Autodeploy :3
Generate SSH key
2023-06-21 00:00:00 -0500
ssh-keygen -f deploy_blog -t ed25519Configure github with appropriate secrets
DOCKER_USERNAME- username for docker hubDOCKER_PASSWORD- key for docker hubDEPLOY_HOST- hostname to be poked over sshDEPLOY_USER- username to ssh asDEPLOY_KEY- SSH private key
git pushGithub actions runs a workflow to publish a docker image
name: Publish
on:
push:
branches: main
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Publish to Registry
uses: elgohr/Publish-Docker-Github-Action@master
with:
name: shish2k/blog
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
Which then triggers a second workflow to poke the target over ssh
name: Deploy
on:
workflow_run:
workflows: Publish
branches: main
types: completed
workflow_dispatch:
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
steps:
- name: Deploy
uses: appleboy/ssh-action@v0.1.10
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USER }}
key: ${{ secrets.DEPLOY_KEY }}
Target server has ~/.ssh/authorized_keys set up:
command="systemctl restart blog",no-port-forwarding,no-pty,no-X11-forwarding ssh-ed25519 [...public key here...] autodeploysystemd service set to pull latest image on restart
[Unit]
Description=blog - blog.shishnet.org
After=docker.service
Requires=docker.service
[Service]
Environment=HOME=/root
ExecStartPre=-/usr/bin/docker stop sn-blog
ExecStartPre=-/usr/bin/docker rm sn-blog
ExecStartPre=-/usr/bin/docker pull shish2k/blog
ExecStart=/usr/bin/docker run --init --rm --name sn-blog --network sn-net \
--label 'traefik.enable=true' \
--label 'traefik.http.routers.sn-blog.rule=Host("blog.shishnet.org")' \
-t shish2k/blog
Restart=always
[Install]
WantedBy=multi-user.target
2023-06-21 00:00:00 -0500