I want to deploy a github project automatically through github actions when I push my code to github. My yaml-file looks like this:
name: push-and-deploy-to-server
on:
push:
branches: [ main ]
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: appleboy/scp-action#master
with:
host: ${{ secrets.SSH_HOST }}
port: 22
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
source: "."
target: "."
- uses: appleboy/ssh-action#master
with:
host: ${{ secrets.SSH_HOST }}
port: 22
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
npm install
pm2 restart index.js
I have a server with an SSH keypair. The public key is added to the server authorized_keys, and I can SSH through my terminal to the server.
When I push code to the github repo, the action runs. I get the following error:
drone-scp error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
The weird thing is: after this error, I'm not able to SSH into my server anymore, even through my console I get a "Permission denied (publickey)". So before running the github action, everything works, after that it fails.
The ip address of the server is SSH_HOST, the username which I use to SSH into the server is set in SSH_USERNAME and the private key (the same as I use on my local laptop to ssh into the server) is set in SSH_PRIVATE_KEY.
Does anyone have encountered the same problem before? I have really no clue whats going on here.
Edit: extra information: it's a private repository.
Related
I am going to create automatic deploy to my testing server via SSH in Github Actions. I was created connecting by private key. It's work correctly on local (tested in ubuntu:latest docker image), but when I push my code into repository I got error.
Run ssh -i ~/.ssh/private.key -o "StrictHostKeyChecking no" ***#*** -p *** whoami
Warning: Permanently added '[***]:***' (ED25519) to the list of known hosts.
Load key "/home/runner/.ssh/private.key": error in libcrypto
Permission denied, please try again.
Permission denied, please try again.
***#***: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Error: Process completed with exit code 255.
My workflow code:
name: Testing deploy
on:
push:
branches:
- develop
- feature/develop-autodeploy
jobs:
build:
name: Build and deploy
runs-on: ubuntu-latest
steps:
- run: mkdir -p ~/.ssh/
- run: echo "{{ secrets.STAGING_KEY }}" > ~/.ssh/private.key
- run: chmod 600 ~/.ssh/private.key
- run: ssh -i ~/.ssh/private.key -o "StrictHostKeyChecking no" ${{ secrets.STAGING_USER }}#${{ secrets.STAGING_HOST }} -p ${{ secrets.STAGING_PORT }} whoami
I was tried 3rd-hand packages e.g. D3rHase/ssh-command-action and appleboy/ssh-action with another errors.
Resolved. In line, where I making private.key file missing $ character. My bad.
I am using workload identity federation to provide some permissions to my workflow.
This seems to be working fine
- name: authenticate to gcp
id: auth
uses: 'google-github-actions/auth#v0'
with:
token_format: 'access_token'
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.SERVICE_ACCOUNT_EMAIL }}
- run: gcloud projects list
i.e. the gcloud projects list command is successful.
However, in a next step I am running the same command in a container
- name: run container
run: docker run my-image:latest
and the process fails (I don't have access to the logs for the moment but it definately fails)
Is there a way to make the container created having the same auth context as the workflow?
Do I need to bind mount some token generated perhaps?
export the credentials (option provided by the auth action)
- name: authenticate to gcp
id: auth
uses: 'google-github-actions/auth#v0'
with:
token_format: 'access_token'
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.SERVICE_ACCOUNT_EMAIL }}
create_credentials_file: true
Make credentials readable
# needed in the docker volume creation so that it is read
# by the user with which the image runs (not root)
- name: change permissions of credentials file
shell: bash
run: chmod 775 $GOOGLE_GHA_CREDS_PATH
Mount the credentials file and perform a gcloud auth login using this file in the container
- name: docker run
run: |
docker run \
-v $GOOGLE_GHA_CREDS_PATH:${{ env.CREDENTIALS_MOUNT_PATH }} \
--entrypoint sh \
${{ env.CLUSTER_SCALING_IMAGE }} \
-c "gcloud auth login --cred-file=${{ env.CREDENTIALS_MOUNT_PATH }} && do whatever"
The entrypoint can of course be modified accordingly to support the case above
I was trying to SSH to my server and pull the code and do some configuration stuff, each time code is pushed to master branch. I defined all of my repository variables used in this yaml file.
I also added ssh key, added host in the list of known hosts and fetched fingerprint.
This is my bitbucket-pipelines.yml file:
image: atlassian/default-image:2
pipelines:
branches:
master:
- step:
script:
- name: "SSH Deploy to production web"
- pipe: atlassian/ssh-run:0.2.6
variables:
SSH_USER: $SSH_USER
SERVER: $SSH_SERVER
COMMAND: $SSH_COMMAND
PORT: $SSH_PORT
The error I get is:
I checked my yml file using bitbucket validator and everything seems to be OK.
I would appreciate any help since I just started using bitbucket pipelines.
name isn't a property of script.
Refactor to be
master:
- step:
name: "SSH Deploy to production web"
script:
- pipe: atlassian/ssh-run:0.2.6
variables:
SSH_USER: $SSH_USER
SERVER: $SSH_SERVER
COMMAND: $SSH_COMMAND
PORT: $SSH_PORT
I'm in the throes of setting up a Github Action that should run an SSH command to connect to a private server. The private server's connection settings i have specify an identityFile, which I do own. After this connection, I will then run a proxycommand, so this is essentially to a bastion, for context.
What I cannot quite figure out at this point is how/which github action supports this configuration. I see the commands on this one (similar to others): https://github.com/appleboy/ssh-action/blob/master/action.yml and no mention of identifyFile property. Is there another way to execute this or a ssh command that can make this possible?
Would appreciate some pointers, thanks!
If you need some explanation of how to write your action, you can read this article : How to create Github Actions to run tests with docker services .
You just have to create your workflow file and use the actions of appleboy like on steps keyword :
- name: executing remote ssh commands using password
uses: appleboy/ssh-action#master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
key_path: ${{ secrets.KEY_PATH }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
script: whoami
With the script line, you can execute what you want to do in the server and connect with the parameters set above. For multiple line do like this :
script: |
pwd
ls -al
Hope it will help.
i had write a .drone.yml in my gogs git repository. but when i push the git change , drone web tell me Insufficient privileges to use privileged mode. how can i fix it?
this is my .drone.yml:
pipeline:
build:
image: test-harbor.cx580.com/centos/centos7:Beat2.0
privileged: true
commands:
- mkdir -p /data/k8s/drone/jar-db/
- \cp README.md /data/k8s/drone/jar-db/
- ls /data/k8s/drone/jar-db/
push:
image: plugins/docker
repo: test-harbor.cx580.com/centos/centos7:Beat2.0
registry: test-harbor.cx580.com
username: ci
password: '1qaz!QAZ'
tags:
- latest
i had search in google, this websize tell me Your repository isn't in the trusted list of repositories. Get in touch with Devops and ask them to trust it but ,how can i trusted the repositorie?
and i get setting in the drone web , and check the Trusted in the settings,but it also failed :
img
Set drone-server env (My repositorie is GitLab)
...
- DRONE_OPEN=false
- DRONE_ADMIN=<your gitlab username>
- DRONE_GITLAB_PRIVATE_MODE=true
...
Enable drone settings
Settings -> Trusted like this