Often we want to deploy a static site (like this Hexo blog) to GitHub pages. Often we cannot use access token, and just need SSH. We can do it from a local terminal via SSH, but how do we deploy from a CI?
Turns out it is simple to do from CIs that allow SSH deploy keys. CircleCI is one of them. Once you have a GitHub repository, create a CircleCI project. This will create a read-only SSH key to checkout the repository. Delete it! Instead you need to add a new read-write SSH key that will be used to checkout code and to upload GitHub pages.
Create a new dedicated SSH key for this particular CI project to be used with this repository. This way the security of other projects will not be jeopardized by reusing the same SSH key. See How to create SSH key.
$ ssh-keygen -t rsa -b 4096 -C "[email protected]"
important: set empty password when creating the key.
very important: do not overwrite your regular
~/.ssh/id_rsafile! I prefer to save the new SSH key in the current folder with some random name, like
foo. This will write two files: the private key file
fooand the corresponding public key file
foo.pubYou should delete these files after uploading them to GitHub (public file) and to CI (private file).
You can add the newly created public SSH key (file ending with
.pub) to the GitHub repository at
important: - make sure the new key has write access.
You can delete and upload new private SSH key to CircleCI at
- Delete the local files - if you need to redo the link, just generate another SSH key.
That's it. Now things like
git push [email protected]:<username>/<repo name>.git
should work, because the local CircleCI process can authenticate and is
permitted to push code to this particular GitHub repository.