Bruce

Posted on Jun 8, 2020

How to setup continuous deployment of a website on a VPS using GitHub Actions

#github #devops #webdev

Doesn't matter if it is a private or public repository

Prerequisites

Here are the prerequisites required for this tutorial:

A GitHub account
Any Virtual Private Server, though i prefer DigitalOcean because of how easy it is to get started. If you can sign up on DigitalOcean with my Referral Link you get $100 in credit that can be spent in 60 days.

Some of the things we are going to cover in this tutorial.

Generating an ssh key on your remote VPS
Adding your generated public key to authorized keys
Creating GitHub secret keys
Configuring GitHub actions to auto-deploy your private/public repository

Step 1 - Open your terminal add ssh into your VPS



$ ssh user@hostname
$ cd ~/.ssh

Step 2 - Generate an ssh key



$  ssh-keygen -t rsa -b 4096 -C "test@example.com"

The email is the one you use on your GitHub account

Step 3: Press Enter repeatedly to set default name(Don't set a passphrase)

If you do "ls" in your terminal you will see these two files ( id_rsa and id_rsa.pub)

Step 4 - Add a public key to authorized keys



$  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Note: We’re using >> so that the id_rsa.pub contents are appended to the end of the contents in the authorized_keys file, rather than override the contents in the authorized_keys.

Step 5 - Create GitHub secrets



$  cat ~/.ssh/id_rsa

In your terminal run the above command select the output content and copy to your clipboard.

Head over to your GitHub repository you wish to configure,click on settings tab then in options menu click on and add the following secrets:

HOST: set the key to your hostname or ip address.
USERNAME: set the key to the username you use to SSH into your VPS.
SSHKEY: set the key to you copied contents from the command above.
PORT: set the key to 22

If you are still here, congratulations! we are almost done!

With the steps above completed, we’re left with only a single step more, namely, our .github/workflows/deploy.yml file.

Step 6 - Configure GitHub actions to auto-deploy your private/public repository

Assuming that you have the repo cloned locally on your machine, go ahead and create .github/workflows folder and inside that create a deploy.yml file

Add the following contents to deploy.yml file



name: Deploy

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v1

    - name: Copy repository contents via scp
      uses: appleboy/scp-action@master
      env:
        HOST: ${{ secrets.HOST }}
        USERNAME: ${{ secrets.USERNAME }}
        PORT: ${{ secrets.PORT }}
        KEY: ${{ secrets.SSHKEY }}
      with:
        source: "."
        target: "/var/www/mywebsite"

    - name: Executing remote command
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.HOST }}
        USERNAME: ${{ secrets.USERNAME }}
        PORT: ${{ secrets.PORT }}
        KEY: ${{ secrets.SSHKEY }}
        script: ls

Notice that my remote command is just " ls ".if you are trying to auto deploy a React App or a Vue App, you could set your script command to Build command.

The Moment of Truth!

Commit the deploy.yml changes, and push to your repository.

It should build and push to the VPS without any errors.



$  git add .

$  git commit -m "deploy"

$  git push origin master

If you head over to your GitHub repository and click on actions menu you shall see this

Yay ! That's it, your repository is officially configured, now everytime you make changes and push to GitHub that action will run and auto deploy your website.

Thank you for reading!

Your comments are welcome

Top comments (27)

Jorge • May 2 '21

Thanks for the article this is what I was looking for! Just for update it, now Github gives you the chance to create Environment secrets. Well, you should create Repository Secrets to follow properly this tutorial. I made that mistake and at the beginning I couldn't make it work because I created ENV secrets instead of Repo ones.

Thanks!

Reinhart Andreas • Sep 23 '20

Thanks for the tutorial

I got error in Copy repository contents via scp step:

the log:

tar all files into /tmp/565278366/9sTHaiaED0.tar
scp file to server.
2020/09/23 18:26:16 error copy file to dest: **, error message: dial tcp: lookup ** on 168.63.129.16:53: no such host
drone-scp error: error copy file to dest: **, error message: dial tcp: lookup ** on 168.63.129.16:53: no such host

Any ideas? Thanks before :)

Azrin Sani • Oct 5 '21 • Edited

Hi, I just created an account to answer this question. I was going through this problem as well. For me it turned out that I have not enabled SSH keys on my VPS

in a nutshell, make sure you have "AuthorizedKeysFile %h/.ssh/authorized_keys" in your '/etc/ssh/sshd_config' file entrt

HOW IT FULLY WORKS:

Every device/service(such as github), will generate a private and public key pair using SSH. In this example we are using the actual vps to generate the private-public key pair and manually copy the private key into Github.
The private key stays on the device/service, but the public key is copied into ~/.ssh/authorized_keys on your VPS
So when Github logs into you vps, it uses the private key to sign the handshake message. The VPS uses the public key to verify the signature and since it is 'Authorized' will allow login.
under /etc/ssh/sshd_config must uncomment 'AuthorizedKeysFile %h/.ssh/authorized_keys'
Finally don't forget to restart SSH => $ sudo service ssh restart

Reinhart Andreas • Oct 5 '21

Thanks for the help Bruce and Azrin!

Bruce • Jan 26 '21

Try using 168.63.129.16 as the host without port 53

Alex Lebed 🐧 • Jan 4 '21

doesn't work for some reason,

tar all files into /tmp/196564759/vw1MAdYY5a.tar
scp file to server.
2021/01/04 13:45:34 error copy file to dest: ***, error message: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

any ideas what's wrong?

Bruce • Jan 26 '21

Repeat step 4 and 5

pianographe • Dec 6 '22

Hello!

Thanks for sharing.
I followed your tutorial but I get an error when I try to build deploy.yml:

scp file to server. create folder /discord-bots/pianobot drone-scp error: stty: 'standard input': Inappropriate ioctl for device

Do you please know how to fix this? Thank you!

KhalO • Aug 12 '20

Thank you, useful action

Nimit Savant • Feb 8 '22

Everything's working but I can't setup script in this thing
I want something like this
cd word-dir && npm i
but gives npm ain't recognized

Nimit Savant • Feb 8 '22

So basically it's not detecting npm because nvm doesn't install node in /usr/local/bin/
ref: stackoverflow.com/questions/628630...

Sol: add this two lines in your script

export NVM_DIR=~/.nvm
source ~/.nvm/nvm.sh

Chrissie • Jun 8 '20

Nice Article

Geoffrey • Dec 11 '21 • Edited

Hello, I have a problem with the keyssh on my vps.

I have my key, but I can't do this on my vps?
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Do you have a solution?

I saw that it had something to be enabled in the ssh config? Thanks

Kenean • Dec 11 '21 • Edited

You can print the value of your public key on you your terminal and append it to the "authorized_keys" file by just copying it.

To do this run this command "cat ~/.ssh/id_rsa.pub" on your terminal and if you saved your ssh keys on the default location you should be able to see your public key printed out.

Then just copy your public key on the terminal and open your "authorized_keys" file with the following command "nano ~/.ssh/authorized_keys" this will create the file if doesn't already exist. now past the value, you copied and save the file. if there is already a value there just add yours at the end of the file

Also make sure your ssh-agent is runing and you have add your key. (follow instructuion above )