{"date": "2020-09-12", "tags": "github, rsync, gnu/linux", "type": "post"}

custom github actions

Hey there, did you know that GitHub has actions? And they are free? And you get to customize them to do whatever you want? It’s a free docker container to do the testing/linting/building process for you. At first, I did not know how to use them so I just ignored them, but once I understood how they work and how lazy I am, I was sold.

freepill

I am writing this piece of text for future me who will forget how any of this works after a few months of not having to do any more action configurations…

[1] user and keys

How to setup account without sudo for rsync, etc from GitHub actions when you have disabled password login and copying with ssd-copy-id isn’t possible!

  1. Generate a key. Private key will be needed in your GitHub action, public key will be needed in authorized_keys file on the VPS.

    $ ssh-keygen ~/.ssh/abc_key
    
  2. Create a user where data will be sent. I did not want to use my “main” user with sudo rights on the VPS, so I made a dedicated user to be used with rsync and all the other stuff related to file transfers.

    $ sudo useradd -d /home/abc -m abc
    $ sudo passwd abc
    
  3. Since I have disabled password logins on my VPS, there is no possibility to transfer the key with ssh-copy-id. (I might be wrong). Instead, I have to add authorized key myself. This requires you to create ~/.ssh/authorized_keys file and add your public key generated in the first step.

    $ sudo mkdir /home/abc/.ssh
    
    # Open a file and copy paste it.
    $ sudo nano /home/abc/.ssh/authorized_keys
    
    # Or do this if you have it clipboard.
    $ echo "pub key" | sudo tee -a /home/abc/.ssh/authorized_keys
    
  4. Restart ssh service.

    $ sudo systemctl restart sshd
    
  5. You will be able to login with user abc and your private ssh key.

[2] who is this rsync?

rsync is a pretty based tool to transfer data. It is fast, reliable, secure and easy to use. You give it flags, source(s) and destination(s). It then does the job for you:

$ rsync --progress  # Show progress in terminal.
      -vz           # -v is for increased verbosity, -z is for compression during the transfer
      -e "ssh -i /home/void/.ssh/my_cool_key"   # CLI arguments, in this case we tell rsync where the private key is located.
      source        # Path to file(s), dir(s) you want to transfer
      destination   # Destination. Where your files should land.

$ man rsync         # Find other flags you can use.

And it would look like this when typed without comments and breaks:

$ rsync --progress -vz  /home/void/pepes/* abc@185.80.130.75:/home/abc/pepes

[3] exploiting free stuff

At this point, you should have access to your VPS user, a set of keys, and understand what rsync does.

1592654154072

  1. Create an action. GitHub will give you a template action which is enough in this case.

  2. Go to projects settings and add new secrets. Add SSH_KEY and paste your private key generated in step [1]. Also, add DESTINATION_PATH with your destination. Or you can write that in the action if you do not care. Mine is something like abc@185.80.130.75:/home/abc/website/. This is coincidentally the IP address of this website.

  3. Look at my action and adjust it to your liking. Do not forget to add - uses: actions/checkout@v2 or your action will not have access to your repository! ${GITHUB_WORKSPACE} is a built-in variable that stores the path to your repository within this action container. In my case, I only want to transfer the html/ directory containing website stuff. All the other files are not needed to display this website. No need to yeet them to the VPS.

    name: Rsync
    on:
     push:
       branches: [ master ]
     pull_request:
       branches: [ master ]
    
    jobs:
     rsync:
       runs-on: ubuntu-latest
       steps:
         - uses: actions/checkout@v2 # Need this to access the repository data!
         - name: Rsync data to VPS.
           env:
             KEY: ${{ secrets.SSH_KEY }}
             DESTINATION_PATH: ${{ secrets.DESTINATION_PATH }}
           run: |
             mkdir ~/.ssh
             echo "$KEY" > ~/.ssh/key
             chmod 600 ~/.ssh/key
             rsync --progress -rvz -e "ssh -i ~/.ssh/key -o StrictHostKeyChecking=no" ${GITHUB_WORKSPACE}/html/* info "$DESTINATION_PATH