Github Action with EC2 using SSH

github-action-ssh.md

Github Action with EC2 using SSH

Check this out on Dev.to

Configure SSH into aws ec2

• How to handle SSH keys with ec2-github actions https://zellwk.com/blog/github-actions-deploy/

Declare these git secrets

• SSH_PRIVATE_KEY
• HOST_NAME / IP_ADDRESS
• USER_NAME

name: Deploy

on:
  push:
    branches: [ dev ]

jobs:
  Deploy:
    name: Deploy to EC2
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v2 
      - name: Build & Deploy
        env:
            PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
            HOSTNAME: ${{secrets.SSH_HOST}}
            USER_NAME: ${{secrets.USER_NAME}}
      
        run: |
          echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
          ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '

              # Now we have got the access of EC2 and we will start the deploy .
              cd /home/ubuntu/<PROJECT_DIRECTORY> &&
              git checkout dev &&
              git fetch --all &&
              git reset --hard origin/dev &&
              git pull origin dev &&
              sudo npm i &&
              sudo npm run build &&
              sudo pm2 stop ./dist/index.js &&
              sudo pm2 start ./dist/index.js
              '

May i ask how do you secure and whitelist what to reach your ec2's public ipv4? what you allowed on the ec2's security ingress group please?

Very nice documentation, working fine. Thank you so much

Thank you so much!

hii! how can you access env var(s) inside the string?

example:

ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '
echo $FOO
'

if you want to use it.
it helps

uses: appleboy/ssh-action@v1.0.0

Thansk for this awesome contributions 🔥 🔥 🔥 🔥 🔥 🔥

The only way for it to work is to open 22 from everywhere in EC2's SG? Closest I could get was this https://stackoverflow.com/a/72494602/234110 but still it sounds hacky

but how can i allow github actions to connect to ec2 if the ip of the runner needs to be whilelisted?

but how can i allow github actions to connect to ec2 if the ip of the runner needs to be whilelisted?

      - name: Get VPC IP
        id: vpc-ip
        uses: haythem/public-ip@v1.2

      - name: Add IP to AWS Security group
        id: get-sg-rule-id
        run: |
          id=$(aws ec2 authorize-security-group-ingress \
            --group-id $SG \
            --ip-permissions IpProtocol=tcp,FromPort=22,ToPort=22,IpRanges="[{CidrIp=${IP},Description=${DESC}}]" \
            | jq --raw-output '.SecurityGroupRules | map(.SecurityGroupRuleId) | join("")')
          echo "::set-output name=rule_id::$id"
        env:
          IP: ${{ steps.vpc-ip.outputs.ipv4 }}/32
          DESC: 'Github'

Hi how i can get ${{secrets.USER_NAME}} value after getting the ssh access so i need to access other secrets data like echo ${USER_NAME} but like this its not working

              cd /home/ubuntu/<PROJECT_DIRECTORY> &&
              git checkout dev &&
              git fetch --all &&
              git reset --hard origin/dev &&
              git pull origin dev &&
              sudo npm i &&
              echo ${USER_NAME}
              sudo npm run build &&
              sudo pm2 stop ./dist/index.js &&
              sudo pm2 start ./dist/index.js
              

ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '

The above line will give you an error message.
What the error message tells you, you have a closing quotation mark ( ' ). Just remove the ' from the line above and you should be fine:

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
Warning: Permanently added '***' (ED25519) to the list of known hosts.
@: Permission denied (publickey).

how to handle private repositories?

@joyyjoel That quotation mark is necessary. It's the opening quotation mark on the end of the ssh line. The closing quotation mark is at the very bottom of the workflow file. This sends that string within the quotation marks as a set of commands to be run after you ssh in to the ec2.

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key Warning: Permanently added '' (ED25519) to the list of known hosts. _@*_: Permission denied (publickey).

how to handle private repositories?

I'm also facing the same

jobs:

build_and_test:
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r blog/requirements.txt
- name: Run tests
run: python blog/manage.py test
deploy:
name: Deploy to EC2 on main branch push
# needs: build_and_test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Deploy to Server 1
run: |
ssh -i ${{ secrets.EC2_SSH_KEY }} ubuntu@${{secrets.HOST_DNS}}
echo "Hello krishna"
env:
ACTIONS_RUNNER_DEBUG: false

   --------------------- error ---------------------------
  i have already pass secrets.EC2_SSH_KEY in github action variable. why same issue again again.
   
   
   Run ssh -i ***

Warning: Identity file -----BEGIN not accessible: No such file or directory.
ssh: Could not resolve hostname rsa: Temporary failure in name resolution
Error: Process completed with exit code 255.