_DEBUG", "DEBUG"},
+		},
+		&cli.StringFlag{
+			Name:    "envs.format",
+			Usage:   "flexible configuration of environment value transfer",
+			EnvVars: []string{"PLUGIN_ENVS_FORMAT", "INPUT_ENVS_FORMAT"},
+			Value:   envsFormat,
+		},
+		&cli.BoolFlag{
+			Name:    "allenvs",
+			Usage:   "pass all environment variable to shell script",
+			EnvVars: []string{"PLUGIN_ALLENVS", "INPUT_ALLENVS"},
+		},
+		&cli.BoolFlag{
+			Name:    "request-pty",
+			Usage:   "request a pseudo-terminal from the server",
+			EnvVars: []string{"PLUGIN_REQUEST_PTY", "INPUT_REQUEST_PTY"},
 		},
 	}
 
@@ -199,35 +325,63 @@ func run(c *cli.Context) error {
 	if s := c.String("script.string"); s != "" {
 		scripts = append(scripts, s)
 	}
+
+	if f := c.String("script.file"); f != "" {
+		// check file exists
+		if _, err := os.Stat(f); err != nil {
+			return err
+		}
+		s, err := os.ReadFile(f)
+		if err != nil {
+			return err
+		}
+		scripts = append(scripts, string(s))
+	}
+
 	plugin := Plugin{
 		Config: Config{
-			Key:            c.String("ssh-key"),
-			KeyPath:        c.String("key-path"),
-			Username:       c.String("user"),
-			Password:       c.String("password"),
-			Passphrase:     c.String("ssh-passphrase"),
-			Host:           c.StringSlice("host"),
-			Port:           c.Int("port"),
-			Timeout:        c.Duration("timeout"),
-			CommandTimeout: c.Duration("command.timeout"),
-			Script:         scripts,
-			ScriptStop:     c.Bool("script.stop"),
-			Envs:           c.StringSlice("envs"),
-			Debug:          c.Bool("debug"),
-			Sync:           c.Bool("sync"),
+			Key:               c.String("ssh-key"),
+			KeyPath:           c.String("key-path"),
+			Username:          c.String("user"),
+			Password:          c.String("password"),
+			Passphrase:        c.String("ssh-passphrase"),
+			Fingerprint:       c.String("fingerprint"),
+			Host:              c.StringSlice("host"),
+			Port:              c.Int("port"),
+			Protocol:          easyssh.Protocol(c.String("protocol")),
+			Timeout:           c.Duration("timeout"),
+			CommandTimeout:    c.Duration("command.timeout"),
+			Script:            scripts,
+			ScriptStop:        c.Bool("script.stop"),
+			Envs:              c.StringSlice("envs"),
+			EnvsFormat:        c.String("envs.format"),
+			Debug:             c.Bool("debug"),
+			Sync:              c.Bool("sync"),
+			Ciphers:           c.StringSlice("ciphers"),
+			UseInsecureCipher: c.Bool("useInsecureCipher"),
+			AllEnvs:           c.Bool("allenvs"),
+			RequireTty:        c.Bool("request-pty"),
 			Proxy: easyssh.DefaultConfig{
-				Key:        c.String("proxy.ssh-key"),
-				KeyPath:    c.String("proxy.key-path"),
-				User:       c.String("proxy.username"),
-				Password:   c.String("proxy.password"),
-				Passphrase: c.String("proxy.ssh-passphrase"),
-				Server:     c.String("proxy.host"),
-				Port:       c.String("proxy.port"),
-				Timeout:    c.Duration("proxy.timeout"),
+				Key:               c.String("proxy.ssh-key"),
+				KeyPath:           c.String("proxy.key-path"),
+				User:              c.String("proxy.username"),
+				Password:          c.String("proxy.password"),
+				Passphrase:        c.String("proxy.ssh-passphrase"),
+				Fingerprint:       c.String("proxy.fingerprint"),
+				Server:            c.String("proxy.host"),
+				Port:              c.String("proxy.port"),
+				Protocol:          easyssh.Protocol(c.String("proxy.protocol")),
+				Timeout:           c.Duration("proxy.timeout"),
+				Ciphers:           c.StringSlice("proxy.ciphers"),
+				UseInsecureCipher: c.Bool("proxy.useInsecureCipher"),
 			},
 		},
 		Writer: os.Stdout,
 	}
 
+	if plugin.Config.Debug {
+		_ = godump.Dump(plugin)
+	}
+
 	return plugin.Exec()
 }

pipeline.libsonnet

@@ -1,256 +0,0 @@
-{
-  test:: {
-    kind: 'pipeline',
-    name: 'testing',
-    platform: {
-      os: 'linux',
-      arch: 'amd64',
-    },
-    steps: [
-      {
-        name: 'vet',
-        image: 'golang:1.14',
-        pull: 'always',
-        commands: [
-          'make vet',
-        ],
-        volumes: [
-          {
-            name: 'gopath',
-            path: '/go',
-          },
-        ],
-      },
-      {
-        name: 'lint',
-        image: 'golang:1.14',
-        pull: 'always',
-        commands: [
-          'make lint',
-        ],
-        volumes: [
-          {
-            name: 'gopath',
-            path: '/go',
-          },
-        ],
-      },
-      {
-        name: 'misspell',
-        image: 'golang:1.14',
-        pull: 'always',
-        commands: [
-          'make misspell-check',
-        ],
-        volumes: [
-          {
-            name: 'gopath',
-            path: '/go',
-          },
-        ],
-      },
-      {
-        name: 'test',
-        image: 'golang:1.14-alpine',
-        pull: 'always',
-        commands: [
-          'apk add git make curl perl bash build-base zlib-dev ucl-dev',
-          'make ssh-server',
-          'make test',
-          'make coverage',
-        ],
-        volumes: [
-          {
-            name: 'gopath',
-            path: '/go',
-          },
-        ],
-      },
-      {
-        name: 'codecov',
-        image: 'robertstettner/drone-codecov',
-        pull: 'always',
-        settings: {
-          token: { 'from_secret': 'codecov_token' },
-        },
-      },
-    ],
-    volumes: [
-      {
-        name: 'gopath',
-        temp: {},
-      },
-    ],
-  },
-
-  build(name, os='linux', arch='amd64'):: {
-    kind: 'pipeline',
-    name: os + '-' + arch,
-    platform: {
-      os: os,
-      arch: arch,
-    },
-    steps: [
-      {
-        name: 'build-push',
-        image: 'golang:1.14',
-        pull: 'always',
-        environment: {
-          CGO_ENABLED: '0',
-        },
-        commands: [
-          'go build -v -ldflags \'-X main.build=${DRONE_BUILD_NUMBER}\' -a -o release/' + os + '/' + arch + '/' + name,
-        ],
-        when: {
-          event: {
-            exclude: [ 'tag' ],
-          },
-        },
-      },
-      {
-        name: 'build-tag',
-        image: 'golang:1.14',
-        pull: 'always',
-        environment: {
-          CGO_ENABLED: '0',
-        },
-        commands: [
-          'go build -v -ldflags \'-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}\' -a -o release/' + os + '/' + arch + '/' + name,
-        ],
-        when: {
-          event: [ 'tag' ],
-        },
-      },
-      {
-        name: 'executable',
-        image: 'golang:1.14',
-        pull: 'always',
-        commands: [
-          './release/' + os + '/' + arch + '/' + name + ' --help',
-        ],
-      },
-      {
-        name: 'dryrun',
-        image: 'plugins/docker:' + os + '-' + arch,
-        pull: 'always',
-        settings: {
-          daemon_off: false,
-          dry_run: true,
-          tags: os + '-' + arch,
-          dockerfile: 'docker/Dockerfile.' + os + '.' + arch,
-          repo: 'appleboy/' + name,
-          cache_from: 'appleboy/' + name,
-        },
-        when: {
-          event: [ 'pull_request' ],
-        },
-      },
-      {
-        name: 'publish',
-        image: 'plugins/docker:' + os + '-' + arch,
-        pull: 'always',
-        settings: {
-          daemon_off: 'false',
-          auto_tag: true,
-          auto_tag_suffix: os + '-' + arch,
-          dockerfile: 'docker/Dockerfile.' + os + '.' + arch,
-          repo: 'appleboy/' + name,
-          cache_from: 'appleboy/' + name,
-          username: { 'from_secret': 'docker_username' },
-          password: { 'from_secret': 'docker_password' },
-        },
-        when: {
-          event: {
-            exclude: [ 'pull_request' ],
-          },
-        },
-      },
-    ],
-    depends_on: [
-      'testing',
-    ],
-    trigger: {
-      ref: [
-        'refs/heads/master',
-        'refs/pull/**',
-        'refs/tags/**',
-      ],
-    },
-  },
-
-  release:: {
-    kind: 'pipeline',
-    name: 'release-binary',
-    platform: {
-      os: 'linux',
-      arch: 'amd64',
-    },
-    steps: [
-      {
-        name: 'build-all-binary',
-        image: 'golang:1.14',
-        pull: 'always',
-        commands: [
-          'make release'
-        ],
-        when: {
-          event: [ 'tag' ],
-        },
-      },
-      {
-        name: 'deploy-all-binary',
-        image: 'plugins/github-release',
-        pull: 'always',
-        settings: {
-          files: [ 'dist/release/*' ],
-          api_key: { 'from_secret': 'github_release_api_key' },
-        },
-        when: {
-          event: [ 'tag' ],
-        },
-      },
-    ],
-    depends_on: [
-      'testing',
-    ],
-    trigger: {
-      ref: [
-        'refs/tags/**',
-      ],
-    },
-  },
-
-  notifications(os='linux', arch='amd64', depends_on=[]):: {
-    kind: 'pipeline',
-    name: 'notifications',
-    platform: {
-      os: os,
-      arch: arch,
-    },
-    steps: [
-      {
-        name: 'manifest',
-        image: 'plugins/manifest',
-        pull: 'always',
-        settings: {
-          username: { from_secret: 'docker_username' },
-          password: { from_secret: 'docker_password' },
-          spec: 'docker/manifest.tmpl',
-          ignore_missing: true,
-        },
-      },
-    ],
-    depends_on: depends_on,
-    trigger: {
-      ref: [
-        'refs/heads/master',
-        'refs/tags/**',
-      ],
-    },
-  },
-
-  signature(key):: {
-    kind: 'signature',
-    hmac: key,
-  }
-}

plugin.go

@@ -10,34 +10,43 @@ import (
 	"sync"
 	"time"
 
-	"github.com/appleboy/easyssh-proxy"
+	easyssh "github.com/appleboy/easyssh-proxy"
 )
 
 var (
-	errMissingHost          = errors.New("Error: missing server host")
-	errMissingPasswordOrKey = errors.New("Error: can't connect without a private SSH key or password")
-	errCommandTimeOut       = errors.New("Error: command timeout")
-	errSetPasswordandKey    = errors.New("can't set password and key at the same time")
+	errMissingHost          = errors.New("error: missing server host")
+	errMissingPasswordOrKey = errors.New(
+		"error: can't connect without a private SSH key or password",
+	)
+	errCommandTimeOut = errors.New("error: command timeout")
+	envsFormat        = "export {NAME}={VALUE}"
 )
 
 type (
 	// Config for the plugin.
 	Config struct {
-		Key            string
-		Passphrase     string
-		KeyPath        string
-		Username       string
-		Password       string
-		Host           []string
-		Port           int
-		Timeout        time.Duration
-		CommandTimeout time.Duration
-		Script         []string
-		ScriptStop     bool
-		Envs           []string
-		Proxy          easyssh.DefaultConfig
-		Debug          bool
-		Sync           bool
+		Key               string
+		Passphrase        string
+		KeyPath           string
+		Username          string
+		Password          string
+		Host              []string
+		Port              int
+		Protocol          easyssh.Protocol
+		Fingerprint       string
+		Timeout           time.Duration
+		CommandTimeout    time.Duration
+		Script            []string
+		ScriptStop        bool
+		Envs              []string
+		Proxy             easyssh.DefaultConfig
+		Debug             bool
+		Sync              bool
+		Ciphers           []string
+		UseInsecureCipher bool
+		EnvsFormat        string
+		AllEnvs           bool
+		RequireTty        bool
 	}
 
 	// Plugin structure
@@ -48,98 +57,152 @@ type (
 )
 
 func escapeArg(arg string) string {
-	return "'" + strings.Replace(arg, "'", `'\''`, -1) + "'"
+	return "'" + strings.ReplaceAll(arg, "'", `'\''`) + "'"
+}
+
+func (p Plugin) hostPort(host string) (string, string) {
+	hosts := strings.Split(host, ":")
+	port := strconv.Itoa(p.Config.Port)
+	if len(hosts) > 1 &&
+		(p.Config.Protocol == easyssh.PROTOCOL_TCP ||
+			p.Config.Protocol == easyssh.PROTOCOL_TCP4) {
+		host = hosts[0]
+		port = hosts[1]
+	}
+
+	return host, port
 }
 
 func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
+	defer wg.Done()
+	host, port := p.hostPort(host)
 	// Create MakeConfig instance with remote username, server address and path to private key.
 	ssh := &easyssh.MakeConfig{
-		Server:     host,
-		User:       p.Config.Username,
-		Password:   p.Config.Password,
-		Port:       strconv.Itoa(p.Config.Port),
-		Key:        p.Config.Key,
-		KeyPath:    p.Config.KeyPath,
-		Passphrase: p.Config.Passphrase,
-		Timeout:    p.Config.Timeout,
+		Server:            host,
+		User:              p.Config.Username,
+		Password:          p.Config.Password,
+		Port:              port,
+		Protocol:          p.Config.Protocol,
+		Key:               p.Config.Key,
+		KeyPath:           p.Config.KeyPath,
+		Passphrase:        p.Config.Passphrase,
+		Timeout:           p.Config.Timeout,
+		Ciphers:           p.Config.Ciphers,
+		Fingerprint:       p.Config.Fingerprint,
+		UseInsecureCipher: p.Config.UseInsecureCipher,
+		RequestPty:        p.Config.RequireTty,
 		Proxy: easyssh.DefaultConfig{
-			Server:     p.Config.Proxy.Server,
-			User:       p.Config.Proxy.User,
-			Password:   p.Config.Proxy.Password,
-			Port:       p.Config.Proxy.Port,
-			Key:        p.Config.Proxy.Key,
-			KeyPath:    p.Config.Proxy.KeyPath,
-			Passphrase: p.Config.Proxy.Passphrase,
-			Timeout:    p.Config.Proxy.Timeout,
+			Server:            p.Config.Proxy.Server,
+			User:              p.Config.Proxy.User,
+			Password:          p.Config.Proxy.Password,
+			Port:              p.Config.Proxy.Port,
+			Protocol:          p.Config.Proxy.Protocol,
+			Key:               p.Config.Proxy.Key,
+			KeyPath:           p.Config.Proxy.KeyPath,
+			Passphrase:        p.Config.Proxy.Passphrase,
+			Timeout:           p.Config.Proxy.Timeout,
+			Ciphers:           p.Config.Proxy.Ciphers,
+			Fingerprint:       p.Config.Proxy.Fingerprint,
+			UseInsecureCipher: p.Config.Proxy.UseInsecureCipher,
 		},
 	}
 
-	p.log(host, "======CMD======")
-	p.log(host, strings.Join(p.Config.Script, "\n"))
-	p.log(host, "======END======")
+	if p.Config.Debug {
+		p.log(host, "======CMD======")
+		p.log(host, strings.Join(p.Config.Script, "\n"))
+		p.log(host, "======END======")
+	}
 
 	env := []string{}
+	if p.Config.AllEnvs {
+		allenvs := findEnvs("DRONE_", "PLUGIN_", "INPUT_", "GITHUB_")
+		p.Config.Envs = append(p.Config.Envs, allenvs...)
+	}
 	for _, key := range p.Config.Envs {
 		key = strings.ToUpper(key)
 		if val, found := os.LookupEnv(key); found {
-			env = append(env, key+"="+escapeArg(val))
+			env = append(
+				env,
+				p.format(p.Config.EnvsFormat, "{NAME}", key, "{VALUE}", escapeArg(val)),
+			)
 		}
 	}
 
-	p.Config.Script = append(env, p.scriptCommands()...)
-
-	if p.Config.Debug {
+	if p.Config.Debug && len(env) > 0 {
 		p.log(host, "======ENV======")
 		p.log(host, strings.Join(env, "\n"))
 		p.log(host, "======END======")
 	}
 
-	stdoutChan, stderrChan, doneChan, errChan, err := ssh.Stream(strings.Join(p.Config.Script, "\n"), p.Config.CommandTimeout)
+	env = append(env, p.scriptCommands()...)
+	p.Config.Script = env
+
+	stdoutChan, stderrChan, doneChan, errChan, err := ssh.Stream(
+		strings.Join(p.Config.Script, "\n"),
+		p.Config.CommandTimeout,
+	)
 	if err != nil {
 		errChannel <- err
-	} else {
-		// read from the output channel until the done signal is passed
-		isTimeout := true
-	loop:
-		for {
-			select {
-			case isTimeout = <-doneChan:
-				break loop
-			case outline := <-stdoutChan:
-				p.log(host, "out:", outline)
-			case errline := <-stderrChan:
-				p.log(host, "err:", errline)
-			case err = <-errChan:
+		return
+	}
+	// read from the output channel until the done signal is passed
+	var isTimeout bool
+loop:
+	for {
+		select {
+		case isTimeout = <-doneChan:
+			break loop
+		case outline := <-stdoutChan:
+			if outline != "" {
+				p.log(host, outline)
 			}
-		}
-
-		// get exit code or command error.
-		if err != nil {
-			errChannel <- err
-		}
-
-		// command time out
-		if !isTimeout {
-			errChannel <- errCommandTimeOut
+		case errline := <-stderrChan:
+			if errline != "" {
+				p.log(host, errline)
+			}
+		case err = <-errChan:
 		}
 	}
 
-	wg.Done()
+	// get exit code or command error.
+	if err != nil {
+		errChannel <- err
+	}
+
+	// command time out
+	if !isTimeout {
+		errChannel <- errCommandTimeOut
+	}
 }
 
-func (p Plugin) log(host string, message ...interface{}) {
-	if p.Writer == nil {
-		p.Writer = os.Stdout
+// format string
+func (p Plugin) format(format string, args ...string) string {
+	r := strings.NewReplacer(args...)
+	return r.Replace(format)
+}
+
+func (p Plugin) getWriter() io.Writer {
+	if p.Writer != nil {
+		return p.Writer
 	}
+	return os.Stdout
+}
+
+// log output to console
+func (p Plugin) log(host string, message ...any) {
+	w := p.getWriter()
 	if count := len(p.Config.Host); count == 1 {
-		fmt.Fprintf(p.Writer, "%s", fmt.Sprintln(message...))
-	} else {
-		fmt.Fprintf(p.Writer, "%s: %s", host, fmt.Sprintln(message...))
+		fmt.Fprintf(w, "%s", fmt.Sprintln(message...))
+		return
 	}
+
+	fmt.Fprintf(w, "%s: %s", host, fmt.Sprintln(message...))
 }
 
 // Exec executes the plugin.
 func (p Plugin) Exec() error {
+	p.Config.Host = trimValues(p.Config.Host)
+
 	if len(p.Config.Host) == 0 {
 		return errMissingHost
 	}
@@ -148,18 +211,22 @@ func (p Plugin) Exec() error {
 		return errMissingPasswordOrKey
 	}
 
-	if len(p.Config.Key) != 0 && len(p.Config.Password) != 0 {
-		return errSetPasswordandKey
+	if p.Config.EnvsFormat == "" {
+		p.Config.EnvsFormat = envsFormat
 	}
 
 	wg := sync.WaitGroup{}
 	wg.Add(len(p.Config.Host))
 	errChannel := make(chan error)
 	finished := make(chan struct{})
-	for _, host := range p.Config.Host {
-		if p.Config.Sync {
-			p.exec(host, &wg, errChannel)
-		} else {
+	if p.Config.Sync {
+		go func() {
+			for _, host := range p.Config.Host {
+				p.exec(host, &wg, errChannel)
+			}
+		}()
+	} else {
+		for _, host := range p.Config.Host {
 			go p.exec(host, &wg, errChannel)
 		}
 	}
@@ -177,9 +244,10 @@ func (p Plugin) Exec() error {
 		}
 	}
 
-	fmt.Println("==============================================")
-	fmt.Println("✅ Successfully executed commands to all host.")
-	fmt.Println("==============================================")
+	w := p.getWriter()
+	fmt.Fprintln(w, "===============================================")
+	fmt.Fprintln(w, "✅ Successfully executed commands to all hosts.")
+	fmt.Fprintln(w, "===============================================")
 
 	return nil
 }
@@ -198,14 +266,48 @@ func (p Plugin) scriptCommands() []string {
 	commands := make([]string, 0)
 
 	for _, cmd := range scripts {
+		cmd = strings.TrimSpace(cmd)
 		if strings.TrimSpace(cmd) == "" {
 			continue
 		}
 		commands = append(commands, cmd)
-		if p.Config.ScriptStop {
-			commands = append(commands, "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;")
+		if p.Config.ScriptStop && cmd[(len(cmd)-1):] != "\\" {
+			commands = append(
+				commands,
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+			)
 		}
 	}
 
 	return commands
 }
+
+func trimValues(keys []string) []string {
+	var newKeys []string
+
+	for _, value := range keys {
+		value = strings.TrimSpace(value)
+		if len(value) == 0 {
+			continue
+		}
+
+		newKeys = append(newKeys, value)
+	}
+
+	return newKeys
+}
+
+// Find all envs from specified prefix
+func findEnvs(prefix ...string) []string {
+	envs := []string{}
+	for _, e := range os.Environ() {
+		for _, p := range prefix {
+			if strings.HasPrefix(e, p) {
+				e = strings.Split(e, "=")[0]
+				envs = append(envs, e)
+				break
+			}
+		}
+	}
+	return envs
+}

plugin_test.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"bytes"
+	"context"
 	"io"
 	"os"
 	"reflect"
@@ -11,6 +12,10 @@ import (
 
 	"github.com/appleboy/easyssh-proxy"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/wait"
+	"golang.org/x/crypto/ssh"
 )
 
 func TestMissingHostOrUser(t *testing.T) {
@@ -18,7 +23,7 @@ func TestMissingHostOrUser(t *testing.T) {
 
 	err := plugin.Exec()
 
-	assert.NotNil(t, err)
+	require.Error(t, err)
 	assert.Equal(t, errMissingHost, err)
 }
 
@@ -33,27 +38,10 @@ func TestMissingKeyOrPassword(t *testing.T) {
 
 	err := plugin.Exec()
 
-	assert.NotNil(t, err)
+	require.Error(t, err)
 	assert.Equal(t, errMissingPasswordOrKey, err)
 }
 
-func TestSetPasswordAndKey(t *testing.T) {
-	plugin := Plugin{
-		Config{
-			Host:     []string{"localhost"},
-			Username: "ubuntu",
-			Password: "1234",
-			Key:      "1234",
-		},
-		os.Stdout,
-	}
-
-	err := plugin.Exec()
-
-	assert.NotNil(t, err)
-	assert.Equal(t, errSetPasswordandKey, err)
-}
-
 func TestIncorrectPassword(t *testing.T) {
 	plugin := Plugin{
 		Config: Config{
@@ -67,7 +55,7 @@ func TestIncorrectPassword(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.NotNil(t, err)
+	assert.Error(t, err)
 }
 
 func TestSSHScriptFromRawKey(t *testing.T) {
@@ -110,7 +98,7 @@ ib4KbP5ovZlrjL++akMQ7V2fHzuQIFWnCkDA5c2ZAqzlM+ZN+HRG7gWur7Bt4XH1
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	assert.NoError(t, err)
 }
 
 func TestSSHScriptFromKeyFile(t *testing.T) {
@@ -126,23 +114,61 @@ func TestSSHScriptFromKeyFile(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	assert.NoError(t, err)
 }
 
-func TestStreamFromSSHCommand(t *testing.T) {
+func TestSSHIPv4Only(t *testing.T) {
 	plugin := Plugin{
 		Config: Config{
 			Host:           []string{"localhost", "127.0.0.1"},
 			Username:       "drone-scp",
 			Port:           22,
+			Protocol:       easyssh.PROTOCOL_TCP4,
 			KeyPath:        "./tests/.ssh/id_rsa",
-			Script:         []string{"whoami", "for i in {1..5}; do echo ${i}; sleep 1; done", "echo 'done'"},
+			Script:         []string{"whoami", "ls -al"},
 			CommandTimeout: 60 * time.Second,
 		},
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	assert.NoError(t, err)
+}
+
+func TestSSHIPv6OnlyError(t *testing.T) {
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"127.0.0.1"},
+			Username:       "drone-scp",
+			Port:           22,
+			Protocol:       easyssh.PROTOCOL_TCP6,
+			KeyPath:        "./tests/.ssh/id_rsa",
+			Script:         []string{"whoami", "ls -al"},
+			CommandTimeout: 60 * time.Second,
+		},
+	}
+
+	err := plugin.Exec()
+	assert.Error(t, err)
+}
+
+func TestStreamFromSSHCommand(t *testing.T) {
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost", "127.0.0.1"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+				"for i in {1..5}; do echo ${i}; sleep 1; done",
+				"echo 'done'",
+			},
+			CommandTimeout: 60 * time.Second,
+		},
+	}
+
+	err := plugin.Exec()
+	assert.NoError(t, err)
 }
 
 func TestSSHScriptWithError(t *testing.T) {
@@ -159,7 +185,7 @@ func TestSSHScriptWithError(t *testing.T) {
 
 	err := plugin.Exec()
 	// Process exited with status 1
-	assert.NotNil(t, err)
+	assert.Error(t, err)
 }
 
 func TestSSHCommandTimeOut(t *testing.T) {
@@ -175,7 +201,7 @@ func TestSSHCommandTimeOut(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.NotNil(t, err)
+	assert.Error(t, err)
 }
 
 func TestProxyCommand(t *testing.T) {
@@ -197,7 +223,7 @@ func TestProxyCommand(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	assert.NoError(t, err)
 }
 
 func TestSSHCommandError(t *testing.T) {
@@ -213,7 +239,7 @@ func TestSSHCommandError(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.NotNil(t, err)
+	assert.Error(t, err)
 }
 
 func TestSSHCommandExitCodeError(t *testing.T) {
@@ -235,11 +261,11 @@ func TestSSHCommandExitCodeError(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.NotNil(t, err)
+	assert.Error(t, err)
 }
 
 func TestSetENV(t *testing.T) {
-	os.Setenv("FOO", `'  1)  '`)
+	t.Setenv("FOO", `'  1)  '`)
 	plugin := Plugin{
 		Config: Config{
 			Host:           []string{"localhost"},
@@ -260,21 +286,28 @@ func TestSetENV(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	assert.NoError(t, err)
 }
 
 func TestSetExistingENV(t *testing.T) {
-	os.Setenv("FOO", "Value for foo")
-	os.Setenv("BAR", "")
+	t.Setenv("FOO", "Value for foo")
+	t.Setenv("BAR", "")
 	plugin := Plugin{
 		Config: Config{
-			Host:           []string{"localhost"},
-			Username:       "drone-scp",
-			Port:           22,
-			KeyPath:        "./tests/.ssh/id_rsa",
-			Envs:           []string{"foo", "bar", "baz"},
-			Debug:          true,
-			Script:         []string{"export FOO", "export BAR", "export BAZ", "env | grep -q '^FOO=Value for foo$'", "env | grep -q '^BAR=$'", "if env | grep -q BAZ; then false; else true; fi"},
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Envs:     []string{"foo", "bar", "baz"},
+			Debug:    true,
+			Script: []string{
+				"export FOO",
+				"export BAR",
+				"export BAZ",
+				"env | grep -q '^FOO=Value for foo$'",
+				"env | grep -q '^BAR=$'",
+				"if env | grep -q BAZ; then false; else true; fi",
+			},
 			CommandTimeout: 1 * time.Second,
 			Proxy: easyssh.DefaultConfig{
 				Server:  "localhost",
@@ -286,24 +319,28 @@ func TestSetExistingENV(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	assert.NoError(t, err)
 }
 
 func TestSyncMode(t *testing.T) {
 	plugin := Plugin{
 		Config: Config{
-			Host:           []string{"localhost", "127.0.0.1"},
-			Username:       "drone-scp",
-			Port:           22,
-			KeyPath:        "./tests/.ssh/id_rsa",
-			Script:         []string{"whoami", "for i in {1..3}; do echo ${i}; sleep 1; done", "echo 'done'"},
+			Host:     []string{"localhost", "127.0.0.1"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+				"for i in {1..3}; do echo ${i}; sleep 1; done",
+				"echo 'done'",
+			},
 			CommandTimeout: 60 * time.Second,
 			Sync:           true,
 		},
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	assert.NoError(t, err)
 }
 
 func Test_escapeArg(t *testing.T) {
@@ -347,17 +384,20 @@ func TestCommandOutput(t *testing.T) {
 			whoami
 			uname
 			localhost: ======END======
-			localhost: out: /home/drone-scp
-			localhost: out: drone-scp
-			localhost: out: Linux
+			localhost: /home/drone-scp
+			localhost: drone-scp
+			localhost: Linux
 			127.0.0.1: ======CMD======
 			127.0.0.1: pwd
 			whoami
 			uname
 			127.0.0.1: ======END======
-			127.0.0.1: out: /home/drone-scp
-			127.0.0.1: out: drone-scp
-			127.0.0.1: out: Linux
+			127.0.0.1: /home/drone-scp
+			127.0.0.1: drone-scp
+			127.0.0.1: Linux
+			===============================================
+			✅ Successfully executed commands to all hosts.
+			===============================================
 		`
 	)
 
@@ -374,12 +414,115 @@ func TestCommandOutput(t *testing.T) {
 			},
 			CommandTimeout: 60 * time.Second,
 			Sync:           true,
+			Debug:          true,
 		},
 		Writer: &buffer,
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	require.NoError(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestWrongFingerprint(t *testing.T) {
+	var buffer bytes.Buffer
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Fingerprint: "wrong",
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	assert.Error(t, err)
+}
+
+func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
+	var pubkey ssh.PublicKey
+	var err error
+	buf, err := os.ReadFile(keypath)
+	if err != nil {
+		return nil, err
+	}
+
+	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return pubkey, nil
+}
+
+func TestFingerprint(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			drone-scp
+			===============================================
+			✅ Successfully executed commands to all hosts.
+			===============================================
+		`
+	)
+
+	hostKey, err := getHostPublicKeyFile("/etc/ssh/ssh_host_rsa_key.pub")
+	require.NoError(t, err)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Fingerprint:    ssh.FingerprintSHA256(hostKey),
+			CommandTimeout: 10 * time.Second,
+		},
+		Writer: &buffer,
+	}
+
+	err = plugin.Exec()
+	require.NoError(t, err)
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestScriptStopWithMultipleHostAndSyncMode(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			mkdir: can't create directory 'a/b/c': No such file or directory
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"", "localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"mkdir a/b/c",
+				"mkdir d/e/f",
+			},
+			CommandTimeout: 10 * time.Second,
+			ScriptStop:     true,
+			Sync:           true,
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	require.Error(t, err)
 
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }
@@ -388,11 +531,7 @@ func TestScriptStop(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-			======CMD======
-			mkdir a/b/c
-			mkdir d/e/f
-			======END======
-			err: mkdir: can't create directory 'a/b/c': No such file or directory
+			mkdir: can't create directory 'a/b/c': No such file or directory
 		`
 	)
 
@@ -413,7 +552,7 @@ func TestScriptStop(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.NotNil(t, err)
+	require.Error(t, err)
 
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }
@@ -422,12 +561,8 @@ func TestNoneScriptStop(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-			======CMD======
-			mkdir a/b/c
-			mkdir d/e/f
-			======END======
-			err: mkdir: can't create directory 'a/b/c': No such file or directory
-			err: mkdir: can't create directory 'd/e/f': No such file or directory
+			mkdir: can't create directory 'a/b/c': No such file or directory
+			mkdir: can't create directory 'd/e/f': No such file or directory
 		`
 	)
 
@@ -447,7 +582,7 @@ func TestNoneScriptStop(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.NotNil(t, err)
+	require.Error(t, err)
 
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }
@@ -466,31 +601,34 @@ func TestEnvOutput(t *testing.T) {
 			echo "[${ENV_7}]"
 			======END======
 			======ENV======
-			ENV_1='test'
-			ENV_2='test test'
-			ENV_3='test '
-			ENV_4='  test  test  '
-			ENV_5='test'\'''
-			ENV_6='test"'
-			ENV_7='test,!#;?.@$~'\''"'
+			export ENV_1='test'
+			export ENV_2='test test'
+			export ENV_3='test '
+			export ENV_4='  test  test  '
+			export ENV_5='test'\'''
+			export ENV_6='test"'
+			export ENV_7='test,!#;?.@$~'\''"'
 			======END======
-			out: [test]
-			out: [test test]
-			out: [test ]
-			out: [  test  test  ]
-			out: [test']
-			out: [test"]
-			out: [test,!#;?.@$~'"]
+			[test]
+			[test test]
+			[test ]
+			[  test  test  ]
+			[test']
+			[test"]
+			[test,!#;?.@$~'"]
+			===============================================
+			✅ Successfully executed commands to all hosts.
+			===============================================
 		`
 	)
 
-	os.Setenv("ENV_1", `test`)
-	os.Setenv("ENV_2", `test test`)
-	os.Setenv("ENV_3", `test `)
-	os.Setenv("ENV_4", `  test  test  `)
-	os.Setenv("ENV_5", `test'`)
-	os.Setenv("ENV_6", `test"`)
-	os.Setenv("ENV_7", `test,!#;?.@$~'"`)
+	t.Setenv("ENV_1", `test`)
+	t.Setenv("ENV_2", `test test`)
+	t.Setenv("ENV_3", `test `)
+	t.Setenv("ENV_4", `  test  test  `)
+	t.Setenv("ENV_5", `test'`)
+	t.Setenv("ENV_6", `test"`)
+	t.Setenv("ENV_7", `test,!#;?.@$~'"`)
 
 	plugin := Plugin{
 		Config: Config{
@@ -522,13 +660,14 @@ func TestEnvOutput(t *testing.T) {
 	}
 
 	err := plugin.Exec()
-	assert.Nil(t, err)
+	require.NoError(t, err)
 
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }
 
 func unindent(text string) string {
-	return strings.TrimSpace(strings.Replace(text, "\t", "", -1))
+	text = strings.ReplaceAll(text, "\r\n", "\n")
+	return strings.TrimSpace(strings.ReplaceAll(text, "\t", ""))
 }
 
 func TestPlugin_scriptCommands(t *testing.T) {
@@ -558,7 +697,12 @@ func TestPlugin_scriptCommands(t *testing.T) {
 					ScriptStop: true,
 				},
 			},
-			want: []string{"mkdir a", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;", "mkdir b", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;"},
+			want: []string{
+				"mkdir a",
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+				"mkdir b",
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+			},
 		},
 		{
 			name: "normal testing 2",
@@ -568,7 +712,31 @@ func TestPlugin_scriptCommands(t *testing.T) {
 					ScriptStop: true,
 				},
 			},
-			want: []string{"mkdir a", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;", "mkdir c", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;", "mkdir b", "DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;"},
+			want: []string{
+				"mkdir a",
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+				"mkdir c",
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+				"mkdir b",
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+			},
+		},
+		// See: https://github.com/appleboy/ssh-action/issues/75#issuecomment-668314271
+		{
+			name: "Multiline SSH commands interpreted as single lines",
+			fields: fields{
+				Config: Config{
+					Script:     []string{"ls \\ ", "-lah", "mkdir a"},
+					ScriptStop: true,
+				},
+			},
+			want: []string{
+				"ls \\",
+				"-lah",
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+				"mkdir a",
+				"DRONE_SSH_PREV_COMMAND_EXIT_CODE=$? ; if [ $DRONE_SSH_PREV_COMMAND_EXIT_CODE -ne 0 ]; then exit $DRONE_SSH_PREV_COMMAND_EXIT_CODE; fi;",
+			},
 		},
 		{
 			name: "trim space",
@@ -593,3 +761,342 @@ func TestPlugin_scriptCommands(t *testing.T) {
 		})
 	}
 }
+
+func TestUseInsecureCipher(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			mkdir: can't create directory 'a/b/c': No such file or directory
+			mkdir: can't create directory 'd/e/f': No such file or directory
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"mkdir a/b/c",
+				"mkdir d/e/f",
+			},
+			CommandTimeout:    10 * time.Second,
+			UseInsecureCipher: true,
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	require.Error(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestPlugin_hostPort(t *testing.T) {
+	type fields struct {
+		Config Config
+		Writer io.Writer
+	}
+	type args struct {
+		h string
+	}
+	tests := []struct {
+		name     string
+		fields   fields
+		args     args
+		wantHost string
+		wantPort string
+	}{
+		{
+			name: "default host and port",
+			fields: fields{
+				Config: Config{
+					Port: 22,
+				},
+			},
+			args: args{
+				h: "localhost",
+			},
+			wantHost: "localhost",
+			wantPort: "22",
+		},
+		{
+			name: "different port",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP4,
+				},
+			},
+			args: args{
+				h: "localhost:443",
+			},
+			wantHost: "localhost",
+			wantPort: "443",
+		},
+		{
+			name: "ipv6",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP6,
+				},
+			},
+			args: args{
+				h: "::1",
+			},
+			wantHost: "::1",
+			wantPort: "22",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := Plugin{
+				Config: tt.fields.Config,
+				Writer: tt.fields.Writer,
+			}
+			gotHost, gotPort := p.hostPort(tt.args.h)
+			if gotHost != tt.wantHost {
+				t.Errorf("Plugin.hostPort() gotHost = %v, want %v", gotHost, tt.wantHost)
+			}
+			if gotPort != tt.wantPort {
+				t.Errorf("Plugin.hostPort() gotPort = %v, want %v", gotPort, tt.wantPort)
+			}
+		})
+	}
+}
+
+func TestFindEnvs(t *testing.T) {
+	t.Setenv("DRONETEST_INPUT_FOO", "dummyValue")
+	t.Setenv("DRONETEST_INPUT_BAR", "dummyValue")
+	t.Setenv("DRONETEST_NO_PREFIX", "dummyValue")
+	t.Setenv("DRONETEST_INPUT_FOOBAR", "dummyValue")
+
+	t.Run("Find single prefix", func(t *testing.T) {
+		result := findEnvs("DRONETEST_INPUT_")
+		assert.ElementsMatch(
+			t,
+			[]string{"DRONETEST_INPUT_FOO", "DRONETEST_INPUT_BAR", "DRONETEST_INPUT_FOOBAR"},
+			result,
+		)
+	})
+
+	t.Run("Find multiple prefixes", func(t *testing.T) {
+		result := findEnvs("DRONETEST_INPUT_", "DRONETEST_NO_PREFIX")
+		assert.ElementsMatch(
+			t,
+			[]string{
+				"DRONETEST_INPUT_FOO",
+				"DRONETEST_INPUT_BAR",
+				"DRONETEST_NO_PREFIX",
+				"DRONETEST_INPUT_FOOBAR",
+			},
+			result,
+		)
+	})
+
+	t.Run("Find non-existing prefix", func(t *testing.T) {
+		result := findEnvs("ZZZZNONEXISTING_")
+		assert.Empty(t, result)
+	})
+}
+
+func TestAllEnvs(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+[foobar]
+[foobar]
+[foobar]
+===============================================
+✅ Successfully executed commands to all hosts.
+===============================================
+		`
+	)
+
+	t.Setenv("INPUT_1", `foobar`)
+	t.Setenv("GITHUB_2", `foobar`)
+	t.Setenv("PLUGIN_3", `foobar`)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:       []string{"localhost"},
+			Username:   "drone-scp",
+			Port:       22,
+			KeyPath:    "./tests/.ssh/test",
+			Passphrase: "1234",
+			AllEnvs:    true,
+			Script: []string{
+				`echo "[${INPUT_1}]"`,
+				`echo "[${GITHUB_2}]"`,
+				`echo "[${PLUGIN_3}]"`,
+			},
+			CommandTimeout: 10 * time.Second,
+			Proxy: easyssh.DefaultConfig{
+				Server:  "localhost",
+				User:    "drone-scp",
+				Port:    "22",
+				KeyPath: "./tests/.ssh/id_rsa",
+			},
+		},
+		Writer: &buffer,
+	}
+
+	err := plugin.Exec()
+	require.NoError(t, err)
+
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+type SSHTestConfig struct {
+	Env            map[string]string
+	AuthMethod     string // "key" or "password"
+	KeyPath        string
+	Password       string
+	Script         []string
+	Expected       string
+	SudoAccess     bool
+	InsecureCipher bool
+	RequireTty     bool
+	CommandTimeout time.Duration
+}
+
+func runSSHContainerTest(t *testing.T, cfg SSHTestConfig) {
+	t.Helper()
+	ctx := context.Background()
+
+	req := testcontainers.ContainerRequest{
+		Image:        "linuxserver/openssh-server:latest",
+		ExposedPorts: []string{"2222/tcp"},
+		Env:          cfg.Env,
+		WaitingFor:   wait.ForListeningPort("2222/tcp").WithStartupTimeout(180 * time.Second),
+	}
+
+	sshContainer, err := testcontainers.GenericContainer(
+		ctx,
+		testcontainers.GenericContainerRequest{
+			ContainerRequest: req,
+			Started:          true,
+		},
+	)
+	if err != nil {
+		t.Skipf(
+			"Could not start container with image %s: %v. Check Docker environment and image availability. Skipping test.",
+			req.Image,
+			err,
+		)
+	}
+	defer func() {
+		if err := sshContainer.Terminate(ctx); err != nil {
+			t.Logf("Could not terminate container: %v", err)
+		}
+	}()
+
+	host, err := sshContainer.Host(ctx)
+	if err != nil {
+		t.Fatalf("Could not get container host: %v", err)
+	}
+	port, err := sshContainer.MappedPort(ctx, "2222/tcp")
+	if err != nil {
+		t.Fatalf("Could not get container mapped port 2222/tcp: %v", err)
+	}
+
+	var buffer bytes.Buffer
+
+	pluginCfg := Config{
+		Host:              []string{host},
+		Username:          "testuser",
+		Port:              int(port.Num()),
+		Script:            cfg.Script,
+		CommandTimeout:    cfg.CommandTimeout,
+		UseInsecureCipher: cfg.InsecureCipher,
+		RequireTty:        cfg.RequireTty,
+	}
+	if pluginCfg.CommandTimeout == 0 {
+		pluginCfg.CommandTimeout = 10 * time.Second
+	}
+	switch cfg.AuthMethod {
+	case "key":
+		pluginCfg.KeyPath = cfg.KeyPath
+	case "password":
+		pluginCfg.Password = cfg.Password
+	}
+
+	plugin := Plugin{
+		Config: pluginCfg,
+		Writer: &buffer,
+	}
+
+	require.NoError(t, plugin.Exec())
+	assert.Equal(t, unindent(cfg.Expected), unindent(buffer.String()))
+}
+
+func TestSudoCommand(t *testing.T) {
+	pubKey, err := os.ReadFile("./tests/.ssh/id_rsa.pub")
+	if err != nil {
+		t.Fatalf("Could not read public key file: %v", err)
+	}
+	runSSHContainerTest(t, SSHTestConfig{
+		Env: map[string]string{
+			"USER_NAME":       "testuser",
+			"PASSWORD_ACCESS": "false",
+			"SUDO_ACCESS":     "true",
+			"PUBLIC_KEY":      string(pubKey),
+		},
+		AuthMethod:     "key",
+		KeyPath:        "./tests/.ssh/id_rsa",
+		Script:         []string{`sudo su - -c "whoami"`},
+		Expected:       "root\n===============================================\n✅ Successfully executed commands to all hosts.\n===============================================",
+		SudoAccess:     true,
+		InsecureCipher: true,
+		RequireTty:     true,
+		CommandTimeout: 10 * time.Second,
+	})
+}
+
+func TestSSHWithTestcontainers(t *testing.T) {
+	runSSHContainerTest(t, SSHTestConfig{
+		Env: map[string]string{
+			"USER_NAME":       "testuser",
+			"USER_PASSWORD":   "testpass",
+			"PASSWORD_ACCESS": "true",
+			"SUDO_ACCESS":     "false",
+		},
+		AuthMethod:     "password",
+		Password:       "testpass",
+		Script:         []string{"whoami"},
+		Expected:       "testuser\n===============================================\n✅ Successfully executed commands to all hosts.\n===============================================",
+		InsecureCipher: true,
+		CommandTimeout: 60 * time.Second,
+	})
+}
+
+func TestCommandWithIPv6(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			drone-scp
+			===============================================
+			✅ Successfully executed commands to all hosts.
+			===============================================
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"::1"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Protocol:       easyssh.PROTOCOL_TCP6,
+			CommandTimeout: 10 * time.Second,
+		},
+		Writer: &buffer,
+	}
+	require.NoError(t, plugin.Exec())
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}

tests/sudoers

@@ -0,0 +1,2 @@
+Defaults        requiretty
+drone-scp ALL=(ALL) NOPASSWD:ALL