I've a staging server on DO.
I want to build & deploy my node app to it.
name: Build & Deploy on: push: tags: - 'v1.*.0' jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Create SSH key run: | mkdir -p ~/.ssh/ echo "$DO_GITHUB_PRIVATE_KEY" > ../github_do.key sudo chmod 600 ../github_do.key ssh-keyscan -H ${{secrets.DEPLOY_SERVER}} > ~/.ssh/known_hosts shell: bash env: DO_GITHUB_PRIVATE_KEY: ${{secrets.DO_GITHUB_PRIVATE_KEY}} - uses: actions/setup-node@v1 with: node-version: 12.x - name: Install Packages run: yarn install --frozen-lockfile - name: Build artifacts env: DEPLOY_SSH_KEY_PATH: ${{ github.workspace }}/../github_do.key run: | yarn shipit production fast-deploy
What i've done is to generate a new SSH private & public keys.
The private key I've saved inside DO_GITHUB_PRIVATE_KEY
github secret.
The public key I've added to authorized_keys
on my staging server.
When the action is triggered, it fails on:
@ v***.256.0 Create release path "/home/***/***/releases/2020-03-0***-v***.256.0" Running "mkdir -p /home/***/***/releases/2020-03-0***-v***.256.0" on host "***". @***-err ***@***: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). 'fast-deploy:updateRemote' errored after ***.32 s Error: Command failed: ssh -i /home/runner/work/***/***/../github_do.key ***@*** "mkdir -p /home/***/***/releases/2020-03-0***-v***.256.0"
Debug your GitHub Actions by using ssh. This GitHub Action offers you a direct way to interact with the host system on which the actual scripts (Actions) will run.
GitHub Actions offers features that let you control deployments. You can: Trigger workflows with a variety of events. Configure environments to set rules before a job can proceed and to limit access to secrets.
I've solved it! Apparently keys were protected with passphrase 🤯.
This is the whole process:
ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""
Update your host's authorized_keys
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
Enter the server & run
ssh-keyscan host
In your workflow.yml file
#workflow.yaml ... jobs: build: runs-on: ubuntu-latest steps: - name: Create SSH key run: | mkdir -p ~/.ssh/ echo "$SSH_PRIVATE_KEY" > ../private.key sudo chmod 600 ../private.key echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts shell: bash env: SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}} SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} SSH_KEY_PATH: ${{ github.workspace }}/../private.key
Then you can use ssh with ssh -i $SSH_KEY_PATH user@host
Hope this will save few hours to someone :]
In order add github secrets you have 2 options:
.env
file (pre action trigger)If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With