chore: refactor release process configuration

- Change the changelog configuration in `.goreleaser.yaml` from using GitHub to using git.

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

.github/workflows/codeql.yml

@@ -38,11 +38,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -51,4 +51,4 @@ jobs:
           # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/docker.yml

@@ -14,14 +14,14 @@ jobs:
   build-docker:
     runs-on: ubuntu-latest
     steps:
-      - name: Setup go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "^1.21"
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Setup go
+        uses: actions/setup-go@v5
         with:
-          fetch-depth: 0
+          go-version-file: go.mod
+          check-latest: true
 
       - name: Build binary
         run: |

.github/workflows/goreleaser.yml

@@ -12,21 +12,21 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
-        with:
+
-          fetch-depth: 0
       - name: Setup go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: "^1"
+          go-version-file: go.mod
+          check-latest: true
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
           # either 'goreleaser' (default) or 'goreleaser-pro'
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/testing.yml

@@ -8,14 +8,17 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - name: Setup go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "^1.21"
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Setup go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
       - name: Setup golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v4
         with:
           version: latest
           args: --verbose
@@ -27,14 +30,16 @@ jobs:
 
   testing:
     runs-on: ubuntu-latest
-    container: golang:1.21-alpine
+    container:
+      image: golang:1.21-alpine
+      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: setup sshd server
         run: |
-          apk add git make curl perl bash build-base zlib-dev ucl-dev
+          apk add git make curl perl bash build-base zlib-dev ucl-dev sudo
           make ssh-server
 
       - name: testing
@@ -42,4 +47,4 @@ jobs:
           make test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4

.goreleaser.yaml

@@ -3,78 +3,78 @@ before:
     - go mod tidy
 
 builds:
-- env:
+  - env:
-  - CGO_ENABLED=0
+      - CGO_ENABLED=0
-  goos:
+    goos:
-  - darwin
+      - darwin
-  - linux
+      - linux
-  - windows
+      - windows
-  - freebsd
+      - freebsd
-  goarch:
+    goarch:
-  - amd64
+      - amd64
-  - arm
+      - arm
-  - arm64
+      - arm64
-  goarm:
+    goarm:
-  - "5"
+      - "5"
-  - "6"
+      - "6"
-  - "7"
+      - "7"
-  ignore:
+    ignore:
-    - goos: darwin
+      - goos: darwin
-      goarch: arm
+        goarch: arm
-    - goos: darwin
+      - goos: darwin
-      goarch: ppc64le
+        goarch: ppc64le
-    - goos: darwin
+      - goos: darwin
-      goarch: s390x
+        goarch: s390x
-    - goos: windows
+      - goos: windows
-      goarch: ppc64le
+        goarch: ppc64le
-    - goos: windows
+      - goos: windows
-      goarch: s390x
+        goarch: s390x
-    - goos: windows
+      - goos: windows
-      goarch: arm
+        goarch: arm
-      goarm: "5"
+        goarm: "5"
-    - goos: windows
+      - goos: windows
-      goarch: arm
+        goarch: arm
-      goarm: "6"
+        goarm: "6"
-    - goos: windows
+      - goos: windows
-      goarch: arm
+        goarch: arm
-      goarm: "7"
+        goarm: "7"
-    - goos: windows
+      - goos: windows
-      goarch: arm64
+        goarch: arm64
-    - goos: freebsd
+      - goos: freebsd
-      goarch: ppc64le
+        goarch: ppc64le
-    - goos: freebsd
+      - goos: freebsd
-      goarch: s390x
+        goarch: s390x
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm
+        goarch: arm
-      goarm: "5"
+        goarm: "5"
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm
+        goarch: arm
-      goarm: "6"
+        goarm: "6"
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm
+        goarch: arm
-      goarm: "7"
+        goarm: "7"
-    - goos: freebsd
+      - goos: freebsd
-      goarch: arm64
+        goarch: arm64
-  flags:
+    flags:
-  - -trimpath
+      - -trimpath
-  ldflags:
+    ldflags:
-  - -s -w
+      - -s -w
-  - -X main.Version={{.Version}}
+      - -X main.Version={{.Version}}
-  binary: >-
+    binary: >-
-    {{ .ProjectName }}-
+      {{ .ProjectName }}-
-    {{- if .IsSnapshot }}{{ .Branch }}-
+      {{- if .IsSnapshot }}{{ .Branch }}-
-    {{- else }}{{- .Version }}-{{ end }}
+      {{- else }}{{- .Version }}-{{ end }}
-    {{- .Os }}-
+      {{- .Os }}-
-    {{- if eq .Arch "amd64" }}amd64
+      {{- if eq .Arch "amd64" }}amd64
-    {{- else if eq .Arch "amd64_v1" }}amd64
+      {{- else if eq .Arch "amd64_v1" }}amd64
-    {{- else if eq .Arch "386" }}386
+      {{- else if eq .Arch "386" }}386
-    {{- else }}{{ .Arch }}{{ end }}
+      {{- else }}{{ .Arch }}{{ end }}
-    {{- if .Arm }}-{{ .Arm }}{{ end }}
+      {{- if .Arm }}-{{ .Arm }}{{ end }}
-  no_unique_dist_dir: true
+    no_unique_dist_dir: true
-  hooks:
+    hooks:
-    post:
+      post:
-      - cmd: xz -k -9 {{ .Path }}
+        - cmd: xz -k -9 {{ .Path }}
-        dir: ./dist/
+          dir: ./dist/
 
 archives:
   - format: binary
@@ -82,9 +82,9 @@ archives:
     allow_different_binary_count: true
 
 checksum:
-  name_template: 'checksums.txt'
+  name_template: "checksums.txt"
   extra_files:
-      - glob: ./**.xz
+    - glob: ./**.xz
 
 snapshot:
   name_template: "{{ incpatch .Version }}"
@@ -97,3 +97,21 @@ release:
   # Templates: allowed
   extra_files:
     - glob: ./**.xz
+
+changelog:
+  use: git
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: "Bug fixes"
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: "Enhancements"
+      regexp: "^.*chore[(\\w)]*:+.*$"
+      order: 2
+    - title: "Refactor"
+      regexp: "^.*refactor[(\\w)]*:+.*$"
+      order: 3
+    - title: Others
+      order: 999

Makefile

@@ -104,10 +104,21 @@ ssh-server:
 	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
 	chmod 600 /home/drone-scp/.ssh/authorized_keys
 	chown -R drone-scp /home/drone-scp/.ssh
+	# add public key to root user
+	mkdir -p /root/.ssh
+	chmod 700 /root/.ssh
+	cat tests/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
+	cat tests/.ssh/test.pub >> /root/.ssh/authorized_keys
+	chmod 600 /root/.ssh/authorized_keys
+	# Append the following entry to run ALL command without a password for a user named drone-scp:
+	cat tests/sudoers >> /etc/sudoers.d/sudoers
+	# install ssh and start server
 	apk add --update openssh openrc
 	rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
 	sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
 	sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/g' /etc/ssh/sshd_config
+	sed -i 's/^#ListenAddress ::/ListenAddress ::/g' /etc/ssh/sshd_config
 	./tests/entrypoint.sh /usr/sbin/sshd -D &
 
 coverage:

README.md

@@ -4,7 +4,7 @@
 
 [![GitHub tag](https://img.shields.io/github/tag/appleboy/drone-ssh.svg)](https://github.com/appleboy/drone-ssh/releases)
 [![GoDoc](https://godoc.org/github.com/appleboy/drone-ssh?status.svg)](https://godoc.org/github.com/appleboy/drone-ssh)
-[![Lint and Testing](https://github.com/appleboy/drone-ssh/actions/workflows/lint.yml/badge.svg)](https://github.com/appleboy/drone-ssh/actions/workflows/lint.yml)
+[![Lint and Testing](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml/badge.svg?branch=master)](https://github.com/appleboy/drone-ssh/actions/workflows/testing.yml)
 [![codecov](https://codecov.io/gh/appleboy/drone-ssh/branch/master/graph/badge.svg)](https://codecov.io/gh/appleboy/drone-ssh)
 [![Go Report Card](https://goreportcard.com/badge/github.com/appleboy/drone-ssh)](https://goreportcard.com/report/github.com/appleboy/drone-ssh)
 [![Docker Pulls](https://img.shields.io/docker/pulls/appleboy/drone-ssh.svg)](https://hub.docker.com/r/appleboy/drone-ssh/)

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/joho/godotenv v1.5.1
 	github.com/stretchr/testify v1.8.4
 	github.com/urfave/cli/v2 v2.27.1
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.18.0
 )
 
 require (
@@ -18,6 +18,6 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -25,15 +25,15 @@ github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e h1:+SOyEddqYF09QP7v
 github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200219091948-cb0a6d8edb6c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

main.go

@@ -38,11 +38,10 @@ func main() {
 	app.Version = Version
 	app.Flags = []cli.Flag{
 		&cli.StringSliceFlag{
-			Name:     "host",
+			Name:    "host",
-			Aliases:  []string{"H"},
+			Aliases: []string{"H"},
-			Usage:    "connect to host",
+			Usage:   "connect to host",
-			EnvVars:  []string{"PLUGIN_HOST", "SSH_HOST", "INPUT_HOST"},
+			EnvVars: []string{"PLUGIN_HOST", "SSH_HOST", "INPUT_HOST"},
-			FilePath: ".host",
 		},
 		&cli.IntFlag{
 			Name:    "port",
@@ -53,7 +52,7 @@ func main() {
 		},
 		&cli.StringFlag{
 			Name:    "protocol",
-			Usage:   "The IP protocol to use. Default to tcp (both IPv4 and IPv6).",
+			Usage:   "The IP protocol to use. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
 			EnvVars: []string{"PLUGIN_PROTOCOL", "SSH_PROTOCOL", "INPUT_PROTOCOL"},
 			Value:   "tcp",
 		},
@@ -149,8 +148,8 @@ func main() {
 		},
 		&cli.StringFlag{
 			Name:    "proxy.protocol",
-			Usage:   "The IP protocol to use for the proxy. Default to tcp (both IPv4 and IPv6).",
+			Usage:   "The IP protocol to use for the proxy. Valid values are \"tcp\". \"tcp4\" or \"tcp6\". Default to tcp.",
-			EnvVars: []string{"PLUGIN_PROTOCOL", "SSH_PROTOCOL", "INPUT_PROTOCOL"},
+			EnvVars: []string{"PLUGIN_PROXY_PROTOCOL", "SSH_PROXY_PROTOCOL", "INPUT_PROXY_PROTOCOL"},
 			Value:   "tcp",
 		},
 		&cli.StringFlag{
@@ -220,6 +219,11 @@ func main() {
 			Usage:   "pass all environment variable to shell script",
 			EnvVars: []string{"PLUGIN_ALLENVS", "INPUT_ALLENVS"},
 		},
+		&cli.BoolFlag{
+			Name:    "request-pty",
+			Usage:   "request a pseudo-terminal from the server",
+			EnvVars: []string{"PLUGIN_REQUEST_PTY", "INPUT_REQUEST_PTY"},
+		},
 	}
 
 	// Override a template
@@ -288,6 +292,7 @@ func run(c *cli.Context) error {
 			Ciphers:           c.StringSlice("ciphers"),
 			UseInsecureCipher: c.Bool("useInsecureCipher"),
 			AllEnvs:           c.Bool("allenvs"),
+			RequireTty:        c.Bool("request-pty"),
 			Proxy: easyssh.DefaultConfig{
 				Key:               c.String("proxy.ssh-key"),
 				KeyPath:           c.String("proxy.key-path"),

plugin.go

@@ -44,6 +44,7 @@ type (
 		UseInsecureCipher bool
 		EnvsFormat        string
 		AllEnvs           bool
+		RequireTty        bool
 	}
 
 	// Plugin structure
@@ -60,7 +61,9 @@ func escapeArg(arg string) string {
 func (p Plugin) hostPort(host string) (string, string) {
 	hosts := strings.Split(host, ":")
 	port := strconv.Itoa(p.Config.Port)
-	if len(hosts) > 1 {
+	if len(hosts) > 1 &&
+		(p.Config.Protocol == easyssh.PROTOCOL_TCP ||
+			p.Config.Protocol == easyssh.PROTOCOL_TCP4) {
 		host = hosts[0]
 		port = hosts[1]
 	}
@@ -85,6 +88,7 @@ func (p Plugin) exec(host string, wg *sync.WaitGroup, errChannel chan error) {
 		Ciphers:           p.Config.Ciphers,
 		Fingerprint:       p.Config.Fingerprint,
 		UseInsecureCipher: p.Config.UseInsecureCipher,
+		RequestPty:        p.Config.RequireTty,
 		Proxy: easyssh.DefaultConfig{
 			Server:            p.Config.Proxy.Server,
 			User:              p.Config.Proxy.User,

plugin_test.go

@@ -432,7 +432,6 @@ func getHostPublicKeyFile(keypath string) (ssh.PublicKey, error) {
 	}
 
 	pubkey, _, _, _, err = ssh.ParseAuthorizedKey(buf)
-
 	if err != nil {
 		return nil, err
 	}
@@ -797,7 +796,8 @@ func TestPlugin_hostPort(t *testing.T) {
 			name: "different port",
 			fields: fields{
 				Config: Config{
-					Port: 22,
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP4,
 				},
 			},
 			args: args{
@@ -806,6 +806,20 @@ func TestPlugin_hostPort(t *testing.T) {
 			wantHost: "localhost",
 			wantPort: "443",
 		},
+		{
+			name: "ipv6",
+			fields: fields{
+				Config: Config{
+					Port:     22,
+					Protocol: easyssh.PROTOCOL_TCP6,
+				},
+			},
+			args: args{
+				h: "::1",
+			},
+			wantHost: "::1",
+			wantPort: "22",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -919,3 +933,62 @@ out: [foobar]
 
 	assert.Equal(t, unindent(expected), unindent(buffer.String()))
 }
+
+func TestSudoCommand(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			sudo su - -c "whoami"
+			======END======
+			out: root
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"localhost"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				`sudo su - -c "whoami"`,
+			},
+			CommandTimeout: 10 * time.Second,
+			RequireTty:     true,
+		},
+		Writer: &buffer,
+	}
+
+	assert.Nil(t, plugin.Exec())
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}
+
+func TestCommandWithIPv6(t *testing.T) {
+	var (
+		buffer   bytes.Buffer
+		expected = `
+			======CMD======
+			whoami
+			======END======
+			out: drone-scp
+		`
+	)
+
+	plugin := Plugin{
+		Config: Config{
+			Host:     []string{"::1"},
+			Username: "drone-scp",
+			Port:     22,
+			KeyPath:  "./tests/.ssh/id_rsa",
+			Script: []string{
+				"whoami",
+			},
+			Protocol:       easyssh.PROTOCOL_TCP6,
+			CommandTimeout: 10 * time.Second,
+		},
+		Writer: &buffer,
+	}
+	assert.Nil(t, plugin.Exec())
+	assert.Equal(t, unindent(expected), unindent(buffer.String()))
+}

tests/sudoers

@@ -0,0 +1,2 @@
+Defaults        requiretty
+drone-scp ALL=(ALL) NOPASSWD:ALL