Github Actions for remote SSH interaction

on muchomuchacho

Yesterday I spent some time tinkering with prose with the objective of keeping a copy of my blog posts in github while at push time also publishing the same material. The process is pretty straight forward but the suggested method did not work for me. So I ended up using a very general process that will probably help me in the future with other projects.

This is the Github Actions code I am currently using. I'll add some extra explanations below:

 1name: publish
 4  push:
 5    branches:
 6      - main
 9  build:
10    runs-on: ubuntu-latest
11    name: Build and Deploy
12    steps:
13      - uses: actions/checkout@master
14      - name: Publish to
15        uses: shimataro/ssh-key-action@v2
16        with:
17          key: ${{ secrets.PRIVATE_KEY }}
18          known_hosts: unnecessary
20      - name: Adding Known Hosts
21        run: ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
23      - name: SCP content
24        run: scp *.md ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/

The only catch above is the known_hosts key. It doesn't work when passed that way, it has to be updated 'manually' so that it is present in the interaction with the host on future connections, the way se see in the SCP content section. Everything else is standard. We checkout our code, load the ssh-key-action passing our private key to it for internal use. Add the remote host to the known_hosts file locally and run whatever command we need to pass to it.

One word of caution; for security reasons it's best if the ssh keys involved in this process are not used anywhere else. You never know when or if they will get leaked into the open.