Gitea action workflow for deploying site to Netcup webhosting

The following Gitea action workflow deploys a Hugo site to a Netcup webhosting account. It uses SSH access with a pre-installed private key (ssh-keygen -t ed25519 -f id_netcup echo $(cat id_netcup.pub) >> ~/.ssh/authorized_keys on the Netcup server).

It expects the following secrets being configured in Gitea via the webinterface (Repository settings -> Runners -> Secrets):

• NETCUP_USERNAME - hosting123456 or similar. Get this from your Netcup customer control panel / webhosting control panel.
• NETCUP_SSH_KEY - the secret SSH key from id_netcup
• NETCUP_SSH_HOST_KEY - see How to only show host key of a SSH server for how to obtain this.

This is required to facilitate password-less login from the CI/CD job.

Furthermore, it expects you to configure the Netcup account to serve from my-domain.com/httpdocs.

It works in conjunction with the Hugo build action, which you can find at our previous post Gitea Hugo build action, however modifying it only requires you to change the Download artifact step.

name: Deploy
run-name: Deploying homepage
on: [push]

jobs:
  Deploy-Netcup:
    runs-on: ubuntu-latest
    steps:
      - name: Download artifact
        uses: actions/download-artifact@v3
        with:
          name: hugo-site
          path: public
      # Put into a tarball
      - name: Make tarball
        run: mkdir -p my-domain.com && mv public my-domain.com/httpdocs && tar -czf my-domain.com.tar.gz my-domain.com
        shell: sh
      # Accept host key
      - name: Accept SSH host key
        run: echo "my-domain.com ssh-ed25519 ${{ secrets.NETCUP_SSH_HOST_KEY }}" >> ~/.ssh/known_hosts && cat ~/.ssh/known_hosts
        shell: sh
      # Deploy to Netcup
      - name: Export SSH key
        run: echo "${{ secrets.NETCUP_SSH_KEY }}" > id_netcup && chmod 600 id_netcup
        shell: sh
      - name: Remove old files
        run: ssh -i id_netcup ${{ secrets.NETCUP_USERNAME }}@my-domain.com "rm -rfv my-domain.com/*"
        shell: sh
      - name: Deploy to Netcup
        run: "scp -i id_netcup my-domain.com.tar.gz ${{ secrets.NETCUP_USERNAME }}@my-domain.com:"
        shell: sh
      - name: Extract tarball on server
        run: ssh -i id_netcup "${{ secrets.NETCUP_USERNAME }}@my-domain.com" "tar xzvf my-domain.com.tar.gz"
        shell: sh

ALL Previously existing files are deleted from the my-domain.com directory on the server before the new files are uploaded. Best to ensure you’ve got nothing important sitting in that folder.

I do not recommend removing this, else files renamed or deleted in the repository will not be removed from the server and will be accessible forever.

In order to make the upload faster (rsync is not available on Netcup Webhosting via SSH and it is also slow-ish when many small files are being uploaded), we first create a tarball, then upload only the tarball using scp and then tar xzvf on the server.