0

I want to setup a deployment workflow from GitHub to my Digital Ocean server. To do this I don't want to have to login to the server and manually run git pull from my server's repository.

I'm aware of git hooks, and have even used them between my local machine and my server, but I wanted a way to deploy from GitHub to the server so I can guarantee parity between the GitHub repo and the server's repo.

There is very little documentation on how to do this to a non-supported host company (Digital Ocean), so I figured that one way to do it remotely would be to:

  1. Setup a user on my server.
  2. Create an SSH key pair for that user
  3. Add the user's public key as a Deployment Key on my Github repository
  4. Then when I wanted to deploy using my local computer, I would simply send a single bash command (something like cd /var/www/my-repo && git pull) over ssh to the server

The problem is that it seems I can only get as far as point 3. In order to clone/pull the repository from GitHub, I need to start the ssh-agent in my shell. Without doing this my server's user can't pull from GitHub.

An obvious solution might be to simply send the eval `ssh-agent -s` command over the wire along with my cd and git pull commands. However, with a bit of experimenting I realised that the ssh-agents weren't being killed when I killed my shell session with the server. This would mean I would be starting up dormant ssh-agent processes each time I wanted to deploy.

My question is two-fold:

  1. Is this an awful way to deploy (for a pretty low-key site)?
  2. Is there a nice, clean bash script that can start and kill an ssh-agent with every execution?

My server is a Debian server.

shennan
  • 101
  • 1
  • 4
  • Where do the SSH key files live and why do you need `ssh-agent` running to use them? – thrig Feb 25 '17 at 00:27
  • @thrig I don't *know* that I need `ssh-agent` to run them, but I deduced that I did because I was only able to clone my (private) GitHub repo to my server after running ``eval `ssh -s` ``. Or rather, attempts to `ssh-add` my key didn't work and errored with a `Could not open a connection to your authentication agent.`. Not until I had run an ssh-agent and added my key, could I authenticate with GitHub and clone (or pull) my repository. The key files live in the `~/.ssh` folder of the user. – shennan Feb 25 '17 at 00:49
  • On the server? Because for github I set a `IdentityFile ~/.ssh/id_github` entry in my `~/.ssh/config` file to use that key for github under the `Host github.com` block. – thrig Feb 25 '17 at 00:58
  • @thrig Yes, on the server. I don't know ssh that well, so you'll have to explain the reasons why you think your solution will work. Are you saying that in order to have my server authenticate with GitHub, I need to alter my ssh config to explicitly tell GitHub which key to use? What does the `IdentityFile` directive actually do? I figured that simply having the public key added on GitHub and having the private key existing within my `~/.ssh` folder would do. Am I wrong? P.S Thanks for any help – shennan Feb 25 '17 at 01:02
  • 1. you can (and must, really) correctly deploy over SSH **without** SSH-agent 2. Place your generated ssh-key in correct location 3. Read https://gist.github.com/oodavid/1809044 for ideas – Lazy Badger Feb 25 '17 at 03:49

1 Answers1

0

In the end I did two things to successfully authenticate with GitHub:

1) Created an SSH key that did not have a passphrase, and used its .pub as Deploy Key on GitHub repository

2) Made sure that the key was being used when connecting by adding the following to ~/.ssh/config:

host github.com HostName github.com IdentityFile ~/.ssh/my-rsa User git

shennan
  • 101
  • 1
  • 4