继上次分享的GitHub actions 发布到GitHub pages,收到的反馈还不错,咱们这次也记录了下编写脚本的过程,过程比较坎坷,如果只要结果,请看文章最后几个板块的内容。
准备工作
SSH key 生成
ssh-keygen -t rsa -b 4096 -C "$(git config user.email)" -f gh-pages -N ""
# You will get 2 files:
# gh-pages.pub (public key)
# gh-pages (private key)
配置私钥
如果前面读过我的hugo通过Github Action部署到Github Pages文章,那么一定知道怎么去上传公钥,这里我们再重复一下
假设 开发项目为 tianhui.xin
打开tianhui.xin仓库的settings,再点击Secrets,然后添加咱们刚刚生成的私钥,name为ACTIONS_DEPLOY_KEY
Add your private key | Success |
---|---|
上传公钥服务器
ssh-copy-id appuser@10.10.10.10
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/appuser/.ssh/id_rsa.pub"
The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
ECDSA key fingerprint is SHA256:mpM5LP8zLMh/CibV34URdTFbciAJ3fvCG1f9kSD2ITI.
ECDSA key fingerprint is MD5:60:40:77:02:5b:c6:e0:9a:e7:a3:96:bf:10:da:12:1c.
Are you sure you want to continue connecting (yes/no)? yes
输入远程用户的密码后,SSH公钥就会自动上传了.SSH公钥保存在远程Linux服务器的.ssh/authorized_keys
文件中
思考
docker
镜像每次都是一个新的,SSH
在第一次连接都会询问这个一个问题
The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.10 (10.10.10.10)' (RSA) to the list of
known hosts.
Enter passphrase for key '/home/appuser/.ssh/id_rsa':
其原因是因为/home/appuser/.ssh
目录下的known_hosts
不存在对你正要连接的服务器信息,也就是说你是第一次连接;那么我们是不是可以伪造一个呢,喏,你还别说,我还真去把自己电脑上的known_hosts
的对应记录复制了一份上去,我简直是个天才,但结果不尽人意,好吧,咱们继续折腾。
幸运的是我在梯子的帮助下,找到了这样一个命令ssh-keyscan
,搞起🤕
ssh-keyscan -t rsa 10.10.10.10 >> "/home/appuser/known_hosts"
新建job脚本(测试SSH脚本)
主要过程就是测试下在docker
环境下如何远程SSH
,
name: aliyun
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@master
with:
submodules: true
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2.2.2
with:
hugo-version: '0.59.1'
extended: true
- name: Build
run: hugo --minify
- name: Deploy
env:
ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }}
HOST: 10.10.10.10
USER: appuser
run: |
SSH_PATH="$HOME/.ssh"
mkdir -p $SSH_PATH
touch "$SSH_PATH/known_hosts"
echo "$ACTIONS_DEPLOY_KEY" > "$SSH_PATH/id_rsa"
chmod 700 "$SSH_PATH"
chmod 600 "$SSH_PATH/known_hosts"
chmod 600 "$SSH_PATH/id_rsa"
eval $(ssh-agent)
ssh-add "$SSH_PATH/id_rsa"
ssh-keyscan -t rsa $HOST >> "$SSH_PATH/known_hosts"
ssh -o StrictHostKeyChecking=no -i $SSH_PATH/id_rsa -A -tt $USER@$HOST ls
执行push
,等待CI部署完成,查看log
发现已经打印出了服务器的文件文件夹信息,😄
最终的job脚本
配置说明
使用只需要关注deploy
中的env
配置
config | description |
---|---|
ACTIONS_DEPLOY_KEY | 连接服务的私钥(在GitHub项目下的setting >Secrets 配置) |
HOST | 服务器的IP地址 |
USER | 服务器的部署用户,对应的私钥的用户 |
HOME_PATH | 登陆服务器后,我们去哪个目录,一般设置为用户目录 |
DEVELOP_SH_PATH | 服务器部署脚本(咱们的部署目录还是服务器上执行,不写在job中) |
PACKAGE_NAME | 打包的名称(public.tar.gz),目前只支持这个 |
DEVELOP_DIR | 项目部署文件夹 |
BACKUP_DIR | 项目的备份文件夹 |
job文件
name: aliyun
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@master
with:
submodules: true
- name: setup Hugo
uses: peaceiris/actions-hugo@v2.2.2
with:
hugo-version: '0.59.1'
extended: true
- name: Build
run: hugo --minify
- name: deploy
env:
ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }}
HOST: 10.10.10.10
USER: appuser
HOME_PATH: /home/appuser
DEVELOP_SH_PATH: /home/appuser/develop.sh
PACKAGE_NAME: public.tar.gz
DEVELOP_DIR: tianhui.xin
BACKUP_DIR: backup
run: |
SSH_PATH="$HOME/.ssh"
mkdir -p $SSH_PATH
touch "$SSH_PATH/known_hosts"
echo "$ACTIONS_DEPLOY_KEY" > "$SSH_PATH/id_rsa"
chmod 700 "$SSH_PATH"
chmod 600 "$SSH_PATH/known_hosts"
chmod 600 "$SSH_PATH/id_rsa"
eval $(ssh-agent)
ssh-add "$SSH_PATH/id_rsa"
ssh-keyscan -t rsa $HOST >> "$SSH_PATH/known_hosts"
cd public
tar -cf $PACKAGE_NAME *
scp $PACKAGE_NAME $USER@$HOST:$HOME_PATH
ssh -o StrictHostKeyChecking=no -i $SSH_PATH/id_rsa -A -tt $USER@$HOST sh $DEVELOP_SH_PATH \
-d $HOME_PATH/$DEVELOP_DIR -b $HOME_PATH/$BACKUP_DIR -f $HOME_PATH/$PACKAGE_NAME
exit
远程服务器操作
新建develop.sh
#!/bin/sh
set -e
FILE_NAME=`basename $0`
#说明
show_usage="usage:$FILE_NAME [-d develop_path,-b backup_path -f file_path]"
#参数
# 本地仓库目录
opt_develop_path=""
# 备份目录
opt_backup_path=""
# 部署文件
opt_file_path=""
GETOPT_ARGS=`getopt -o d:b:f: -al develop_path:,backup_path:,file_path: -- "$@"`
eval set -- "$GETOPT_ARGS"
#获取参数
while [ -n "$1" ]
do
case "$1" in
-d|--develop_path) opt_develop_path=$2; shift 2;;
-b|--backup_path) opt_backup_path=$2; shift 2;;
-f|--opt_file_path) opt_file_path=$2; shift 2;;
--) break ;;
*) echo $1,$2,$show_usage; break ;;
esac
done
# 判断参数
if [[ -z $opt_develop_path || -z $opt_backup_path || -z $opt_file_path ]]; then
echo -e $show_usage
exit 0
fi
if [ "$opt_develop_path" = "$opt_backup_path" ]; then
echo 'develop_path eq backup_path'
exit 0
fi
# 判断部署文件是否存在
if [ ! -f $opt_file_path ]; then
echo "$opt_file_path file does not exist"
exit 0
fi
# 判断文件夹是否存在
if [ ! -x $opt_develop_path ]; then
mkdir $opt_develop_path
fi
# 判断文件夹是否存在
if [ ! -x $opt_backup_path ]; then
mkdir $opt_backup_path
fi
# 文件夹不是空的
if [ ! "`ls -A $opt_develop_path`" = "" ]; then
cd $opt_develop_path
tar -cf $opt_backup_path/$(date +%Y%m%d%H%M).tar.gz $opt_develop_path/*
rm -rf $opt_develop_path/*
fi
# 解压文件
tar -xf $opt_file_path -C $opt_develop_path
echo "publish success!"
给予执行权限
chomd u+x develop.sh
一切准备就绪,开始你的奇妙之旅吧,码字不易,有问题请留言交流。
相关文章: