Github Actions for CI/CD Configuration

Github Actions

Github Actions is a continuous integration service for Github. Click Actions to create a configuration file on your project on Github, which is actually a file saved under.github/workflows ending in.yml.

1. Basic terminology structure of configuration files

(1) workflow: Continuous integration of a running process is a workflow.

(2) job: A workflow consists of one or more jobs, meaning a continuous integrated run that can accomplish multiple tasks.

(3) step: each job consists of several steps, which are completed step by step.

(4) action: Each step can execute one or more commands (actions) in turn.

2. Instance demo to automatically update projects in Github to the cloud server

There is one Github Official Market And search for actions that meet your needs.Configure users in steps to reference the script for this action.

name: Blog CI  # Configuration Name

on: # Trigger condition, trigger workflow after master branch push code
    branches: [ master ]

    runs-on: ubuntu-latest # Build Running Environment
    - name: Checkout  # Get the source code, use actions/checkout@v2
      uses: actions/checkout@v2

    - name: Install Node.js # Install the specified Node version, using actions/setup-node@v1
      uses: actions/setup-node@v1
        node-version: '12.x'

    - name: Install & Build # Installation depends on packaging static resources
      run: |
        yarn config set registry 
        yarn install
        yarn build

    - name: Deploy to Server # Deploy to a cloud server using easingthemes/ssh-deploy@v2.1.1 Connect by ssh
      uses: easingthemes/ssh-deploy@v2.1.1
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}  # Private key, public key copied to server at/root/.ssh/authorized_In keys

          ARGS: ${{ secrets.ARGS }} # For any initial/required rsync flag, the default is -avzr --delete, if there are other non-deletable files or folders in the directory that can be used--exclude Ignore, for example--exclude/uploads/   
          SOURCE: "build/" # Source Directory
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }} # server address
          REMOTE_PORT: ${{ secrets.REMOTE_PORT }} # ssh connection port number
          REMOTE_USER: root # Connection username
          TARGET: ${{ secrets.REMOTE_TARGET }} # Target Deployment Directory

3. Sensitive Data Configuration

Because deploying to a cloud server requires authentication, and the corresponding sensitive data cannot be exposed directly, you can set the appropriate environment variables in Secrets in the project setting s in Github and then access them through the syntax of ${}}.

Installation and Configuration of Nginx

Because my server uses Nginx, it's easy to do some logging here

Nginx is a high performance HTTP and reverse proxy web server. Usual scenarios can be used as reverse proxy server, static resource server, load balancing and other functions.Installation Using Linux as an example, Windows and Mac can download installation packages directly.

1. Installation

yum install nginx -y # Centos 7.x can be installed directly using yum

2. Related Folders

Use rpm-ql nginx to see where Nginx is primarily installed, /etc/nginx/Nginx.confThe main configuration file corresponding to Nginx.

3. Common Operational Commands

nginx -s reload  # Signal the main process, reload the configuration file, restart hot
nginx -s reopen     # Restart Nginx
nginx -s stop    # Quick shutdown
nginx -s quit    # Wait for worker process processing to complete before shutting down
nginx -T         # View the current Nginx final configuration

systemctl enable nginx  # Setting up Nginx startup using system administration commands

4. Common Configurations

4.1 First look at the main profile/etc/nginx/Nginx.confBasic structure.

main        # Global configuration, global in effect
├── events  # Nginx Server Related Link Configuration
|   ├── worker_connections 1024;# Default maximum number of concurrent connections
├── http    # Configuration of most functions such as proxy, caching, log definition, and configuration of third-party modules
│   ├── upstream # Configuring the specific address of the back-end server allows you to configure multiple and is where load balancing is configured
│   ├── server   # Configure parameters for a virtual host, there can be multiple server blocks in an http block
│   ├── server
│   │   ├── location  # Each server can contain multiple location blocks, which are used to match the corresponding uri
│   │   ├── location
│   │   └── ...
│   └── ...
└── ...

4.2 A relatively complete configuration demo

#   For more information on configuration, see:
#   * Official English Documentation:
#   * Official Russian Documentation:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See
    # for more information.
    include /etc/nginx/conf.d/*.conf;   # Include other custom configurations

    server {
        listen 80; # Service Port
        server_name # Service Address;
        rewrite ^(.*)$  https://The $host$1 #$host$1 variable corresponds to the service address above and is redirected to https when http access is configured;  
# Settings for a TLS enabled server.

    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        #ssl certificate configuration
        ssl_certificate /etc/nginx/Nginx/ssl.crt; # Certificate Address
        ssl_certificate_key /etc/nginx/Nginx/ssl.key; # Certificate Private Key
           ssl_session_timeout 10m;
        ssl_session_cache shared:SSL:1m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            root /home/dist # Static resource address;
            index index.html;
            try_files  $uri $uri/ /index.html @rewrites; # Routing configuration in single-page history mode

        # Other static resources, public resource directories
        location /public {
          alias           /home/public;  # Static Resource Directory
          autoindex             on;   # Open static resource column directory
          autoindex_exact_size  off;  # On (default) shows the exact size of the file in byte; off shows the approximate size of the file in KB, MB, GB
          autoindex_localtime   off;   # Off (default) displays the file time as GMT time; on displays the file time as server time

        location ~ /api/ {
          proxy_pass; #uri forwarded by corresponding interface

        error_page 404 /404.html;
            location = /40x.html {

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {

4.3 Other Configurations

Increase the configuration of Gzip in the / etc/nginx/conf.d directory

gzip on; # Default off, whether to turn on gzip
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

gzip_static on; # Default off, which checks for compressed files at the end of.gz
gzip_proxied any; # Default off to control the acceptance of compressed resources from the proxy server
gzip_vary on; # Add `Vary: Accept-Encoding'to Response Header
gzip_comp_level 6; # gzip compression ratio, compression level is 1-9, 1 compression level is the lowest, 9 is the highest, the higher the compression rate is, the longer the compression time is. Recommendation 4-6
gzip_buffers 16 8k; # Get how much memory to cache the compression results, 168k means 8k*16
gzip_min_length 1k; # Allow minimum resource size for compression
gzip_http_version 1.1; # Default 1.1, minimum HTTP version required for Gzip

Reference resources

Tags: Web Server Nginx github SSL ssh

Posted on Sun, 21 Jun 2020 12:38:07 -0400 by az_wraith