GitHub Actions Tutorial Reference: Events that trigger workflows Reference: Creating personal access tokens
source
- Continuous integration, something like
Travis CI - GitHub just finds
.github/workflowsIf there is a.yml file in the directory, the file will be automatically run. - Write.yml files to execute code in events triggered by the workflow
Example Create a user with minimum rights
To prevent security risks caused by excessive permissions, you only need to create a role with the minimum permission and assign the permission of a single folder to the role
- Xshell connects to the server
suUsing the command, you can change a user role- Switch to the root user role:
su root, a password may be required - Create a user:
useradd [username]To create an AU role (useradd au), created at this timeauUser defaultauUser groups - Set file permissions using setfacl:
setfacl -m u:[username]:rwx [dirname], such as:setfacl -m u:au:rwx /usr/web/html/blogSet read/write execute permission to blog file for AU role. - At this point, only users can be created
/usr/web/html/blogFile read/write execution permission
Create an SSH KEY
- Switch to the
auRole:su auTo directly generate an Ssh-key as the user with the minimum permission - Check whether it already exists:
ls -al ~/.ssh - Generate a new SSH key:
ssh-keygen -t rsaEnter three times in a row - Check whether the generation is successful:
ls -al ~/.ssh
Change the name of id_rsa.pub
- After an SSH-key is created using the AU role, the public and private keys are stored in the
/home/au/.sshdirectory - Switch to the.ssh directory:
cd /home/au/.ssh - Name changed to authorized_keys:
cat id_rsa.pub >> authorized_keys - Delete id_rsa. Pub:
rm id_rsa.pub
The tar command
- Compression:
tar -czvf blog.tgz ./* - Extract:
tar xzvf blog.tgz
writeci.yml
See the article ssh-deploy
- KEY: indicates the public KEY created for the previous server
id_rsa.pub.cat id_rsa.pubThen copy everything - HOST: indicates the IP address of the server
- PORT: indicates the SSH PORT number. The default value is 22
- SOURCE:
npm run buildAnd then the path to the packaged file,Relative address(Mine is packed into webView folder) - TARGET: the directory where the file needs to be uploaded to the server, absolute address (mine was uploaded to /usr/web/html/blog)
- Go to Github, find the repository where you want to add Actions, and fill in the above information in sequence
# execute jobs on: push: branches: name: Publish And Deploy # execute Jobs on: push: branches: -master jobs: build-and-deploy: runs-on: ubuntu-latest # Run environment, tell it to run in what environment steps: # first step: download the source code (CI/CD) - name: - name: Setup node.js environment uses: Name: Build run: NPM install && NPM run Build # Easingthemes /[email protected] env: ${{secrets.KEY}} REMOTE_HOST: ${{secrets.HOST}} REMOTE_USER: ${{ secrets.USERNAME }} REMOTE_PORT: ${{ secrets.PORT }} SOURCE: 'webView/' TARGET: '/usr/web/html/blog'Copy the codePushing the code to the Github repository triggers the custom Workflow and deploits the packaged code to the server
