我在DO上有一个登台服务器。
我想为其构建并部署我的节点应用。
name: Build & Deploy
on:
push:
tags:
- 'v1.*.0'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Create SSH key
run: |
mkdir -p ~/.ssh/
echo "$DO_GITHUB_PRIVATE_KEY" > ../github_do.key
sudo chmod 600 ../github_do.key
ssh-keyscan -H ${{secrets.DEPLOY_SERVER}} > ~/.ssh/known_hosts
shell: bash
env:
DO_GITHUB_PRIVATE_KEY: ${{secrets.DO_GITHUB_PRIVATE_KEY}}
- uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Install Packages
run: yarn install --frozen-lockfile
- name: Build artifacts
env:
DEPLOY_SSH_KEY_PATH: ${{ github.workspace }}/../github_do.key
run: |
yarn shipit production fast-deploy
我所做的是生成一个新的SSH私钥和公钥。
我保存在DO_GITHUB_PRIVATE_KEY github机密中的私有密钥。
我已添加到我的登台服务器上的authorized_keys上的公共密钥。
触发操作后,操作失败:
@ v***.256.0
Create release path "/home/***/***/releases/2020-03-0***-v***.256.0"
Running "mkdir -p /home/***/***/releases/2020-03-0***-v***.256.0" on host "***".
@***-err ***@***: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
'fast-deploy:updateRemote' errored after ***.32 s
Error: Command failed: ssh -i /home/runner/work/***/***/../github_do.key ***@*** "mkdir -p /home/***/***/releases/2020-03-0***-v***.256.0"
答案 0 :(得分:13)
我已经解决了! 显然,密钥受密码短语protected保护。
这是整个过程:
ssh-keygen -t rsa -b 4096 -C "user@host" -q -N ""
更新主机的authorized_keys
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
进入服务器并运行
ssh-keyscan host
在您的working.yml文件中
#workflow.yaml
...
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Create SSH key
run: |
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ../private.key
sudo chmod 600 ../private.key
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
shell: bash
env:
SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}
SSH_KEY_PATH: ${{ github.workspace }}/../private.key
然后您可以将ssh与ssh -i $SSH_KEY_PATH user@host一起使用
希望这可以为某人节省几个小时:]
### answer进行评论(如何更新github机密)
要添加github机密,您有2个选择:
.env文件(操作前触发器)同步