Deploying with Git Deploy#

This guide demonstrates how to deploy with git-deploy and Semaphore 2.0.

We will cover the following steps to set up git-deploy on Semaphore:

  1. Create a Git Deploy key that allows pushing to your production Git server.
  2. Store the Git Deploy key in a secret on Semaphore.
  3. Create a deployment pipeline and attach the Git Deploy key secret.
  4. Run a deployment from Semaphore and ship your code to production.

For this guide you will need:

Generating a deploy key#

Generate a new SSH key with no passphrase that Semaphore will use to authenticate, as shown below:

$ ssh-keygen -t rsa -b 4096 -C ""
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/admin/.ssh/id_rsa): /Users/admin/.ssh/id_rsa_git_deploy
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/admin/.ssh/id_rsa_git_deploy.
Your public key has been saved in /Users/admin/.ssh/
The key fingerprint is:
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|                 |
|        .        |
|     . . .o      |
| .    o So.+     |
|oo.    o.o=.o.   |
|+.E.    o*o=+.o .|
| =o .. o..*=o=ooo|

Next, make the private key id_rsa_git_deploy available on Semaphore. Also, add the corresponding public key to your server.

Storing the private SSH key in a Semaphore secret#

Create a new Semaphore secret using sem CLI, as shown below:

sem create secret demo-git-deploy \
 --file /Users/admin/.ssh/id_rsa_git_deploy:/home/semaphore/.ssh/id_rsa_git_deploy
Secret 'demo-git-deploy' created.

You can verify the existence of your new secret, as shown below:

sem get secrets
NAME             AGE
demo-git-deploy   1m

You can also verify the content of your secret, as shown below:

admin $ sem get secret demo-git-deploy
apiVersion: v1beta
kind: Secret
  name: demo-git-deploy
  id: 2cd33f3f-4cb2-4457-bd33-7f05f5b134ca
  create_time: "1589370175"
  update_time: "1589370175"
  env_vars: []
  - path: /home/semaphore/.ssh/id_rsa_git_deploy
    content: LS0tLS1CRUdJTiBPUEVOU1N...

The content of secrets is base64-encoded. The file will be mounted in Semaphore jobs in the specified path.

Adding the public key to your server#

Copy the content of the public key to your server's user ~/.authorized_keys file.

Defining the deployment pipeline#

The last step is to define our git-deploy.yml pipeline, as shown below:

# .semaphore/git-deploy.yml
version: v1.0
name: Git deploy
    type: e1-standard-2
    os_image: ubuntu2004

  - name: Deploy
      # Mounting the secret with the private SSH key ~/.ssh/id_rsa_git_deploy.
        - name: demo-git-deploy
        - name: GIT_REMOTE
      - name: Push code
          - checkout
          # Using `ssh-keyscan` you specify that is a trusted domain
          # and bypass an interactive confirmation step that would block the job.
          - ssh-keyscan -H >> ~/.ssh/known_hosts
          - chmod 600 ~/.ssh/id_rsa_git_deploy
          # Adding the private SSH key to the local SSH agent so it will be available while executing Git push.
          - ssh-add ~/.ssh/id_rsa_git_deploy
          - git remote add production $GIT_REMOTE
          # Using force-push ensures you can deploy any amended Git branch without issues.
          - git push -f production $SEMAPHORE_GIT_BRANCH:master

Running your first git-deploy production deployment#

Push a new commit on any branch and open Semaphore to watch the new workflow run. You should see the Promote button next to your initial pipeline. Click on the button to launch the deployment and open the Push code job to observe the output.

Next steps#

Congratulations! You have automated the deployment of your application using Git Deploy.

Here’s some more recommended reading: - Explore the promotions reference to learn more about which options you have available when designing delivery pipelines on Semaphore. - Set up a deployment dashboard to keep track of your team's activities.