0

I'm trying to write github actions workflow with this steps:

  1. Connect to Digital ocean over ssh
  2. Navigate to /saver folder
  3. Pull updates from main branch
  4. Install dependencies and build project

My current code looks this way

name: Deploy app

on:
  push:
    branches: [ main ]


jobs:
  build:
    runs-on: ubuntu-20.04

    steps:
      - name: Deploy to Digital Ocean
        uses: appleboy/ssh-action@master
        with: 
          host: ${{secrets.SSH_HOST}}
          key: ${{secrets.SSH_KEY}}
          username: ${{secrets.SSH_USERNAME}}
          passphrase: ${{secrets.SSH_PASSPHRASE}}
          script: |
            cd saver 
            mkdir test #just to check if it connects and creates folder
        
      - name: Checkout
        uses: actions/checkout@v3
        with:
          ref: main

      - name: Pull changes
        run: git pull
         
      - name: Install client dependencies
        run: npm run client:prodinstall
                
      - name: Build client
        run: npm run client:build

      - name: Install server dependencies
        run: npm run server:prodinstall

      - name: Install server dependencies
        run: npm run server:build

As I see in logs in successfully logs to Digital ocean. On server I see folder test. but git pull doesn't work. I see

Run git pull
  
Already up to date.

But if I navigate by myself to DO server and run git pull I get new changes.

What's wrong?

UPDATE:

Current config

name: Deploy app

on:
  push:
    branches: [ main ]


jobs:
  build:
    runs-on: ubuntu-20.04

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          persist-credentials: false

      - name: Executing remote ssh commands using password
        uses: appleboy/ssh-action@v0.1.7
        env:
          SSH_KEY: ${{ secrets.SSH_KEY }}
          GIT_SSH_COMMAND: 'ssh -Tv'
        with:
          host: ${{ secrets.SSH_HOST }}
          username: ${{ secrets.SSH_USERNAME }}
          passphrase: ${{ secrets.SSH_PASSPHRASE }}
          script: |
            install -m 600 -D /dev/null ~/.ssh/id_rsa
            echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
            host='github.com'
            hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
            ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
            cd [appname]
            git pull origin main
            pm2 restart [appname]
         
      - name: Install
        run: npm run build
  • I copied public key cat .ssh/id_rsa.pub and put it https://github.com/settings/keys
  • Ran nano .ssh/authorized_keys
  • Ran chmod 700 .ssh/authorized_keys
  • Copied key from server with cat .ssh/id_rsa
  • And saved it as secret SSH_KEY in repos settings
  • Same with SSH_USERNAME and SSH_HOST

When I push repo I get this error

  " > ~/.ssh/id_rsa
host='github.com'
hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
cd [appname]
git pull origin main
pm2 restart [appname]

======END======
err: # 140.82.121.4:22 SSH-2.0-babeld-30fa67d5
err: # 140.82.121.4:22 SSH-2.0-babeld-30fa67d5
err: # 140.82.121.4:22 SSH-2.0-babeld-30fa67d5
err: # 140.82.121.4:22 SSH-2.0-babeld-30fa67d5
err: # 140.82.121.4:22 SSH-2.0-babeld-30fa67d5
err: git@github.com: Permission denied (publickey).
err: fatal: Could not read from remote repository.
err: Please make sure you have the correct access rights
err: and the repository exists.
angelzzz
  • 158
  • 12

1 Answers1

1

how to run it via ssh?

You would need to include your git pull in the commands run by appleboy/ssh-action@master.

That means the script part of that action should include a cd /path/to/repository, and git pull.

For an SSH URL, that means you need to copy the private key to a GitHub secret (for instance: SSH_PRIVATE_KEY) and set it as an environment variable in your workflow file.
For example:

- name: Executing remote ssh commands using password
  uses: appleboy/ssh-action@v0.1.7
  env:
    SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
  with:
    host: ${{ secrets.HOST }}
    username: ${{ secrets.USERNAME }}
    port: ${{ secrets.PORT }}
    script: |
      install -m 600 -D /dev/null ~/.ssh/id_rsa
      echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
      host='github.com'
      hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
      ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
      git pull origin main

Warning March 2023:

"GitHub has updated its RSA SSH host key"

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I tried this way already, but in this case it says 'git permission denied (publickey)' – angelzzz Mar 01 '23 at 11:06
  • 1
    @angelzzz What URL are you using from that `git pull`? HTTPS or SSH? You need to make sure your server (from which you are doing the pull) has the right credentials in place (private SSH key or cached token) – VonC Mar 01 '23 at 12:15
  • I use ssh git@github.com:[username]/[reponame].git. What approach I need to use in this case? – angelzzz Mar 02 '23 at 13:52
  • 1
    @angelzzz I have edited the answer to illustrate the proper step – VonC Mar 02 '23 at 14:36
  • I get the error ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain – angelzzz Mar 08 '23 at 19:21
  • uses: appleboy/ssh-action@v0.1.7 env: SSH_KEY: ${{ secrets.SSH_KEY }} with: host: ${{ secrets.SSH_HOST }} username: ${{ secrets.SSH_USERNAME }} script: | install -m 600 -D /dev/null ~/.ssh/id_rsa echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa host='github.com' hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host" ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts cd project_name git pull origin main – angelzzz Mar 08 '23 at 19:21
  • 1
    @angelzzz It is best to edit your question to include your current configuration and error: it is easier to format and will be more readable than in a comment. – VonC Mar 08 '23 at 19:41