2.27.2. Deploy with GitHub Actions

GitHub Actions is a collection of workflow automation tools on GitHub. With their help, you can run various actions when certain events occur. One example is the automatic upload of the project code from GitHub to the hosting when pushing changes to the repository.

Important points:

  • Directory on hosting during deployment not cleared. Files that are not in the repository are not removed from the directory.

Setting up automatic deployment on the example of an action FTP Deploy.

  1. Create hosted FTP-user with access to the directory where the deployment should be performed.
  2. Disable access restrictions on FTP.
  3. Open your repository on GitHub.
  4. Add the data necessary for deployment to the secrets:

    How to add secrets:

    1. Switch to tab "Settings".
    2. From the menu on the right, select "Secrets → Actions".
    3. Clickon "New repository secret".
    4. Specify the name of the secret in the field "Name" and the value in the field "Value".
    5. Clickon "Add secret".

    Each setting is added as a separate secret.

    Name Value
    REMOTE_HOST Specify host FTP-servers from data for access by FTP.
    FTP_USER Enter login FTP-user from data for access by FTP.
    FTP_PASSWORD Enter password FTP-user.
    FTP_PATH Pleaseindicate relative way from access directory FTP-user to the directory on the hosting where the deployment should be performed. Warning! Way necessarily must end with a slash /. Also if your project has directories lib or etc, access directory FTP-user must be such that they are not at the root.
  5. Set up the action:
    1. Switch to tab "Actions".
    2. Clickon "set up a workflow yourself" or first "New workflow", and then "set up a workflow yourself".
    3. Replace the code in the field "Edit new file" on this one:
      name: FTP deploy on push
      on: push
      jobs:
        web-deploy:
          name: Deploy
          runs-on: ubuntu-latest
          steps:
          - name: Get latest code
            uses: actions/checkout@v2
          - name: Sync files
            uses: SamKirkland/FTP-Deploy-Action@4.3.0
            with:
              server: ${{ secrets.REMOTE_HOST }}
              username: ${{ secrets.FTP_USER }}
              password: ${{ secrets.FTP_PASSWORD }}
              server-dir: ${{ secrets.FTP_PATH }}
    4. Clickon "Start commit" and then "Commit new file".
  6. Switch to tab "Actions" and check the deployment status. To view details, click on the workflow name in the list "All workflows" and then on "build" - if successful, each operation should have a checkmark next to it.

Important points:

  • To deploy via SSH, you need to disable access restrictions by IP to API. API used to add and remove GitHub IP from list of allowed for SSH access.
  • After deployment, the added GitHub IP necessarily should be removed from list of allowed for SSH access. If the IP is not removed, then if the limit of added addresses is reached, the deployment will stop working.
  • Directory on hosting during deployment cleared. The contents of the directory will match the contents of the repository.

Setting up automatic deployment on the example of an action Rsync Deployments Action.

Principle of operation:

  1. The external IP of GitHub is determined from which the connection to the hosting will be made.
  2. External IP is added via API in list of allowed for SSH access.
  3. Deployed using rsync.
  4. The external IP is removed via API of list of allowed for SSH access.
  1. Set up access to API:
    1. Activate token.
    2. Delete all IPs from the allowed list.
  2. Set up SSH key authentication:
    1. Generate and add account key.
    2. Bind the key to the hosting account where the deployment should be performed.
  3. Open your repository on GitHub.
  4. Add the data necessary for deployment to the secrets:

    How to add secrets:

    1. Switch to tab "Settings".
    2. From the menu on the right, select "Secrets → Actions".
    3. Clickon "New repository secret".
    4. Specify the name of the secret in the field "Name" and the value in the field "Value".
    5. Clickon "Add secret".

    Each setting is added as a separate secret.

    Name Value
    ADM_TOOLS_API_TOKEN Pleaseindicate token to access hosting API.
    ADM_TOOLS_ACCOUNT_ID Specify the ID of the hosting account where the deployment should be performed (not to be confused with ID account). For example, if you open the section "Hosting → SSH access", then in the address bar of the browser there will be an address of the form https://adm.tools/hosting/account/123456/ssh/. The numbers in the address are the hosting account ID.
    REMOTE_HOST Specify a host from data for SSH access.
    REMOTE_USER Enter login from data for SSH access.
    REMOTE_KEY Insert data private key in PEM format (starts with -----BEGIN RSA PRIVATE KEY-----). Warning! The key must be private, not public.
    REMOTE_PATH Pleaseindicate absolute path to the directory on the hosting where the deployment should be performed.
  5. Set up the action:
    1. Switch to tab "Actions".
    2. Clickon "set up a workflow yourself" or first "New workflow", and then "set up a workflow yourself".
    3. Replace the code in the field "Edit new file" on this one:
      name: SSH deploy on push
      on: push
      jobs:
        build:
          runs-on: ubuntu-latest
          steps:
            - name: Get public IP
              id: ip
              uses: haythem/public-ip@v1.2
            - name: Add IP to whitelist
              id: addip
              run: |
                curl -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.ADM_TOOLS_API_TOKEN }}" --request POST --data '{"account_id": "${{ secrets.ADM_TOOLS_ACCOUNT_ID }}", "ip": "${{ steps.ip.outputs.ipv4 }}"}' https://adm.tools/action/hosting/account/ssh/ip/send/
            - uses: actions/checkout@v2
            - name: rsync deploy
              uses: burnett01/rsync-deployments@5.2
              with:
                switches: -avzr --delete
                path: .
                remote_host: ${{ secrets.REMOTE_HOST }}
                remote_user: ${{ secrets.REMOTE_USER }}
                remote_key: ${{ secrets.REMOTE_KEY }}
                remote_path: ${{ secrets.REMOTE_PATH }}
            - name: Remove IP from whitelist
              id: removeip
              run: |
                curl -H "Content-Type: application/json" -H "Authorization: Bearer ${{ secrets.ADM_TOOLS_API_TOKEN }}" --request POST --data '{"account_id": "${{ secrets.ADM_TOOLS_ACCOUNT_ID }}", "ip": "${{ steps.ip.outputs.ipv4 }}"}' https://adm.tools/action/hosting/account/ssh/ip/delete_by_ip/
    4. Clickon "Start commit" and then "Commit new file".
  6. Switch to tab "Actions" and check the deployment status. To view details, click on the workflow name in the list "All workflows" and then on "build" - if successful, each operation should have a checkmark next to it.

Warning!

With every deployment on account mail and in Telegram will receive a notification that the list of IP addresses for SSH access has been changed.
Content