Skip to content
update website contents

comments before I forget how this works #6

Sign in to view logs

comments before I forget how this works

comments before I forget how this works #6

Workflow file for this run

.github/workflows/update.yaml at 7f8dc99
# based on: https://blog.benoitblanchon.fr/github-action-run-ssh-commands/
# 1. choose a user account on the server, here it will be called "github"
# 2. create a ssh key pair and put the public key in github's authorized_keys
# 3. create a script only editable by root with the following, adjust the
# www-data user accordingly
# #!/bin/bash
# cd <path to git directory>
# runuser -u www-data -- git pull
# runuser -u www-data -- git status
# 4. give permission for github to run it as root by putting the following line
# in /etc/sudoers.d/github
# github ALL=(root) NOPASSWD: <path to script>
# 5. configure the secrets on github repo settings for logging into the server
# $SSH_USER = username, "github" in this example
# $SSH_KEY = private key, the matching public key was put in authorized_keys
# $SSH_HKEY = the line from known_hosts for the server to suppress the warning
# $SSH_HOST = server host/ip
# $SSH_PORT = server port
# $SSH_CMD = use "sudo <path to script>" (so github user runs script as root)
name: update website contents
on: [push]
jobs:
update-website:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: 'configure ssh'
run: |
mkdir -p ~/.ssh/
echo "$SSH_KEY" > ~/.ssh/key
chmod 600 ~/.ssh/key
echo "$SSH_HKEY" > ~/.ssh/known_hosts
cat >> ~/.ssh/config << END
Host website
Port $SSH_PORT
Hostname $SSH_HOST
User $SSH_USER
IdentityFile ~/.ssh/key
END
- name: 'pull content'
run: ssh website $SSH_CMD
env:
SSH_USER: ${{secrets.SSH_USER}}
SSH_KEY: ${{secrets.SSH_KEY}}
SSH_HKEY: ${{secrets.SSH_HKEY}}
SSH_HOST: ${{secrets.SSH_HOST}}
SSH_PORT: ${{secrets.SSH_PORT}}
SSH_CMD: ${{secrets.SSH_CMD}}