Automating your Linode deployment with Github Actions
Linode, HTTP/HTTPS & Deployment Part 2 | /var/log/share
Automating your Linode deployment with Github Actions
In my earlier post, I said I would go about testing Github actions as opposed to my custom deploy script I shared earlier. After diving into GitHub actions, I found that this was indeed easy to do. Github’s actions enable you to run custom actions when you push changes to your repository. Think of continuous integration pipelines but all done through Github. So, taking a look back at the deploy script from the earlier post, I mainly need a way to run bundle to install Jekyll and build the website. Once, the site has been built — I need to SCP the contents into Linode machine spun up earlier.
Finding the right Github Actions
Github marketplace has a catalog of all actions available to use. Before, selecting the ones you want — take a look at the source repository so no malicious code is present. Github’s actions are fairly new and one of the actions for this job involves SSH. So, you want to ensure the actions don’t have any backdoor to capture the information you enter. Initially, I pondered using this guide here to build an action but I found some plugins fit my use-case correctly.
Prerequisite
Here are some important things I needed to do before pursuing the Github action workflow
- Setup a non sudo user. This is an important step and should not be skipped. I’m usually very paranoid about security and if you wish to use Github actions and third-party plugins in there, I would suggest going this route.
- Setup Apache server to serve files from non-root user folder. The way I set this up is by executing
sudo ln -s /home/<your_non_root_user>/soupynoodles.dev /var/www/html. This establishes a symlink letting you change contents in a non-root user's home folder and serve files from there. - Setup an ssh-key pair to enable SSH operation for the non-root user from Github action workflow. You need to generate a key pair and copy over the public key-pair to the non-root user’s home dir in
/home/<your_non_root_user>/.ssh/authorized_keys. The private key-pair will be used in the workflow to allow the plugin to ssh correctly.
The rest of the workflow is very simple and you can copy over my workflow if it suits your needs.
Github Action Setup
Fairly simple — all you need is a file in your repository .github/workflows/main.yml. This workflow will be executed every time you push to master.
I used some third party plugins here:
- actions-bundle CLI for running and building Jekyll
- SCP-action for secure copying over the tarball to my deployment server.
- action-ssh to get into my deployment server and do some folder manipulation.
- Github secrets for managing private keys.
Github’s actions are great and it’s pretty solid that you can now build these workflows for free in Github itself. The only bits I feel I want to improve right now is setting up my Linode machine itself. I’m contemplating running a puppet master-slave configuration with a nano instance serving as the master. I won’t do it unless I see the need for it. That’s all from this post! hope y’all liked it.
Originally published at https://soupynoodles.dev on March 21, 2020.
