Blue Green deployment using a Github Action - restarone/violet_rails GitHub Wiki

First draft published by Pralish Kayastha: https://github.com/restarone/violet_rails/pull/297

Screen Shot 2022-02-10 at 11 16 00 PM

Steps:

Create ‘staging’ environment on github repo:

Settings / Environment / New environment

Add following secrets on each environment

  1. SERVER_IP
  • Ip address of the target machine

  1. BRANCH
  • Name of the branch that you want to deploy to the environment. Default: master

  1. DEPLOY_ID_RSA_ENC

  • Generate SSH keys on the target machine (use the default place to save with no passphrase)

    $ ssh-keygen

  • Export public key to the authorized_keys to allow the usage of this keypair to login

    $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

  • Add public key from ~/.ssh/id_rsa.pub to your repository's deployment keys via Settings / Deploy keys / Add by cat'ing out the public key

    $ cat ~/.ssh/id_rsa.pub

  • Encrypt your private key with a strong password. Please use these options, otherwise this action may not be able to decrypt your key.

    $ openssl enc -aes-256-cbc -md sha512 -salt -in ~/.ssh/id_rsa -out deploy_id_rsa_enc -k "PASSWORD" -a -pbkdf2

  • Copy the content of deploy_id_rsa_enc file to DEPLOY_ID_RSA_ENC on github

    $ cat deploy_id_rsa_enc


  1. DEPLOY_ENC_KEY
  • Password used to encrypt the private key

  1. KNOWN_HOSTS

  • Copy the response of following command to KNOWN_HOSTS secret on github (run this command on your local machine)

    ssh-keyscan -H HOST

    Replace HOST with target machine ip or hostname


  1. SSH_PRIVATE_KEY

    Private key from the target machine (~/.ssh/id_rsa)

  2. [AWS only] For temporarily allow-listing the GitHub actions IP address on AWS, add the following values: AWS_ACCESS_KEY_ID, AWS_REGION, AWS_SECRET_ACCESS_KEY, AWS_SECURITY_GROUP_ID

Required AWS Security Group (comma separated if multiple).

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "UpdateIngress",
            "Effect": "Allow",
            "Action": [
                "ec2:RevokeSecurityGroupIngress",
                "ec2:AuthorizeSecurityGroupIngress"
            ],
            "Resource": "arn:aws:ec2:your-region:your-account-id:security-group/your-security-group-id"
        },
        {
            "Sid": "DescribeGroups",
            "Effect": "Allow",
            "Action": "ec2:DescribeSecurityGroups",
            "Resource": "*"
        }
    ]
}

Reference: https://github.com/marketplace/actions/aws-security-group-add-ip

Clients/Production Servers

  • Deploy to multiple servers when merged to master/main
  • Create a repository secret named CLIENT_ENVS

    Settings / Security / Secrets / Actions / New Repository Secret

  • List the production environments (separated by ,) you want to deploy to, when changes are merged to master.
Screen Shot 2022-03-21 at 11 33 46 AM

  • Note: environment names must match the environments under

    Settings / Environment

  • the current value for CLIENT_ENVS is: restarone.com, a-toi.ca, sanjaysinghal.com, sipshucksip.com, nikean.org, markedrestaurant.com, staging, ordinarytrip.com, n-o-c-o.com, everybodyisdoingdrugs.com

⚠️ **GitHub.com Fallback** ⚠️