Skip to content

Instantly share code, notes, and snippets.

@julienma

julienma/README.md

Last active August 15, 2023 10:40
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save julienma/e0ceb0fdcd9560095b5bcbb3e005748a to your computer and use it in GitHub Desktop.
Save julienma/e0ceb0fdcd9560095b5bcbb3e005748a to your computer and use it in GitHub Desktop.
Download ZIP
GitHub Actions: using SSH keys to auto-deploy with dokku-push
Raw
README.md

The dokku-push action requires an SSH key with push access to the Dokku instance. Here's how to do that.

Replace APPNAME with the name of the app (e.g. this is a good idea to use the same name used on Dokku's).

Generate a new SSH keypair

We want each repo to have its own SSH key, so it's easier to rotate/invalidate them if required, without affecting all the repos. Let's generate a new key on your computer (see GitHub help):

mkdir -p ~/.ssh/github-actions/
ssh-keygen -t rsa -b 4096 -N "" -C "dokku-deploy@APPNAME" -f ~/.ssh/github-actions/dokku-deploy_APPNAME

Save that keypair somewhere

We usually create a secure note in our shared 1Password vault, and attach both keys (private + public) as well as any additional details required.

Add the public SSH key to your Dokku instance

This will allow this SSH key to be used to deploy to Dokku. If you're already an admin user on Dokku and can connect to SSH, you can directly add the new key like this (see Dokku help):

cat ~/.ssh/github-actions/dokku-deploy_APPNAME.pub | ssh user@my.dokku.server -p 22 sudo dokku ssh-keys:add dokku-deploy_APPNAME

Copy the private SSH key to your GitHub Secrets

Finally, we provide the GitHub Action with the private SSH key, via GitHub Secrets (see GitHub help).

Copy the contents of the private key to your clipboard:

pbcopy < ~/.ssh/github-actions/dokku-deploy_APPNAME

Then head over to https://github.com/{user}/{repo}/settings/secrets/, and add a new secret named SSH_KEY, with the contents of the private key which should be in your clipboard.

Setup your GH Action

Now you're done. Set up the GitHub Action (see https://github.com/marketplace/actions/push-to-dokku), using the SSH key from GH Secrets. Customize the parameters in green:

name: 'Deploy to Dokku'

on:
  push:
+    branches: [ develop ]

env:
+  DOKKU_REPO: 'ssh://dokku@my.dokku.server:22/appname'
+  DOKKU_DEPLOY_BRANCH: 'develop'

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
    - name: Cancel Previous Runs
      uses: styfle/cancel-workflow-action@0.4.1
      with:
        access_token: ${{ github.token }}

    - name: Cloning repo
      uses: actions/checkout@v2
      with:
        fetch-depth: 0

    - name: Push to dokku
      uses: obrassard/action-dokku-deploy@v1.0.1
      with:
       ssh_key: ${{ secrets.SSH_KEY }}
       dokku_repo: ${{ env.DOKKU_REPO }}
       deploy_branch: ${{ env.DOKKU_DEPLOY_BRANCH }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment