I'm trying to deploy a PHP Project using github action
The connection on the target server works but I'm stuck at the part when deployer tries to clone the repository.
I'm storing a private ssh key in the github secret in order to access the server and I try to use the same ssh key to access the github repository (the key is added in the deploy key of the repository).
Here the command that fails :
cd {releasePath} && (/usr/bin/git clone -b "develop" --recursive git#github.com:arnaudschaeffer/myprivaterepo.git {releasePath} /releases/3 2>&1)
Command failed with exit code 1: bin/dep deploy staging -vvv
Deployer works from my local environment. I can make it work with both my personnal SSH Keys and the one I've had in a secret in order to connect to the target server.
Here's my github yml file :
# This is a basic workflow to help you get started with Actions
name: Deploy develop
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [ develop ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
deploy:
name: Deploy to develop
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
ref: 'develop'
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
persist-credentials: true
- name: Setup PHP
uses: shivammathur/setup-php#v2
with:
php-version: 7.4
- name: Configure SSH
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_HOST: ${{ secrets.SSH_HOST }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_PORT: ${{ secrets.SSH_PORT }}
run: |
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ~/.ssh/staging.key
chmod 600 ~/.ssh/staging.key
cat >>~/.ssh/config <<END
Host github
Hostname github.com
IdentityFile ~/.ssh/staging.key
IdentitiesOnly yes
Host host_name
HostName $SSH_HOST
User $SSH_USER
Port $SSH_PORT
IdentityFile ~/.ssh/staging.key
StrictHostKeyChecking no
END
- name: Set Up Deployer
run: |
curl -LO https://deployer.org/deployer.phar && mkdir bin && mv deployer.phar bin/dep && sudo chmod +x bin/dep
# Add deploy key in GitHub account
- name: Deploy
uses: deployphp/action#master
with:
private-key: ${{ secrets.SSH_PRIVATE_KEY }}
#Both target server and github known hosts
known-hosts: ${{ secrets.KNOWN_HOSTS }}
dep: deploy staging -vvv
Is there some extra step to clone the repository in deployer ?
Thank in advance !
Related
I'm trying to find out if it's possible to add a deploy key with GitHub actions. I have already generates key with ssh-keygen and tried to add it manually which works. But I would like to add my generated key with GitHub actions as well.
In other words I want to do this "GitHub -> repo -> settings -> deploy keys -> add deploy key (the generated key during workflow)" but I want to do it with GitHub actions if it's possible.
This is the workflow that i have created so far:
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches: [ main ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
if: github.event.repository.name != 'testar-deploy-key'
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout#v2
- name: Create deploy key
run: |
# Deploy key
ssh-keygen -m PEM -t rsa -b 4096 -C "mail#mail.com" -o -f id_rsa
#Here i want in someway to add my generated key to the current github repository.
git config --local user.email "action#github.com"
git config --local user.name "GitHub Action"
git add .
git commit -m "Generate SSH"
# Push changes
- name: Push changes
uses: ad-m/github-push-action#master
with:
branch: main
github_token: ${{ secrets.GITHUB_TOKEN }}
I have been trying to automate the deployment of firebase cloud functions using the Github actions CI/CD workflows.
The functions are developed using NodeJs, Express, and Typescript. And all environment variables are saved in a .env file that is not tracked on github (for obvious reasons)
The main.yaml file (in .github/workflows/)
name: CI/CD
on:
push:
branches: [ deploy ]
pull_request:
branches: [ deploy ]
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: create env file
run: |
cd functions
touch .env
echo "${{ secrets.ENV_VARS }}" >> .env
- name: Install npm packages
run: |
cd functions
npm install
- name: Deploy to Firebase
uses: w9jds/firebase-action#master
with:
args: deploy
env:
FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
The workflow first creates a .env file where it writes the env variables (saved in github secrets)
then installs the dependencies,
and finally deploy the cloud functions
The steps are executed without any issues, up to the deployment part where I got this error
Error: Service account object must contain a string "project_id" property.
at FirebaseAppError.FirebaseError [as constructor] (/github/workspace/functions/node_modules/firebase-admin/lib/utils/error.js:44:28)
at FirebaseAppError.PrefixedFirebaseError [as constructor] (/github/workspace/functions/node_modules/firebase-admin/lib/utils/error.js:90:28)
at new FirebaseAppError (/github/workspace/functions/node_modules/firebase-admin/lib/utils/error.js:125:28)
at new ServiceAccount (/github/workspace/functions/node_modules/firebase-admin/lib/credential/credential-internal.js:134:19)
at new ServiceAccountCredential (/github/workspace/functions/node_modules/firebase-admin/lib/credential/credential-internal.js:68:15)
at Object.exports.cert (/github/workspace/functions/node_modules/firebase-admin/lib/credential/credential.js:34:54)
at Object.<anonymous> (/github/workspace/functions/lib/config/firebase.js:10:34)
at Module._compile (internal/modules/cjs/loader.js:1085:14)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
at Module.load (internal/modules/cjs/loader.js:950:32)
Thank you in advance
I solved this problem. The answer was very simple: instead of following the different tutorials that use "w9jds/firebase-action#master" for the deployment, I simply used firebase deploy :)
The new main.yaml
name: CI/CD
on:
push:
branches: [ deploy]
pull_request:
branches: [ deploy]
workflow_dispatch:
jobs:
main:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
# Environment variables
- name: create env file
run: |
cd functions
touch .env
echo "${{ secrets.ENV_VARS }}" >> .env
# Install npm packages and firebase
- name: Install npm packages
run: |
cd functions
npm install
npm audit fix
npm install firebase-tools
# Run tests
- name: Run tests
run: |
cd functions
npm run test
# Deploying the functions to firebase
- name: Deploy to Firebase
run: |
cd functions
npm run deploy
env:
FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
I'm using a GitHub action to SSH into my staging server to pull the latest from the repo (which succeeds) then install node modules: yarn (which fails), build the app: yarn build:app (which fails), then restart the app: pm2 restart all (which fails). From what I've read from researching, the commands aren't found because the SSH into the server is a non-interactive session and many things aren't added to $PATH. I have tried adding export PATH="$PATH:/home/***/.nvm/versions/node/v14.5.0/bin/pm2:/home/***/.nvm/versions/node/v14.5.0/bin/pm2" to my script to no avail. I'm still getting command not found.
name: Test Deployment
on:
push:
branches:
- staging
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Deploy Staging
if: github.ref == 'refs/heads/staging'
uses: appleboy/ssh-action#master
with:
host: ${{ secrets.STAGING_SSH_HOST }}
username: ${{ secrets.STAGING_SSH_USERNAME }}
key: ${{ secrets.STAGING_SSH_KEY }}
passphrase: ${{ secrets.STAGING_SSH_PASSPHRASE }}
port: ${{ secrets.STAGING_SSH_PORT }}
script: |
export PATH="$PATH:/home/***/.nvm/versions/node/v14.5.0/bin/pm2:/home/***/.nvm/versions/node/v14.5.0/bin/pm2"
cd ~/***
git pull origin staging
yarn
yarn build:app
pm2 restart all
Receiving errors:
======CMD======
export PATH="$PATH:/home/***/.nvm/versions/node/v14.5.0/bin/pm2:/home/***/.nvm/versions/node/v14.5.0/bin/pm2"
cd ~/***
git pull origin staging
yarn
yarn build:app
pm2 restart all
======END======
err: From github.com:***/***
err: * branch staging -> FETCH_HEAD
err: *** staging -> origin/staging
out: Merge made by the 'recursive' strategy.
2021/04/16 21:28:17 Process exited with status 127
out: .github/workflows/main.yml | 2 +-
out: 1 file changed, 1 insertion(+), 1 deletion(-)
err: bash: line 3: yarn: command not found
err: bash: line 4: yarn: command not found
err: bash: line 5: pm2: command not found
Instead of
export path='$PATH:/home/***/.nvm/versions/node/v14.5.0/bin/pm2:/home/***/.nvm/versions/node/v14.5.0/bin/pm2'
you should try
export PATH="$PATH:/home/***/.nvm/versions/node/v14.5.0/bin/pm2:/home/***/.nvm/versions/node/v14.5.0/bin/pm2"
Notice:
PATH - uppercase
Use double quote instead of single quote to expand the previous value of PATH variable
I have the following yaml file. It were working just fine until yesterday. Unfortunately starting from today received the below warning and followed by the following error.
Hope someone will be able to point me to solution to fixed this issue. Below is the yaml code
name: CI_dev
on:
pull_request:
branches: [ dev ]
jobs:
test_pipeline:
runs-on: ubuntu-latest
steps:
# Install Salesforce CLI
- name: Install Salesforce CLI
run: |
wget https://developer.salesforce.com/media/salesforce-cli/sfdx-linux-amd64.tar.xz
mkdir sfdx-cli
tar xJf sfdx-linux-amd64.tar.xz -C sfdx-cli --strip-components 1
./sfdx-cli/install
#Checkout master
- name: 'checkout master'
uses: actions/checkout#master
#read secret, authenticate and deploy
- name: 'Populate auth file with SFDX_URL secret'
shell: bash
run: 'echo ${{ secrets.secret}} > ./secret.txt'
- name: 'Authenticate'
run: 'sfdx force:auth:sfdxurl:store --sfdxurlfile=./secret.txt -a secretAlias'
- name: 'Deploy'
run: "sfdx force:source:deploy --sourcepath ./force-app/main/default -l RunLocalTests -u secretAlias"
Below is the warning that appear on the authenticate step
Warning: force:auth:sfdxurl:store is not a sfdx command.
Did you mean auth:sfdxurl:store? [y/n]:
And below is the error that appear on the Deploy step
ERROR running force:source:deploy: No org configuration found for name secretAlias
Error: Process completed with exit code 1.
sfdx (at least linux distributions) have recently updated from 7.82.1 to 7.83.1 (January 2021)
since 7.83.1 it follows different syntax format.
You need to remove force: from your 'Authenticate' command line as it is advised in error message.
You can look your current version with:
sfdx --version
Busy Box was right. just need to remove force from force:auth and its alread working again. below is the updated yaml file as reference.
name: CI_dev
on:
pull_request:
branches: [ dev ]
jobs:
test_pipeline:
runs-on: ubuntu-latest
steps:
# Install Salesforce CLI
- name: Install Salesforce CLI
run: |
wget https://developer.salesforce.com/media/salesforce-cli/sfdx-linux-amd64.tar.xz
mkdir sfdx-cli
tar xJf sfdx-linux-amd64.tar.xz -C sfdx-cli --strip-components 1
./sfdx-cli/install
#Checkout master
- name: 'checkout master'
uses: actions/checkout#master
#read secret, authenticate and deploy
- name: 'Populate auth file with SFDX_URL secret'
shell: bash
run: 'echo ${{ secrets.secret}} > ./secret.txt'
- name: 'Authenticate'
run: 'sfdx auth:sfdxurl:store --sfdxurlfile=./secret.txt -a secretAlias'
- name: 'Deploy'
run: "sfdx force:source:deploy --sourcepath ./force-app/main/default -l RunLocalTests -u secretAlias"
I have an action on master branch which on push/merge builds a package, uploads it to PyPI then checks out to develop branch, bumps version in develop branch and pushes to the origin of develop branch. Develop branch has an action that listens to push/merge and does a snapshot release.
When I push to develop the develop action works perfectly and does a snapshot release, but when master branch pushes, push is successful but the action does not get triggered. What am I missing?
Both actions are added below.
name: Build and Upload Package to PyPI | Master Branch
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Set up Python
uses: actions/setup-python#v1
with:
python-version: '3.5'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine
pip install GitPython
pip install bumpversion
- name: Strip 'snapshot' from version
run: sed -i 's/-snapshot//g' setup.py
- name: Build and publish
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
TWINE_REPOSITORY_URL: https://pypi.domain.com
run: |
python setup.py sdist bdist_wheel
twine upload dist/*
- name: Bump Verison and Push to develop
run: |
git stash
git config --local user.email "name#email.com"
git config --local user.name "username"
git checkout develop
python bump_version.py
cat .bumpversion.cfg
git remote set-url --push origin https://username:$GITHUB_TOKEN#github.com/repo/path
git push origin develop
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
name: Build and Upload Package to PyPI | Develop Branch
on:
push:
branches:
- develop
jobs:
bumpTag_build_and_publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Set up Python
uses: actions/setup-python#v1
with:
python-version: '3.5'
- name: Install dependencies for setup
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine
- name: Build and publish
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
TWINE_REPOSITORY_URL: https://pypi.domain.co,
run: |
python setup.py sdist bdist_wheel
twine upload dist/*
Provided secrets.GITHUB_TOKEN is intentionally not allowed to trigger workflows. As seen in documention:
(...) if an action pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
If you need your automagic push to be "visible" by workflows, you need to create Personal Access Token, add it to repo secrets, and use that instead of GITHUB_TOKEN.
Note that GitHub assumes that you know what you're doing, if you use non-stock token - which means preventing possible infinite loop is on you. While it's not a case in your scenario for now (develop branch does not push anything), it's worth to remember in case one of workflows will change some day.