Drop your piece of shit together with GH Actions - it is a terrible CI platform! #183
Comments
|
For anyone who don't know yet (I've just tired to type it, again and again): $ mkdir -vm 700 $HOME/.ssh
$ ssh-keyscan -Ht ed25519 YOUR.INCREDIBLE.SERVER > $HOME/.ssh/known_hosts
$ echo "${{ secrets.SSH_PRIVATE_KEY }}" > $HOME/.ssh/id_ed25519
$ chmod 600 $HOME/.ssh/id_ed25519
$ scp dist/*.whl [email protected]:/var/lib/pypi/simple/YOUR-INCREDIBLE-PACKAGE(And location /pypi {
alias /var/lib/pypi;
autoindex on;
auth_basic "Your PyPI";
auth_basic_user_file your.pypi.htpasswd;
}then.) You're welcome. (Do we really need whole GH Actions in order to achieve that?..) |
tribals
changed the title
|
I agree, I think this issue should be pinned on the very top of this repo. I'm going to try what you suggested |
|
I have indeed tried it, and it is so much better. - name: Set up SCP 🔑
run: |
mkdir -v -m 700 $HOME/.ssh
ssh-keyscan -H ${{ secrets.SSH_HOST }} > $HOME/.ssh/known_hosts
echo "${{ secrets.SSH_KEY }}" > $HOME/.ssh/id_rsa
chmod 400 $HOME/.ssh/id_rsa
- name: Upload to server ⬆️
run: |
scp docker-compose.yaml ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:~/
# other steps here |
|
I ran into some trouble when trying to use both ssh + scp with a passphrase. (I wanted to execute some commands before copying files to the destination) - name: Do SSH and SCP
run: |
eval $(ssh-agent -s)
mkdir -v -m 700 $HOME/.ssh
ssh-keyscan -H ${{ secrets.SSH_HOST }} > $HOME/.ssh/known_hosts
echo "${{ secrets.SSH_KEY }}" > $HOME/.ssh/id_ed25519
chmod 400 $HOME/.ssh/id_ed25519
echo "echo ${{ secrets.SSH_PASSPHRASE }}" > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
SSH_ASKPASS_REQUIRE=force SSH_ASKPASS=~/.ssh_askpass ssh-add $HOME/.ssh/id_ed25519
ssh ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} "<command>"
scp <file> ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:~/
You can also use passphrase-less keys, but it's good to know that this also works. |
|
Although passphrase makes you key a little bit more secure, it will complicate CI/CD greatly. What is the reason you trying to use passphrase for CI/CD SSH keys? It is simpler to generate new key for each "environment" rather that re-use existing key with passphrase, if you are trying to do so. Keys are cheap, interactive input is expensive. |
|
I agree with that. The snippet is there if anyone still wants to use a passphrase, it took me some time to find out why I couldn't get a passphrase to be read in my github actions so maybe it helps someone else. |
|
I have tried to use the above to no avail, am I missing something? jobs:
Simple-ssh:
name: Simple SSH
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: run cmds
run: |
echo hello > world.txt
- name: Set up SCP 🔑
run: |
mkdir -v -m 700 $HOME/.ssh
ssh-keyscan -H ${{ secrets.HOST }} > $HOME/.ssh/known_hosts
echo "${{ secrets.SSH_KEY }}" > $HOME/.ssh/id_rsa
chmod 400 $HOME/.ssh/id_rsa
- name: Upload to server ⬆️
run: |
scp -i ${{ secrets.SSH_KEY}} ./slime.txt ${{ secrets.SSH_USER }}@${{ secrets.HOST }}:~/It keeps exiting on the KEY-----: No such file or directory
Error: Process completed with exit code 1. |
|
Better to spin fresh "workspace" instance (it runs same Ubuntu as it would when execution your actions), and then execute commands one by one. I believe the issue is that |
|
Also, specifying home directory as a target to $ scp SOURCE HOST:Or, you can specify different name for target if you will: $ scp SOURCE HOST:TARGET |
|
@tribals, thanks for your reply, but even doing it in the aforementioned way fails.
yields: Received disconnect from xxx.xxx.xxx.xxx port 22:2: Too many authentication failures
Disconnected from xxx.xxx.xxx.xxx port 22
scp: Connection closed
Error: Process completed with exit code 255.EDIT: And fwiw, I can I also have the key in my known host file on my local. |
This really does not mean anything. GH Actions is not your local machine. I bet the issue is with SSH key. Try to debug your action with this: https://github.com/nektos/act |
|
Copy that, I think you are correct. I thought my host forced me to use a passphrase. I made a new key w/o and its working with this:
|
$ tree /var/lib/pypi /var/lib/pypi └── simple └── foo └── dist └── foo-0.1.5-py3-none-any.whl 4 directories, 1 fileThat's not how
scpis supposed to work... And it is insane idea - to spin whole Docker in order to COPY FILES, you don't mind that?..Put this marvelous instance of software you just created to your ass, together with M$, GH Actions and VS Code - I think you will be like it!
The text was updated successfully, but these errors were encountered: