繼上次分享的GitHub actions 發(fā)布到GitHub pages,收到的反饋還不錯(cuò)鳍咱,咱們這次也記錄了下編寫(xiě)腳本的過(guò)程嘴秸,過(guò)程比較坎坷伺帘,如果只要結(jié)果凑队,請(qǐng)看文章最后幾個(gè)板塊的內(nèi)容则果。
準(zhǔn)備工作
SSH key 生成
ssh-keygen -t rsa -b 4096 -C "$(git config user.email)" -f gh-pages -N ""
# You will get 2 files:
# gh-pages.pub (public key)
# gh-pages (private key)
配置私鑰
如果前面讀過(guò)我的hugo通過(guò)Github Action部署到Github Pages文章幔翰,那么一定知道怎么去上傳公鑰,這里我們?cè)僦貜?fù)一下
假設(shè) 開(kāi)發(fā)項(xiàng)目為 tianhui.xin
打開(kāi)tianhui.xin倉(cāng)庫(kù)的settings西壮,再點(diǎn)擊Secrets遗增,然后添加咱們剛剛生成的私鑰,name為ACTIONS_DEPLOY_KEY
| Add your private key | Success |
|---|---|
image
|
image
|
上傳公鑰服務(wù)器
ssh-copy-id appuser@10.10.10.10
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/appuser/.ssh/id_rsa.pub"
The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
ECDSA key fingerprint is SHA256:mpM5LP8zLMh/CibV34URdTFbciAJ3fvCG1f9kSD2ITI.
ECDSA key fingerprint is MD5:60:40:77:02:5b:c6:e0:9a:e7:a3:96:bf:10:da:12:1c.
Are you sure you want to continue connecting (yes/no)? yes
輸入遠(yuǎn)程用戶(hù)的密碼后款青,SSH公鑰就會(huì)自動(dòng)上傳了.SSH公鑰保存在遠(yuǎn)程Linux服務(wù)器的.ssh/authorized_keys文件中
思考
docker鏡像每次都是一個(gè)新的做修,SSH在第一次連接都會(huì)詢(xún)問(wèn)這個(gè)一個(gè)問(wèn)題
The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.10 (10.10.10.10)' (RSA) to the list of
known hosts.
Enter passphrase for key '/home/appuser/.ssh/id_rsa':
其原因是因?yàn)?code>/home/appuser/.ssh目錄下的known_hosts不存在對(duì)你正要連接的服務(wù)器信息,也就是說(shuō)你是第一次連接抡草;那么我們是不是可以偽造一個(gè)呢饰及,喏,你還別說(shuō)康震,我還真去把自己電腦上的known_hosts的對(duì)應(yīng)記錄復(fù)制了一份上去燎含,我簡(jiǎn)直是個(gè)天才,但結(jié)果不盡人意腿短,好吧屏箍,咱們繼續(xù)折騰。
幸運(yùn)的是我在梯子的幫助下橘忱,找到了這樣一個(gè)命令ssh-keyscan赴魁,搞起??
ssh-keyscan -t rsa 10.10.10.10 >> "/home/appuser/known_hosts"
新建job腳本(測(cè)試SSH腳本)
主要過(guò)程就是測(cè)試下在docker環(huán)境下如何遠(yuǎn)程SSH,
name: aliyun
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@master
with:
submodules: true
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2.2.2
with:
hugo-version: '0.59.1'
extended: true
- name: Build
run: hugo --minify
- name: Deploy
env:
ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }}
HOST: 10.10.10.10
USER: appuser
run: |
SSH_PATH="$HOME/.ssh"
mkdir -p $SSH_PATH
touch "$SSH_PATH/known_hosts"
echo "$ACTIONS_DEPLOY_KEY" > "$SSH_PATH/id_rsa"
chmod 700 "$SSH_PATH"
chmod 600 "$SSH_PATH/known_hosts"
chmod 600 "$SSH_PATH/id_rsa"
eval $(ssh-agent)
ssh-add "$SSH_PATH/id_rsa"
ssh-keyscan -t rsa $HOST >> "$SSH_PATH/known_hosts"
ssh -o StrictHostKeyChecking=no -i $SSH_PATH/id_rsa -A -tt $USER@$HOST ls
執(zhí)行push钝诚,等待CI部署完成颖御,查看log發(fā)現(xiàn)已經(jīng)打印出了服務(wù)器的文件文件夾信息,??
測(cè)試結(jié)果
最終的job腳本
配置說(shuō)明
使用只需要關(guān)注deploy中的env配置
| config | description |
|---|---|
| ACTIONS_DEPLOY_KEY | 連接服務(wù)的私鑰(在GitHub項(xiàng)目下的setting>Secrets配置) |
| HOST | 服務(wù)器的IP地址 |
| USER | 服務(wù)器的部署用戶(hù)敲长,對(duì)應(yīng)的私鑰的用戶(hù) |
| HOME_PATH | 登陸服務(wù)器后郎嫁,我們?nèi)ツ膫€(gè)目錄,一般設(shè)置為用戶(hù)目錄 |
| DEVELOP_SH_PATH | 服務(wù)器部署腳本(咱們的部署目錄還是服務(wù)器上執(zhí)行祈噪,不寫(xiě)在job中) |
| PACKAGE_NAME | 打包的名稱(chēng)(public.tar.gz),目前只支持這個(gè) |
| DEVELOP_DIR | 項(xiàng)目部署文件夾 |
| BACKUP_DIR | 項(xiàng)目的備份文件夾 |
job文件
name: aliyun
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@master
with:
submodules: true
- name: setup Hugo
uses: peaceiris/actions-hugo@v2.2.2
with:
hugo-version: '0.59.1'
extended: true
- name: Build
run: hugo --minify
- name: deploy
env:
ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }}
HOST: 10.10.10.10
USER: appuser
HOME_PATH: /home/appuser
DEVELOP_SH_PATH: /home/appuser/develop.sh
PACKAGE_NAME: public.tar.gz
DEVELOP_DIR: tianhui.xin
BACKUP_DIR: backup
run: |
SSH_PATH="$HOME/.ssh"
mkdir -p $SSH_PATH
touch "$SSH_PATH/known_hosts"
echo "$ACTIONS_DEPLOY_KEY" > "$SSH_PATH/id_rsa"
chmod 700 "$SSH_PATH"
chmod 600 "$SSH_PATH/known_hosts"
chmod 600 "$SSH_PATH/id_rsa"
eval $(ssh-agent)
ssh-add "$SSH_PATH/id_rsa"
ssh-keyscan -t rsa $HOST >> "$SSH_PATH/known_hosts"
cd public
tar -cf $PACKAGE_NAME *
scp $PACKAGE_NAME $USER@$HOST:$HOME_PATH
ssh -o StrictHostKeyChecking=no -i $SSH_PATH/id_rsa -A -tt $USER@$HOST sh $DEVELOP_SH_PATH \
-d $HOME_PATH/$DEVELOP_DIR -b $HOME_PATH/$BACKUP_DIR -f $HOME_PATH/$PACKAGE_NAME
exit
遠(yuǎn)程服務(wù)器操作
新建develop.sh
#!/bin/sh
set -e
FILE_NAME=`basename $0`
#說(shuō)明
show_usage="usage:$FILE_NAME [-d develop_path,-b backup_path -f file_path]"
#參數(shù)
# 本地倉(cāng)庫(kù)目錄
opt_develop_path=""
# 備份目錄
opt_backup_path=""
# 部署文件
opt_file_path=""
GETOPT_ARGS=`getopt -o d:b:f: -al develop_path:,backup_path:,file_path: -- "$@"`
eval set -- "$GETOPT_ARGS"
#獲取參數(shù)
while [ -n "$1" ]
do
case "$1" in
-d|--develop_path) opt_develop_path=$2; shift 2;;
-b|--backup_path) opt_backup_path=$2; shift 2;;
-f|--opt_file_path) opt_file_path=$2; shift 2;;
--) break ;;
*) echo $1,$2,$show_usage; break ;;
esac
done
# 判斷參數(shù)
if [[ -z $opt_develop_path || -z $opt_backup_path || -z $opt_file_path ]]; then
echo -e $show_usage
exit 0
fi
if [ "$opt_develop_path" = "$opt_backup_path" ]; then
echo 'develop_path eq backup_path'
exit 0
fi
# 判斷部署文件是否存在
if [ ! -f $opt_file_path ]; then
echo "$opt_file_path file does not exist"
exit 0
fi
# 判斷文件夾是否存在
if [ ! -x $opt_develop_path ]; then
mkdir $opt_develop_path
fi
# 判斷文件夾是否存在
if [ ! -x $opt_backup_path ]; then
mkdir $opt_backup_path
fi
# 文件夾不是空的
if [ ! "`ls -A $opt_develop_path`" = "" ]; then
cd $opt_develop_path
tar -cf $opt_backup_path/$(date +%Y%m%d%H%M).tar.gz $opt_develop_path/*
rm -rf $opt_develop_path/*
fi
# 解壓文件
tar -xf $opt_file_path -C $opt_develop_path
echo "publish success!"
給予執(zhí)行權(quán)限
chomd u+x develop.sh
執(zhí)行結(jié)果
一切準(zhǔn)備就緒泽铛,開(kāi)始你的奇妙之旅吧,碼字不易辑鲤,有問(wèn)題請(qǐng)留言交流盔腔。
相關(guān)文章:
