Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork166
GitHub Action that copy files and artifacts via SSH.
License
NotificationsYou must be signed in to change notification settings
appleboy/scp-action
Use this GitHub action with your project
Add this Action to an existing workflow or create a new oneFolders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
GitHub Action for copying files and artifacts via SSH.
Note: Only supportsLinuxdocker containers.
- ✅ Copy files and artifacts to one or multiple remote servers via SSH
- ✅ Supports both SSH key and password authentication
- ✅ Full SSH Proxy (jump host) support
- ✅ Handles Linux ↔ Windows path conversion
- ✅ Integrates with GitHub Artifacts workflow
- ✅ Incremental and differential file transfer
- ✅ Rich configuration options for advanced use cases
- 🚀 SCP for GitHub Actions
Copy files and artifacts via SSH in your GitHub Actions workflow:
name:scp fileson:[push]jobs:build:runs-on:ubuntu-lateststeps: -uses:actions/checkout@v4 -name:Copy files via SSHuses:appleboy/scp-action@v1with:host:${{ secrets.HOST }}username:${{ secrets.USERNAME }}password:${{ secrets.PASSWORD }}port:${{ secrets.PORT }}source:"tests/a.txt,tests/b.txt"target:your_server_target_folder_path
| Variable | Description | Default | Required |
|---|---|---|---|
| host | Remote host(s), comma-separated for multiple | - | ✓ |
| port | SSH port | 22 | |
| username | SSH username | - | ✓ |
| password | SSH password (prefer SSH key for security) | - | |
| key | SSH private key content | - | |
| key_path | Path to SSH private key file | - | |
| passphrase | Passphrase for SSH private key | - | |
| fingerprint | SHA256 fingerprint for host key verification | - | |
| protocol | IP protocol: 'tcp', 'tcp4', or 'tcp6' | tcp | |
| timeout | SSH connection timeout | 30s | |
| command_timeout | SCP command timeout | 10m |
| Variable | Description | Default | Security Note |
|---|---|---|---|
| source | Local files/directories to transfer (comma-separated) | - | Use explicit paths |
| target | Target directory on remote server (must be a directory) | - | Avoid root directories |
| rm | Remove target directory before upload | - | Use with caution |
| strip_components | Remove leading path elements when extracting | - | |
| overwrite | Overwrite existing files with tar | - | |
| tar_dereference | Follow symlinks with tar | - | |
| tar_tmp_path | Temp path for tar file on destination | - | |
| tar_exec | Path to tar executable on destination | tar | |
| debug | Enable debug output | - | |
| curl_insecure | Use --insecure with curl | false | Not recommended |
| capture_stdout | Capture command stdout as action output | false | |
| version | Version of drone-scp to use | - |
| Variable | Description | Default | Required |
|---|---|---|---|
| proxy_host | SSH proxy host | - | |
| proxy_port | SSH proxy port | 22 | |
| proxy_username | SSH proxy username | - | |
| proxy_password | SSH proxy password | - | |
| proxy_key | SSH proxy private key content | - | |
| proxy_key_path | Path to SSH proxy private key file | - | |
| proxy_passphrase | Passphrase for SSH proxy private key | - | |
| proxy_fingerprint | SHA256 fingerprint for proxy host | - | |
| proxy_use_insecure_cipher | Enable less secure ciphers for proxy | - | |
| proxy_timeout | SSH proxy connection timeout | 30s |
- Prefer SSH key authentication over passwords for better security.
- Store all sensitive values (host, username, password, key) inGitHub Secrets.
- Regularlyrotate deployment keys (suggested every 90 days).
- Restrict write permissions on the target server directory.
- Enable host key fingerprint verification to prevent MITM attacks.
- Avoid using root as the SSH user.
| Scenario | Linux Server | Windows Server |
|---|---|---|
| Path Format | /path/to/dir | /c/path/to/dir |
| Required Setting | None | tar_dereference: true |
| Permissions | Preserved | May require manual ACL |
| Shell | bash (default) | Git Bash via OpenSSH |
🚩Important:
When copying to Windows servers:
- Install Git for Windows and set OpenSSH default shell to Git Bash
- Use Unix-style target paths (e.g.,
/c/Users/...)- Enable
tar_dereferencefor symlink handling
- Basic file transfer →Example 1
- Multi-server deployment →Example 2
- Incremental/changed files only →Example 3
- Artifacts integration →Example 4
- Windows server setup →Example 5
-name:Copy file via SSH passworduses:appleboy/scp-action@v1with:host:example.comusername:foopassword:barport:22source:"tests/a.txt,tests/b.txt"target:your_server_target_folder_path
-name:Copy to multiple serversuses:appleboy/scp-action@v1with:host:"foo.com,bar.com"username:foopassword:barport:22source:"tests/a.txt,tests/b.txt"target:your_server_target_folder_path
-name:Get changed filesid:changed-filesuses:tj-actions/changed-files@v35with:since_last_remote_commit:trueseparator:","-name:Copy changed files to serveruses:appleboy/scp-action@v1with:host:${{ secrets.HOST }}username:${{ secrets.USERNAME }}key:${{ secrets.KEY }}port:${{ secrets.PORT }}source:${{ steps.changed-files.outputs.all_changed_files }}target:your_server_target_folder_path
-uses:actions/upload-artifact@v4with:name:my-artifactpath:world.txt-uses:actions/download-artifact@v4with:name:my-artifactpath:distfiles-name:Copy artifact to serveruses:appleboy/scp-action@v1with:host:${{ secrets.HOST }}username:${{ secrets.USERNAME }}key:${{ secrets.KEY }}port:${{ secrets.PORT }}source:distfiles/*target:your_server_target_folder_path
-name:Copy to Windowsuses:appleboy/scp-action@v1with:host:${{ secrets.HOST }}username:${{ secrets.USERNAME }}key:${{ secrets.SSH_PRIVATE_KEY }}port:22source:"your_source_path"target:"/c/path/to/target/"tar_dereference:truerm:true
Generate SSH Key (on your local machine):
# RSAssh-keygen -t rsa -b 4096 -C"your_email@example.com"# ED25519ssh-keygen -t ed25519 -a 200 -C"your_email@example.com"
Add Public Key to Server:
cat .ssh/id_rsa.pub| ssh user@host'cat >> .ssh/authorized_keys'# or for ed25519cat .ssh/id_ed25519.pub| ssh user@host'cat >> .ssh/authorized_keys'
Copy Private Key Content to GitHub Secrets:
clip<~/.ssh/id_rsa# orclip<~/.ssh/id_ed25519
SeeSSH login without password for more details.
OpenSSH Note:
If you seessh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], ensure your key algorithm is supported.
On Ubuntu 20.04+, add to/etc/ssh/sshd_config or/etc/ssh/sshd_config.d/:
CASignatureAlgorithms +ssh-rsa
Or use ed25519 keys, which are accepted by default.
| Error Code | Possible Cause | Solution |
|---|---|---|
ECONNREFUSED | Wrong port / firewall blocks | Check port and firewall settings |
ENOENT | Source file not found | Use absolute path or check checkout step |
EAUTH | Authentication failed | Check key format and permissions (PEM format) |
sequenceDiagram participant G as GitHub Runner participant S as Target Server G->>S: Establish SSH connection S-->>G: Authenticate credentials G->>S: (Optional) Remove target directory G->>G: Archive source files G->>S: Transfer archive S->>S: Extract and process files S-->>G: Return resultQ: Why does authentication fail?
A: Check SSH key format, permissions, and that the key is added to the server.Q: How do I copy only changed files?
A: Usetj-actions/changed-filesto get changed files and pass tosource.Q: How to deploy to multiple servers?
A: Use comma-separated host list:host: "foo.com,bar.com"Q: How to copy to Windows?
A: Set up Git Bash, use Unix-style paths, and enabletar_dereference.
MIT License
About
GitHub Action that copy files and artifacts via SSH.
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Sponsor this project
Uh oh!
There was an error while loading.Please reload this page.
Packages0
No packages published