SSH To AWS EC2 from Github Actions and run a script that pulls code from NodeJS and redeploys with script

0
votes

I have an Amazon EC2 instance where i have setup NodeJS, PM2 and i have a script which when ran, pulls the code from Github (using deploy keys) and restarts PM2 with newest version.

Now i want to use github actions, and after a push is done against master, i want to ssh to the EC2 instance and run the script which pulls the code from Github and restarts PM2 with newest version.

Is it possible to do this? Since in order to SSH i need to use key/pair (PEM) file.

Since the repo is private, from security perspective does it make sense to include the PEM file in the github repo and use it?

If not, what would be the solution to that?

Thanks a lot in advance.

1
node.jsamazon-ec2github-actions
"does it make sense to include the PEM file" This is a huge NO. Do not put private keys in your repo even if it's "private". You have no idea where that data will go. - tadman
Why can't you make a webhook receiver on your application that when poked properly will update and restart the application? This is way safer than allowing GitHub actions to log in and monkey around with your server. - tadman
What would the webhook receiver be hooked to? - AleksandarT
Your application running on EC2. You'll need an endpoint you can poke like /deploy or something, then set up a webhook to that URL and make it only trigger on certain GitHub events. - tadman

1 Answers

0
votes

Ok i found away how to do that, i am using webhook provided by https://github.com/adnanh/webhook
I followed some parts of (adopting them for EC2)
https://medium.com/better-programming/how-to-automatically-deploy-from-github-to-server-using-webhook-79f837dcc4f4
For the go get github.com/adnanh/webhook part, it does not work, so i have to do wget https://github.com/adnanh/webhook/releases/download/2.7.0/webhook-linux-amd64.tar.gz and after that extract it with tar -xvzf webhook-linux-amd64.tar.gz.
This is how the webhook file that can be executed is obtained.