chore(ci): update GitHub Actions dependencies to latest versions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
chore(deps): bump aquasecurity/trivy-action in /.github/workflows (#405 )
2026-03-28 07:10:19 +00:00 · 2026-03-28 12:06:40 +08:00 · 2026-02-21 22:52:02 +08:00 · 2026-01-28 10:18:18 +08:00 · 2026-01-28 09:29:11 +08:00 · 2025-12-22 21:56:57 +08:00
10 changed files with 135 additions and 35 deletions
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@ -13,17 +13,17 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Setup go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: "^1"
      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v7
        with:
          # either 'goreleaser' (default) or 'goreleaser-pro'
          distribution: goreleaser
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -7,7 +7,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: create new ssh server
        run: |
@ -70,7 +70,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -142,7 +142,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -223,7 +223,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -297,7 +297,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -351,7 +351,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -496,10 +496,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: Set up WARP
-        uses: fscarmen/warp-on-actions@v1.1
+        uses: fscarmen/warp-on-actions@v1.4
        with:
          stack: dual
@ -525,7 +525,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: Set Environment Variables
        run: |
@ -569,7 +569,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: create new ssh server
        run: |
@ -609,12 +609,108 @@ jobs:
      - name: check stdout
        run: |
          echo "stdout: ${{ steps.stdout.outputs.stdout }}"
          if [ -z "${{ steps.stdout.outputs.stdout }}" ]; then
            echo "Error: stdout is empty"
            exit 1
          fi
      - id: stdout-multiline
        name: capture multiline output
        uses: ./
        with:
          host: ${{ env.REMOTE_HOST }}
          username: linuxserver.io
          password: password
          port: 2222
          capture_stdout: true
          script: |
            #!/usr/bin/env bash
            set -e
            echo "Line 1"
            echo "Line 2"
            echo "Line 3"
            whoami
            pwd
      - name: check multiline output
        run: |
          echo "stdout: ${{ steps.stdout-multiline.outputs.stdout }}"
          # Check if all lines are present
          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "Line 1"; then
            echo "Error: 'Line 1' not found in output"
            exit 1
          fi
          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "Line 2"; then
            echo "Error: 'Line 2' not found in output"
            exit 1
          fi
          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "Line 3"; then
            echo "Error: 'Line 3' not found in output"
            exit 1
          fi
          if ! echo "${{ steps.stdout-multiline.outputs.stdout }}" | grep -q "linuxserver.io"; then
            echo "Error: username not found in output"
            exit 1
          fi
          # Check for duplicates - each unique line should appear exactly once
          OUTPUT="${{ steps.stdout-multiline.outputs.stdout }}"
          LINE1_COUNT=$(echo "$OUTPUT" | grep -c "^Line 1$" || true)
          LINE2_COUNT=$(echo "$OUTPUT" | grep -c "^Line 2$" || true)
          LINE3_COUNT=$(echo "$OUTPUT" | grep -c "^Line 3$" || true)
          echo "Line 1 count: $LINE1_COUNT"
          echo "Line 2 count: $LINE2_COUNT"
          echo "Line 3 count: $LINE3_COUNT"
          if [ "$LINE1_COUNT" -ne 1 ]; then
            echo "Error: 'Line 1' appears $LINE1_COUNT times (expected 1)"
            exit 1
          fi
          if [ "$LINE2_COUNT" -ne 1 ]; then
            echo "Error: 'Line 2' appears $LINE2_COUNT times (expected 1)"
            exit 1
          fi
          if [ "$LINE3_COUNT" -ne 1 ]; then
            echo "Error: 'Line 3' appears $LINE3_COUNT times (expected 1)"
            exit 1
          fi
          echo "✓ No duplicate lines detected"
      - id: stdout-with-special-chars
        name: capture output with special characters
        uses: ./
        with:
          host: ${{ env.REMOTE_HOST }}
          username: linuxserver.io
          password: password
          port: 2222
          capture_stdout: true
          script: |
            #!/usr/bin/env bash
            set -e
            echo "Test with special chars: @#$%^&*()"
            echo "Path: /home/user/test"
            echo "JSON: {\"key\": \"value\"}"
      - name: check special characters output
        run: |
          echo "stdout: ${{ steps.stdout-with-special-chars.outputs.stdout }}"
          if ! echo "${{ steps.stdout-with-special-chars.outputs.stdout }}" | grep -q "special chars"; then
            echo "Error: special characters test failed"
            exit 1
          fi
          if ! echo "${{ steps.stdout-with-special-chars.outputs.stdout }}" | grep -q "/home/user/test"; then
            echo "Error: path not found in output"
            exit 1
          fi
  testing-script-stop:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: create new ssh server
        run: |
@ -701,7 +797,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: create new ssh server
        run: |
--- a/.github/workflows/stable.yml
+++ b/.github/workflows/stable.yml
@ -7,7 +7,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: create new ssh server
        run: |
@ -55,7 +55,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -127,7 +127,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -208,7 +208,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -282,7 +282,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
@ -336,7 +336,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: add public key to env
        run: |
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@ -22,10 +22,10 @@ jobs:
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
        with:
          scan-type: 'fs'
          scan-ref: '.'
@ -35,13 +35,13 @@ jobs:
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Upload Trivy results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
        if: always()
        with:
          sarif_file: 'trivy-results.sarif'
      - name: Run Trivy vulnerability scanner (table format)
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
        with:
          scan-type: 'fs'
          scan-ref: '.'
--- a/README.md
+++ b/README.md
@ -45,11 +45,13 @@ English | [繁體中文](./README.zh-tw.md) | [简体中文](./README.zh-cn.md)
 **SSH for GitHub Actions** is a powerful [GitHub Action](https://github.com/features/actions) for executing remote SSH commands easily and securely in your CI/CD workflows.  
 Built with [Golang](https://go.dev) and [drone-ssh](https://github.com/appleboy/drone-ssh), it supports a wide range of SSH scenarios, including multi-host, proxy, and advanced authentication.
-![ssh workflow](./images/ssh-workflow.png)
+![ssh workflow](./images/ssh-agent.png)
 [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
 [![Trivy Security Scan](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml)
 **Slides:** [SSH for GitHub Actions](https://speakerdeck.com/appleboy/ssh-for-github-actions)
 ---
 ## 🧩 Core Concepts & Input Parameters
@ -128,7 +130,7 @@ These parameters control the use of a proxy (jump host) for connecting to your t
 This action provides the following outputs that you can use in subsequent steps:
 | Output | Description                                                                |
-| ------ | ----------------------------------------------------------------- |
+| ------ | -------------------------------------------------------------------------- |
 | stdout | Standard output of the executed commands (requires `capture_stdout: true`) |
 ---
--- a/README.zh-cn.md
+++ b/README.zh-cn.md
@ -45,11 +45,13 @@
 **SSH for GitHub Actions** 是一个强大的 [GitHub Action](https://github.com/features/actions)，可让你在 CI/CD 工作流中轻松且安全地执行远程 SSH 命令。  
 本项目基于 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 构建，支持多主机、代理、高级认证等多种 SSH 场景。
-![ssh workflow](./images/ssh-workflow.png)
+![ssh workflow](./images/ssh-agent.png)
 [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
 [![Trivy Security Scan](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml)
 **幻灯片：** [SSH for GitHub Actions](https://speakerdeck.com/appleboy/ssh-for-github-actions)
 ---
 ## 🧩 核心概念与输入参数
--- a/README.zh-tw.md
+++ b/README.zh-tw.md
@ -45,11 +45,13 @@
 **SSH for GitHub Actions** 是一個強大的 [GitHub Action](https://github.com/features/actions)，可讓你在 CI/CD 工作流程中輕鬆且安全地執行遠端 SSH 指令。  
 本專案以 [Golang](https://go.dev) 和 [drone-ssh](https://github.com/appleboy/drone-ssh) 建立，支援多主機、代理、進階認證等多種 SSH 場景。
-![ssh workflow](./images/ssh-workflow.png)
+![ssh workflow](./images/ssh-agent.png)
 [![testing main branch](https://github.com/appleboy/ssh-action/actions/workflows/main.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/main.yml)
 [![Trivy Security Scan](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/appleboy/ssh-action/actions/workflows/trivy-scan.yml)
 **簡報：** [SSH for GitHub Actions](https://speakerdeck.com/appleboy/ssh-for-github-actions)
 ---
 ## 🧩 核心概念與輸入參數
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -71,11 +71,9 @@ if ! "${TARGET}" --version; then
 fi
 echo "======================================="
 if [[ "${INPUT_CAPTURE_STDOUT}" == 'true' ]]; then
-  {
+  echo 'stdout<<EOF' >> "${GITHUB_OUTPUT}"
    echo 'stdout<<EOF'
  "${TARGET}" "$@" | tee -a "${GITHUB_OUTPUT}"
-    echo 'EOF'
+  echo 'EOF' >> "${GITHUB_OUTPUT}"
  } >>"${GITHUB_OUTPUT}"
 else
  "${TARGET}" "$@"
 fi
--- a/images/ssh-agent.png
+++ b/images/ssh-agent.png
--- a/images/ssh-workflow.png
+++ b/images/ssh-workflow.png
Author	SHA1	Message	Date
Bo-Yi Wu	90162d1e43	chore(ci): update GitHub Actions dependencies to latest versions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 12:06:40 +08:00
dependabot[bot]	8743aa11bf	chore(deps): bump aquasecurity/trivy-action in /.github/workflows (#405 ) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-21 22:52:02 +08:00
Bo-Yi Wu	0ff4204d59	refactor: streamline output handling for GITHUB_OUTPUT in workflows (#404 ) * refactor: streamline output handling for GITHUB_OUTPUT in workflows - Write the stdout<<EOF and EOF markers directly to GITHUB_OUTPUT instead of using a group command - Simplify the process for capturing and appending command output to GITHUB_OUTPUT fix #403 fix #397 Signed-off-by: appleboy <appleboy.tw@gmail.com> * test: enhance stdout capture and verification in tests - Add a check to ensure captured stdout is not empty - Add steps to capture and verify multiline stdout output - Add verification that specific lines and the username are present in captured output - Add steps to handle and verify stdout containing special characters and file paths Signed-off-by: appleboy <appleboy.tw@gmail.com> * ci: enforce unique occurrence of lines in multiline output validation - Add a step to verify that lines "Line 1", "Line 2", and "Line 3" each appear exactly once in the multiline output - Fail the workflow if any line is missing or duplicated - Confirm successful validation with a message when no duplicates are found Signed-off-by: appleboy <appleboy.tw@gmail.com> --------- Signed-off-by: appleboy <appleboy.tw@gmail.com>	2026-01-28 10:18:18 +08:00
appleboy	8e460a28f2	docs: improve documentation table formatting for output descriptions - Adjust table formatting for improved output descriptions alignment in the documentation Signed-off-by: appleboy <appleboy.tw@gmail.com>	2026-01-28 09:29:11 +08:00
appleboy	23bd972bfc	docs: update README and assets for new SSH agent workflow - Replace the ssh workflow image with a new ssh agent image across all language versions of the README - Add a link to related presentation slides in the README files - Remove the old ssh-workflow.png image and add a new ssh-agent.png image to the repository Signed-off-by: appleboy <appleboy.tw@gmail.com>	2025-12-22 21:56:57 +08:00