GitHub Actions Tutorial Reference: Events that trigger workflows Reference: Creating personal access tokens
source
- Continuous integration, something like
Travis CI
- GitHub just finds
.github/workflows
If there is a.yml file in the directory, the file will be automatically run. - Write.yml files to execute code in events triggered by the workflow
Example Create a user with minimum rights
To prevent security risks caused by excessive permissions, you only need to create a role with the minimum permission and assign the permission of a single folder to the role
- Xshell connects to the server
su
Using the command, you can change a user role- Switch to the root user role:
su root
, a password may be required - Create a user:
useradd [username]
To create an AU role (useradd au
), created at this timeau
User defaultau
User groups - Set file permissions using setfacl:
setfacl -m u:[username]:rwx [dirname]
, such as:setfacl -m u:au:rwx /usr/web/html/blog
Set read/write execute permission to blog file for AU role. - At this point, only users can be created
/usr/web/html/blog
File read/write execution permission
Create an SSH KEY
- Switch to the
au
Role:su au
To directly generate an Ssh-key as the user with the minimum permission - Check whether it already exists:
ls -al ~/.ssh
- Generate a new SSH key:
ssh-keygen -t rsa
Enter three times in a row - Check whether the generation is successful:
ls -al ~/.ssh
Change the name of id_rsa.pub
- After an SSH-key is created using the AU role, the public and private keys are stored in the
/home/au/.ssh
directory - Switch to the.ssh directory:
cd /home/au/.ssh
- Name changed to authorized_keys:
cat id_rsa.pub >> authorized_keys
- Delete id_rsa. Pub:
rm id_rsa.pub
The tar command
- Compression:
tar -czvf blog.tgz ./*
- Extract:
tar xzvf blog.tgz
writeci.yml
See the article ssh-deploy
- KEY: indicates the public KEY created for the previous server
id_rsa.pub
.cat id_rsa.pub
Then copy everything - HOST: indicates the IP address of the server
- PORT: indicates the SSH PORT number. The default value is 22
- SOURCE:
npm run build
And then the path to the packaged file,Relative address(Mine is packed into webView folder) - TARGET: the directory where the file needs to be uploaded to the server, absolute address (mine was uploaded to /usr/web/html/blog)
- Go to Github, find the repository where you want to add Actions, and fill in the above information in sequence
# execute jobs on: push: branches: name: Publish And Deploy # execute Jobs on: push: branches: -master jobs: build-and-deploy: runs-on: ubuntu-latest # Run environment, tell it to run in what environment steps: # first step: download the source code (CI/CD) - name: - name: Setup node.js environment uses: Name: Build run: NPM install && NPM run Build # Easingthemes /[email protected] env: ${{secrets.KEY}} REMOTE_HOST: ${{secrets.HOST}} REMOTE_USER: ${{ secrets.USERNAME }} REMOTE_PORT: ${{ secrets.PORT }} SOURCE: 'webView/' TARGET: '/usr/web/html/blog'Copy the code
Pushing the code to the Github repository triggers the custom Workflow and deploits the packaged code to the server