.woodpecker/release.yml

@@ -0,0 +1,18 @@
+steps:
+  build-container:
+    image: woodpeckerci/plugin-kaniko
+    settings:
+      registry: git.jacobpa.com
+      repo: jacob/wp-scp
+      username: jacob
+      password:
+        from_secret: registry-pw
+      tags:
+        - ${CI_COMMIT_SHA:0:7}
+        - latest
+when:
+  - event: push
+    evaluate: 'any(["Dockerfile", "copy.sh"], CI_PIPELINE_FILES contains #)'
+    branch: main
+  - event: [tag, manual]
+    branch: main

Dockerfile

@@ -1,2 +1,15 @@
-FROM alpine:3.19
-RUN apk add --no-cache texlive-xetex texmf-dist-latexextra coreutils make git
+FROM alpine:3.20
+
+ARG DROPBEAR_VERSION_PREFIX=2024.85
+
+RUN apk add --no-cache \
+    dropbear-scp=~${DROPBEAR_VERSION_PREFIX} \
+    dropbear-dbclient=~${DROPBEAR_VERSION_PREFIX} \
+    dropbear-convert=~${DROPBEAR_VERSION_PREFIX} && \
+    addgroup -S plugin && \
+    adduser -S plugin -G plugin
+COPY --chown=root:plugin copy.sh /bin/plugin_scp
+RUN chmod 750 /bin/plugin_scp
+USER plugin
+
+ENTRYPOINT ["/bin/plugin_scp"]

README.md

@@ -0,0 +1,3 @@
+# drone-scp
+
+Drone plugin to SCP files to a remote server.

copy.sh

@@ -0,0 +1,66 @@
+#!/usr/bin/env sh
+
+fatal() {
+    echo "[ERROR] $1"
+    [ -n "$2" ] && exit "$2" || exit 1
+}
+
+info() {
+    echo "[INFO] $1"
+}
+
+# dropbear SSH uses a whacky private key format. I can't imagine anyone likes this, so read a normal
+# one from the input (which needs to be a string anyways) and let dropbear figure it out
+create_key_from_env() {
+    if [ ! -d "$HOME"/.ssh ]; then
+        mkdir "$HOME"/.ssh
+    fi
+
+    info "Creating key from input variable"
+
+    echo "${PLUGIN_SSH_PRIVATE_KEY}" >"$HOME"/.ssh/id_rsa
+    chmod 600 "$HOME"/.ssh/id_rsa
+    dropbearconvert openssh dropbear "$HOME"/.ssh/id_rsa "$HOME"/.ssh/id_dropbear
+    chmod 600 "$HOME"/.ssh/id_dropbear
+}
+
+if [ -z "${PLUGIN_REMOTE_USER}" ]; then
+    fatal "Must specify remote user" 1
+fi
+
+if [ -z "${PLUGIN_REMOTE_HOST}" ]; then
+    fatal "Must specify remote host" 2
+fi
+
+if [ -z "${PLUGIN_REMOTE_PORT}" ]; then
+    PLUGIN_REMOTE_PORT=22
+fi
+
+if [ -z "${PLUGIN_REMOTE_PATH}" ]; then
+    fatal "Must specify remote path" 3
+fi
+
+if [ -z "$PLUGIN_SSH_PRIVATE_KEY" ]; then
+    fatal "Must provide private key for authentication" 4
+fi
+
+if [ -z "$PLUGIN_FILE" ]; then
+    fatal "Must provide source file for transfer" 5
+fi
+
+create_key_from_env
+scp -o StrictHostKeyChecking=accept-new \
+    -P "${PLUGIN_REMOTE_PORT}" \
+    -i "$HOME"/.ssh/id_dropbear \
+    "${PLUGIN_FILE}" \
+    "${PLUGIN_REMOTE_USER}"@"${PLUGIN_REMOTE_HOST}":"${PLUGIN_REMOTE_PATH}" >/dev/null 2>&1
+scp_status=$?
+
+info "Cleaning up SSH keys"
+rm -r "$HOME"/.ssh
+
+if [ "$scp_status" -ne 0 ]; then
+    fatal "Transfer failed with exit code $scp_status" $scp_status
+fi
+
+info "Transfer completed"

docs.md

@@ -0,0 +1,33 @@
+---
+name: scp
+description: SCP an artifact to a remote host
+author: Jacob Patterson
+---
+
+# Settings
+
+Settings without a default value are required.
+
+| Name              | Default | Description                                                     |
+| ----------------- | ------- | --------------------------------------------------------------- |
+| `remote_host`     |         | Remote host                                                     |
+| `remote_port`     | `22`    | Remote listening port                                           |
+| `remote_path`     |         | Destination path to copy the file to                            |
+| `remote_user`     |         | User to authenticate to remote host with                        |
+| `ssh_private_key` |         | Contents of RSA private key to authenticate to remote host with |
+| `file`            |         | File to copy                                                    |
+
+# Example
+
+```yaml
+steps:
+  push-file: drone-scp:latest
+  pull: true
+  settings:
+    remote_host: 111.222.333.444
+    remote_path: /tmp
+    remote_user: user
+    ssh_private_key:
+      from_secret: ssh_private_key
+    file: output
+```