繼上次分享的GitHub actions 發(fā)布到GitHub pages,收到的反饋還不錯，咱們這次也記錄了下編寫腳本的過程，過程比較坎坷，如果只要結(jié)果，請看文章最后幾個板塊的內(nèi)容。

準(zhǔn)備工作

SSH key 生成

ssh-keygen -t rsa -b 4096 -C "$(git config user.email)" -f gh-pages -N ""
# You will get 2 files:
#   gh-pages.pub (public key)
#   gh-pages     (private key)

配置私鑰

如果前面讀過我的hugo通過Github Action部署到Github Pages文章，那么一定知道怎么去上傳公鑰，這里我們再重復(fù)一下

假設(shè) 開發(fā)項目為 tianhui.xin
打開tianhui.xin倉庫的settings，再點擊Secrets，然后添加咱們剛剛生成的私鑰，name為ACTIONS_DEPLOY_KEY

Add your private key	Success
image	image

上傳公鑰服務(wù)器

ssh-copy-id appuser@10.10.10.10
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/appuser/.ssh/id_rsa.pub"
The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
ECDSA key fingerprint is SHA256:mpM5LP8zLMh/CibV34URdTFbciAJ3fvCG1f9kSD2ITI.
ECDSA key fingerprint is MD5:60:40:77:02:5b:c6:e0:9a:e7:a3:96:bf:10:da:12:1c.
Are you sure you want to continue connecting (yes/no)? yes

輸入遠(yuǎn)程用戶的密碼后，SSH公鑰就會自動上傳了．SSH公鑰保存在遠(yuǎn)程Linux服務(wù)器的.ssh/authorized_keys文件中

思考

docker鏡像每次都是一個新的，SSH在第一次連接都會詢問這個一個問題

The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.

RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.10 (10.10.10.10)' (RSA) to the list of
known hosts.
Enter passphrase for key '/home/appuser/.ssh/id_rsa':

其原因是因為/home/appuser/.ssh目錄下的known_hosts不存在對你正要連接的服務(wù)器信息，也就是說你是第一次連接；那么我們是不是可以偽造一個呢，喏，你還別說，我還真去把自己電腦上的known_hosts的對應(yīng)記錄復(fù)制了一份上去，我簡直是個天才，但結(jié)果不盡人意，好吧，咱們繼續(xù)折騰。

幸運的是我在梯子的幫助下，找到了這樣一個命令ssh-keyscan，搞起??

ssh-keyscan -t rsa 10.10.10.10 >> "/home/appuser/known_hosts"

新建job腳本(測試SSH腳本)

主要過程就是測試下在docker環(huán)境下如何遠(yuǎn)程SSH，

name: aliyun

on:
  push:
    branches:
      - master
jobs:
  build:

    runs-on: ubuntu-latest

    steps:
      - name: checkout
        uses: actions/checkout@master
        with:
          submodules: true
      - name: Setup Hugo
        uses: peaceiris/actions-hugo@v2.2.2
        with:
          hugo-version: '0.59.1'
          extended: true
      - name: Build
        run: hugo --minify
      - name: Deploy
        env:
          ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }}
          HOST: 10.10.10.10
          USER: appuser
        run: |
          SSH_PATH="$HOME/.ssh"
          mkdir -p $SSH_PATH
          touch "$SSH_PATH/known_hosts"
          echo "$ACTIONS_DEPLOY_KEY" > "$SSH_PATH/id_rsa"
          chmod 700 "$SSH_PATH"
          chmod 600 "$SSH_PATH/known_hosts"
          chmod 600 "$SSH_PATH/id_rsa"
          eval $(ssh-agent)
          ssh-add "$SSH_PATH/id_rsa"
          ssh-keyscan -t rsa $HOST >> "$SSH_PATH/known_hosts"
          ssh -o StrictHostKeyChecking=no -i $SSH_PATH/id_rsa -A -tt $USER@$HOST ls

執(zhí)行push，等待CI部署完成，查看log發(fā)現(xiàn)已經(jīng)打印出了服務(wù)器的文件文件夾信息，??

測試結(jié)果

最終的job腳本

配置說明

使用只需要關(guān)注deploy中的env配置

job文件

name: aliyun

on:
  push:
    branches:
      - master
jobs:
  build:

    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@master
        with:
          submodules: true
      - name: setup Hugo
        uses: peaceiris/actions-hugo@v2.2.2
        with:
          hugo-version: '0.59.1'
          extended: true
      - name: Build
        run: hugo --minify
      - name: deploy
        env:
          ACTIONS_DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }}
          HOST: 10.10.10.10
          USER: appuser
          HOME_PATH: /home/appuser
          DEVELOP_SH_PATH: /home/appuser/develop.sh
          PACKAGE_NAME: public.tar.gz
          DEVELOP_DIR: tianhui.xin
          BACKUP_DIR: backup
        run: |
          SSH_PATH="$HOME/.ssh"
          mkdir -p $SSH_PATH
          touch "$SSH_PATH/known_hosts"
          echo "$ACTIONS_DEPLOY_KEY" > "$SSH_PATH/id_rsa"
          chmod 700 "$SSH_PATH"
          chmod 600 "$SSH_PATH/known_hosts"
          chmod 600 "$SSH_PATH/id_rsa"
          eval $(ssh-agent)
          ssh-add "$SSH_PATH/id_rsa"
          ssh-keyscan -t rsa $HOST >> "$SSH_PATH/known_hosts"
          cd public
          tar -cf $PACKAGE_NAME *
          scp $PACKAGE_NAME $USER@$HOST:$HOME_PATH
          ssh -o StrictHostKeyChecking=no -i $SSH_PATH/id_rsa -A -tt $USER@$HOST sh $DEVELOP_SH_PATH \
            -d $HOME_PATH/$DEVELOP_DIR -b $HOME_PATH/$BACKUP_DIR -f $HOME_PATH/$PACKAGE_NAME
          exit

遠(yuǎn)程服務(wù)器操作

新建develop.sh

#!/bin/sh
set -e

FILE_NAME=`basename $0`

#說明
show_usage="usage:$FILE_NAME [-d develop_path,-b backup_path -f file_path]"

#參數(shù)
# 本地倉庫目錄
opt_develop_path=""

# 備份目錄
opt_backup_path=""

# 部署文件
opt_file_path=""


GETOPT_ARGS=`getopt -o d:b:f: -al develop_path:,backup_path:,file_path: -- "$@"`
eval set -- "$GETOPT_ARGS"
#獲取參數(shù)
while [ -n "$1" ]
do
        case "$1" in
                -d|--develop_path) opt_develop_path=$2; shift 2;;
                -b|--backup_path) opt_backup_path=$2; shift 2;;
                -f|--opt_file_path) opt_file_path=$2; shift 2;;
                --) break ;;
                *) echo $1,$2,$show_usage; break ;;
        esac
done

# 判斷參數(shù)
if [[ -z $opt_develop_path || -z $opt_backup_path || -z $opt_file_path ]]; then
        echo -e $show_usage
        exit 0
fi

if [ "$opt_develop_path" = "$opt_backup_path" ]; then
  echo 'develop_path eq backup_path'
  exit 0
fi

# 判斷部署文件是否存在
if [ ! -f $opt_file_path ]; then
    echo "$opt_file_path file does not exist"
    exit 0
fi

# 判斷文件夾是否存在
if [ ! -x $opt_develop_path ]; then
  mkdir $opt_develop_path
fi

# 判斷文件夾是否存在
if [ ! -x $opt_backup_path ]; then
  mkdir $opt_backup_path
fi

# 文件夾不是空的
if [ ! "`ls -A $opt_develop_path`" = "" ]; then
  cd $opt_develop_path
  tar -cf $opt_backup_path/$(date +%Y%m%d%H%M).tar.gz $opt_develop_path/*
  rm -rf $opt_develop_path/*
fi
# 解壓文件
tar -xf $opt_file_path -C $opt_develop_path

echo "publish success!"

給予執(zhí)行權(quán)限

chomd u+x develop.sh

執(zhí)行結(jié)果

一切準(zhǔn)備就緒，開始你的奇妙之旅吧，碼字不易，有問題請留言交流。

相關(guān)文章:

1. hugo通過Github Action部署到Github Pages

原文鏈接