Blue Green deployment using a Github Action - restarone/violet_rails GitHub Wiki
First draft published by Pralish Kayastha: https://github.com/restarone/violet_rails/pull/297
Settings / Environment / New environment
- SERVER_IP
- Ip address of the target machine
- BRANCH
- Name of the branch that you want to deploy to the environment. Default: master
- DEPLOY_ID_RSA_ENC
-
Generate SSH keys on the target machine (use the default place to save with no passphrase)
$ ssh-keygen
-
Export public key to the authorized_keys to allow the usage of this keypair to login
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
-
Add public key from ~/.ssh/id_rsa.pub to your repository's deployment keys via Settings / Deploy keys / Add by
cat
'ing out the public key$ cat ~/.ssh/id_rsa.pub
-
Encrypt your private key with a strong password. Please use these options, otherwise this action may not be able to decrypt your key.
$ openssl enc -aes-256-cbc -md sha512 -salt -in ~/.ssh/id_rsa -out deploy_id_rsa_enc -k "PASSWORD" -a -pbkdf2
-
Copy the content of deploy_id_rsa_enc file to DEPLOY_ID_RSA_ENC on github
$ cat deploy_id_rsa_enc
- DEPLOY_ENC_KEY
- Password used to encrypt the private key
- KNOWN_HOSTS
-
Copy the response of following command to KNOWN_HOSTS secret on github (run this command on your local machine)
ssh-keyscan -H HOST
Replace HOST with target machine ip or hostname
-
SSH_PRIVATE_KEY
Private key from the target machine (
~/.ssh/id_rsa
) -
[AWS only] For temporarily allow-listing the GitHub actions IP address on AWS, add the following values:
AWS_ACCESS_KEY_ID
,AWS_REGION
,AWS_SECRET_ACCESS_KEY
,AWS_SECURITY_GROUP_ID
Required AWS Security Group (comma separated if multiple).
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "UpdateIngress",
"Effect": "Allow",
"Action": [
"ec2:RevokeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": "arn:aws:ec2:your-region:your-account-id:security-group/your-security-group-id"
},
{
"Sid": "DescribeGroups",
"Effect": "Allow",
"Action": "ec2:DescribeSecurityGroups",
"Resource": "*"
}
]
}
Reference: https://github.com/marketplace/actions/aws-security-group-add-ip
- Deploy to multiple servers when merged to master/main
- Create a repository secret named
CLIENT_ENVS
Settings / Security / Secrets / Actions / New Repository Secret
- List the production environments (separated by
,
) you want to deploy to, when changes are merged to master.
-
Note: environment names must match the environments under
Settings / Environment
-
the current value for
CLIENT_ENVS
is:restarone.com, a-toi.ca, sanjaysinghal.com, sipshucksip.com, nikean.org, markedrestaurant.com, staging, ordinarytrip.com, n-o-c-o.com
,everybodyisdoingdrugs.com