Drop your piece of shit together with GH Actions - it is a terrible CI platform!

[tribals]

          source: dist/*.whl
          target: /var/lib/pypi/simple/foo

$ tree /var/lib/pypi
/var/lib/pypi
└── simple
    └── foo
        └── dist
            └── foo-0.1.5-py3-none-any.whl

4 directories, 1 file

That's not how scp is supposed to work... And it is insane idea - to spin whole Docker in order to COPY FILES, you don't mind that?..

Put this marvelous instance of software you just created to your ass, together with M$, GH Actions and VS Code - I think you will be like it!

[tribals]

For anyone who don't know yet (I've just tired to type it, again and again):

$ mkdir -vm 700 $HOME/.ssh
$ ssh-keyscan -Ht ed25519 YOUR.INCREDIBLE.SERVER > $HOME/.ssh/known_hosts
$ echo "${{ secrets.SSH_PRIVATE_KEY }}" > $HOME/.ssh/id_ed25519
$ chmod 600 $HOME/.ssh/id_ed25519
$ scp dist/*.whl github@YOUR.INCREDIBLE.SERVER:/var/lib/pypi/simple/YOUR-INCREDIBLE-PACKAGE

(And

        location /pypi {
                alias /var/lib/pypi;
                autoindex on;
                auth_basic "Your PyPI";
                auth_basic_user_file your.pypi.htpasswd;
        }

then.)

You're welcome.

(Do we really need whole GH Actions in order to achieve that?..)

[ddjerqq]

I agree, I think this issue should be pinned on the very top of this repo. The github action implementation is really shit, I've had issues with it for a long time, I lost time I can never get back because the error messages aren't clear, and the implementation is just abysmal, you cannot even copy tar files, or if the path is just slightly different the action shits itself, and fails EVERYTHING!

I'm going to try what you suggested

[ddjerqq]

I have indeed tried it, and it is so much better. I refactored it a little bit, here is what I have right now:

- name: Set up SCP 🔑
  run: |
    mkdir -v -m 700 $HOME/.ssh
    ssh-keyscan -H ${{ secrets.SSH_HOST }} > $HOME/.ssh/known_hosts
    echo "${{ secrets.SSH_KEY }}" > $HOME/.ssh/id_rsa
    chmod 400 $HOME/.ssh/id_rsa

- name: Upload to server ⬆️
  run: |
    scp docker-compose.yaml ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:~/

# other steps here

[binoverfl0w]

I ran into some trouble when trying to use both ssh + scp with a passphrase. (I wanted to execute some commands before copying files to the destination) After some searching and trial and error, I ended up with this:

      - name: Do SSH and SCP
        run: |
          eval $(ssh-agent -s)
          mkdir -v -m 700 $HOME/.ssh
          ssh-keyscan -H ${{ secrets.SSH_HOST }} > $HOME/.ssh/known_hosts
          echo "${{ secrets.SSH_KEY }}" > $HOME/.ssh/id_ed25519
          chmod 400 $HOME/.ssh/id_ed25519
          echo "echo ${{ secrets.SSH_PASSPHRASE }}" > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
          SSH_ASKPASS_REQUIRE=force SSH_ASKPASS=~/.ssh_askpass ssh-add $HOME/.ssh/id_ed25519
          ssh ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} "<command>"
          scp <file> ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:~/

You can also use passphrase-less keys, but it's good to know that this also works.

[tribals]

Although passphrase makes you key a little bit more secure, it will complicate CI/CD greatly. What is the reason you trying to use passphrase for CI/CD SSH keys?

It is simpler to generate new key for each "environment" rather that re-use existing key with passphrase, if you are trying to do so. Keys are cheap, interactive input is expensive.

[binoverfl0w]

I agree with that. The snippet is there if anyone still wants to use a passphrase, it took me some time to find out why I couldn't get a passphrase to be read in my github actions so maybe it helps someone else. I am using separate keys now without passphrases.