Skip to content

Instantly share code, notes, and snippets.

Last active September 13, 2024 06:43
Show Gist options
  • Save raviagheda/c69ae5e884f4490b1af656dbd80c00dd to your computer and use it in GitHub Desktop.
Save raviagheda/c69ae5e884f4490b1af656dbd80c00dd to your computer and use it in GitHub Desktop.
Github Action with EC2 using SSH

Github Action with EC2 using SSH

Check this out on

Configure SSH into aws ec2

Declare these git secrets

name: Deploy

    branches: [ dev ]

    name: Deploy to EC2
    runs-on: ubuntu-latest
      - uses: actions/checkout@v2 
      - name: Build & Deploy
            PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
            HOSTNAME: ${{secrets.SSH_HOST}}
            USER_NAME: ${{secrets.USER_NAME}}
        run: |
          echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
          ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '

              # Now we have got the access of EC2 and we will start the deploy .
              cd /home/ubuntu/<PROJECT_DIRECTORY> &&
              git checkout dev &&
              git fetch --all &&
              git reset --hard origin/dev &&
              git pull origin dev &&
              sudo npm i &&
              sudo npm run build &&
              sudo pm2 stop ./dist/index.js &&
              sudo pm2 start ./dist/index.js
Copy link

sylitas commented Jul 3, 2023

Thanks!!! Love this

Copy link

USER_NAME: ${secrets.USER_NAME} is missing another opening and ending brackets

Copy link

raviagheda commented Aug 14, 2023

USER_NAME: ${secrets.USER_NAME} is missing another opening and ending brackets

Thanks you @marcodali for highlighting it! :)
I've updated the gist.

Copy link

Nice ! thanks ! have been looking for this simple example for a long time

Copy link

Nice ! thanks ! have been looking for this simple example for a long time

Thank you for the positive feedback @MarinGarcia ,
I've created a blog on it, should be easy to find this out now.

Copy link

hii! how can you access env var(s) inside the string?


ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '
echo $FOO

Copy link

Arisfx commented Oct 25, 2023

May i ask how do you secure and whitelist what to reach your ec2's public ipv4? what you allowed on the ec2's security ingress group please?

Copy link

Very nice documentation, working fine. Thank you so much

Copy link

Thank you so much!

Copy link

hii! how can you access env var(s) inside the string?


ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '
echo $FOO

if you want to use it.
it helps

uses: appleboy/ssh-action@v1.0.0

Copy link

Thansk for this awesome contributions 🔥 🔥 🔥 🔥 🔥 🔥

Copy link

anandchakru commented Dec 26, 2023

The only way for it to work is to open 22 from everywhere in EC2's SG? Closest I could get was this but still it sounds hacky

Copy link

but how can i allow github actions to connect to ec2 if the ip of the runner needs to be whilelisted?

Copy link

but how can i allow github actions to connect to ec2 if the ip of the runner needs to be whilelisted?

      - name: Get VPC IP
        id: vpc-ip
        uses: haythem/public-ip@v1.2

      - name: Add IP to AWS Security group
        id: get-sg-rule-id
        run: |
          id=$(aws ec2 authorize-security-group-ingress \
            --group-id $SG \
            --ip-permissions IpProtocol=tcp,FromPort=22,ToPort=22,IpRanges="[{CidrIp=${IP},Description=${DESC}}]" \
            | jq --raw-output '.SecurityGroupRules | map(.SecurityGroupRuleId) | join("")')
          echo "::set-output name=rule_id::$id"
          IP: ${{ steps.vpc-ip.outputs.ipv4 }}/32
          DESC: 'Github'

Copy link

akarsh-nagariya-trj commented Feb 5, 2024

Hi how i can get ${{secrets.USER_NAME}} value after getting the ssh access so i need to access other secrets data like echo ${USER_NAME} but like this its not working

              cd /home/ubuntu/<PROJECT_DIRECTORY> &&
              git checkout dev &&
              git fetch --all &&
              git reset --hard origin/dev &&
              git pull origin dev &&
              sudo npm i &&
              echo ${USER_NAME}
              sudo npm run build &&
              sudo pm2 stop ./dist/index.js &&
              sudo pm2 start ./dist/index.js

Copy link

joyyjoel commented Feb 9, 2024

ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '

The above line will give you an error message.
What the error message tells you, you have a closing quotation mark ( ' ). Just remove the ' from the line above and you should be fine:

Copy link

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
Warning: Permanently added '***' (ED25519) to the list of known hosts.
@: Permission denied (publickey).

how to handle private repositories?

Copy link

@joyyjoel That quotation mark is necessary. It's the opening quotation mark on the end of the ssh line. The closing quotation mark is at the very bottom of the workflow file. This sends that string within the quotation marks as a set of commands to be run after you ssh in to the ec2.

Copy link

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key Warning: Permanently added '' (ED25519) to the list of known hosts. _@*_: Permission denied (publickey).

how to handle private repositories?

I'm also facing the same

Copy link


name: Build and Test
runs-on: ubuntu-latest
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r blog/requirements.txt
- name: Run tests
run: python blog/ test
name: Deploy to EC2 on main branch push
# needs: build_and_test
runs-on: ubuntu-latest
- name: Checkout code
uses: actions/checkout@v3
- name: Deploy to Server 1
run: |
ssh -i ${{ secrets.EC2_SSH_KEY }} ubuntu@${{secrets.HOST_DNS}}
echo "Hello krishna"

   --------------------- error ---------------------------
  i have already pass secrets.EC2_SSH_KEY in github action variable. why same issue again again.
   Run ssh -i ***

Warning: Identity file -----BEGIN not accessible: No such file or directory.
ssh: Could not resolve hostname rsa: Temporary failure in name resolution
Error: Process completed with exit code 255.

Copy link

claudiokerekes commented Jun 4, 2024



Warning: Permanently added '***' (ED25519) to the list of known hosts.
Load key "private_key": error in libcrypto
@: Permission denied (publickey).

any sugestions??

runs-on: ubuntu-latest
- uses: actions/checkout@v2
- name: create key
PRIVATE_KEY: ${{ secrets.SSH_KEY }}
run: |
echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
- name: SSH and deploy
HOSTNAME: ${{secrets.HOST}}
USER_NAME: ${{secrets.USER}}
run: |
ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '

        # Now we have got the access of EC2 and we will start the deploy .
        cd /home/ubuntu/inads-backend &&
        git checkout main &&
        git fetch --all &&
        git pull origin main &&
        docker-compose build &&
        docker-compose up -d

Copy link

Estanip commented Jun 11, 2024

Hi @raviagheda, Thanks for your input! Works fine! Could the git pull be unnecessary using git reset before?

Copy link

Estanip commented Jun 11, 2024

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key Warning: Permanently added '' (ED25519) to the list of known hosts. _@*_: Permission denied (publickey).
how to handle private repositories?

I'm also facing the same

Try this:

Copy link

kiranjeetuix commented Jun 28, 2024

Run echo "$PRIVATE_KEY" > private_key && chmod 600 private_key Warning: Permanently added '' (ED25519) to the list of known hosts. _@*_: Permission denied (publickey).
how to handle private repositories?

I'm also facing the same

How did you resolved it?

Copy link

Estanip commented Jun 28, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment