GitHub Actions Tutorial Reference: Events that trigger workflows Reference: Creating personal access tokens

source

  • Continuous integration, something likeTravis CI
  • GitHub just finds.github/workflowsIf there is a.yml file in the directory, the file will be automatically run.
  • Write.yml files to execute code in events triggered by the workflow

Example Create a user with minimum rights

To prevent security risks caused by excessive permissions, you only need to create a role with the minimum permission and assign the permission of a single folder to the role

  • Xshell connects to the server
  • suUsing the command, you can change a user role
  • Switch to the root user role:su root, a password may be required
  • Create a user:useradd [username]To create an AU role (useradd au), created at this timeauUser defaultauUser groups
  • Set file permissions using setfacl:setfacl -m u:[username]:rwx [dirname], such as:setfacl -m u:au:rwx /usr/web/html/blogSet read/write execute permission to blog file for AU role.
  • At this point, only users can be created/usr/web/html/blogFile read/write execution permission

Create an SSH KEY

  • Switch to theauRole:su auTo directly generate an Ssh-key as the user with the minimum permission
  • Check whether it already exists:ls -al ~/.ssh
  • Generate a new SSH key:ssh-keygen -t rsaEnter three times in a row
  • Check whether the generation is successful:ls -al ~/.ssh

Change the name of id_rsa.pub

  • After an SSH-key is created using the AU role, the public and private keys are stored in the/home/au/.sshdirectory
  • Switch to the.ssh directory:cd /home/au/.ssh
  • Name changed to authorized_keys:cat id_rsa.pub >> authorized_keys
  • Delete id_rsa. Pub:rm id_rsa.pub

The tar command

  • Compression:tar -czvf blog.tgz ./*
  • Extract:tar xzvf blog.tgz

writeci.yml

See the article ssh-deploy

  1. KEY: indicates the public KEY created for the previous serverid_rsa.pub.cat id_rsa.pubThen copy everything
  2. HOST: indicates the IP address of the server
  3. PORT: indicates the SSH PORT number. The default value is 22
  4. SOURCE:npm run buildAnd then the path to the packaged file,Relative address(Mine is packed into webView folder)
  5. TARGET: the directory where the file needs to be uploaded to the server, absolute address (mine was uploaded to /usr/web/html/blog)
  6. Go to Github, find the repository where you want to add Actions, and fill in the above information in sequence

# execute jobs on: push: branches: name: Publish And Deploy # execute Jobs on: push: branches: -master jobs: build-and-deploy: runs-on: ubuntu-latest # Run environment, tell it to run in what environment steps: # first step: download the source code (CI/CD) - name: - name: Setup node.js environment uses: Name: Build run: NPM install && NPM run Build # Easingthemes /[email protected] env: ${{secrets.KEY}} REMOTE_HOST: ${{secrets.HOST}} REMOTE_USER: ${{ secrets.USERNAME }} REMOTE_PORT: ${{ secrets.PORT }} SOURCE: 'webView/' TARGET: '/usr/web/html/blog'Copy the code

Pushing the code to the Github repository triggers the custom Workflow and deploits the packaged code to the server