This repository implements an Ubuntu-based composite GitHub Action that copies files from the GitHub Actions runner to a remote host using the Rsync tool over an SSH connection. This provides a way to deploy static files to a web server.
Please read the action.yml
file to review the specific steps performed by this action:
In broad terms, it saves the private SSH key and the list of known hosts on the GitHub Actions runner for the duration of the action and executes the rsync
command with the given input parameters.
-
Define a GitHub Actions workflow. For example:
# .github/workflows/deploy.yml name: Deploy on: [ workflow_dispatch ] jobs: copy-static-files-to-web-server: name: Copy static files to the web server runs-on: ubuntu-latest steps: - name: Check out the repository uses: actions/checkout@v3 - name: Copy the files with Rsync over SSH uses: rainstormy/github-action-deploy-with-rsync-over-ssh@v1 with: rsync-options: --archive --compress --verbose --rsh="ssh -l ${{ secrets.SSH_USERNAME }}" rsync-host: ${{ secrets.RSYNC_HOST }} rsync-source-path: www/ rsync-destination-path: ${{ secrets.RSYNC_DESTINATION_PATH }} ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }} ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} ssh-private-key-filename: ${{ secrets.SSH_PRIVATE_KEY_FILENAME }}
Here is another example that uses sshpass to perform password-based authentication in addition to key-based authentication:
with: rsync-options: --archive --compress --verbose --rsh="sshpass -e ssh -l ${{ secrets.SSH_USERNAME }}" rsync-host: ${{ secrets.RSYNC_HOST }} rsync-source-path: www/ rsync-destination-path: ${{ secrets.RSYNC_DESTINATION_PATH }} ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }} ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} ssh-private-key-filename: ${{ secrets.SSH_PRIVATE_KEY_FILENAME }} env: SSHPASS: ${{ secrets.SSH_PASSWORD }}
-
Create GitHub Actions secrets for the SSH username, the remote host (e.g.
server123.company.com
), and the destination pathname on the remote (e.g.~/www
). They are to be accessed through input parametersrsync-options
(in the--rsh
option),rsync-host
, andrsync-destination-path
, respectively. -
Optionally, for password-based authentication, create a GitHub Actions secret for the SSH password to be accessed through the
SSHPASS
environment variable. -
From your own computer, gather the remote host keys and verify that they are authentic to establish a trust-on-first-use relationship:
$ ssh-keyscan -H <remote-host> > "$HOME/.ssh/known_hosts"
-
Save the remote host keys in a GitHub Actions secret to be accessed through the
ssh-known-hosts
input parameter. -
From your own computer, generate an SSH key with the Ed25519 algorithm, for example using ssh-keygen or 1Password, and optionally choose a name for the key or use the default name of
id_ed25519
as<my-ssh-key>
:$ ssh-keygen -t ed25519 -f "$HOME/.ssh/<my-ssh-key>"
-
Grab the public key and add it to the list of authorised SSH keys on the remote host. It appears like
ssh-ed25519 AAAAC3(…)
. -
Save the private key in a GitHub Actions secret to be accessed through the
ssh-private-key
input parameter. It appears like-----BEGIN OPENSSH PRIVATE KEY-----(…)-----END OPENSSH PRIVATE KEY-----
. -
Save the name that you have chosen as
<my-ssh-key>
in a GitHub Actions secret to be accessed through thessh-private-key-filename
input parameter. It defines the name of the file in which the private key is stored on the GitHub Actions runner for the duration of the action. You may skip this step if you have chosen the default name ofid_ed25519
.