Published
Ever since they introduced unlimited free private repositories, I push most of my code to GitHub. Since they provide a good free tier for GitHub Actions I also use that for CI.
I mostly enjoy GitHub Actions, but I don't quite like having to use third party actions for simple things.
If you search for any permutation of "github actions rsync", you'll probably find one of: action-rsync, setup-rsync, Burnett01/rsync-deployments.
If you search for "github actions ssh", you'll probably find appleboy/ssh-action
Maybe I'm paranoid, but I don't like passing my SSH credentials to unknown third party actions, regardless of how popular they are.
It turns out, none of these are necessary, even though they offer
a somewhat cleaner interface, because the GitHub runners
have rsync and ssh installed out of the box.
All you need is some good old shell script to create the necessary SSH configuration files.
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: build your stuff here
- name: prepare ssh config
run: |
mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "Host server" >> ~/.ssh/config
echo " HostName ${{ secrets.SSH_HOST }}" >> ~/.ssh/config
echo " User ${{ secrets.SSH_USER }}" >> ~/.ssh/config
echo " Port ${{ secrets.SSH_PORT }}" >> ~/.ssh/config
chmod 600 ~/.ssh/config
echo "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
touch ~/.ssh/id_ed25519
echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: rsync deployment scripts
run: |
rsync -avzr --delete dist/ server:/var/www/html/tommasoamici.com/I've had timeouts when using this approach in the same workflow as the Docker action, so there are some edge cases, but otherwise this works just fine and you can avoid passing sensitive information to third party actions.
Interestingly enough, ChatGPT answered with a similar approach, instead of using a ready-made action.