chore(deps): update burnett01/rsync-deployments action to v8 #377

Merged

renovate[bot] merged 1 commit from renovate/burnett01-rsync-deployments-8.x into main 2026-06-05 19:15:42 +07:00

Conversation 1 Commits 1 Files changed 1 +1 -1

renovate[bot] commented 2026-04-19 17:04:06 +07:00 (Migrated from github.com)

Copy link

This PR contains the following updates:

Package	Type	Update	Change
burnett01/rsync-deployments	action	major	5.2 → 8.0.5

---

Release Notes

burnett01/rsync-deployments (burnett01/rsync-deployments)

v8.0.5

Compare Source

What's Changed

• update base-image Alpine from 3.23.3 to 3.23.4 that fixes:

musl
CVE-2026-6042
CVE-2026-40200

openssl
CVE-2026-31790
CVE-2026-28387
CVE-2026-28388
CVE-2026-28389
CVE-2026-28390
CVE-2026-31789

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/8.0.4...8.0.5

v8.0.4

Compare Source

What's Changed

• chore(deps): bump alpine from 3.23.2 to 3.23.3 #​99 #​100

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/8.0.3...8.0.4

Contributors:

• @​Burnett01
• @​dependabot

v8.0.3

Compare Source

What's Changed

• chore(deps): bump alpine from 3.23.0 to 3.23.2 #​97 #​98

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/8.0.2...8.0.3

Contributors:

• @​Burnett01
• @​dependabot

v8.0.2

Compare Source

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/8.0.1...8.0.2

Contributors:

• @​Burnett01
• @​JoshPiper

v8.0.1

Compare Source

[!CAUTION]
EOL - End of Life - see SECURITY.md!

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/8.0.0...8.0.1

Contributors:

• @​Burnett01
• @​JoshPiper

v8

Compare Source

What's Changed

Version v8 (8.0.5) offers the following features:

• feat: latest Alpine 3.23.4
• feat: latest Rsync 3.4.1-r1
• feat: integrate rsync-docker 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth)
  • backported:
    • agent-start
    • agent-stop
    • agent-askpass
    • agent-add
    • hosts-add
    • hosts-clear
  • new added:
    • ssh-init
    • hosts-init
  • improved:
    • stricter permissions on .ssh/ folder (700) and known_hosts (600)
    • use set -eu in all scipts
• feat: new strict_host_keys option to enable support for strict host key verification. Default: false (to keep backward compatibility)
• feat: new debug option to see the commands executed (-x) by this action
• feat: this action is now scanned for vulnerabilities by Snyk
• feat; this action is now scanned by CodeQL for Q/A
• feat: this action now performs CI tasks such as Validation, Linting and Unit Tests
• fix: various shell syntax for robustness
• fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations
• refactor: use $HOME instead of tilde ~ for robustness
• feat: cross-platform support
• chore: Deprecate 7.0.2
• chore: EOL 7.0.0 & 7.0.1

New release channels:

From now on you can use @v8 instead of manually pinning to a version like 8.0.5.

The benefit of using v8 is that you will receive future MINOR+PATCH updates automatically, since v8 is a pointer to 8.x.x.

However, of course you are free to use the regular format like 8.0.5 directly.

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/7.1.0...8.0.5

Contributors:

• @​Burnett01
• @​JoshPiper

v8.0.0: - regression (use v8 or 8.0.2)

Compare Source

[!CAUTION]
EOL - End of Life - see SECURITY.md!

This release has a regression, see #​90 and #​89.

Use @v8 which points to 8.0.1

v7.1.0

Compare Source

[!WARNING]
DEPRECATED - See deprecation notice & SECURITY.md!

What's Changed

• Update Alpine from 3.19.1 to 3.22.1 via drinternet/rsync@1.5.1 (hub)

• Update Rsync from 3.4.0-r0 to 3.4.1-r0

• Using Githubs new "immutable releases" feature

• Repo now supports BATS testing the entrypoint shell script, shellsheck and various integration tests

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/7.0.2...7.1.0

v7.0.2

Compare Source

[!WARNING]
DEPRECATED - See deprecation notice & SECURITY.md!

What's Changed

3.4.0-r0

• always force-upgrade rsync to get the latest security upgrades

• new version 7.0.2 (with rsync 3.4.0), deprecate old versions, remove dead links

The latest rsync version 3.4.0 fixes a wide variety of CVE's.
See their press release: https://download.samba.org/pub/rsync/NEWS#3.4.0

The latest action version 7.0.2 is using rsync 3.4.0, so please use that.

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/7.0.1...7.0.2

v7.0.1

Compare Source

[!CAUTION]
EOL - End of Life - see SECURITY.md!

• Pin @​JoshPiper drinternet/rsync image by SHA-256 hash rather than version. (Immutability)
  Added via #​60

The docker image of this action is now pinned to the specific SHA-256 hash of the version rather than just the version.
This means for the latest drinternet/rsync:v1.4.4 the corresponding hash is drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234

Check for validation: https://hub.docker.com/layers/drinternet/rsync/v1.4.4/images/sha256-15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234

With that, usage of this action is even more secure due to a consistent dependency chain of trust,
since changes accompanied by a docker image hash are immutable.

Thanks to @​XComp

v7.0.0

Compare Source

[!CAUTION]
EOL - End of Life - see SECURITY.md!

What's Changed

• feat: Update base image to latest 1.4.4 (alpine 3.19.1)

JoshPiper/rsync-docker@ba20622
JoshPiper/rsync-docker#25
@​JoshPiper

• Merge pull request Burnett01#24 from jasongill/patch-1

Re-allow RSA host keys with SSH

• feat: Make usage of legacy rsa hostkeys conditional

The usage of RSA host keys introduced with Burnett01@​c7baefd
was adjusted to make it conditional/configurable and to keep
backward compatibility

Resolves #​49

• feat: configuarable legacy RSA hostkeys support

Ability to configure legacy rsa hostkeys support for
OpenSSH servers >= 8.8.
Related to Burnett01#24 and Burnett01@​9603fc8

• chore!: Versions 4.x EOL, 5.x DEPRECATED, 6.x MAINTENANCE

All versions 4.x are now EOL and no longer maintained
All versions 5.x are now DEPRECATED and will become EOL within Q2 2024
All versions 6.x are now MAINTENANCE and will become DEPRECATED within Q4 2024

New Contributors

• @​jasongill made their first contribution in Burnett01#24

Full Changelog: https://github.com/Burnett01/rsync-deployments/compare/6.0.0...7.0.0

v6.0.0

Compare Source

[!CAUTION]
EOL - End of Life - see SECURITY.md!

• It is no longer possible to use an empty string as remote_path (Fixes #​44) (Thanks to @​maximilliangeorge)
• Updated checkout action in examples from v2 to v3
• Added disclaimer to media site-links
• Overall readme improvements

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [burnett01/rsync-deployments](https://redirect.github.com/burnett01/rsync-deployments) | action | major | `5.2` → `8.0.5` | --- ### Release Notes <details> <summary>burnett01/rsync-deployments (burnett01/rsync-deployments)</summary> ### [`v8.0.5`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/8.0.5) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/8.0.4...8.0.5) ##### What's Changed - update base-image Alpine from 3.23.3 to 3.23.4 that fixes: musl CVE-2026-6042 CVE-2026-40200 openssl CVE-2026-31790 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/8.0.4...8.0.5> ### [`v8.0.4`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/8.0.4) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/8.0.3...8.0.4) ##### What's Changed - chore(deps): bump alpine from 3.23.2 to 3.23.3 [#&#8203;99](https://redirect.github.com/burnett01/rsync-deployments/issues/99) [#&#8203;100](https://redirect.github.com/burnett01/rsync-deployments/issues/100) **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/8.0.3...8.0.4> ##### Contributors: - [@&#8203;Burnett01](https://redirect.github.com/Burnett01) - [@&#8203;dependabot](https://redirect.github.com/dependabot) ### [`v8.0.3`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/8.0.3) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/8.0.2...8.0.3) ##### What's Changed - chore(deps): bump alpine from 3.23.0 to 3.23.2 [#&#8203;97](https://redirect.github.com/burnett01/rsync-deployments/issues/97) [#&#8203;98](https://redirect.github.com/burnett01/rsync-deployments/issues/98) **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/8.0.2...8.0.3> ##### Contributors: - [@&#8203;Burnett01](https://redirect.github.com/Burnett01) - [@&#8203;dependabot](https://redirect.github.com/dependabot) ### [`v8.0.2`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/8.0.2) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/8.0.1...8.0.2) **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/8.0.1...8.0.2> ##### Contributors: - [@&#8203;Burnett01](https://redirect.github.com/Burnett01) - [@&#8203;JoshPiper](https://redirect.github.com/JoshPiper) ### [`v8.0.1`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/8.0.1) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/v8...8.0.1) > \[!CAUTION] > EOL - End of Life - see [SECURITY.md](https://redirect.github.com/Burnett01/rsync-deployments/blob/master/SECURITY.md)! **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/8.0.0...8.0.1> ##### Contributors: - [@&#8203;Burnett01](https://redirect.github.com/Burnett01) - [@&#8203;JoshPiper](https://redirect.github.com/JoshPiper) ### [`v8`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/v8) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/v8...v8)  ##### What's Changed Version v8 (8.0.5) offers the following features: - feat: latest Alpine 3.23.4 - feat: latest Rsync 3.4.1-r1 - feat: integrate [rsync-docker](https://redirect.github.com/JoshPiper/rsync-docker/) 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth) - backported: - agent-start - agent-stop - agent-askpass - agent-add - hosts-add - hosts-clear - new added: - ssh-init - hosts-init - improved: - stricter permissions on .ssh/ folder (700) and known\_hosts (600) - use set -eu in all scipts - feat: new `strict_host_keys` option to enable support for strict host key verification. Default: false (to keep backward compatibility) - feat: new `debug` option to see the commands executed (-x) by this action - feat: this action is now scanned for vulnerabilities by Snyk - feat; this action is now scanned by CodeQL for Q/A - feat: this action now performs CI tasks such as Validation, Linting and Unit Tests - fix: various shell syntax for robustness - fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations - refactor: use $HOME instead of tilde \~ for robustness - feat: cross-platform support - chore: Deprecate 7.0.2 - chore: EOL 7.0.0 & 7.0.1 ##### New release channels: From now on you can use `@v8` instead of manually pinning to a version like `8.0.5`. The benefit of using `v8` is that you will receive future MINOR+PATCH updates automatically, since `v8` is a pointer to `8.x.x`. However, of course you are free to use the regular format like `8.0.5` directly. **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/7.1.0...8.0.5> ##### Contributors: - [@&#8203;Burnett01](https://redirect.github.com/Burnett01) - [@&#8203;JoshPiper](https://redirect.github.com/JoshPiper) ### [`v8.0.0`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/8.0.0): - regression (use v8 or 8.0.2) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/7.1.0...v8) > \[!CAUTION] > EOL - End of Life - see [SECURITY.md](https://redirect.github.com/Burnett01/rsync-deployments/blob/master/SECURITY.md)! This release has a regression, see [#&#8203;90](https://redirect.github.com/burnett01/rsync-deployments/issues/90) and [#&#8203;89](https://redirect.github.com/burnett01/rsync-deployments/issues/89). Use `@v8` which points to `8.0.1` ### [`v7.1.0`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/7.1.0) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/7.0.2...7.1.0) > \[!WARNING] > DEPRECATED - See [deprecation notice](https://redirect.github.com/Burnett01/rsync-deployments/discussions/96) & [SECURITY.md](https://redirect.github.com/Burnett01/rsync-deployments/blob/master/SECURITY.md)! ##### What's Changed - Update Alpine from 3.19.1 to [3.22.1](https://www.alpinelinux.org/posts/Alpine-3.19.8-3.20.7-3.21.4-3.22.1-released.html) via [drinternet/rsync@1.5.1](https://redirect.github.com/JoshPiper/rsync-docker/releases/tag/1.5.1) ([hub](https://hub.docker.com/layers/drinternet/rsync/v1.5.1/images/sha256-e61f4047577b566872764fa39299092adeab691efb3884248dbd6495dc926527)) - Update Rsync from 3.4.0-r0 to [3.4.1-r0](https://download.samba.org/pub/rsync/NEWS#3.4.1) - Using Githubs new "[immutable releases](https://github.blog/changelog/2025-08-26-releases-now-support-immutability-in-public-preview/)" feature - Repo now supports BATS testing the entrypoint shell script, shellsheck and various integration tests **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/7.0.2...7.1.0> ### [`v7.0.2`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/7.0.2) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/7.0.1...7.0.2) > \[!WARNING] > DEPRECATED - See [deprecation notice](https://redirect.github.com/Burnett01/rsync-deployments/discussions/96) & [SECURITY.md](https://redirect.github.com/Burnett01/rsync-deployments/blob/master/SECURITY.md)! ##### What's Changed [3.4.0-r0](https://download.samba.org/pub/rsync/NEWS#3.4.0) - [always force-upgrade rsync to get the latest security upgrades](https://redirect.github.com/Burnett01/rsync-deployments/commit/76404482ea2966b432c8716580059eab4b530642) - [new version 7.0.2 (with rsync 3.4.0), deprecate old versions, remove dead links](https://redirect.github.com/Burnett01/rsync-deployments/commit/e642759b847b8af255c32ed7c2073045d98e77bc) The latest rsync version 3.4.0 fixes a wide variety of CVE's. See their press release: <https://download.samba.org/pub/rsync/NEWS#3.4.0> The latest action version 7.0.2 is using rsync 3.4.0, so please use that. **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/7.0.1...7.0.2> ### [`v7.0.1`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/7.0.1) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/7.0.0...7.0.1) > \[!CAUTION] > EOL - End of Life - see [SECURITY.md](https://redirect.github.com/Burnett01/rsync-deployments/blob/master/SECURITY.md)! - Pin [@&#8203;JoshPiper](https://redirect.github.com/JoshPiper) [drinternet/rsync](https://redirect.github.com/JoshPiper/rsync-docker) image by SHA-256 hash rather than version. (Immutability) Added via [#&#8203;60](https://redirect.github.com/burnett01/rsync-deployments/issues/60) The docker image of this action is now pinned to the specific SHA-256 hash of the version rather than just the version. This means for the latest `drinternet/rsync:v1.4.4` the corresponding hash is `drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234` Check for validation: <https://hub.docker.com/layers/drinternet/rsync/v1.4.4/images/sha256-15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234> With that, usage of this action is even more secure due to a consistent dependency chain of trust, since changes accompanied by a docker image hash are immutable. Thanks to [@&#8203;XComp](https://redirect.github.com/XComp) ### [`v7.0.0`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/7.0.0) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/6.0.0...7.0.0) > \[!CAUTION] > EOL - End of Life - see [SECURITY.md](https://redirect.github.com/Burnett01/rsync-deployments/blob/master/SECURITY.md)! ##### What's Changed - [feat: Update base image to latest 1.4.4 (alpine 3.19.1)](https://redirect.github.com/Burnett01/rsync-deployments/commit/ee287eb1f090f838d05d64cf0e798b74dbc619fd) [JoshPiper/rsync-docker@`ba20622`](https://redirect.github.com/JoshPiper/rsync-docker/commit/ba20622d48f9c6c153bf520408c17aaec887e817) [JoshPiper/rsync-docker#25](https://redirect.github.com/JoshPiper/rsync-docker/pull/25) [@&#8203;JoshPiper](https://redirect.github.com/JoshPiper) - [Merge pull request](https://redirect.github.com/Burnett01/rsync-deployments/commit/a078b62820a5a09b7a4daebe3145bbc73cef8e54) [Burnett01#24](https://redirect.github.com/Burnett01/rsync-deployments/pull/24) [from jasongill/patch-1](https://redirect.github.com/Burnett01/rsync-deployments/commit/a078b62820a5a09b7a4daebe3145bbc73cef8e54) Re-allow RSA host keys with SSH - [feat: Make usage of legacy rsa hostkeys conditional](https://redirect.github.com/Burnett01/rsync-deployments/commit/9603fc818619574f10c02c47431eb0a7edafef9a) The usage of RSA host keys introduced with [Burnett01@&#8203;`c7baefd`](https://redirect.github.com/Burnett01/rsync-deployments/commit/c7baefdc23c4bb3b517a16ffa6ddda31763f0be8) was adjusted to make it conditional/configurable and to keep backward compatibility Resolves [#&#8203;49](https://redirect.github.com/burnett01/rsync-deployments/issues/49) - [feat: configuarable legacy RSA hostkeys support](https://redirect.github.com/Burnett01/rsync-deployments/commit/008719532fb1adf12fd09a5f271e7a170a85cbe5) Ability to configure legacy rsa hostkeys support for OpenSSH servers >= 8.8. Related to [Burnett01#24](https://redirect.github.com/Burnett01/rsync-deployments/pull/24) and [Burnett01@&#8203;`9603fc8`](https://redirect.github.com/Burnett01/rsync-deployments/commit/9603fc818619574f10c02c47431eb0a7edafef9a) - [chore!: Versions 4.x EOL, 5.x DEPRECATED, 6.x MAINTENANCE](https://redirect.github.com/Burnett01/rsync-deployments/commit/b9a68ac619de1a77314c0296dcb1ef6348ea93cf) > All versions 4.x are now EOL and no longer maintained > All versions 5.x are now DEPRECATED and will become EOL within Q2 2024 > All versions 6.x are now MAINTENANCE and will become DEPRECATED within Q4 2024 ##### New Contributors - [@&#8203;jasongill](https://redirect.github.com/jasongill) made their first contribution in [Burnett01#24](https://redirect.github.com/Burnett01/rsync-deployments/pull/24) **Full Changelog**: <https://github.com/Burnett01/rsync-deployments/compare/6.0.0...7.0.0> ### [`v6.0.0`](https://redirect.github.com/Burnett01/rsync-deployments/releases/tag/6.0.0) [Compare Source](https://redirect.github.com/burnett01/rsync-deployments/compare/5.2.2...6.0.0) > \[!CAUTION] > EOL - End of Life - see [SECURITY.md](https://redirect.github.com/Burnett01/rsync-deployments/blob/master/SECURITY.md)! - It is no longer possible to use an empty string as remote\_path (Fixes [#&#8203;44](https://redirect.github.com/burnett01/rsync-deployments/issues/44)) (Thanks to [@&#8203;maximilliangeorge](https://redirect.github.com/maximilliangeorge)) - Updated checkout action in examples from v2 to v3 - Added disclaimer to media site-links - Overall readme improvements </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/ditatompel/insights). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjUuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

ditatompel (Migrated from github.com) approved these changes 2026-06-05 19:15:39 +07:00

Sign in to join this conversation.

Reviewers

No reviewers

ditatompel

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

lang: ID

Indonesia language

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

lang: ID

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ditatompel/insights!377

No description provided.