Github Actions配置SSH部署
本文介绍了如何配置GitHub Actions工作流,实现代码推送后自动构建、推送Docker镜像并部署到远程服务器。通过定义工作流文件、配置Secrets和生成专用SSH密钥,完成从代码到部署的自动化流程。
首先配置.github/workflow/deploy.yml:
name: Build Push and Deploy
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
environment: production
steps:
# 检出代码
- name: Checkout code
uses: actions/checkout@v3
# 设置 Docker Buildx (用于支持多平台构建)
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# 登录到 GitHub Container Registry (GHCR)
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# 构建 Docker 镜像
- name: Build Docker image And Push To GHCR
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
push: true
tags: ghcr.io/${{ github.repository_owner }}/<镜像名>:latest
build-args: |
REDIS_PORT=${{ secrets.REDIS_PORT }}
- name: SSH Deploy
uses: appleboy/ssh-action@v1.2.0
with:
host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
port: ${{ secrets.SSH_PORT }}
script: /path/to/deploy.sh
别忘了在github的仓库配置中添加相应的secrets,其中SSH_PRIVATE_KEY的内容是~/.ssh/github_action_key的内容。
然后在服务器上,生成专属公钥,并添加到授权组:
ssh-keygen -t rsa -b 4096 -C "github_action" -f ~/.ssh/github_action_key
cd ~/.ssh
cat github_action_key.pub >> ~/.ssh/authorized_keys
编辑~/.ssh/authorized_keys文件,添加授权命令即可:
command="/path/to/deploy.sh" ssh-rsa AAAA...