Shortly after I had started the work on nerdhood.de I built a deployment pipeline. The bash-based build script for my Laravel application was easy but triggering the deployment itself turned out to be more difficult than expected. In the end I built something with two AWS Lambda function, SNS, an S3 bucket for a private key and using the serverless framework. But this is another story.
Before I built the – totally over-engineered – AWS deployment pipeline I had signed up for GitHub Actions. Luckily for me I got confirmed yesterday and today I replaced my AWS pipeline with a few lines of YAML.
First of all, GitHub Action’s HCL syntax is deprecated since end of September 2019. Most of the available examples out there are still written in HCL. Porting existing HCL scripts to YAML is straight forward.
The second important thing is, that you have to enter your secrets/your private SSH key your GitHub’s project Settings > Secrets. If your secret is named SSH_DEPLOYMENT_KEY you can reference its content later by using ${{ secrets.SSH_DEPLOYMENT_KEY }} inside the GitHub Action worfklow file.
There are a already a few GitHub Action’s for SSH connections. I chose appleboy/ssh-action because it has the most options at the moment and you can pass environment variables from the workflow to the SSH script.
I ended up with this YAML file to trigger my shell script with SSH:
name: CI
on: [push]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Deploy to nerdhood.de
uses: appleboy/ssh-action@master
env:
USERNAME: my_username
HOST: my_host
SCRIPT: ~/deployment.sh
KEY: ${{ secrets.SSH_DEPLOYMENT_KEY }}
1 Comment
Restrict SSH to rsync for deploying files with GitHub Actions - schakko.de · February 11, 2022 at 6:10 am
[…] Actions a lot in the last few months. For web projects I am mostly using a custom script which gets triggered by SSH and does a git pull from the GitHub repository itself. Besides that it does Blue/Green deployment, […]
Comments are closed.