txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: use appleboy/ssh-action for reliable SSH deployment

Browse Source 
Replace manual SSH setup with proven appleboy/ssh-action@v1.0.3
- Automatically handles SSH key formatting and permissions
- No manual key validation or cleanup needed
- Consistent with working commando-web deployment
- Pass environment variables via 'envs' parameter
- Simplifies both deploy and verify steps

This eliminates "error in libcrypto" and permission issues.
This commit is contained in:
juanatsap
2025-10-31 12:27:46 +00:00
parent cdb6cbd2b0
commit 97ab363071
1 changed files with 18 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/deploy.yml
+18 -56
View File
@@ -13,43 +13,20 @@ jobs:
steps: steps:
- name: Deploy to server - name: Deploy to server
uses: appleboy/ssh-action@v1.0.3
env: env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_HOST: ${{ secrets.SSH_HOST }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_PORT: ${{ secrets.SSH_PORT || '22' }}
SERVICE_NAME: ${{ secrets.SERVICE_NAME || 'cv' }} SERVICE_NAME: ${{ secrets.SERVICE_NAME || 'cv' }}
REPO_PATH: ${{ secrets.REPO_PATH || '/home/txeo/Git/yo/cv' }} REPO_PATH: ${{ secrets.REPO_PATH || '/home/txeo/Git/yo/cv' }}
run: | with:
echo "🚀 Deploying to server..." host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USER }}
# Setup SSH key: ${{ secrets.SSH_PRIVATE_KEY }}
mkdir -p ~/.ssh port: ${{ secrets.SSH_PORT || '22' }}
chmod 700 ~/.ssh envs: SERVICE_NAME,REPO_PATH
script: |
# Write SSH key with proper formatting
printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
# Validate SSH key format
echo "🔍 Validating SSH key..."
if ! ssh-keygen -l -f ~/.ssh/deploy_key >/dev/null 2>&1; then
echo "❌ Invalid SSH key format!"
echo "Key preview (first 50 chars):"
head -c 50 ~/.ssh/deploy_key
echo ""
exit 1
fi
echo "✅ SSH key validation passed"
# Add host to known_hosts
ssh-keyscan -p $SSH_PORT -H $SSH_HOST >> ~/.ssh/known_hosts 2>/dev/null
# Pull latest code and restart service
echo "🔄 Pulling latest code and restarting service..."
ssh -i ~/.ssh/deploy_key -p $SSH_PORT $SSH_USER@$SSH_HOST << ENDSSH
set -e set -e
echo "🚀 Deploying to server..."
echo "📥 Pulling latest changes..." echo "📥 Pulling latest changes..."
cd $REPO_PATH cd $REPO_PATH
git pull origin main git pull origin main
@@ -69,28 +46,16 @@ jobs:
sudo journalctl -u $SERVICE_NAME -n 50 --no-pager sudo journalctl -u $SERVICE_NAME -n 50 --no-pager
exit 1 exit 1
fi fi
ENDSSH
# Cleanup
rm ~/.ssh/deploy_key
echo "✅ Deployment completed successfully!"
- name: Verify deployment - name: Verify deployment
env: uses: appleboy/ssh-action@v1.0.3
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} with:
SSH_HOST: ${{ secrets.SSH_HOST }} host: ${{ secrets.SSH_HOST }}
SSH_USER: ${{ secrets.SSH_USER }} username: ${{ secrets.SSH_USER }}
SSH_PORT: ${{ secrets.SSH_PORT || '22' }} key: ${{ secrets.SSH_PRIVATE_KEY }}
run: | port: ${{ secrets.SSH_PORT || '22' }}
echo "🔍 Verifying deployment..." script: |
echo "🔍 Verifying deployment..."
# Setup SSH for verification
printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
# Test health endpoint
ssh -i ~/.ssh/deploy_key -p $SSH_PORT $SSH_USER@$SSH_HOST << 'ENDSSH'
echo "Testing health endpoint..." echo "Testing health endpoint..."
sleep 2 sleep 2
if curl -f http://localhost:1999/health > /dev/null 2>&1; then if curl -f http://localhost:1999/health > /dev/null 2>&1; then
@@ -100,7 +65,4 @@ jobs:
echo "❌ Health check failed" echo "❌ Health check failed"
exit 1 exit 1
fi fi
ENDSSH echo "✅ Deployment verification complete!"
rm ~/.ssh/deploy_key
echo "✅ Deployment verification complete!"