As a reminder for my future self and anyone that might find it useful, here’s a quick look at setting up ssh for GitHub actions. In this case I’m using my portfolio as an example.
The portfolio site is build in
Gatsby, primarily because I found a beautiful template by Brittany Chiang and was interested in trying out a little react.
The build of the site is outputted to a subfolder named public and I have this set up as a git submodule of the site repo.
In a previous post I wrote about setting up the GitHub actions, here I want a quick reminder of how to set up the ssh keys needed.
I’m looking to create these values to use as variables in the
.gihub/workflow/main.yml file. They’ll all be added to the GitHub secrets for the public repo.
VPS_SSH_HOST — this the host IP address of my server. VPS_SSH_USERNAME — this is the username from my user@ipaddress login. VPS_SSH_SECRET — this is the private SSH key that you set up for GitHub access on your server. VPS_SSH_PORT — this is the port number for SSH access. A typical choice is port 22. SSH_PASSPHRASE — this is the passphrase I supplied during creation of the SSH key. PROJECT_PATH — This is the full project path of my project’s root directory on the server. `pwd` to find this when in the directory.
I generated the keys on my local machine (not the server), using the following command.
ssh-keygen -b 4096 -f /path/to/my/ssh/folder/.ssh/name_i_want_for_the_key_pair
This generates both the private, which I need for
VPS_SSH_SECRET and the public key which I need to add to my server.
I choose to use a passphrase during the key generation process, as I found the GitHub actions workflow didn’t work without it.
Moving the keys#
To get my public key to the VPS server, I used
scp /path_to_ssh_public_key/name_of_key.pub user@ssh_IP_address:/tmp/key_name.pub
Then when logged into my VPS, I used the following commands to add the public key to the authorized keys on my server.
cd /tmp/ cat key_name.pub >> ~/.ssh/authorized_keys
There are neater and more concise ways to do this, and I believe entirely from my local machine, but this worked for me and also served a clear indicator of what I was trying to do.
Private SSH key#
To get my private key data into GitHub, I used:
cat ~/.ssh/key_name | pbcopy
This copies the contents of the file into my clipboard and allowed me to simply paste in the key.
The rest was filling out the details for the other secrets. Running a few tests, and ensuring I was using the correct passphrase, it worked.
Hope that helps future David, and anyone else that stumbles across these posts.