Last active
August 20, 2025 19:20
-
-
Save webaxones/54a9aee13bd9152e900ef30a0fcef3ed to your computer and use it in GitHub Desktop.
GitHub workflow to build a WordPress Bedrock site and deploy it to a shared server using SSH
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This GitHub workflow will build a WordPress Bedrock site and deploy it to a shared server (french one: O2Switch, but URLs can be adapted) using SSH | |
| # Actions secrets are used to store sensitive information: | |
| # - SSH_PRIVATE_KEY: The private key used to authenticate with the remote server | |
| # - REMOTE_HOST: The hostname of the remote server | |
| # - REMOTE_USER: The username used to authenticate with the remote server | |
| # - REMOTE_PROD_TARGET: The path on the remote server where the site will be deployed to | |
| # - REMOTE_PREPROD_TARGET: The path on the remote server where the site will be deployed to | |
| # - URL_ENCODED_PASSWORD: The password used to authenticate with the remote server, URL encoded (e.g. using https://www.urlencoder.org/) | |
| # Workflow triggers on pushes to the develop and master branches: | |
| # - On the develop branch, the site is deployed to the preprod target | |
| # - On the master branch, the site is deployed to the prod target | |
| name: Build and Deploy | |
| on: | |
| push: | |
| branches: [ develop, master ] | |
| jobs: | |
| build-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Install composer dependencies | |
| - id: build-php | |
| name: "Install dependencies" | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: 8.0 | |
| - run: composer install --prefer-dist --no-dev -o | |
| # Get the public IP of the runner | |
| - name: Public IP | |
| id: ip | |
| uses: haythem/[email protected] | |
| # Whitelist the public IP of the runner on the remote server by adding it to the SSH whitelist and wait 65 seconds for the IP to be whitelisted | |
| - shell: bash | |
| run: | | |
| curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php' | fgrep 'index.live.php' | fgrep 'index.live.php?r=remove&address=' | cut -d '"' -f 2 | while read ipToRemove | |
| do | |
| curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/'$ipToRemove > /dev/null 2>&1 | |
| done | |
| curl -X POST \ | |
| -d 'whitelist[address]=${{ steps.ip.outputs.ipv4 }}' \ | |
| -d 'whitelist[port]=22' \ | |
| 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php?r=add' > /dev/null 2>&1 | |
| curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php' | fgrep -q '${{ steps.ip.outputs.ipv4 }}' && echo "IP whitelisted" | |
| sleep 65 | |
| # Deploy the develop branch to the preprod target | |
| - name: 'Deploy on develop branch' | |
| if: ${{ github.ref == 'refs/heads/develop' }} | |
| uses: easingthemes/ssh-deploy@main | |
| with: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| ARGS: "-rlgoDzvc -i --delete-after" | |
| SOURCE: "./" | |
| REMOTE_HOST: ${{ secrets.REMOTE_HOST }} | |
| REMOTE_USER: ${{ secrets.REMOTE_USER }} | |
| TARGET: ${{ secrets.REMOTE_PREPROD_TARGET }} | |
| EXCLUDE: "/dist/, /node_modules/, ./auth.json" | |
| SCRIPT_BEFORE: | | |
| whoami | |
| ls -al | |
| SCRIPT_AFTER: | | |
| whoami | |
| ls -al | |
| echo $RSYNC_STDOUT | |
| # Deploy the master branch to the production target | |
| - name: 'Deploy on master branch' | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| uses: easingthemes/ssh-deploy@main | |
| with: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| ARGS: "-rlgoDzvc -i --delete-after" | |
| SOURCE: "./" | |
| REMOTE_HOST: ${{ secrets.REMOTE_HOST }} | |
| REMOTE_USER: ${{ secrets.REMOTE_USER }} | |
| TARGET: ${{ secrets.REMOTE_PROD_TARGET }} | |
| EXCLUDE: "/dist/, /node_modules/, ./auth.json" | |
| SCRIPT_BEFORE: | | |
| whoami | |
| ls -al | |
| SCRIPT_AFTER: | | |
| whoami | |
| ls -al | |
| echo $RSYNC_STDOUT |
Est-ce qu'il est possible que mon serveur supporte la version avec mot de passe mais pas la version avec token ?
Avec le mot de passe login c'est ok,
Avec le token, j'ai cette réponse :
{
"status": 0,
"messages": null,
"metadata": {},
"data": null,
"errors": [
"Failed to load module “SshWhitelist”: Le système n’a pas pu charger le module « Cpanel::API::SshWhitelist » en raison d’une erreur : Can't locate Cpanel/API/SshWhitelist.pm in @INC (you may need to install the Cpanel::API::SshWhitelist module) (@INC contains: /usr/local/cpanel /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/x86_64-linux /usr/local/cpanel/3rdparty/perl/536/cpanel-lib /usr/local/cpanel/3rdparty/perl/536/lib/x86_64-linux /usr/local/cpanel/3rdparty/perl/536/lib /opt/cpanel/perl5/536/site_lib/x86_64-linux /opt/cpanel/perl5/536/site_lib) at (eval 5) line 1.\nBEGIN failed--compilation aborted at (eval 5) line 1.\n\nThe system failed to load the module “Cpanel::API::SshWhitelist” because of an error: Can't locate Cpanel/API/SshWhitelist.pm in @INC (you may need to install the Cpanel::API::SshWhitelist module) (@INC contains: /usr/local/cpanel /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/x86_64-linux /usr/local/cpanel/3rdparty/perl/536/cpanel-lib /usr/local/cpanel/3rdparty/perl/536/lib/x86_64-linux /usr/local/cpanel/3rdparty/perl/536/lib /opt/cpanel/perl5/536/site_lib/x86_64-linux /opt/cpanel/perl5/536/site_lib) at (eval 5) line 1.\nBEGIN failed--compilation aborted at (eval 5) line 1.\n"
],
"warnings": null
}
@rs459 Ce n'est pas normal, il faudrait contacter le support en fournissant l'identifiant du compte / nom du serveur. Le support regardera.
@madrzejewski effectivement le problème était chez eux, je suis un nouveau client chez O2switch, il existe un lieu dédié pour discuter de ces fonctionnalités ? Là ce qui serait encore plus utile c'est de donner un nom à chaque entrée, pour pouvoir ajouter/retirer programatiquement les entrées pour éviter de retirer/ajouter les entrées déjà présentes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Je viens de déployer la mise à jour de l'outil et j'ai également mis à jour la documentation avec les deux formes d'authentification supportées.
En plus de ça, avec la nouvelle forme d'authentification, il y a une fonction supplémentaire
remove_allqui permet de supprimer toutes les exceptions en une seule fois. Ça permet d'éviter d'itérer sur toutes les adresses IP en liste blanche pour les supprimer pour faire de la place.