AIM
This workflow will run whenever you push to the main branch, SSH into the host using your secret credentials, and run a command or script in this case make update.
Add Your SSH Private Key to GitHub Secrets
You need a private key GitHub Actions can use to SSH into your server.
🔐 On your local machine:
Generate an SSH key pair (if you don’t already have one for this purpose):
ssh-keygen -t ed25519 -C "github-action" -f ./github_action_ssh_keyYou’ll get:
- github_action_ssh_key (private key)
- github_action_ssh_key.pub (public key)
On your server:
Add the public key to ~/.ssh/authorized_keys for the user you’ll SSH as:
cat github_action_ssh_key.pub >> ~/.ssh/authorized_keysEnsure the permissions are correct:
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.sshIn your GitHub repo:
Go to Settings → Secrets and variables → Actions → New repository secret and add:
- SSH_PRIVATE_KEY → contents of github_action_ssh_key
- SSH_HOST → e.g. your.server.com or its IP address
- SSH_USER → e.g. ubuntu
Create the GitHub Action
In your repo, add this workflow:
.github/workflows/ssh-deploy.yml
name: SSH Deploy
on:
push:
branches:
- main # or any branch you want
jobs:
remote-make-update:
runs-on: ubuntu-latest
steps:
- name: Set up SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
- name: SSH and run make update
run: |
ssh -i ~/.ssh/id_ed25519 ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} 'make update'✅ Done!
This workflow will run whenever you push to the main branch, SSH into the host using your secret credentials, and run make update.