Skip to main content

GitHub

This page provides information on how GitHub access is implemented.

Using Deployment Keys

Deployment Keys are used to access GitHub repositories. Deployment Keys are designed specifically for use on application servers (e.g. development VM, production VM). This allows commands like git pull origin main to run smoothly while working directly on your application VMs. A Deployment Key only gives access to the specific repository and should not be reused in other applications or branches. You should create a separate Deployment Key for each repository and add it from the repository settings.

Steps to Add a Deployment Key

  1. Create a new SSH key on your local machine or on the bastion host: 
    ssh-keygen -t rsa -b 4096 -C "github-access" -f ~/.ssh/github-deploy-key
  2. Copy the contents of the generated github-deploy-key.pub file.
  3. Go to the relevant repository on GitHub and click on Settings > Deploy keys.
  4. Click the Add deploy key button, enter a title, and paste the public key (the contents of the file).
  5. If needed, check the Allow write access option.

SSH Connection Settings for GitHub Actions (CI/CD)

To access application servers from GitHub Actions, access must be made through the bastion host. The SSH connection settings for the application servers are configured as follows:

The ~/.ssh/config file on the bastion host should be set up as shown below. This configuration must be done directly on the bastion host, not on the application servers.

SSH config for the Bastion Host:

# For dev app (GitHub Actions VM CI/CD)
Host dev_app
    HostName 10.0.6.4
    User app-dev-user
    IdentityFile /home/wastelog-bastion/.ssh/wastelog-bastion.pem
    StrictHostKeyChecking no

# For prod app (GitHub Actions VM CI/CD)
Host prod_app
    HostName 10.0.7.4
    User app-prod-user
    IdentityFile /home/wastelog-bastion/.ssh/wastelog-bastion.pem
    StrictHostKeyChecking no

Note:

  • These configurations in the SSH config file must be made only on the bastion host.
  • Do not configure this on the application servers or elsewhere.

Additional Information

  • Before deployment, make sure that keys and permissions are configured correctly.
  • For security, do not share your key with anyone and only generate new keys as needed.