CI/CD: GitHub Actions workflow to run tests, build Docker image, push to registry, and deploy to VPS via SSH

Configurare noua (How To)

Situatie

Summary

A single ci.yml will:

  • run tests on matrix (node/python variations),

  • build a Docker image,

  • push to Docker Hub / GitHub Container Registry,

  • SSH to your server and run a docker pull + docker-compose up -d.

Prerequisites

  • GitHub repo with code + tests.

  • Docker Hub or GHCR credentials stored as GitHub secrets (DOCKER_USERNAME, DOCKER_PASSWORD or GHCR_TOKEN).

  • SSH deploy key added to GitHub secrets (SSH_PRIVATE_KEY) and added to ~/.ssh/authorized_keys of the VPS user.

  • On VPS a docker-compose.yml that pulls the new image tag (e.g., myapp:latest).

Example .github/workflows/ci.yml

name: CI/CD

on:
push:
branches: [ main ]

jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node: [18]
steps:
uses: actions/checkout@v4
name: Use Node
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
name: Install & Test
run: |
npm ci
npm test

build_and_push:
needs: test
runs-on: ubuntu-latest
steps:
uses: actions/checkout@v4
name: Build docker image
run: |
IMAGE=ghcr.io/${{ github.repository }}:${{ github.sha }}
docker build -t $IMAGE .
 name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_TOKEN }}
name: Push image
run: |
IMAGE=ghcr.io/${{ github.repository }}:${{ github.sha }}
docker push $IMAGE
 name: Set image tag output
id: image
run: echo “::set-output name=image::ghcr.io/${{ github.repository }}:${{ github.sha }}

deploy:
needs: build_and_push
runs-on: ubuntu-latest
steps:
name: Deploy to server via SSH
uses: appleboy/ssh-action@v0.1.8
with:
host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
IMAGE=ghcr.io/${{ github.repository }}:${{ github.sha }}
docker pull $IMAGE
# adapt to your compose file
docker compose -f /home/deploy/app/docker-compose.yml pull
docker compose -f /home/deploy/app/docker-compose.yml up -d

Steps to set up

  1. Add secrets in GitHub: GHCR_TOKEN (with write packages scope) or Docker credentials, plus SSH_HOST, SSH_USER, SSH_PRIVATE_KEY.

  2. Ensure VPS user has docker and docker-compose and the docker-compose.yml uses image: ghcr.io/your/repo:${TAG} or image: ghcr.io/your/repo:latest and you update tag accordingly.

  3. Commit .github/workflows/ci.yml and push to main.

Troubleshooting & notes

  • For zero-downtime deploys, consider using docker-compose with pull then up --detach --no-deps --build or switch to docker stack / swarm or Kubernetes.

  • Keep secrets rotated. Use limited-scope tokens.

  • Test the SSH action with a manual run first.

Solutie

Tip solutie

Permanent

Voteaza

Up Down
(10 din 13 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?