Skip to content

Commit e5bfcf0

Browse files
igawigaw
committed
build: replace ftp-deployer with inline sshpass+sftp
The ftp-deployer action is replaced with a plain run in order to reduce the amount of untrusted third-party code running inside the build system. Signed-off-by: Daniel Wagner <[email protected]>
1 parent bcb14ff commit e5bfcf0

1 file changed

Lines changed: 17 additions & 13 deletions

File tree

.github/workflows/upload.yml

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -66,19 +66,23 @@ jobs:
6666
name: nvme-cli
6767
path: upload
6868

69-
- name: FTP Deployer
70-
uses: sand4rt/ftp-deployer@518beaad91d1b18fd55a69321de7ed89080d2ae3 # v1.8
71-
with:
72-
sftp: true
73-
host: ${{ secrets.SFTP_SERVER }}
74-
port: 22
75-
username: ${{ secrets.SFTP_USERNAME }}
76-
password: ${{ secrets.SFTP_PASSWORD }}
77-
remote_folder: '/upload'
78-
local_folder: upload
79-
cleanup: false
80-
include: '[ "nvme-cli-*" ]'
81-
exclude: '[".github/**", ".git/**", "*.env"]'
69+
- name: upload to SFTP server
70+
env:
71+
SSHPASS: ${{ secrets.SFTP_PASSWORD }}
72+
SFTP_USERNAME: ${{ secrets.SFTP_USERNAME }}
73+
SFTP_SERVER: ${{ secrets.SFTP_SERVER }}
74+
SFTP_HOST_KEY: ${{ secrets.SFTP_HOST_KEY }}
75+
run: |
76+
sudo apt-get install -y sshpass
77+
mkdir -p ~/.ssh
78+
echo "${SFTP_HOST_KEY}" > ~/.ssh/known_hosts
79+
(
80+
echo "cd /upload"
81+
for f in upload/nvme-cli-*; do
82+
[ -f "$f" ] || continue
83+
echo "put $f $(basename "$f")"
84+
done
85+
) | sshpass -e sftp -b - "${SFTP_USERNAME}@${SFTP_SERVER}"
8286
8387
upload-release-assets:
8488
name: upload GitHub release assets

0 commit comments

Comments
 (0)