This repository contains an GitHub action to bump up a docker image version specified in your docker-compose stack.
- your remote server must be accessible via ssh and is reachable
- you have a ssh private and public key to authenticate via ssh
- you have saved your private and public key to the GitHub project secrets
| required | key | example | default | description |
|---|---|---|---|---|
| ✅ | remote_docker_host | thematchless@fancyServer.de | username@host | |
| ✅ | ssh_private_key | -----BEGIN OPENSSH PRIVATE KEY---- UgAAAAtzc2gtZWQyNTUxOQAAACALBUg UgAAAAtzc2gtZWQyNTUxOQAAACALBUg UgAAAAtzc2gtZWQyNTUxOQAAACALBUg -----END OPENSSH PRIVATE KEY----- |
private key in PEM format | |
| ✅ | ssh_public_key | ssh-ed25519 ABCDABCDu027374972309 | public key of the PEM | |
| ✅ | service_name | super-fancy-react-app | name of the service inside of the compose file | |
| ✅ | deploy_path | /home/thematchless/stack-1 | path which contains your compose file on the remote host | |
| ✅ | args | up -d | arguments how to start your service | |
| ❌ | stack_file_name | docker-compose.yaml | docker-compose.yml | name of the compose file |
| ❌ | remote_docker_port | 1337 | 22 | ssh port on the host |
| ❌ | pull_images_first | true | false | flag to force the image pull before starting |
| ❌ | remote_host_fingerprint | SHA256:abc123def456...,SHA256:def456ghi789... SHA256:abc123def456... SHA256:def456ghi789... SHA256:abc123def456...\nSHA256:def456ghi789... |
(optional) One or more SSH host key fingerprints for verification. Separate multiple fingerprints by comma, whitespace, or newline. |
- name: Deploy on Remote Server
uses: thematchless/bump-image-version-action@v6
with:
remote_docker_host: thematchless@fancyServer.de
ssh_private_key: ${{ secrets.REMOTE_SSH_PRIVATE_KEY }}
ssh_public_key: ${{ secrets.REMOTE_SSH_PUBLIC_KEY }}
service_name: super-fancy-react-app
deploy_path: /home/thematchless/stack-1
args: up -d
pull_images_first: true
remote_host_fingerprint: ${{ secrets.REMOTE_HOST_FINGERPRINT }}You can get the fingerprint of your remote host by running:
ssh-keyscan -p <port> <host> | ssh-keygen -lf -Best practice: For maximum security, run the following command directly on your server to get the real host key fingerprint (to avoid man-in-the-middle attacks):
ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub(Or use the appropriate key file for your setup, e.g. /etc/ssh/ssh_host_rsa_key.pub)
Multiple fingerprints: If your server uses multiple host keys (e.g. ED25519 and RSA), or you want to allow several fingerprints, you can provide multiple fingerprints in the secret. Separate them by comma, whitespace, or newline. Example:
SHA256:abc123def456...,SHA256:def456ghi789...
SHA256:abc123def456... SHA256:def456ghi789...
SHA256:abc123def456...
SHA256:def456ghi789...
Copy the SHA256 fingerprint(s) and save as a GitHub secret (e.g. REMOTE_HOST_FINGERPRINT). This will be used to verify the identity of your remote server before any SSH command is executed.
This project is licensed under the MIT license. See the LICENSE file for details.