custom github actions
Hey there, did you know that GitHub has actions? And they are free? And you get to customize them to do whatever you want? It’s a free docker container to do the testing/linting/building process for you. At first, I did not know how to use them so I just ignored them, but once I understood how they work and how lazy I am, I was sold.
I am writing this piece of text for future me who will forget how any of this works after a few months of not having to do any more action configurations…
[1] user and keys
How to setup account without sudo for rsync, etc from GitHub actions when you have disabled password login and copying with ssd-copy-id isn’t possible!
Generate a key. Private key will be needed in your GitHub action, public key will be needed in authorized_keys file on the VPS.
$ ssh-keygen ~/.ssh/abc_keyCreate a user where data will be sent. I did not want to use my “main” user with sudo rights on the VPS, so I made a dedicated user to be used with rsync and all the other stuff related to file transfers.
$ sudo useradd -d /home/abc -m abc $ sudo passwd abcSince I have disabled password logins on my VPS, there is no possibility to transfer the key with
ssh-copy-id. (I might be wrong). Instead, I have to add authorized key myself. This requires you to create~/.ssh/authorized_keysfile and add your public key generated in the first step.$ sudo mkdir /home/abc/.ssh # Open a file and copy paste it. $ sudo nano /home/abc/.ssh/authorized_keys # Or do this if you have it clipboard. $ echo "pub key" | sudo tee -a /home/abc/.ssh/authorized_keysRestart ssh service.
$ sudo systemctl restart sshdYou will be able to login with user
abcand your private ssh key.
[2] who is this rsync?
rsync is a pretty based tool to transfer data. It is fast, reliable, secure and easy to use. You give it flags, source(s) and destination(s). It then does the job for you:
$ rsync --progress # Show progress in terminal.
-vz # -v is for increased verbosity, -z is for compression during the transfer
-e "ssh -i /home/void/.ssh/my_cool_key" # CLI arguments, in this case we tell rsync where the private key is located.
source # Path to file(s), dir(s) you want to transfer
destination # Destination. Where your files should land.
$ man rsync # Find other flags you can use.
And it would look like this when typed without comments and breaks:
$ rsync --progress -vz /home/void/pepes/* abc@185.80.130.75:/home/abc/pepes
[3] exploiting free stuff
At this point, you should have access to your VPS user, a set of keys, and understand what rsync does.
Create an action. GitHub will give you a template action which is enough in this case.
Go to projects settings and add new secrets. Add SSH_KEY and paste your private key generated in step [1]. Also, add DESTINATION_PATH with your destination. Or you can write that in the action if you do not care. Mine is something like
abc@185.80.130.75:/home/abc/website/. This is coincidentally the IP address of this website.Look at my action and adjust it to your liking. Do not forget to add - uses: actions/checkout@v2 or your action will not have access to your repository! ${GITHUB_WORKSPACE} is a built-in variable that stores the path to your repository within this action container. In my case, I only want to transfer the html/ directory containing website stuff. All the other files are not needed to display this website. No need to yeet them to the VPS.
name: Rsync on: push: branches: [ master ] pull_request: branches: [ master ] jobs: rsync: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 # Need this to access the repository data! - name: Rsync data to VPS. env: KEY: ${{ secrets.SSH_KEY }} DESTINATION_PATH: ${{ secrets.DESTINATION_PATH }} run: | mkdir ~/.ssh echo "$KEY" > ~/.ssh/key chmod 600 ~/.ssh/key rsync --progress -rvz -e "ssh -i ~/.ssh/key -o StrictHostKeyChecking=no" ${GITHUB_WORKSPACE}/html/* info "$DESTINATION_PATH