Published
Ever since they introduced unlimited free private repositories, I push most of my code to GitHub. Since they provide a good free tier for GitHub Actions I also use that for CI.
I mostly enjoy GitHub Actions, but I don't quite like having to use third party actions for simple things.
If you search for any permutation of "github actions rsync", you'll probably find one of: action-rsync, setup-rsync, Burnett01/rsync-deployments.
If you search for "github actions ssh", you'll probably find appleboy/ssh-action
Maybe I'm paranoid, but I don't like passing my SSH credentials to unknown third party actions, regardless of how popular they are.
It turns out, none of these are necessary, even though they offer
a somewhat cleaner interface, because the GitHub runners
have rsync
and ssh
installed out of the box.
All you need is some good old shell script to create the necessary SSH configuration files.
jobs: build: name: Build runs-on: ubuntu-latest steps: - uses: actions/checkout@v4
- run: build your stuff here
- name: prepare ssh config run: | mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "Host server" >> ~/.ssh/config echo " HostName ${{ secrets.SSH_HOST }}" >> ~/.ssh/config echo " User ${{ secrets.SSH_USER }}" >> ~/.ssh/config echo " Port ${{ secrets.SSH_PORT }}" >> ~/.ssh/config chmod 600 ~/.ssh/config
echo "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts chmod 600 ~/.ssh/known_hosts
touch ~/.ssh/id_ed25519 echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519
- name: rsync deployment scripts run: | rsync -avzr --delete dist/ server:/var/www/html/tommasoamici.com/
I've had timeouts when using this approach in the same workflow as the Docker action, so there are some edge cases, but otherwise this works just fine and you can avoid passing sensitive information to third party actions.
Interestingly enough, ChatGPT answered with a similar approach, instead of using a ready-made action.