chore: upgrade Go and dependencies to improve compatibility

- Update Go version from 1.22 to 1.23
- Upgrade golang.org/x/crypto from version 0.29.0 to 0.36.0
- Upgrade golang.org/x/sys from version 0.27.0 to 0.31.0
- Change Docker image in GitHub Actions from golang:1.22-alpine to golang:1.23-alpine

Signed-off-by: appleboy <appleboy.tw@gmail.com>

.github/workflows/codeql.yml

@@ -13,12 +13,12 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master]
   schedule:
-    - cron: '41 23 * * 6'
+    - cron: "41 23 * * 6"
 
 jobs:
   analyze:
@@ -32,23 +32,23 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go' ]
+        language: ["go"]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
-    - name: Checkout repository
+      - name: Checkout repository
-      uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
+      # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
+      - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
-      with:
+        with:
-        languages: ${{ matrix.language }}
+          languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
+          # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
+          # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    - name: Perform CodeQL Analysis
+      - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/docker.yml

@@ -5,56 +5,51 @@ on:
     branches:
       - master
     tags:
-      - 'v*'
+      - "v*"
   pull_request:
     branches:
-      - 'master'
+      - "master"
 
 jobs:
   build-docker:
     runs-on: ubuntu-latest
     steps:
-      - name: Setup go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '^1'
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Setup go
+        uses: actions/setup-go@v5
         with:
-          fetch-depth: 0
+          go-version-file: go.mod
+          check-latest: true
 
       - name: Build binary
-        run : |
+        run: |
           make build_linux_amd64
-          make build_linux_arm
           make build_linux_arm64
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
 
-      -
+      - name: Set up QEMU
-        name: Set up Docker Buildx
+        uses: docker/setup-qemu-action@v3
-        uses: docker/setup-buildx-action@v2
 
-      -
+      - name: Set up Docker Buildx
-        name: Login to Docker Hub
+        uses: docker/setup-buildx-action@v3
-        uses: docker/login-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      -
+      - name: Login to GitHub Container Registry
-        name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
-        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      -
+      - name: Docker meta
-        name: Docker meta
         id: docker-meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             ${{ github.repository }}
@@ -65,13 +60,14 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
 
-      -
+      - name: Build and push
-        name: Build and push
+        uses: docker/build-push-action@v6
-        uses: docker/build-push-action@v4
         with:
           context: .
-          platforms: linux/amd64,linux/arm,linux/arm64
+          platforms: linux/amd64,linux/arm64
           file: docker/Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.docker-meta.outputs.tags }}
           labels: ${{ steps.docker-meta.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache,mode=max

.github/workflows/goreleaser.yml

@@ -3,7 +3,7 @@ name: Goreleaser
 on:
   push:
     tags:
-      - '*'
+      - "*"
 
 permissions:
   contents: write
@@ -12,24 +12,23 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      -
+      - name: Checkout repository
-        name: Checkout
+        uses: actions/checkout@v4
-        uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      -
-        name: Setup go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '^1'
 
-      -
+      - name: Setup go
-        name: Run GoReleaser
+        uses: actions/setup-go@v5
-        uses: goreleaser/goreleaser-action@v4
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
         with:
           # either 'goreleaser' (default) or 'goreleaser-pro'
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/testing.yml

@@ -8,14 +8,17 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - name: Setup go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '^1'
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Setup go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
       - name: Setup golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
           version: latest
           args: --verbose
@@ -27,14 +30,16 @@ jobs:
 
   testing:
     runs-on: ubuntu-latest
-    container: golang:1.19-alpine
+    container:
+      image: golang:1.23-alpine
+      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: setup sshd server
         run: |
-          apk add git make curl perl bash build-base zlib-dev ucl-dev
+          apk add git make curl perl bash build-base zlib-dev ucl-dev sudo
           make ssh-server
 
       - name: testing
@@ -42,4 +47,4 @@ jobs:
           make test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4

.golangci.yaml

@@ -0,0 +1,42 @@
+run:
+  timeout: 5m
+linters:
+  enable:
+    - asciicheck
+    - durationcheck
+    - errcheck
+    - errorlint
+    - exportloopref
+    - gci
+    - gofmt
+    - goimports
+    - gosec
+    - misspell
+    - nakedret
+    - nilerr
+    - nolintlint
+    - perfsprint
+    - revive
+    - usestdlibvars
+    - wastedassign
+
+linters-settings:
+  gosec:
+    # To select a subset of rules to run.
+    # Available rules: https://github.com/securego/gosec#available-rules
+    # Default: [] - means include all rules
+    includes:
+      - G102
+      - G106
+      - G108
+      - G109
+      - G111
+      - G112
+      - G201
+      - G203
+  perfsprint:
+    err-error: true
+    errorf: true
+    int-conversion: true
+    sprintf1: true
+    strconcat: true

.goreleaser.yaml

@@ -3,78 +3,78 @@ before:
     - go mod tidy
 
 builds:
-- env:
+  - env:
-  - CGO_ENABLED=0
+      - CGO_ENABLED=0
-  goos:
+    goos:
-  - darwin
+      - darwin
-  - linux
+      - linux
-  - windows
+      - windows
-  - freebsd
+      - freebsd
-  goarch:
+    goarch:
-  - amd64
+      - amd64
-  - arm
+      - arm
-  - arm64
+      - arm64
-  goarm:
+    goarm:
-  - "5"
+      - "5"
-  - "6"
+      - "6"
-  - "7"
+      - "7"
-  ignore:
+    ignore:
-    - goos: darwin
+      - goos: darwin
-      goarch: arm
+        goarch: arm
-    - goos: darwin
+      - goos: darwin
-      goarch: ppc64le
+        goarch: ppc64le
-    - goos: darwin
+      - goos: darwin
-      goarch: s390x
+        goarch: s390x
-    - goos: windows
+      - goos: windows
-      goarch: ppc64le
+        goarch: ppc64le
-    - goos: windows
+      - goos: windows
-      goarch: s390x
+        goarch: s390x
-    - goos: windows
+      - goos: windows
-      goarch: arm
+        goarch: arm
-      goarm: "5"
+        goarm: "5"
-    - goos: windows
+      - goos: windows
-      goarch: arm
+        goarch: arm
-      goarm: "6"
+        goarm: "6"
-    - goos: windows
+      - goos: windows
-      goarch: arm
+        goarch: arm
-      goarm: "7"
+        goarm: "7"
-    - goos: windows
+      - goos: windows
-      goarch: arm64
+        goarch: arm64
-    - goos: freebsd
+      - goos: freebsd
-      goarch: ppc64le
+        goarch: ppc64le
-    - goos: freebsd
+      - goos: freebsd
-      goarch: s390x
+        goarch: s390x
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm
+        goarch: arm
-      goarm: "5"
+        goarm: "5"
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm
+        goarch: arm
-      goarm: "6"
+        goarm: "6"
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm
+        goarch: arm
-      goarm: "7"
+        goarm: "7"
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm64
+        goarch: arm64
-  flags:
+    flags:
-  - -trimpath
+      - -trimpath
-  ldflags:
+    ldflags:
-  - -s -w
+      - -s -w
-  - -X main.Version={{.Version}}
+      - -X main.Version={{.Version}}
-  binary: >-
+    binary: >-
-    {{ .ProjectName }}-
+      {{ .ProjectName }}-
-    {{- if .IsSnapshot }}{{ .Branch }}-
+      {{- if .IsSnapshot }}{{ .Branch }}-
-    {{- else }}{{- .Version }}-{{ end }}
+      {{- else }}{{- .Version }}-{{ end }}
-    {{- .Os }}-
+      {{- .Os }}-
-    {{- if eq .Arch "amd64" }}amd64
+      {{- if eq .Arch "amd64" }}amd64
-    {{- else if eq .Arch "amd64_v1" }}amd64
+      {{- else if eq .Arch "amd64_v1" }}amd64
-    {{- else if eq .Arch "386" }}386
+      {{- else if eq .Arch "386" }}386
-    {{- else }}{{ .Arch }}{{ end }}
+      {{- else }}{{ .Arch }}{{ end }}
-    {{- if .Arm }}-{{ .Arm }}{{ end }}
+      {{- if .Arm }}-{{ .Arm }}{{ end }}
-  no_unique_dist_dir: true
+    no_unique_dist_dir: true
-  hooks:
+    hooks:
-    post:
+      post:
-      - cmd: xz -k -9 {{ .Path }}
+        - cmd: xz -k -9 {{ .Path }}
-        dir: ./dist/
+          dir: ./dist/
 
 archives:
   - format: binary
@@ -82,9 +82,9 @@ archives:
     allow_different_binary_count: true
 
 checksum:
-  name_template: 'checksums.txt'
+  name_template: "checksums.txt"
   extra_files:
-      - glob: ./**.xz
+    - glob: ./**.xz
 
 snapshot:
   name_template: "{{ incpatch .Version }}"
@@ -97,3 +97,27 @@ release:
   # Templates: allowed
   extra_files:
     - glob: ./**.xz
+
+changelog:
+  use: github
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: "Bug fixes"
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: "Enhancements"
+      regexp: "^.*chore[(\\w)]*:+.*$"
+      order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: "Build process updates"
+      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
+      order: 4
+    - title: "Documentation updates"
+      regexp: ^.*?docs?(\(.+\))??!?:.+$
+      order: 4
+    - title: Others
+      order: 999

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3018
+  - DL3008

Makefile

@@ -104,10 +104,21 @@ ssh-server:
 	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
 	chmod 600 /home/drone-scp/.ssh/authorized_keys
 	chown -R drone-scp /home/drone-scp/.ssh
+	# add public key to root user
+	mkdir -p /root/.ssh
+	chmod 700 /root/.ssh
+	cat tests/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
+	cat tests/.ssh/test.pub >> /root/.ssh/authorized_keys
+	chmod 600 /root/.ssh/authorized_keys
+	# Append the following entry to run ALL command without a password for a user named drone-scp:
+	cat tests/sudoers >> /etc/sudoers.d/sudoers
+	# install ssh and start server
 	apk add --update openssh openrc
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
 	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress ::/ListenAddress ::/g' /etc/ssh/sshd_config
 	./tests/entrypoint.sh /usr/sbin/sshd -D &
 
 coverage:

README.md

@@ -4,7 +4,7 @@
 
 [![GitHub tag](https://img.shields.io/github/tag/appleboy/drone-ssh.svg)](https://github.com/appleboy/drone-ssh/releases)
 [![GoDoc](https://godoc.org/github.com/appleboy/drone-ssh?status.svg)](https://godoc.org/github.com/appleboy/drone-ssh)
-[![Lint and Testing](https://github.com/appleboy/drone-ssh/actions/workflows/lint.yml/badge.svg)](https://github.com/appleboy/drone-ssh/actions/workflows/lint.yml)
+[![Lint and Testing](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml)
 [![codecov](https://codecov.io/gh/appleboy/drone-ssh/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-ssh)
 [![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-ssh)](https://goreportcard.com/report/github.com/appleboy/drone-ssh)
 [![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-ssh.svg)](https://hub.docker.com/r/appleboy/drone-ssh/)

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.17
+FROM alpine:3.20
 
 ARG TARGETOS
 ARG TARGETARCH
@@ -12,9 +12,26 @@ LABEL org.opencontainers.image.source=https://github.com/appleboy/drone-ssh
 LABEL org.opencontainers.image.description="Execute commands on a remote host through SSH"
 LABEL org.opencontainers.image.licenses=MIT
 
-RUN apk add --no-cache ca-certificates=20230506-r0 && \
+RUN apk add --no-cache ca-certificates tzdata && \
   rm -rf /var/cache/apk/*
 
+RUN addgroup \
+  -S -g 1000 \
+  deploy && \
+  adduser \
+  -S -H -D \
+  -h /home/deploy \
+  -s /bin/sh \
+  -u 1000 \
+  -G deploy \
+  deploy
+
+RUN mkdir -p /home/deploy && \
+  chown deploy:deploy /home/deploy
+
+# deploy:deploy
+USER 1000:1000
+
 COPY release/${TARGETOS}/${TARGETARCH}/drone-ssh /bin/
 
 ENTRYPOINT ["/bin/drone-ssh"]

go.mod

@@ -1,23 +1,24 @@
 module github.com/appleboy/drone-ssh
 
-go 1.18
+go 1.23.0
 
 require (
-	github.com/appleboy/easyssh-proxy v1.4.0
+	github.com/appleboy/easyssh-proxy v1.5.0
 	github.com/joho/godotenv v1.5.1
 	github.com/stretchr/testify v1.8.4
-	github.com/urfave/cli/v2 v2.25.7
+	github.com/urfave/cli/v2 v2.27.5
-	golang.org/x/crypto v0.10.0
+	github.com/yassinebenaid/godump v0.11.1
+	golang.org/x/crypto v0.36.0
 )
 
 require (
 	github.com/ScaleFT/sshkeys v1.2.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
-	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,9 +1,9 @@
 github.com/ScaleFT/sshkeys v1.2.0 h1:5BRp6rTVIhJzXT3VcUQrKgXR8zWA3sOsNeuyW15WUA8=
 github.com/ScaleFT/sshkeys v1.2.0/go.mod h1:gxOHeajFfvGQh/fxlC8oOKBe23xnnJTif00IFFbiT+o=
-github.com/appleboy/easyssh-proxy v1.4.0 h1:1ZESTmHaQcM8/gAvauWipaT4cI3oO8Nf95TUaobshqE=
+github.com/appleboy/easyssh-proxy v1.5.0 h1:OYdSPvYQN3mhnsMH5I2OF1TgwSEcSq33kvjQfTwvZww=
-github.com/appleboy/easyssh-proxy v1.4.0/go.mod h1:CBOkizsKxFFuSn2kthXCD/mXIUnZyb/nLbYtHLzvcfM=
+github.com/appleboy/easyssh-proxy v1.5.0/go.mod h1:zcEMrStH91/tcUn3gUGP0KpQwUYLm8tX/Ook1AH98uc=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -19,21 +19,24 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
+github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
-github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yassinebenaid/godump v0.11.1 h1:SPujx/XaYqGDfmNh7JI3dOyCUVrG0bG2duhO3Eh2EhI=
+github.com/yassinebenaid/godump v0.11.1/go.mod h1:dc/0w8wmg6kVIvNGAzbKH1Oa54dXQx8SNKh4dPRyW44=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200219091948-cb0a6d8edb6c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

main.go

@@ -6,9 +6,10 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/appleboy/easyssh-proxy"
+	easyssh "github.com/appleboy/easyssh-proxy"
 	"github.com/joho/godotenv"
 	"github.com/urfave/cli/v2"
+	"github.com/yassinebenaid/godump"
 )
 
 // Version set at compile-time
@@ -53,7 +54,7 @@ func main() {
 		},
 		&cli.StringFlag{
 			Name:    "protocol",
-			Usage:   "The IP protocol to use. Default to tcp (both IPv4 and IPv6).",
+			Usage:   "The IP protocol to use. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
 			EnvVars: []string{"PLUGIN_PROTOCOL", "SSH_PROTOCOL", "INPUT_PROTOCOL"},
 			Value:   "tcp",
 		},
@@ -131,6 +132,11 @@ func main() {
 			Usage:   "execute single commands for github action",
 			EnvVars: []string{"INPUT_SCRIPT"},
 		},
+		&cli.StringFlag{
+			Name:    "script.file",
+			Usage:   "execute commands from a file for github action",
+			EnvVars: []string{"PLUGIN_SCRIPT_FILE", "INPUT_SCRIPT_FILE"},
+		},
 		&cli.BoolFlag{
 			Name:    "script.stop",
 			Usage:   "stop script after first failure",
@@ -149,8 +155,8 @@ func main() {
 		},
 		&cli.StringFlag{
 			Name:    "proxy.protocol",
-			Usage:   "The IP protocol to use for the proxy. Default to tcp (both IPv4 and IPv6).",
+			Usage:   "The IP protocol to use for the proxy. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
-			EnvVars: []string{"PLUGIN_PROTOCOL", "SSH_PROTOCOL", "INPUT_PROTOCOL"},
+			EnvVars: []string{"PLUGIN_PROXY_PROTOCOL", "SSH_PROXY_PROTOCOL", "INPUT_PROXY_PROTOCOL"},
 			Value:   "tcp",
 		},
 		&cli.StringFlag{
@@ -207,7 +213,7 @@ func main() {
 		&cli.BoolFlag{
 			Name:    "debug",
 			Usage:   "debug mode",
-			EnvVars: []string{"PLUGIN_DEBUG", "INPUT_DEBUG"},
+			EnvVars: []string{"PLUGIN_DEBUG", "INPUT_DEBUG", "DEBUG"},
 		},
 		&cli.StringFlag{
 			Name:    "envs.format",
@@ -220,6 +226,11 @@ func main() {
 			Usage:   "pass all environment variable to shell script",
 			EnvVars: []string{"PLUGIN_ALLENVS", "INPUT_ALLENVS"},
 		},
+		&cli.BoolFlag{
+			Name:    "request-pty",
+			Usage:   "request a pseudo-terminal from the server",
+			EnvVars: []string{"PLUGIN_REQUEST_PTY", "INPUT_REQUEST_PTY"},
+		},
 	}
 
 	// Override a template
@@ -266,6 +277,18 @@ func run(c *cli.Context) error {
 		scripts = append(scripts, s)
 	}
 
+	if f := c.String("script.file"); f != "" {
+		// check file exists
+		if _, err := os.Stat(f); err != nil {
+			return err
+		}
+		s, err := os.ReadFile(f)
+		if err != nil {
+			return err
+		}
+		scripts = append(scripts, string(s))
+	}
+
 	plugin := Plugin{
 		Config: Config{
 			Key:               c.String("ssh-key"),
@@ -288,6 +311,7 @@ func run(c *cli.Context) error {
 			Ciphers:           c.StringSlice("ciphers"),
 			UseInsecureCipher: c.Bool("useInsecureCipher"),
 			AllEnvs:           c.Bool("allenvs"),
+			RequireTty:        c.Bool("request-pty"),
 			Proxy: easyssh.DefaultConfig{
 				Key:               c.String("proxy.ssh-key"),
 				KeyPath:           c.String("proxy.key-path"),
@@ -306,5 +330,9 @@ func run(c *cli.Context) error {
 		Writer: os.Stdout,
 	}
 
+	if plugin.Config.Debug {
+		_ = godump.Dump(plugin)
+	}
+
 	return plugin.Exec()
 }

plugin.go

@@ -10,7 +10,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/appleboy/easyssh-proxy"
+	easyssh "github.com/appleboy/easyssh-proxy"
 )
 
 var (
@@ -44,6 +44,7 @@ type (
 		UseInsecureCipher bool
 		EnvsFormat        string
 		AllEnvs           bool
+		RequireTty        bool
 	}
 
 	// Plugin structure
@@ -60,7 +61,9 @@ func escapeArg(arg string) string {
 func (p Plugin) hostPort(host string) (string, string) {
 	hosts := strings.Split(host, ":")
 	port := strconv.Itoa(p.Config.Port)
-	if len(hosts) > 1 {
+	if len(hosts) > 1 &&
+		(p.Config.Protocol == easyssh.PROTOCOL_TCP ||
+			p.Config.Protocol == easyssh.PROTOCOL_TCP4) {
 		host = hosts[0]
 		port = hosts[1]
 	}
@@ -85,6 +88,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 		Ciphers:           p.Config.Ciphers,
 		Fingerprint:       p.Config.Fingerprint,
 		UseInsecureCipher: p.Config.UseInsecureCipher,
+		RequestPty:        p.Config.RequireTty,
 		Proxy: easyssh.DefaultConfig{
 			Server:            p.Config.Proxy.Server,
 			User:              p.Config.Proxy.User,
@@ -101,9 +105,11 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 		},
 	}
 
-	p.log(host, "======CMD======")
+	if p.Config.Debug {
-	p.log(host, strings.Join(p.Config.Script, "\n"))
+		p.log(host, "======CMD======")
-	p.log(host, "======END======")
+		p.log(host, strings.Join(p.Config.Script, "\n"))
+		p.log(host, "======END======")
+	}
 
 	env := []string{}
 	if p.Config.AllEnvs {
@@ -119,7 +125,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 
 	p.Config.Script = append(env, p.scriptCommands()...)
 
-	if p.Config.Debug {
+	if p.Config.Debug && len(env) > 0 {
 		p.log(host, "======ENV======")
 		p.log(host, strings.Join(env, "\n"))
 		p.log(host, "======END======")
@@ -131,7 +137,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 		return
 	}
 	// read from the output channel until the done signal is passed
-	isTimeout := true
+	var isTimeout bool
 loop:
 	for {
 		select {
@@ -139,11 +145,11 @@ loop:
 			break loop
 		case outline := <-stdoutChan:
 			if outline != "" {
-				p.log(host, "out:", outline)
+				p.log(host, outline)
 			}
 		case errline := <-stderrChan:
 			if errline != "" {
-				p.log(host, "err:", errline)
+				p.log(host, errline)
 			}
 		case err = <-errChan:
 		}
@@ -224,9 +230,9 @@ func (p Plugin) Exec() error {
 		}
 	}
 
-	fmt.Println("==============================================")
+	fmt.Println("===============================================")
-	fmt.Println("✅ Successfully executed commands to all host.")
+	fmt.Println("✅ Successfully executed commands to all hosts.")
-	fmt.Println("==============================================")
+	fmt.Println("===============================================")
 
 	return nil
 }

plugin_test.go

@@ -365,17 +365,17 @@ func TestCommandOutput(t *testing.T) {
 			whoami
 			uname
 			localhost: ======END======
-			localhost: out: /home/drone-scp
+			localhost: /home/drone-scp
-			localhost: out: drone-scp
+			localhost: drone-scp
-			localhost: out: Linux
+			localhost: Linux
 			127.0.0.1: ======CMD======
 			127.0.0.1: pwd
 			whoami
 			uname
 			127.0.0.1: ======END======
-			127.0.0.1: out: /home/drone-scp
+			127.0.0.1: /home/drone-scp
-			127.0.0.1: out: drone-scp
+			127.0.0.1: drone-scp
-			127.0.0.1: out: Linux
+			127.0.0.1: Linux
 		`
 	)
 
@@ -392,6 +392,7 @@ func TestCommandOutput(t *testing.T) {
 			},
 			CommandTimeout: 60 * time.Second,
 			Sync:           true,
+			Debug:          true,
 		},
 		Writer: &buffer,
 	}
@@ -432,7 +433,6 @@ func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
 	}
 
 	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
-
 	if err != nil {
 		return nil, err
 	}
@@ -444,10 +444,7 @@ func TestFingerprint(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-			======CMD======
+			drone-scp
-			whoami
-			======END======
-			out: drone-scp
 		`
 	)
 
@@ -478,11 +475,7 @@ func TestScriptStopWithMultipleHostAndSyncMode(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-			======CMD======
+			mkdir: can't create directory 'a/b/c': No such file or directory
-			mkdir a/b/c
-			mkdir d/e/f
-			======END======
-			err: mkdir: can't create directory 'a/b/c': No such file or directory
 		`
 	)
 
@@ -513,11 +506,7 @@ func TestScriptStop(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-			======CMD======
+			mkdir: can't create directory 'a/b/c': No such file or directory
-			mkdir a/b/c
-			mkdir d/e/f
-			======END======
-			err: mkdir: can't create directory 'a/b/c': No such file or directory
 		`
 	)
 
@@ -547,12 +536,8 @@ func TestNoneScriptStop(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-			======CMD======
+			mkdir: can't create directory 'a/b/c': No such file or directory
-			mkdir a/b/c
+			mkdir: can't create directory 'd/e/f': No such file or directory
-			mkdir d/e/f
-			======END======
-			err: mkdir: can't create directory 'a/b/c': No such file or directory
-			err: mkdir: can't create directory 'd/e/f': No such file or directory
 		`
 	)
 
@@ -599,13 +584,13 @@ func TestEnvOutput(t *testing.T) {
 			export ENV_6='test"'
 			export ENV_7='test,!#;?.@$~'\''"'
 			======END======
-			out: [test]
+			[test]
-			out: [test test]
+			[test test]
-			out: [test ]
+			[test ]
-			out: [  test  test  ]
+			[  test  test  ]
-			out: [test']
+			[test']
-			out: [test"]
+			[test"]
-			out: [test,!#;?.@$~'"]
+			[test,!#;?.@$~'"]
 		`
 	)
 
@@ -734,12 +719,8 @@ func TestUseInsecureCipher(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-			======CMD======
+			mkdir: can't create directory 'a/b/c': No such file or directory
-			mkdir a/b/c
+			mkdir: can't create directory 'd/e/f': No such file or directory
-			mkdir d/e/f
-			======END======
-			err: mkdir: can't create directory 'a/b/c': No such file or directory
-			err: mkdir: can't create directory 'd/e/f': No such file or directory
 		`
 	)
 
@@ -797,7 +778,8 @@ func TestPlugin_hostPort(t *testing.T) {
 			name: "different port",
 			fields: fields{
 				Config: Config{
-					Port: 22,
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP4,
 				},
 			},
 			args: args{
@@ -806,6 +788,20 @@ func TestPlugin_hostPort(t *testing.T) {
 			wantHost: "localhost",
 			wantPort: "443",
 		},
+		{
+			name: "ipv6",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP6,
+				},
+			},
+			args: args{
+				h: "::1",
+			},
+			wantHost: "::1",
+			wantPort: "22",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -875,14 +871,9 @@ func TestAllEnvs(t *testing.T) {
 	var (
 		buffer   bytes.Buffer
 		expected = `
-======CMD======
+[foobar]
-echo "[${INPUT_1}]"
+[foobar]
-echo "[${GITHUB_2}]"
+[foobar]
-echo "[${PLUGIN_3}]"
-======END======
-out: [foobar]
-out: [foobar]
-out: [foobar]
 		`
 	)
 
@@ -919,3 +910,56 @@ out: [foobar]
 
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }
+
+func TestSudoCommand(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			root
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				`sudo su - -c "whoami"`,
+			},
+			CommandTimeout: 10 * time.Second,
+			RequireTty:     true,
+		},
+		Writer: &buffer,
+	}
+
+	assert.Nil(t, plugin.Exec())
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestCommandWithIPv6(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			drone-scp
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"::1"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Protocol:       easyssh.PROTOCOL_TCP6,
+			CommandTimeout: 10 * time.Second,
+		},
+		Writer: &buffer,
+	}
+	assert.Nil(t, plugin.Exec())
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}

tests/sudoers

@@ -0,0 +1,2 @@
+Defaults        requiretty
+drone-scp ALL=(ALL) NOPASSWD:ALL