I have ran trellis key generate as per these docs and got my staging server to run with this github action
# Uncomment this deploy job in this file to use the
# https://github.com/roots/setup-trellis-cli GitHub Action
# for deploying this repo to staging when pushing to staging.
#
# Make sure you've set up the following secrets in your repo:
# - TRELLIS_DEPLOY_SSH_PRIVATE_KEY
# - TRELLIS_DEPLOY_SSH_KNOWN_HOSTS
# - ANSIBLE_VAULT_PASSWORD
name: Deploy SCBC site
on:
workflow_dispatch:
push:
branches: [staging]
jobs:
# example:
# runs-on: ubuntu-latest
# steps:
# - name: Example deploy job
# run: echo "This is an example deploy job. Uncomment the deploy job in .github/workflows/deploy.yml to use the roots/setup-trellis-cli GitHub Action for deploying this repo to staging when pushing to main."
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '20'
cache: yarn
cache-dependency-path: yarn.lock
- uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
known_hosts: ${{ secrets.TRELLIS_DEPLOY_SSH_KNOWN_HOSTS }}
- uses: webfactory/ssh-agent@v0.5.4
with:
ssh-private-key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
- uses: roots/setup-trellis-cli@main
with:
ansible-vault-password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy
run: cd trellis && trellis deploy staging
And then I have setup my qa deployment
name: Deploy SCBC site to QA
on:
workflow_dispatch:
push:
branches: [qa]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '20'
cache: yarn
cache-dependency-path: yarn.lock
- uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
known_hosts: ${{ secrets.TRELLIS_DEPLOY_SSH_KNOWN_HOSTS }}
- uses: webfactory/ssh-agent@v0.5.4
with:
ssh-private-key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
- uses: roots/setup-trellis-cli@main
with:
ansible-vault-password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy
run: cd trellis && trellis deploy qa
The servers share the same ssh key I added from the trellis/public_keys/key.pub
But my qa fails on deploy
TASK [Gathering Facts] *********************************************************
fatal: [redacted]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: web@redacted: Permission denied (publickey).", "unreachable": true}
Could it be that the known hosts are different but I thought trellis key generate set that automatically. Not exactly sure here.
Let me know what I might be doing wrong.