将项目从GitLab迁移到GitHub -> CI/CD

huangapple go评论77阅读模式
英文:

transfer project from gitlab to github -> ci/cd

问题

我正在将一个项目从GitLab迁移到GitHub,我可以执行拉取和推送等操作,唯一无法使其正常工作的是CI/CD。

在GitLab中,我有一个.gitlab-ci.yml文件,内容如下:

image: kroniak/ssh-client

stages:
  - deploy

deploy_azure:
  stage: deploy
  only:
    - main
  retry: 1
  before_script:
    - eval $(ssh-agent -s)
    - echo "$SSH_AZURE_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan -p<port> -t rsa <host> >> ~/.ssh/known_hosts
    - echo "Host <host>" >> ~/.ssh/config
    - echo "    ForwardAgent yes" >> ~/.ssh/config
    - cat ~/.ssh/config
  script:
    - ssh -p<port> <user>@<host> "<command>"

我想在GitHub上执行类似的操作,我找到了appleboy/ssh-action@v0.1.10,文件如下:

name: Node.js CD

# 控制操作何时运行。
on:
  # 仅在主分支上推送或拉取请求事件时触发工作流程
  push:
    branches: [ "main" ]

# 工作流程由一个或多个作业组成,可以按顺序或并行运行
jobs:
  # 此工作流包含一个名为“build”的作业
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - name: 执行远程SSH命令(使用密码)
      uses: appleboy/ssh-action@v0.1.10
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.PRIVATE_KEY }}
        password: ''
        port: <port>
        script: <command>

但我无法使其工作,总是出现超时错误。我甚至在我的服务器上生成了一个新的SSH密钥,命名为id_rsa_github(当然还有.id_rsa.pub),将.pub添加到authorized_keys文件中,多次验证了GitHub中的变量(secrets),我没有密码,我整天都在尝试解决这个问题,但找不到有效的解决方法,如果有人有任何想法,请告诉我。提前感谢。

英文:

I am transfering a project from gitlab to github, I can pull and push etc, the only thing I can't make work is the ci/cd,

in gitlab I have a .gitlab-ci.yml file like

image: kroniak/ssh-client

stages:
  - deploy

deploy_azure:
  stage: deploy
  only:
    - main
  retry: 1
  before_script:
    - eval $(ssh-agent -s)
    - echo &quot;$SSH_AZURE_PRIVATE_KEY&quot; | tr -d &#39;\r&#39; | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan -p&lt;port&gt; -t rsa &lt;host&gt; &gt;&gt; ~/.ssh/known_hosts
    - echo &quot;Host &lt;host&gt;&quot; &gt;&gt; ~/.ssh/config
    - echo &quot;    ForwardAgent yes&quot; &gt;&gt; ~/.ssh/config
    - cat ~/.ssh/config
  script:
    - ssh -p&lt;port&gt; &lt;user&gt;@&lt;host&gt; &quot;&lt;command&gt;&quot;

I wanted to do something similar on github and I found appleboy/ssh-action@v0.1.10, file looks like

name: Node.js CD

# Controls when the action will run. 
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    branches: [ &quot;main&quot; ]

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called &quot;build&quot;
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - name: executing remote ssh commands using password
      uses: appleboy/ssh-action@v0.1.10
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.PRIVATE_KEY }}
        password: &#39;&#39;
        port: &lt;port&gt;
        script: &lt;command&gt;

but I can't make it work, I always have timeout error
I even made a new ssh key in my server and named it id_rsa_github (with the .pub of course), I added the .pub into authorized_keys file, verified multiple time my variables in github (secrets), I don't have a password, I tried all day to do this but I can't find anything that works so if someone has any ideas pls let me know.
Thanks in advance

答案1

得分: 1

我会首先检查您服务器上的SSH日志,以查看连接被拒绝的原因是否有更多信息。在大多数Linux系统上,您可以使用命令sudo tail /var/log/auth.log来检查日志。

如果没有找到问题,您可以在GitHub流水线中添加一个检查,以确保您的服务器可以从GitHub流水线服务器访问:

您可以使用ncnetcat)命令,这是一个更强大的网络工具,可用于检查TCP和UDP连接。以下是您可能在GitHub Actions工作流中如何使用它的示例:

jobs:
  check-ssh:
    runs-on: ubuntu-latest
    steps:
    - name: Check SSH connection
      run: nc -vz ${{ secrets.HOST }} 22

此命令尝试在指定的主机上的端口22(SSH的默认端口)上建立连接。-v标志告诉nc在详细模式下操作,-z标志告诉它仅扫描监听的守护进程,而不发送任何数据。

如果连接成功,此步骤将顺利完成。如果连接失败,此步骤将失败,您的工作流将停止。

请将${{ secrets.HOST }}替换为您实际的服务器IP地址或域名,或者如果您已将主机信息存储在GitHub secrets中,则保留它。


我看到您的GitLab流水线使用了一个~/.ssh/config文件,并具有ForwardAgent yes选项,这意味着您正在将您的SSH代理转发到远程主机。这允许您使用本地SSH密钥来验证从远程主机与其他服务器进行身份验证,而无需将私钥存储在远程服务器上。

正如appleboy/ssh-action问题13PR 15所示,appleboy/ssh-action也支持ForwardAgent,但在您的情况下,您可能不需要它。

如果您仍然遇到问题,您可以尝试使用不同的GitHub Actions来处理SSH。例如,您可以尝试使用webfactory/ssh-agent@v0.7.0,这是另一个常用的选择。

英文:

I would first check the SSH logs on your server to see if there is more information about why the connection is being refused. On most Linux systems, you can check the logs with the command sudo tail /var/log/auth.log.

If there is nothing, add in your GitHub pipeline a check to ensure your server is reachable from said GitHub pipeline server:

You can use the nc (netcat) command, which is a much more powerful networking tool and can be used to check both TCP and UDP connections. Here is an example of how you might use it in a GitHub Actions workflow:

jobs:
  check-ssh:
    runs-on: ubuntu-latest
    steps:
    - name: Check SSH connection
      run: nc -vz ${{ secrets.HOST }} 22

This command attempts to open a connection to the specified host on port 22 (the default port for SSH). The -v flag tells nc to operate in verbose mode, and the -z flag tells it to just scan for listening daemons, without sending any data.

If the connection is successful, this step will complete without errors. If the connection fails, this step will fail and your workflow will stop.

Do replace ${{ secrets.HOST }} with your actual server's IP address or domain name, or keep it if you have stored the host information in your GitHub secrets.


I see your GitLab pipeline uses a ~/.ssh/config with a ForwardAgent yes option, which means that you are forwarding your SSH agent to your remote host. This allows you to use your local SSH key to authenticate with other servers from the remote host, without having to store your private keys on the remote server.

As illustrated by appleboy/ssh-action issue 13 and PR 15, appleboy/ssh-action also supports ForwardAgent but you should not need it in your case.

If you are still having trouble, you might want to try a different GitHub action for SSH. For example, you could try using webfactory/ssh-agent@v0.7.0, which is another popular choice.

huangapple
  • 本文由 发表于 2023年6月8日 23:28:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/76433469.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定