Today I will talk about GitHub Actions. This feature of GitHub helps you to create CI/CD pipeline for your repository.
First, I will give brief information. Then, I will move on to details of accessing servers that can be connected via VPN.
GitHub Action
This is a feature of GitHub that helps you to create CI/CD pipelines. You can find the documentation of it by using this link.
In simple, I can explain it to you like this. When a programmer pushes something to the repository, there might be an error whose test is missed by the programmer. Or, you want to deploy the new version of the repository to your server immediately and save an amount of time that is usually wasted to update files in the server. Or, you may want to create a more dynamic workspace for your developers to speed up!
These problems can be solved by using GitHub Actions. Also, there are some other options. Jenkins is one of the best options for this operation. You may want to take a look at it.
Connecting to VPN
I know that you have some information about GitHub Action. So, I cut it short.
Let’s move on to some real deals…
If you want to access your VPN server by using GitHub Action, you need to give some information to GitHub. Save those pieces of information on your secrets. This is very important because they are really important. If you make them secret, no one will find out about them.
List of needed secrects
VPN_USERNAME : VPN user name
VPN_PASSWORD : VPN password
USER_KEY : <key> Inside .ovpn file just
here is the user key do not take “<key></key>”
</key>
SERVER_HOST : IP address of server for SSH connection
SERVER_USERNAME : username for SSH
SSH_PRIVATE_KEY : classic ssh key for GitHub which is created inside of server you want to access
You can find your user key inside the .ovpn file. After saving these components to your repository as a secret. We can move on next step.
Save your client.ovpn file inside .github/workflows directory .ovpn file name can vary, you can change it if you want. You may think that could be a security problem. In my opinion, If you want to access a private server by using GitHub Action, this means that you are working inside of a private repository. And collaborators can see this kind of thinks, it is a team. If you want to make it more secure, of course, there are some ways to do it. You can save all components of your .ovpn file as a secret, then give them to the .yml file.
First part of main.yml :
name: GitHub Action
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install OpenVPN
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
- name: Connect to VPN
uses: "kota65535/github-openvpn-connect-action@v2"
with:
config_file: .github/workflows/client.ovpn
username: ${{ secrets.OVPN_USERNAME }}
password: ${{ secrets.OVPN_PASSWORD }}
client_key: ${{ secrets.USER_KEY }}To access VPN I used kota65535/github-openvpn-connect-action@v2, I saved the link, check it if you want.
If your credentials are true, this will connect to your VPN. It will run in background.
Now we have to connect server with SSH :
- name: Use SSH
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
cd go/to/directory
git pull
To access server with SSH I used appleboy/ssh-action@master. Again, I added link for you to check it out.
Full Code :
name: GitHub Action
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install OpenVPN
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
- name: Connect to VPN
uses: "kota65535/github-openvpn-connect-action@v2"
with:
config_file: .github/workflows/client.ovpn
username: ${{ secrets.OVPN_USERNAME }}
password: ${{ secrets.OVPN_PASSWORD }}
client_key: ${{ secrets.USER_KEY }}
- name: Use SSH
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
cd go/to/directory
git pullNote :
If your VPN’s password is changing always for high security, this .yml file will not help you to automate. Your solution will be different from this. This is just for static passwords.
Thank you for reading.
