Use .ssh/config to setup SSH proxy jump #56
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| push: | |
| branches: [master, bug/cd-fixes] | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: xsnippet.org | |
| url: https://xsnippet.org | |
| concurrency: xsnippet.org | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Ansible | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install --upgrade ansible | |
| ansible-galaxy collection install --force ansible.posix | |
| ansible-galaxy collection install --force community.postgresql | |
| - name: Setup a deployment SSH key | |
| env: | |
| DEPLOYMENT_SSH_KEY_PATH: ${{ runner.temp }}/id_ed25519 | |
| run: | | |
| echo "${{ secrets.DEPLOYMENT_SSH_KEY }}" > $DEPLOYMENT_SSH_KEY_PATH | |
| chmod 0600 $DEPLOYMENT_SSH_KEY_PATH | |
| echo "uri=$DEPLOYMENT_SSH_KEY_PATH" >> $GITHUB_OUTPUT | |
| id: ssh-key | |
| - name: Deploy to production | |
| run: | | |
| # Ensure that servers we're deploying to are known. Otherwise, | |
| # Ansible may fail with host key verification error. | |
| mkdir -p ~/.ssh && echo "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts | |
| cat <<EOF > ~/.ssh/config | |
| Host _jumphost | |
| User bunny | |
| HostName hoth.kalnytskyi.com | |
| IdentityFile ${{ steps.ssh-key.outputs.uri }} | |
| Host xsnippet.org | |
| HostName 2a02:8084:4:e480:244a:d5a5:ac59:617d | |
| ProxyJump _jumphost | |
| IdentityFile ${{ steps.ssh-key.outputs.uri }} | |
| EOF | |
| ansible-playbook \ | |
| -vv \ | |
| -e goaccess_basicauth_password="${{ secrets.GOACCESS_PASSWORD }}" \ | |
| --inventory inventories/production \ | |
| site.yml |