This is something you could do with Github Actions. Depending on how much access you want to give Actions to your production system I see two concepts you might use:

• Set up a script for pull and build on your production server, and some way to trigger it from Actions (e.g. send a HTTP POST request to a certain URL). I’d recommend using some sort of authentication token so random people can’t trigger builds, but otherwise it’s nicely encapsulated on your server.
• Integrate the deploy script into an Actions workflow, and set up SSH access or similar using actions secrets so the workflow can log in to your server and run the deploy.

Personally I’d lean more towards the first because there’s less risk of production server credentials leaking. As an extra precaution you could sign commits (or tags) and verify them on your production server before building. 🙂

Set up a script for pull and build on your production server, and some way to trigger it from Actions (e.g. send a HTTP POST request to a certain URL). I’d recommend using some sort of authentication token so random people can’t trigger builds, but otherwise it’s nicely encapsulated on your server.

How would this work exactly? Is there a way to hide auth tokens within Github Actions?

Integrate the deploy script into an Actions workflow, and set up SSH access or similar using actions secrets so the workflow can log in to your server and run the deploy.

Same question for this.

Is there a way to hide auth tokens within Github Actions?

Yes, it’s called Secrets. Take a look at the documentation: Creating and storing encrypted secrets

Yes, it’s called Secrets. Take a look at the documentation: Creating and storing encrypted secrets

Oh that’s great! No idea that was a thing.

So I can use something like this to make a request to a PHP file that runs shell_exec functions?

Is there a specific way to ensure the HTTP request gets sent only if the previous tests pass? Do I just need to add it after my tests?

Amazing! Thank you for all the help, I’ll try implementing this over the weekend :slight_smile:

I’m almost done but I can’t seem to be able to run a curl command from my Github Actions:

  - name: The job has succeeded
    with:
      token: ${{ secrets.SYNC_SCRIPT_TOKEN }}
    if: ${{ success() }}
    run: curl -X GET http://creativiii.com/deploy.php -H 'Authorization: $token' 

Github is telling me " You have an error in your yaml syntax on line 29" referring to

run: curl -X GET http://creativiii.com/deploy.php -H 'Authorization: $token'

This works on my local machine so I’m not sure why it wouldn’t here.
Any help would be greatly appreciated.

First off, I’ve recently seen a report of off-by-one errors on syntax error reporting in Github Actions. Not sure if that’s been fixed yet, so I’d recommend looking at lines 28 (looks good to me, though redundant) and 30 as well.

A thing you could try to make sure that the quotes aren’t confusing the YAML parser would be to use a YAML block string:

    run: |
      curl -X GET http://creativiii.com/deploy.php -H 'Authorization: $token'

However I see two other issues:

1. To use token as an environment variable in your command you need to set it using an env block, not with:

    env:
      token: ${{ secrets.SYNC_SCRIPT_TOKEN }}

2. Don’t use a GET request for something that changes state on the server. In HTTP a GET request is meant to retrieve information from the server, not trigger additional action. POST would be an appropriate method to use. I made the same error a few years back, fresh out of university, please don’t repeat it. 😉