github action 与自动化部署

前言

github action 一直都是自动化部署的引领者,今天就介绍一下如何它部署咱们的网站和服务

服务器生成ssh密钥

通过终端(finalshell、xshell)登录到您的 linux 服务器上,执行以下命令

ssh-keygen -m PEM -t rsa -b 4096

执行完成后,默认情况下,会在 root/.ssh内生成公钥(id_rsa.pub)和私钥(id_rsa)两个文件。

copy公钥到authorized_keys

复制 公钥文件 id_rsa.pub内的全部内容 到 同级目录下的 authorized_keys

copy私钥到github variable

进入 github 的项目仓库里,进入settings>Secrets and variables>Actions,创建这 3 个变量

前两个分别是 你要部署到的目标服务器的 ip 和 (ssh)端口,你根据自己的服务器信息填写进去即可,
最后一个 SSH_PRIVATE_KEY则是你上一步在目标服务器中生成的 私钥文件 id_rsa的内容,将其内容拷贝进去(重点)。

设置目标服务器的ssh允许使用密钥登录

登录服务器,编辑 /etc/ssh/sshd_config

PermitRootLogin yes # 开启root账号
PubkeyAuthentication yes # 允许使用密钥登录(重点)

最后执行重启 sshd 服务命令 systemctl restart sshd

仓库项目配置

需要为项目增加工作流配置文件
不同的项目,可能不仅相同

vue&react等框架型前端项目

vue-demo/.github/workflows/webpack.yml

name: NodeJS with Webpack

on:
  push:
    branches: ["main"]
jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: 迁出代码
        uses: actions/checkout@main
      
      - name: 切换为pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 9

      - name: 安装Node
        uses: actions/setup-node@main
        with:
          node-version: "20.x"
      
      - name: 安装依赖
        run: pnpm i

      - name: 打包
        run: npm run build

      - name: 发布到服务器
        uses: easingthemes/ssh-deploy@main
        with:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          ARGS: "-avzr --delete --mkpath"
          SOURCE: "dist/"
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_PORT: ${{ secrets.REMOTE_PORT }}
          REMOTE_USER: root
          TARGET: /home/apps-root/my-website

其实核心在 发布到服务器 这一步,这一步主要是使用到了 ssh-deploy这个插件!

常见问题

Permission denied

这一般就是没有按照如上步骤导致,比如没有复制公钥文件到 authorized_keys中,或者没有给 sshd 放开允许密钥方式登录

> Run easingthemes/ssh-deploy@main
[DIR] Creating /home/runner/.ssh dir in workspace root
✅ [DIR] dir created.
[FILE] writing /home/runner/.ssh/known_hosts file ... 0
✅ [SSH] known_hosts file ensured /home/runner/.ssh
✅ [DIR] /home/runner/.ssh dir exist
[FILE] writing /home/runner/.ssh/deploy_key_root_1743137849750 file ... 3244
✅ [SSH] key added to `.ssh` dir  /home/runner/.ssh deploy_key_root_1743137849750
rsync  version 3.2.7  protocol version 31
Copyright (C) 1996-20*** by Andrew Tridgell, Wayne Davison, and others.
Web site: https://rsync.samba.org/
Capabilities:
    64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
    socketpairs, symlinks, symtimes, hardlinks, hardlink-specials,
    hardlink-symlinks, IPv6, atimes, batchfiles, inplace, append, ACLs,
    xattrs, optional secluded-args, iconv, prealloc, stop-at, no crtimes
Optimizations:
    SIMD-roll, no asm-roll, openssl-crypto, no asm-MD5
Checksum list:
    xxh128 xxh3 xxh64 (xxhash) md5 md4 sha1 none
Compress list:
    zstd lz4 zlibx zlib none
Daemon auth list:
    sha512 sha256 sha1 md5 md4

rsync comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
are welcome to redistribute it under certain conditions.  See the GNU
General Public Licence for details.
✅️ [CLI] Rsync exists
[Rsync] Starting Rsync Action: /home/runner/work/my-website/my-website/dist/ to root@***:/home/apps-root/my-website
[Rsync] excluding folders 
Warning: Permanently added '***' (ED25519) to the list of known hosts.

Permission denied, please try again.

Permission denied, please try again.

root@***: Permission denied (gssapi-keyex,gssapi-with-mic,password).

rsync: connection unexpectedly closed (0 bytes received so far) [sender]

rsync error: unexplained error (code 255) at io.c(232) [sender=3.2.7]

❌ [Rsync] error: 
Error: rsync exited with code 255
    at ChildProcess.<anonymous> (/home/runner/work/_actions/easingthemes/ssh-deploy/main/dist/index.js:2:2603)
    at ChildProcess.emit (node:events:524:28)
    at ChildProcess._handle.onexit (node:internal/child_process:293:12) {
  code: 255
}
❌ [Rsync] stderr: 
Warning: Permanently added '***' (ED25519) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
root@***: Permission denied (gssapi-keyex,gssapi-with-mic,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(232) [sender=3.2.7]

❌️ [Rsync] stdout: 

❌ [Rsync] command: 
================================================================
================================================================
rsync /home/runner/work/my-website/my-website/dist/ root@***:/home/apps-root/my-website --rsh "ssh -p *** -i /home/runner/.ssh/deploy_key_root_1743137849750 -o StrictHostKeyChecking=no" --recursive --exclude= -avzr --delete --mkpath
Error: R] rsync exited with code 255

Warning: Permanently added '***' (ED25519) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
root@***: Permission denied (gssapi-keyex,gssapi-with-mic,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(232) [sender=3.2.7]
posted @ 2025-03-28 13:00  丁少华  阅读(141)  评论(0)    收藏  举报