Last updated on August 11, 2024
Some background
- GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production. GitHub Actions goes beyond just DevOps and lets you run workflows when other events happen in your repository. For example, you can run a workflow to automatically add the appropriate labels whenever someone creates a new issue in your repository. GitHub provides Linux, Windows, and macOS virtual machines to run your workflows, or you can host your own self-hosted runners in your own data center or cloud infrastructure.
- On this page, I will guide you create a CICD pipeline with Github to deploy a static html page.
Environment
- A server can reachable from internet. I have apply a new virtual machine from AWS for this test as IP address 13.212.241.115.
- A Github repo, I already create a private for test as https://github.com/kylechenoO/webpage.
Let’s do it!
1. Install apache2 on server
## apt update
root@ip-172-31-45-155:~# apt update
Hit:1 http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu noble InRelease
Get:2 http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Hit:3 http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu noble-backports InRelease
Get:4 http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu noble-updates/main amd64 c-n-f Metadata [5716 B]
Get:5 http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu noble-updates/universe amd64 c-n-f Metadata [12.7 kB]
Hit:6 http://security.ubuntu.com/ubuntu noble-security InRelease
Fetched 145 kB in 1s (234 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
## install apache
root@ip-172-31-45-155:~# apt install apache2 -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser
The following NEW packages will be installed:
apache2
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 90.2 kB of archives.
After this operation, 465 kB of additional disk space will be used.
Get:1 http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu noble-updates/main amd64 apache2 amd64 2.4.58-1ubuntu8.4 [90.2 kB]
Fetched 90.2 kB in 0s (5227 kB/s)
Selecting previously unselected package apache2.
(Reading database ... 123841 files and directories currently installed.)
Preparing to unpack .../apache2_2.4.58-1ubuntu8.4_amd64.deb ...
Unpacking apache2 (2.4.58-1ubuntu8.4) ...
Setting up apache2 (2.4.58-1ubuntu8.4) ...
apache-htcacheclean.service is a disabled or a static unit not running, not starting it.
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for ufw (0.36.2-6) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
## enable/start apache service
root@ip-172-31-45-155:~# systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable apache2
root@ip-172-31-45-155:~# systemctl start apache2
root@ip-172-31-45-155:~# netstat -luntp | grep -i 80
tcp6 0 0 :::80 :::* LISTEN 1802/apache2
- Evaluate via browser
http://13.212.241.115/
- Create a user for deployment
## crate appusr
root@ip-172-31-45-155:~# useradd appusr
## generate random passwd
root@ip-172-31-45-155:~# openssl rand -hex 16
800f3eea936f8c1dd849080bcf759fa8
## set passwd for usr
root@ip-172-31-45-155:~# passwd appusr
New password:
Retype new password:
passwd: password updated successfully
## create and grant prvileges for user home directory
root@ip-172-31-45-155:~# mkdir /home/appusr
root@ip-172-31-45-155:~# chown -R appusr:appusr /home/appusr
2. Grant privileges to appusr as deployment user
## check current /var/www/html permissions
root@ip-172-31-45-155:~# getfacl /var/www/html/
getfacl: Removing leading '/' from absolute path names
# file: var/www/html/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
## set rwx permission for appusr on /var/www/html
root@ip-172-31-45-155:~# setfacl -m u:appusr:rwx /var/www/html/
## review above privileges
root@ip-172-31-45-155:~# getfacl /var/www/html/
getfacl: Removing leading '/' from absolute path names
# file: var/www/html/
# owner: root
# group: root
user::rwx
user:appusr:rwx
group::r-x
mask::rwx
other::r-x
3. Configure on Github repo
https://github.com/kylechenoO/webpage
- Settings -> Secrets and variables -> Actions
Add username, passwd, port
- Actions -> Runners
Copy the Standard GitHub-hosted runners which to run CICD in this project.
Will use ubuntu-latest for sample in this project.
- Create New Workflow
Set up a work flow by yourself
- Input deploy actions inside
Commit & Change
- Run success
Be First to Comment