Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Github actions - how to deploy to remote server using SSH

Tags:

I've a staging server on DO.

I want to build & deploy my node app to it.

name: Build & Deploy on:   push:     tags:       - 'v1.*.0' jobs:   build:     runs-on: ubuntu-latest     steps:       - uses: actions/checkout@v2       - name: Create SSH key         run: |           mkdir -p ~/.ssh/           echo "$DO_GITHUB_PRIVATE_KEY" > ../github_do.key           sudo chmod 600 ../github_do.key           ssh-keyscan -H ${{secrets.DEPLOY_SERVER}} > ~/.ssh/known_hosts         shell: bash         env:           DO_GITHUB_PRIVATE_KEY: ${{secrets.DO_GITHUB_PRIVATE_KEY}}       - uses: actions/setup-node@v1         with:           node-version: 12.x       - name: Install Packages         run: yarn install --frozen-lockfile       - name: Build artifacts         env:           DEPLOY_SSH_KEY_PATH: ${{ github.workspace }}/../github_do.key         run: |           yarn shipit production fast-deploy 

What i've done is to generate a new SSH private & public keys.

The private key I've saved inside DO_GITHUB_PRIVATE_KEY github secret.

The public key I've added to authorized_keys on my staging server.

When the action is triggered, it fails on:

@ v***.256.0 Create release path "/home/***/***/releases/2020-03-0***-v***.256.0" Running "mkdir -p /home/***/***/releases/2020-03-0***-v***.256.0" on host "***". @***-err ***@***: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). 'fast-deploy:updateRemote' errored after ***.32 s Error: Command failed: ssh -i /home/runner/work/***/***/../github_do.key ***@*** "mkdir -p /home/***/***/releases/2020-03-0***-v***.256.0" 
like image 538
felixmosh Avatar asked Mar 01 '20 16:03

felixmosh


People also ask

Can I SSH into GitHub Actions?

Debug your GitHub Actions by using ssh. This GitHub Action offers you a direct way to interact with the host system on which the actual scripts (Actions) will run.

Can you deploy with GitHub Actions?

GitHub Actions offers features that let you control deployments. You can: Trigger workflows with a variety of events. Configure environments to set rules before a job can proceed and to limit access to secrets.


1 Answers

I've solved it! Apparently keys were protected with passphrase 🤯.

This is the whole process:

  1. Genereate new keys

ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""

  1. Update your host's authorized_keys

    ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

  2. Enter the server & run

ssh-keyscan host

  1. Copy the output to github secret (lets call it SSH_KNOWN_HOSTS)
  2. Copy the private key to a github secret (lets call it SSH_PRIVATE_KEY)

In your workflow.yml file

#workflow.yaml ... jobs:   build:     runs-on: ubuntu-latest     steps:       - name: Create SSH key         run: |           mkdir -p ~/.ssh/           echo "$SSH_PRIVATE_KEY" > ../private.key           sudo chmod 600 ../private.key           echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts         shell: bash         env:           SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}           SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}           SSH_KEY_PATH: ${{ github.workspace }}/../private.key   

Then you can use ssh with ssh -i $SSH_KEY_PATH user@host

Hope this will save few hours to someone :]

Edit

Answer to comments (how to update github secrets)

In order add github secrets you have 2 options:

  1. Via GitHub ui, https://github.com/{user}/{repo}/settings/secrets/
  2. Via GitHub API, I'm using github-secret-dotenv lib to sync my secrets with my local .env file (pre action trigger)
like image 51
felixmosh Avatar answered Sep 19 '22 15:09

felixmosh