I use Capistrano to deploy my Rails app to my private server which I have access to throught VPN + SSH. I implemented a GitHUb action to have continuous deployment. I can connect to the server via SSH after setting the VPN. But Capistrano is still asking for the credentials.
I started the ssh agent + added the private key to it, on the ssh session of the github action on the server.
I tried
- locally on my computer, that works but even when I ssh myself
- on the server and try to deploy
cap production deployfrom it to it, it still ask me for the password. - i tried adding a config file on the server
The ssh key is added as a secret to the repo and works as the Github action can ssh to the server. But somehow Capistrano still ask for the passowrd.
Is it a forward agent thing? I set the option on the deploy.rb as
set :ssh_options, { forward_agent: true}
name: Deploy to Server
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
env:
REPO_URL: "[email protected]:${GITHUB_REPOSITORY}.git"
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
# runs 'bundle install' and caches installed gems automatically
bundler-cache: true
- name: Install dependencies
run: |
gem install bundler
bundle install
- name: Install OpenVPN
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
echo "${{ secrets.VPN_USERNAME }}" >> auth.txt
echo "${{ secrets.VPN_PASSWORD }}" >> auth.txt
echo "${{ secrets.VPN_CONFIG }}" >> priicer.ovpn
chmod 600 priicer.ovpn
- name: Connect to VPN
run: |
timeout 2m sudo openvpn --config priicer.ovpn --auth-user-pass auth.txt --verb 3 &
- name: Wait for a VPN connection
run: |
for i in {1..10}; do
if ping -c 1 ${{ secrets.SSH_HOST }}; then
echo "VPN is set up"
exit 0 # Exit loop with success status
else
echo "VPN is not yet ready. Retrying in 10 seconds..."
sleep 10
fi
done
echo "VPN setup not confirmed after multiple attempts."
exit 1 # Exit loop with failure status
- name: Set up SSH and deploy
uses: fifsky/ssh-action@master
with:
host: ${{ secrets.SSH_HOST }}
user: deploy
key: ${{ secrets.SSH_KEY}}
args: "-tt"
command: |
cd ./priicer/current
echo $REPO_URL
echo -e "lock '~> 3.17.1'\n\nset :application, 'priicer'\nset :repo_url, $REPO_URL\nset :deploy_to, \"/home/deploy/#{fetch :application}\"\n set :ssh_options, { :forward_agent => true }" > config/deploy.rb
BUNDLE_PATH="/home/deploy/.rbenv/shims/bundle"
echo "BUNDLE_PATH: $BUNDLE_PATH" # Print the value of the BUNDLE_PATH variable
eval "$(ssh-agent -s)" # Start the SSH agent
ssh-add ~/.ssh/github # Or whatever key you choose
$BUNDLE_PATH exec cap production deploy
# ./restart.sh
- name: Kill VPN connection
if: always()
run: |
sudo killall openvpn