Github Action with EC2 using SSH

github-action-ssh.md

Github Action with EC2 using SSH

Check this out on Dev.to

Configure SSH into aws ec2

• How to handle SSH keys with ec2-github actions https://zellwk.com/blog/github-actions-deploy/

Declare these git secrets

• SSH_PRIVATE_KEY
• HOST_NAME / IP_ADDRESS
• USER_NAME

name: Deploy

on:
  push:
    branches: [ dev ]

jobs:
  Deploy:
    name: Deploy to EC2
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v2 
      - name: Build & Deploy
        env:
            PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
            HOSTNAME: ${{secrets.SSH_HOST}}
            USER_NAME: ${{secrets.USER_NAME}}
      
        run: |
          echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
          ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '

              # Now we have got the access of EC2 and we will start the deploy .
              cd /home/ubuntu/<PROJECT_DIRECTORY> &&
              git checkout dev &&
              git fetch --all &&
              git reset --hard origin/dev &&
              git pull origin dev &&
              sudo npm i &&
              sudo npm run build &&
              sudo pm2 stop ./dist/index.js &&
              sudo pm2 start ./dist/index.js
              '

Thanks!!! Love this

USER_NAME: ${secrets.USER_NAME} is missing another opening and ending brackets

USER_NAME: ${secrets.USER_NAME} is missing another opening and ending brackets

Thanks you @marcodali for highlighting it! :)
I've updated the gist.

Nice ! thanks ! have been looking for this simple example for a long time

Nice ! thanks ! have been looking for this simple example for a long time

Thank you for the positive feedback @MarinGarcia ,
I've created a blog on it, should be easy to find this out now.
https://dev.to/raviagheda/github-action-with-ec2-using-ssh-4ej4

hii! how can you access env var(s) inside the string?

example:

ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '
echo $FOO
'

May i ask how do you secure and whitelist what to reach your ec2's public ipv4? what you allowed on the ec2's security ingress group please?

Very nice documentation, working fine. Thank you so much

Thank you so much!

hii! how can you access env var(s) inside the string?

example:

ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '
echo $FOO
'

if you want to use it.
it helps

uses: appleboy/ssh-action@v1.0.0

Thansk for this awesome contributions 🔥 🔥 🔥 🔥 🔥 🔥

The only way for it to work is to open 22 from everywhere in EC2's SG? Closest I could get was this https://stackoverflow.com/a/72494602/234110 but still it sounds hacky

but how can i allow github actions to connect to ec2 if the ip of the runner needs to be whilelisted?

but how can i allow github actions to connect to ec2 if the ip of the runner needs to be whilelisted?

      - name: Get VPC IP
        id: vpc-ip
        uses: haythem/public-ip@v1.2

      - name: Add IP to AWS Security group
        id: get-sg-rule-id
        run: |
          id=$(aws ec2 authorize-security-group-ingress \
            --group-id $SG \
            --ip-permissions IpProtocol=tcp,FromPort=22,ToPort=22,IpRanges="[{CidrIp=${IP},Description=${DESC}}]" \
            | jq --raw-output '.SecurityGroupRules | map(.SecurityGroupRuleId) | join("")')
          echo "::set-output name=rule_id::$id"
        env:
          IP: ${{ steps.vpc-ip.outputs.ipv4 }}/32
          DESC: 'Github'

Hi how i can get ${{secrets.USER_NAME}} value after getting the ssh access so i need to access other secrets data like echo ${USER_NAME} but like this its not working

              cd /home/ubuntu/<PROJECT_DIRECTORY> &&
              git checkout dev &&
              git fetch --all &&
              git reset --hard origin/dev &&
              git pull origin dev &&
              sudo npm i &&
              echo ${USER_NAME}
              sudo npm run build &&
              sudo pm2 stop ./dist/index.js &&
              sudo pm2 start ./dist/index.js
              

ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '

The above line will give you an error message.
What the error message tells you, you have a closing quotation mark ( ' ). Just remove the ' from the line above and you should be fine:

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
Warning: Permanently added '***' (ED25519) to the list of known hosts.
@: Permission denied (publickey).

how to handle private repositories?

@joyyjoel That quotation mark is necessary. It's the opening quotation mark on the end of the ssh line. The closing quotation mark is at the very bottom of the workflow file. This sends that string within the quotation marks as a set of commands to be run after you ssh in to the ec2.

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key Warning: Permanently added '' (ED25519) to the list of known hosts. _@*_: Permission denied (publickey).

how to handle private repositories?

I'm also facing the same