Deploying with Git Deploy#
This guide demonstrates how to deploy with git-deploy.
We will cover these steps to set up git-deploy on Semaphore:
- Create a Git Deploy key that allows pushing to your production Git server.
- Store the Git Deploy key in a Secret on Semaphore.
- Create a deployment pipeline, and attach the Git Deploy key secret.
- Run a deployment from Semaphore, and ship your code to production.
For this guide you will need:
- A working Semaphore project with a basic CI pipeline. You can use one of the documented use cases or language guides as a starting point.
- Basic familiarity with Git and SSH.
Generate a deploy key#
Generate a new SSH key with no passphrase that Semaphore will use to authenticate:
$ ssh-keygen -t rsa -b 4096 -C "email@example.com" Generating public/private rsa key pair. Enter file in which to save the key (/Users/admin/.ssh/id_rsa): /Users/admin/.ssh/id_rsa_git_deploy Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/admin/.ssh/id_rsa_git_deploy. Your public key has been saved in /Users/admin/.ssh/id_rsa_git_deploy.pub. The key fingerprint is: SHA256:JlwvP69Nyee12w6ON0hI8w6mB+1sqWHKK4A2nua9Dng firstname.lastname@example.org The key's randomart image is: +---[RSA 4096]----+ | | | | | . | | . . .o | | . o So.+ | |oo. o.o=.o. | |+.E. o*o=+.o .| | =o .. o..*=o=ooo| |o..+..+..+..+.o=+| +----[SHA256]-----+
Next, make the private key
id_rsa_git_deploy available on Semaphore.
Also, add the corresponding public key
id_rsa_git_deploy.pub to your server.
Store the private SSH key in a Semaphore secret#
sem create secret demo-git-deploy \ --file /Users/admin/.ssh/id_rsa_git_deploy:/home/semaphore/.ssh/id_rsa_git_deploy Secret 'demo-git-deploy' created.
You can verify the existence of your new secret:
sem get secrets NAME AGE demo-git-deploy 1m
You can also verify the content of your secret:
admin $ sem get secret demo-git-deploy apiVersion: v1beta kind: Secret metadata: name: demo-git-deploy id: 2cd33f3f-4cb2-4457-bd33-7f05f5b134ca create_time: "1589370175" update_time: "1589370175" data: env_vars:  files: - path: /home/semaphore/.ssh/id_rsa_git_deploy content: LS0tLS1CRUdJTiBPUEVOU1N...
The content of secrets is base64-encoded. You can see the file will be mounted in Semaphore jobs on the specified path.
Add the public key to your server#
Copy the content of the public key
id_rsa_git_deploy.pub to your server's user
Define the deployment pipeline#
The last step will be to define our
# .semaphore/git-deploy.yml version: v1.0 name: Git deploy agent: machine: type: e1-standard-2 os_image: ubuntu1804 blocks: - name: Deploy task: # Mounting the secret with the private SSH key ~/.ssh/id_rsa_git_deploy. secrets: - name: demo-git-deploy env_vars: - name: GIT_REMOTE value: email@example.com:/apps/myapp/current jobs: - name: Push code commands: - checkout # Using `ssh-keyscan` you specify that your-server.com is a trusted domain # and bypass an interactive confirmation step that would block the job. - ssh-keyscan -H your-server.com >> ~/.ssh/known_hosts - chmod 600 ~/.ssh/id_rsa_git_deploy # Adding the private SSH key to the local SSH agent so it will be available while executing Git push. - ssh-add ~/.ssh/id_rsa_git_deploy - git remote add production $GIT_REMOTE # Using force-push ensures you can deploy any amended Git branch without issues. - git push -f production $SEMAPHORE_GIT_BRANCH:master
Run your first git-deploy production deployment#
Push a new commit on any branch and open Semaphore to watch a new workflow run.
You should see the
Promote button next to your initial pipeline.
Click on the button to launch the deployment, and open the
Push code job to observe the output.
Congratulations! You have automated deployment of your application using Git Deploy. Here’s some recommended reading: