Skip to content

Instantly share code, notes, and snippets.

@marlosirapuan

marlosirapuan/README.md

Forked from julienma/README.md
Created May 14, 2024 16:12
Show Gist options
  • Save marlosirapuan/ffb6bc8f84267fd328e7a85806ad7b4f to your computer and use it in GitHub Desktop.
Save marlosirapuan/ffb6bc8f84267fd328e7a85806ad7b4f to your computer and use it in GitHub Desktop.
Download ZIP
GitHub Actions: using SSH keys to auto-deploy with dokku-push
Raw
README.md

The dokku-push action requires an SSH key with push access to the Dokku instance. Here's how to do that.

Replace APPNAME with the name of the app (e.g. this is a good idea to use the same name used on Dokku's).

Generate a new SSH keypair

We want each repo to have its own SSH key, so it's easier to rotate/invalidate them if required, without affecting all the repos. Let's generate a new key on your computer (see GitHub help):

mkdir -p ~/.ssh/github-actions/
ssh-keygen -t rsa -b 4096 -N "" -C "dokku-deploy@APPNAME" -f ~/.ssh/github-actions/dokku-deploy_APPNAME

Save that keypair somewhere

We usually create a secure note in our shared 1Password vault, and attach both keys (private + public) as well as any additional details required.

Add the public SSH key to your Dokku instance

This will allow this SSH key to be used to deploy to Dokku. If you're already an admin user on Dokku and can connect to SSH, you can directly add the new key like this (see Dokku help):

cat ~/.ssh/github-actions/dokku-deploy_APPNAME.pub | ssh [email protected] -p 22 sudo dokku ssh-keys:add dokku-deploy_APPNAME

Copy the private SSH key to your GitHub Secrets

Finally, we provide the GitHub Action with the private SSH key, via GitHub Secrets (see GitHub help).

Copy the contents of the private key to your clipboard:

pbcopy < ~/.ssh/github-actions/dokku-deploy_APPNAME

Then head over to https://github.com/{user}/{repo}/settings/secrets/, and add a new secret named SSH_KEY, with the contents of the private key which should be in your clipboard.

Setup your GH Action

Now you're done. Set up the GitHub Action (see https://github.com/marketplace/actions/push-to-dokku), using the SSH key from GH Secrets. Customize the parameters in green:

name: 'Deploy to Dokku'

on:
  push:
+    branches: [ develop ]

env:
+  DOKKU_REPO: 'ssh://[email protected]:22/appname'
+  DOKKU_DEPLOY_BRANCH: 'develop'

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
    - name: Cancel Previous Runs
      uses: styfle/[email protected]
      with:
        access_token: ${{ github.token }}

    - name: Cloning repo
      uses: actions/checkout@v2
      with:
        fetch-depth: 0

    - name: Push to dokku
      uses: obrassard/[email protected]
      with:
       ssh_key: ${{ secrets.SSH_KEY }}
       dokku_repo: ${{ env.DOKKU_REPO }}
       deploy_branch: ${{ env.DOKKU_DEPLOY_BRANCH }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment