A comprehensive GitHub Action for deploying applications to baremetal servers via SSH. This action supports three deployment modes: baremetal (direct to server), Docker, and Kubernetes.
- π Secure SSH Authentication - Support for SSH keys or password authentication
- π― Multiple Deployment Types - Choose between baremetal (default), Docker, or Kubernetes deployments
- π³ Docker Support - Automatic Docker and Docker Compose installation
- βΈοΈ Kubernetes Support - Automatic k3s, kubectl, and helm installation
- π§ Auto Dependency Installation - Installs git and other required tools
- π·οΈ Registry Support - Supports GHCR, Docker Hub, and AWS ECR
- πΏ Branch Management - Automatic branch switching based on environment
- β‘ Smart Defaults - Automatically uses current repository and GitHub actor for Git operations
- π Environment File Generation - Automatically create
.envfiles from GitHub secrets and variables - π All-in-One Secret Support - Store multiple variables in single secrets with multiple formats (ENV, JSON, YAML)
- ποΈ Flexible File Structures - Support single, flat, nested, auto, and custom file organization
- π¦ Artifact Copying - Efficiently copy local build artifacts (dist/, node_modules) to the server with auto-compression
- π Multi-Server Deployment - Deploy to multiple servers concurrently with smart variable distribution
- ποΈ Priority System - Environment-specific secrets override base secrets automatically
- ποΈ Jenkins Compatible - Fully compatible with Jenkins via pre-built GHCR image and Jenkinsfile
- Deployment Types - Baremetal, Docker, and Kubernetes details
- Git Authentication - Token, SSH, and No-Auth methods
- Environment File Generation - Dynamic
.envcreation from secrets - Jenkins Integration - Using MetalDeploy outside of GitHub Actions
- Manual CLI Usage - Running MetalDeploy directly from your machine
- Installation & Requirements - What gets installed on your server
MetalDeploy provides smart defaults to minimize configuration:
git_url: Defaults to${{ github.repositoryUrl }}- automatically uses the current repositorygit_user: Defaults to${{ github.actor }}- automatically uses the GitHub user triggering the workflowdeployment_type: Defaults tobaremetal- direct server deployment without containersgit_auth_method: Defaults tonone- no authentication (for public repos)environment: Defaults todev- development environmentremote_user: Defaults toroot- root user on remote serverregistry_type: Defaults toghcr- GitHub Container Registry
Install MetalDeploy as a global command:
curl -sSL https://raw.githubusercontent.com/OpsGuild/MetalDeploy/main/scripts/install.sh | bashThen use it anywhere:
metaldeploy --host 1.2.3.4 --user root --ssh-key ~/.ssh/id_rsa --type docker- name: Deploy with MetalDeploy
uses: OpsGuild/MetalDeploy@v1
env:
# Set/Override specific variables
ENV_APP_PORT: 9090
with:
git_auth_method: token
git_token: ${{ secrets.GITHUB_TOKEN }}
remote_host: ${{ secrets.REMOTE_HOST }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
environment: prod
# Pass all secrets in one go (Zero-Config)
# environment: prod- name: Deploy with MetalDeploy
uses: OpsGuild/MetalDeploy@v1
with:
remote_host: ${{ secrets.REMOTE_HOST }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
deployment_type: docker
environment: prod
registry_type: dockerhub
registry_username: ${{ secrets.DOCKERHUB_USERNAME }}
registry_username: ${{ secrets.DOCKERHUB_USERNAME }}
registry_password: ${{ secrets.DOCKERHUB_PASSWORD }}
### Copying Build Artifacts
Copy specific files or directories (like `node_modules` or `dist/`) to the server. The action automatically compresses them for fast transfer.
```yaml
- name: Deploy with Artifacts
uses: OpsGuild/MetalDeploy@v1
with:
remote_host: ${{ secrets.REMOTE_HOST }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
# Copy local 'dist' folder to remote '/app/dist'
# Copy local 'package.json' to remote '/app/package.json'
copy_artifacts: "dist/:dist, package.json:package.json"- Bulk Injection: Use
ENVto securely tunnel your raw variable block to your server. - Manual Overrides: Use the standard GitHub Action
env:block to override secrets for specific steps.
- name: Deploy with Overrides
uses: OpsGuild/MetalDeploy@v1
env:
ENV_APP_PORT: 3000 # This wins over repository secrets
with:
env_files_generate: trueDeploy to multiple servers concurrently by providing comma-separated lists for host configuration. If variable lists are shorter than remote_host, values are reused/distributed smartly.
remote_host:server1,server2,server3remote_user:user1,user2(user1->server1, user2->server2, user2->server3)ssh_key:key1(key1 used for all servers)
- name: Deploy to Cluster
uses: OpsGuild/MetalDeploy@v1
with:
remote_host: "10.0.1.1, 10.0.1.2, 10.0.1.3"
remote_user: "admin" # Used for all hosts
ssh_key: ${{ secrets.CLUSTER_SSH_KEY }}
deployment_type: docker
environment: prod
### For Jenkins
```groovy
pipeline {
agent { docker { image "ghcr.io/opsguild/metal-deploy:latest" } }
stages {
stage('Deploy') {
steps {
script {
def paramEnv = params.collect { k, v -> "${k}=\${v}" }
withEnv(paramEnv) { sh "python main.py" }
}
}
}
}
}
For a full list of inputs and outputs, please see the Action Metadata.
Comprehensive documentation can be found in the docs/ directory:
- Deployment Types: Detailed information about each deployment strategy.
- Git Authentication: How to configure repository access.
- Environment File Generation: Securely manage your application settings.
- Jenkins Integration: How to use this action in a Jenkins pipeline.
- Manual CLI Usage: Guide for running the tool manually.
- Installation & Requirements: Details about server setup and dependencies.
See tests/README.md for details on the test suite and local development.
MIT License - see LICENSE file for details
For issues and feature requests, please open an issue on the GitHub repository.