Basanta SapkotaSetting up CI/CD for your Node.js app using GitHub Actions can save time and reduce errors by automating repetitive deployment tasks. In this guide, you’ll learn to configure a workflow that pulls code, installs dependencies, manages SSH securely, and deploys with PM2.
What You’ll Need
- GitHub Repository: For hosting your Node.js code.
- VPS: A server with SSH access to deploy your app.
- Secrets Setup: Add credentials (SSH key, IP, user, and environment variables) in GitHub Secrets for secure access.
GitHub Actions Workflow
Here’s a full YAML configuration with each step explained:
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
# 1. Checkout Code
- name: Checkout code
uses: actions/checkout@v3
# 2. Set Up Node.js
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
# 3. Install Dependencies
- name: Install dependencies
run: npm ci
# 4. Set Up SSH for Deployment
- name: Set up SSH key
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
# 5. Add VPS to Known Hosts
- name: Add VPS to known hosts
run: |
mkdir -p ~/.ssh
ssh-keyscan -H "${{ secrets.VPS_IP }}" >> ~/.ssh/known_hosts
# 6. Deploy Files to VPS
- name: Deploy to temporary directory on VPS
env:
VPS_USER: ${{ secrets.VPS_USER }}
run: |
rsync -avz --delete ./ ${VPS_USER}@${{ secrets.VPS_IP }}:/tmp/node-hello/
# 7. Move Files to Final Directory on VPS
- name: Move files to /root/node-hello
env:
VPS_USER: ${{ secrets.VPS_USER }}
run: |
ssh ${VPS_USER}@${{ secrets.VPS_IP }} "
sudo rsync -avz /tmp/node-hello/ /root/node-hello/
"
# 8. Set Up Environment and Manage PM2
- name: Configure environment and manage PM2
env:
VPS_USER: ${{ secrets.VPS_USER }}
MONGO_URI: ${{ secrets.MONGO_URI }}
JWT_SECRET: ${{ secrets.JWT_SECRET }}
BCRYPT_SALT_ROUNDS: ${{ secrets.BCRYPT_SALT_ROUNDS }}
PORT: ${{ secrets.PORT }}
NODE_ENV: 'production'
run: |
ssh ${VPS_USER}@${{ secrets.VPS_IP }} "
sudo bash -c '
cd /root/node-hello
# Write environment variables to .env
cat > .env <<EOL
MONGO_URI=${MONGO_URI}
JWT_SECRET=${JWT_SECRET}
BCRYPT_SALT_ROUNDS=${BCRYPT_SALT_ROUNDS}
NODE_ENV=${NODE_ENV}
PORT=${PORT}
EOL
# Check for PM2 and start app
if ! command -v pm2 &> /dev/null; then
npm install -g pm2
fi
pm2 startOrRestart server.js --name \"server\" --update-env
'
"
# 9. Clean Up Known Hosts
- name: Clean up known hosts
run: |
ssh-keygen -R "${{ secrets.VPS_IP }}"
Workflow Breakdown
- Checkout Code: Pulls your latest code from the main branch.
- Node.js Setup: Sets up Node.js (version 18 or higher) for compatibility with modern libraries.
- Install Dependencies:
npm ciis preferred overnpm installfor faster installs and consistency withpackage-lock.json. - SSH Key Setup: Uses
webfactory/ssh-agentto securely handle SSH. This action adds your SSH key to the agent without saving it locally. - Add VPS to Known Hosts: Adds your server’s IP to the SSH known hosts list, avoiding interactive prompts during SSH.
- Deploy Files to VPS: Uses
rsyncto deploy files to a temporary directory on the VPS, ensuring only the latest files are uploaded. - Move Files to Final Directory: Moves files from the temporary to the final directory, requiring root privileges to write to
/root/node-hello. - Set Environment and PM2: Writes environment variables to a
.envfile on the server, then starts or restarts the app using PM2. ThestartOrRestartcommand is efficient and reduces downtime. - Clean Up Known Hosts: Removes the VPS IP from known hosts after deployment. This step prevents clutter and mitigates risks from SSH fingerprint changes.
Warning! This is a beginner setup and may not cover all scenarios. We’re open to suggestions and feedback to improve this guide, so feel free to share any ideas or tips you have.
