Login/Register
Github Workflow Actions And EC2: Error Loading Key Invalid Format
Asked Answered
githubamazon-ec2continuous-integrationgit-workflow
T

1

6

I am trying to set up CI for my nodejs server. I would like to use github actions to ssh into my ec2 instance, where I can then git clone/pull my updated repo.

I can ssh into my ec2 instance on my local machine w no issues. I just do something like: "ssh -i keypar.pem [email protected]" and it connects. However, I can't seem to get a connection working on the worflow/actions script. Here is what I have in my workflow yml file:

name: CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - name: Connect
      env:
        DEPLOY_KEY: ${{ secrets.EC2 }}
      run: |
        eval `ssh-agent`
        ssh-add - <<< "${DEPLOY_KEY}"
        ssh [email protected]

This script gets me the error "Error loading key "(stdin)": invalid format". Also when I look at the deploy key section under repo settings, it says the key has never been used.

(Obviously I would need to install, clone, and perform other steps in addition to what is listed above.)

In summary:

1 how to I fix the invalid format error?

2 how do I load and reference the key pair?

Towardly answered 2/1, 2020 at 17:25 Comment(4)
Hitting the same issue, any updates on this?Fineable
Well, found a solution more or less just after commenting ... using "${{ secrets.DEPLOY_KEY }}" should work, so ignore the env: step in the workflow, grab it directly from "secrets"Fineable
yes that^ seems to work, now just have to resolve the host verification issue errorTowardly
if anyone has an issue with the host verification error after fixing the above issue, you need to make sure the vm spun up by github's ci has your ec2 instance url in its known_hosts file. otherwise the connection is expecting you to type "y" when it connects (I believe). something like this resolved my issue and should work for you: eval ssh-agent mkdir -p ~/.ssh chmod 600 ~/.ssh/id_rsa && chmod 700 ~/.ssh ssh-add - <<< "${{ secrets.DEPLOY_KEY }}" ssh-keyscan -t rsa ec2-111111111.us-east-2.compute.amazonaws.com >> ~/.ssh/known_hosts ssh your-ssh-url-hereTowardly
N
0

There is a better way to perform SSH commands in a EC2:

name: CI
on: [push, pull_request]
jobs:
  # test:
  #   ...
  deploy:
    name: "Deploy to staging"
    runs-on: ubuntu-latest
    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    # needs: test
    steps:
      - name: Configure SSH
        run: |
          mkdir -p ~/.ssh/
          echo "$SSH_KEY" > ~/.ssh/staging.key
          chmod 600 ~/.ssh/staging.key
          cat >>~/.ssh/config <<END
          Host staging
            HostName $SSH_HOST
            User $SSH_USER
            IdentityFile ~/.ssh/staging.key
            StrictHostKeyChecking no
          END
        env:
          SSH_USER: ${{ secrets.STAGING_SSH_USER }}
          SSH_KEY: ${{ secrets.STAGING_SSH_KEY }}
          SSH_HOST: ${{ secrets.STAGING_SSH_HOST }}

      - name: Stop the server
        run: ssh staging 'sudo systemctl stop my-application'

      - name: Check out the source
        run: ssh staging 'cd my-application && git fetch && git reset --hard origin/master'

      - name: Start the server
        if: ${{ always() }}
        run: ssh staging 'sudo systemctl start my-application'

Credit: GitHub Actions: How to run SSH commands (without third-party actions)

Nyctalopia answered 2/12, 2020 at 14:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.