miloserdow / capistrano-deploy Goto Github PK

View Code? Open in Web Editor NEW

127.0 127.0 43.0 1 MB

Github Actions for Capistrano

License: MIT License

JavaScript 100.00%

capistrano deployment-automation github-action github-actions

capistrano-deploy's People

Contributors

Stargazers

Watchers

Forkers

oakda-review-bot seuros tvdeyen gencer felipecsl r2d2rogers maniacs-oss rohit-lingayat-sd karolsojko kaspernj davertmik emmanuelsw iqthink tartle-co mjkim benpickles sulmanweb ak15 swipswaps coderpush ihassin cassiompf rahul100885 divtel fuelistinc cloudsbird alexskr silsync mundra-ankur bettysteger nd2go dibblycom wearefine nasrulgunawan vivektiwary kevinluo201 testomatio samholst alexandrule infotechrg fernandoaleman

capistrano-deploy's Issues

missing gems to work with new key encryption type

After 0d78e2d
I was getting errors about failed authentication via key

net-ssh-7.0.1/lib/net/ssh/authentication/ed[25](https://github.com/novozhenets/trackfolio-backend/runs/7365266070?check_suite_focus=true#step:4:26)519_loader.rb:19:in `raiseUnlessLoaded': OpenSSH keys only supported if ED25519 is available (NotImplementedError)
net-ssh requires the following gems for ed25519 support:
 * ed25519 (>= 1.2, < 2.0)
 * bcrypt_pbkdf (>= 1.0, < 2.0)

Issue is described here net-ssh/net-ssh#565

This should probably be added to README, it took me quite some time to figure this out

[Bug?] Error message "Valid ciphername values:"

I'm trying to encrypt my local key using the provided options and I get an error on macos Monterey. Not sure if I'm doing something wrong

Node.js 12 actions are deprecated

Hello, I have deprecation notice

Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: miloserdow/capistrano-***

working-directory not operational

I have rails code in api folder.

- uses: miloserdow/capistrano-deploy@v2
        with:
          working-directory: ./api
          target: staging
          deploy_key: ${{ secrets.DEPLOY_ENC_KEY }}

Error coming is:

Could not locate Gemfile
##[error]Error: The process 'bundle' failed with exit code 10

Bundle install is not using cached bundle

The README shows a cache step before the deployment runs where the bundle is vendored to vendor/bundle

The bundle install command here does not have the --path argument set to vendor/bundle therefore causing the cache to not be used at all (and a fresh bundle is installed on every deploy - taking minutes++)

Before I submit a PR was wondering if this was an oversight or am I missing a config setting somewhere?

Private key cannot have a passphrase

If the key generated with ssh-keygen has a passphrase set, later running ssh-add will require the passphrase with a terminal prompt which cannot be fulfilled during the workflow run, causing it to get stuck indefinitely.
I could not find a way to provide the passphrase to ssh-add via command line so, to avoid confusion, I'd suggest just adding that as a disclaimer to the project readme, so people don't get tripped on that in the future.
Thoughts?

Deploying hangs

Deploying hangs on step /usr/bin/ssh-add config/deploy_id_rsa

No matter how long I will be waiting this process is infinity, also nothing is happen in server project folder.

Unable to locate executable file: bundle.

Hi @miloserdow, I've setup my capistrano but not in ruby project, i use in my react project. is it possible use for non ruby project?
When i use this action in my react project i got error
Error: Error: Unable to locate executable file: bundle. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.

Thank u

Remove node_modules from the repository, if possible

Probably need to update package.json and run npm install at some point.

Can't decrypt key: deprecated key derivation used.

I couldn't make step 4 work:

openssl enc -aes-256-cbc -md sha512 -salt -in id_rsa -out deploy_id_rsa_enc -k PASSWORD -a 
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

It does create the encrypted file but doesn't ask to enter a password though.

When I run the job It fails with this error:

Error: No deploy key given
/usr/bin/openssl version
OpenSSL 1.1.1f  31 Mar 2020
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/deploy_id_rsa_enc -out config/deploy_id_rsa -k  -a
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140220230804800:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
Error: Error: The process '/usr/bin/openssl' failed with exit code 1

Any suggestion how to overcome this?

Ruby version mismatch

Hi! I'm really interested in using this deploy action, but I can't figure out how to get around this error:

Your Ruby version is 2.5.1, but your Gemfile specified 2.4.0
##[error]Error: The process 'sudo' failed with exit code 18
##[error]Node run failed with exit code 1

Is there a way to specify what Ruby version to use for the deploy?

How to setup secrets on repository?

Save the password used in step 4 as a secret in repository settings via Settings / Secrets / Add

I am not a author of repository ( But I can contribute ), where is this settings of repository ? May be general settings https://github.com/settings/keys ?

Problem using custom working directory

Hello,

Thanks for this project.
there seems to be a problem checking if enc_rsa_key_pth exists if a custom working directory is set.

if (!fs.existsSync(enc_rsa_key_pth) && !enc_rsa_key_val) {
    core.setFailed('Encrypted RSA private key file or value does not exist.');
}

Here we can see that we omit the custom working directory and obviously set a failed message.
But then, in the decrypt_key function, everything is working correctly taking into account the custom working dir.
But the initial setFailed call, make my CI failed

Am I missing something here ?

Thanks

Regression: Encrypted RSA private key file or value does not exist.

I'm getting the message above even though the deployment seems to complete successfully.
Github ends up marking the workflow as failed though. It seems to be an issue with working-directory, that's my first guess.
I'll poke around a bit
Action version 2.2

Major version tag (v2) does not point to current release (v2.2)

Thanks for your work on this action!

The GitHub Actions documentation has this recommendation:

Move the major version tag (such as v1, v2) to point to the Git ref of the current release.

Is it possible for you to move the v2 tag?

Authentication failed

Hi,

I'm trying to switch to latest version and ed25519 cypher key, but in two different repositories action fails to connect to server. With old keys everything works.

Steps:

ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
cat ~/.ssh/id_ed25519.pub #add to deploy keys
openssl enc -aes-256-cbc -md sha512 -salt -in ~/.ssh/id_ed25519 -out deploy_id_ed25519_enc -k "PASSWORD" -a -pbkdf2 #used PASSWORD for testing
cat deploy_id_ed25519_enc #added to repository
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Result:

/opt/hostedtoolcache/Ruby/2.6.10/x64/bin/bundle exec cap staging deploy
00:00 git:wrapper
      01 mkdir -p /tmp/Mod24_Blog/

...

cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as [email protected]: Authentication failed for user [email protected]


Caused by:
Net::SSH::AuthenticationFailed: Authentication failed for user [email protected]

My YAML:

...
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/[email protected]
    - name: Set up Ruby
      uses: ruby/[email protected]
      with:
        ruby-version: 2.6
        bundler-cache: true
    - uses: miloserdow/capistrano-deploy@master
      with:
        target: staging
        enc_rsa_key_pth: 'config/deploy/keys/deploy_staging_enc'
        deploy_key: ${{ secrets.TEST_DEPLOY_KEY }}

Is there something else that needs to be changed? Any ideas?

BUNDLE_GEMFILE env variable support

I like to keep a separate Gemfile for deployment with cap, is there a way i can specify a Gemfile e.g. Gemfile.deploy to be used when running bundle exec cap <target> deploy via the github action? or a group to be used from the default Gemfile?

Warning: The `set-env` command is deprecated and will be disabled soon

When running this action I get a warning:

Warning: The set-env command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

Not sure if it's only my setup, or a general problem with action or some of dependancies.

Rollback capability

Hello, I was wondering if it's easy to add support for rollback capability, i.e. if the commit message includes 'rollback' then cap deploy:rollback, or even support ROLLBACK_RELEASE.

fatal: Could not read from remote repository. when deploy

hi, I have encountered a problem when I just deploy my repo with GitHub action.
I have no idea what the problem probably is. Hope somebody can discuss with me.
really appreciate it.

refer log below:

00:53 bundler:install
      01 RBENV_ROOT=/usr/local/rbenv RBENV_VERSION=2.4.2 /usr/local/rbenv/bin/rbenv exec bundle install --path /home/apps/MyApp/shared/bundle --without development test --deployment --quiet
      01 ERROR: Repository not found.
      01 fatal: Could not read from remote repository.
      01 
      01 Please make sure you have the correct access rights
      01 and the repository exists.
      01 ERROR: Repository not found.
      01 fatal: Could not read from remote repository.

My guess is there are private gems in my repo.
Before deploy, I need to set up my ruby app first, I already handled about private gems with setting ssh-keys
Also, I need bundle install my app before deploy, and already pass it.
I thought I should already have enough permission about private gems.
Can't understand about no access rights here.

Capistrano commands fail with bad authentication

I am trying to get this action to work but am having an issue.
This is running on a self hosted worker.
Once i get it to setup and run it fails on the capistrano commands as bad authentication, but the access keys are being decrypted, setup and connected to the agent properly as I can ssh in to the target deployment box without issue from the runner box.

Run miloserdow/capistrano-deploy@master
  with:
    target: production
    deploy_key: ***
    enc_rsa_key_pth: config/power@deploy_enc
    capistrano_commands: ["deploy"]
/usr/bin/openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/power@deploy_enc -out config/deploy_id_rsa -k *** -a -pbkdf2
/usr/bin/chmod 0600 config/deploy_id_rsa
/usr/bin/ssh-agent -a /tmp/ssh-auth.sock
SSH_AUTH_SOCK=/tmp/ssh-auth.sock; export SSH_AUTH_SOCK;
SSH_AGENT_PID=78309; export SSH_AGENT_PID;
echo Agent pid 78309;
/usr/bin/ssh-add config/deploy_id_rsa
Identity added: config/deploy_id_rsa (power@deploy)
/home/rails/actions-runner/_work/_tool/Ruby/3.1.4/arm64/bin/bundle exec cap production deploy
#<Thread:0x0000ffff9231efb0 /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:10 run> terminated with exception (report_on_exception is true):
/home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:15:in `rescue in block (2 levels) in execute': Exception while executing as rails@[deploy-target-ip]: Authentication failed for user rails@[deploy-target-ip] (SSHKit::Runner::ExecuteError)
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:11:in `block (2 levels) in execute'
/home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/net-ssh-7.2.0/lib/net/ssh.rb:273:in `start': Authentication failed for user rails@[deploy-target-ip] (Net::SSH::AuthenticationFailed)
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/connection_pool.rb:63:in `call'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/connection_pool.rb:63:in `with'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/netssh.rb:177:in `with_ssh'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/netssh.rb:130:in `execute_command'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:148:in `block in create_command_and_execute'
	from <internal:kernel>:90:in `tap'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:148:in `create_command_and_execute'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:61:in `test'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/capistrano-rbenv-install-1.2.0/lib/capistrano/tasks/rbenv_install.rake:17:in `block (3 levels) in <top (required)>'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:31:in `instance_exec'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:31:in `run'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute'
(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as rails@[deploy-target-ip]: Authentication failed for user rails@[deploy-target-ip]

I have connected to the instance and confirmed that the agent is running, and I can ssh to the target box without supplying the additional options for the ssh key.

Workflow fails with error in /tmp/ssh-auth.sock after 2 or more runs in Github Actions

I encountered an error when running a GitHub Actions workflow, as detailed below:

/usr/bin/openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/deploy_id_rsa_enc -out config/deploy_id_rsa -k *** -a -pbkdf2
/usr/bin/chmod 0600 config/deploy_id_rsa
/usr/bin/ssh-agent -a /tmp/ssh-auth.sock
unix_listener: cannot bind to path /tmp/ssh-auth.sock: Address already in use
Error: Error: The process '/usr/bin/ssh-agent' failed with exit code 1

The workflow configuration is as follows:

name: Continuous Deployment

on:
  push:

env:
  RUBY_VERSION: 2.6.2

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Wait in-flight Deployment
        uses: softprops/turnstyle@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          abort-after-seconds: 3600

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ env.RUBY_VERSION }}
          bundler-cache: true

      - name: Deploy Check
        uses: miloserdow/capistrano-deploy@master
        with:
          target: Test
          deploy_key: ${{ secrets.DEPLOY_KEY }}
          enc_rsa_key_val: ${{ secrets.ENC_RSA_KEY_VAL }}
          capistrano_commands: '["deploy:check"]'

      - name: Deploy
        uses: miloserdow/capistrano-deploy@master
        with:
          target: Test
          deploy_key: ${{ secrets.DEPLOY_KEY }}
          enc_rsa_key_val: ${{ secrets.ENC_RSA_KEY_VAL }}

Is it necessary to explicitly delete /tmp/ssh-auth.sock? It would be helpful if this could be mentioned in the README or made configurable via the with clause.

bad decrypt error message on Deployment

Deployment was working fine , but suddenly today i started getting this message, any idea what's happening or why I'm getting this error?

/usr/bin/openssl version
OpenSSL 1.1.1 11 Sep 2018
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/deploy/production_deploy_key -out config/deploy_id_rsa -k *** -a -pbkdf2
bad decrypt
140322642260416:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:564:
Error: Error: The process '/usr/bin/openssl' failed with exit code 1

Net::SSH::ConnectionTimeout: Net::SSH::ConnectionTimeout

hi, guys

I just encountered some problems here.
I have no idea about this, hope somebody can give me advices, really appreciate it!

log refer below:

Run miloserdow/capistrano-deploy@master
/opt/hostedtoolcache/Ruby/2.4.2/x64/bin/bundle exec cap staging deploy
[Deprecation Notice] `set :scm, :git` is deprecated.
To ensure your project is compatible with future versions of Capistrano,
remove the :scm setting and instead add these lines to your Capfile after
`require "capistrano/deploy"`:

    require "capistrano/scm/git"
    install_plugin Capistrano::SCM::Git

(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing on host MYHOST: Net::SSH::ConnectionTimeout


Caused by:
Net::SSH::ConnectionTimeout: Net::SSH::ConnectionTimeout


Caused by:
Errno::ETIMEDOUT: Connection timed out - connect(2) for MYIP 

Tasks: TOP => rbenv:validate
(See full trace by running task with --trace)
Error: Error: The process '/opt/hostedtoolcache/Ruby/2.4.2/x64/bin/bundle' failed with exit code 1

Pass Host Attribute

I've 2 staging servers. Both are having same SSH keys, but different domains.

For Example:
develop.host.com
release.host.com:

I setup all the instruction explained in the Workflow example for release.host.com but script is going to the other server develop.host.com and giving the following error.

SSHKit::Runner::ExecuteError: Exception while executing on host develop.host.com: Inappropriate ioctl for device
** DEPLOY FAILED
** Refer to log/capistrano.log for details. Here are the last 20 lines:
** Logfile created on 2020-11-22 09:07:23 +0000 by logger.rb/61378
** INFO ---------------------------------------------------------------------------
** INFO START 2020-11-22 09:07:23 +0000 cap staging deploy
** INFO ---------------------------------------------------------------------------
** INFO [c6df5283] Running /usr/bin/env mkdir -p /tmp on develop.host.com
** DEBUG [c6df5283] Command: /usr/bin/env mkdir -p /tmp
** No api key set, not submitting to Datadog
**Error: Error: The process '/opt/hostedtoolcache/Ruby/2.5.3/x64/bin/bundle' failed with exit code 1

How I can fix this, if i don't want to modify the SSH keys ? Can I pass Host params in the script to identify the target host ?

##[error]Error: The process 'sudo' failed with exit code 1

I am getting this error in your code.

sudo bundle install --deployment
/usr/lib/ruby/2.5.0/rubygems.rb:289:in `find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundle (Gem::GemNotFoundException)
	from /usr/lib/ruby/2.5.0/rubygems.rb:308:in `activate_bin_path'
	from /usr/local/bin/bundle:23:in `<main>'
##[error]Error: The process 'sudo' failed with exit code 1
##[error]Node run failed with exit code 1

Deploy on workflow_dispatch

The deploy is made only from master branch, is there a way to set the branch?