GitHub Action
SCP File Transfer
A GitHub Action to upload and download files via SCP.
Please note that if you only specify a single file as source, the target must be a file name and not a folder.
name: upload
on:
- push
jobs:
upload:
name: Upload
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@master
- name: Upload file via SSH
uses: nicklasfrahm/scp-action@main
with:
direction: upload
host: ${{ secrets.SSH_TARGET_HOST }}
fingerprint: ${{ secrets.SSH_TARGET_FINGERPRINT }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
proxy_host: ${{ secrets.SSH_PROXY_HOST }}
proxy_fingerprint: ${{ secrets.SSH_PROXY_FINGERPRINT }}
proxy_username: ${{ secrets.SSH_USER }}
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }}
source: |
path/to/source/a.txt
path/to/source/b.txt
target: path/to/target
name: download
on:
- push
jobs:
download:
name: Download
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@master
- name: Download file via SSH
uses: nicklasfrahm/scp-action@main
with:
direction: download
host: ${{ secrets.SSH_TARGET_HOST }}
fingerprint: ${{ secrets.SSH_TARGET_FINGERPRINT }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
proxy_host: ${{ secrets.SSH_PROXY_HOST }}
proxy_fingerprint: ${{ secrets.SSH_PROXY_FINGERPRINT }}
proxy_username: ${{ secrets.SSH_USER }}
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }}
source: path/to/source/a.txt
target: path/to/target/b.txt
See action.yml for more detailed information. Please note that all input variables must have string values. It is thus recommend to always use quotes.
Input variable | Default value | Description |
---|---|---|
host |
required | SSH host |
port |
22 |
SSH port |
username |
root |
SSH username |
passphrase |
none | SSH passphrase |
insecure_password |
none | SSH password, not recommended for security reasons |
timeout |
30s |
Timeout for SSH connection to remote host |
action_timeout |
10m |
Timeout for action |
key |
none | Content of ssh private key, raw content of ~/.ssh/id_rsa |
fingerprint |
none | Fingerprint SHA256 of the host public key, see Using host fingerprint verification |
insecure_ignore_fingerprint |
false |
Skip fingerprint verification of the host public key, not recommended for security reasons |
source |
required | A list of files to copy |
target |
. |
A folder to copy to |
direction |
none | Transfer direction, must be either upload or download |
proxy_host |
none | SSH proxy host |
proxy_port |
22 |
SSH proxy port |
proxy_username |
root |
SSH proxy username |
proxy_passphrase |
none | SSH proxy passphrase |
insecure_proxy_password |
none | SSH proxy password |
proxy_key |
none | Content of SSH proxy private key |
proxy_fingerprint |
none | Fingerprint SHA256 of the proxy host public key, see Using host fingerprint verification |
insecure_proxy_ignore_fingerprint |
none | Skip fingerprint verification of the proxy host public key, not recommended for security reasons |
Setting up SSH host fingerprint verification can help to prevent Person-in-the-Middle attacks. Before setting this up, run the command below to get your SSH host fingerprint. Remember to replace ed25519
with your appropriate key type (rsa
, dsa
, etc.) that your server is using and example.com
with your host. In modern OpenSSH releases, the default key types to be fetched are rsa
(since version 5.1), ecdsa
(since version 6.0), and ed25519
(since version 6.7).
ssh example.com ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub | cut -d ' ' -f2
We would ❤️ for you to contribute to nicklasfrahm/scp-action
, pull requests are welcome!
This project is licensed under the MIT license.