GitHub Actions
This guide covers automating the deployment of a Kyushu worker to a VPS using GitHub Actions.
Prerequisites
Section titled “Prerequisites”- A VPS with Kyushu running as a systemd service (see Deploy on a VPS)
-
Generate an SSH key pair
On your local machine, generate a key for the deployment:
Terminal window ssh-keygen -t ed25519 -C "github-actions-myuser" -f ~/.ssh/myuser_keyLeave the passphrase empty.
-
Create a dedicated user on the VPS
Rather than using root, create a user with limited privileges:
Terminal window useradd -m -s /bin/bash myusermkdir -p /home/myuser/.sshchown -R myuser:myuser /home/myuser/.sshchmod 700 /home/myuser/.ssh -
Grant the user privileges for deployment
Grant write access to your worker directory:
Terminal window chown -R myuser:myuser /opt/myappAnd allow the user to restart Kyushu without a password:
Terminal window echo "myuser ALL=(ALL) NOPASSWD: /bin/systemctl restart myapp" > /etc/sudoers.d/myapp-myuser -
Add public key to the server
Copy the content of your public key to the user’s
authorized_keysfile on the VPS.Terminal window nano /home/myuser/.ssh/authorized_keys# Paste the content of your local ~/.ssh/myuser_key.pubchown myuser:myuser /home/myuser/.ssh/authorized_keyschmod 600 /home/myuser/.ssh/authorized_keys -
Add secrets to your GitHub repository
In your repository on GitHub, go to Settings → Secrets and variables → Actions and add:
Secret Value KYUSHU_SSH_KEYContents of ~/.ssh/myuser_key(private key)KYUSHU_HOSTYour VPS IP or hostname -
Delete the local private key (optional)
Once added to GitHub Secrets, you can delete the private key from your local machine:
Terminal window rm ~/.ssh/myuser_key ~/.ssh/myuser_key.pub -
Create the GitHub Actions workflow
Lastly, setup the deployment pipeline by creating
.github/workflows/deploy.yml:.github/workflows/deploy.yml name: Deployon:push:branches: [main]jobs:build:runs-on: ubuntu-lateststeps:- name: Checkoutuses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2with:persist-credentials: false- name: Install kyurun: |curl -fsSL https://kyushu.dev/install | bashecho "/root/.kyu/bin" >> $GITHUB_PATH- name: Buildrun: kyu build- name: Upload artifactsuses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1with:name: workerpath: worker/deploy:needs: buildruns-on: ubuntu-lateststeps:- name: Download artifactsuses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1with:name: workerpath: worker/- name: Setup SSHrun: |mkdir -p ~/.sshecho "${{ secrets.KYUSHU_SSH_KEY }}" > ~/.ssh/id_ed25519chmod 600 ~/.ssh/id_ed25519ssh-keyscan -H ${{ secrets.KYUSHU_HOST }} >> ~/.ssh/known_hosts- name: Deployrun: |rsync -avz ./worker myuser@${{ secrets.KYUSHU_HOST }}:/opt/myapp/ssh myuser@${{ secrets.KYUSHU_HOST }} "sudo systemctl restart myapp"Adjust
/opt/myapp/and add any additional resources your project requires.
Verify
Section titled “Verify”Push a change to your main branch, then check the Actions tab in your GitHub repository. Once the workflow completes, verify the deployment:
curl https://yourdomain.com