Deployment Pain

Logical Moon

2023-08-05

cicd

Alarm bells! I just realised today that my GitHub Action to deploy my blog site has stopped working. That explained why some recent changes to my projects page involving adding some YouTube videos weren’t reflected on the live site.

On checking my source files, I noticed that I had in fact made the changes to the pages, but for some reason they weren’t in GitHub. Uh? I was sure I pushed them. Well, in fact I did attempt to, but didn’t notice this or at first, when I tried to push once more.

1
2

To https://github.com/s-moon/logicalmoon.com.git
 ! [remote rejected] master -> master (refusing to allow a Personal Access Token to create or update workflow `.github/workflows/deploy-blog.yml` without `workflow` scope)

After scratching my head a few times, I worked out what I needed to do. If only I had bothered to read my own blog! Like a prize dingbat, all I needed to do is to recall this post where I explained what I needed to do.

However, it still wasn’t working, so what next? Well, the deployment screen in GitHub had this to say:

“man in the middle attacks”…”offending RSA keys”. It’s enough to make you want to bleugh but after some googling (here and here) plus a dash of experimentation, here’s what you need to do. Note: These steps are based on already having set up GitHub Actions for my server, so your mileage may vary.

Your known_hosts file only ever had a reference to GitHub

We can afford to remove the known hosts completely, so let’s do that.

1
2
3

$ cd ~/.ssh
$ rm known_hosts
$ touch known_hosts

Your known_hosts may have references other than GitHub

OK, we need to be a little more selective. Let’s try to just remove things related to GitHub.

$ cd ~/.ssh
$ ssh-keygen -R github.com
$ ping github.com (now get the IP address from the output)
$ ssh-keygen -R 140.82.114.3 (the probably address)

Removing the IP address will probably yield no change, but I’m adding it just in case. Also, github.com will possibly come back with a variety of IP addresses, so this may be a moot point, anyway.

Adding in a proper GitHub reference

Once you have done the above two steps, here comes the last one. We’re going to tell our server what the RSA key is for GitHub.

1	$ ssh-keyscan github.com >> ~/.ssh/known_hosts

That should hopefully be enough; at least it was for me.

C’est tout, folks.

Hi! Did you find this useful or interesting? I have an email list coming soon, but in the meantime, if you ready anything you fancy chatting about, I would love to hear from you. You can contact me here or at stephen ‘at’ logicalmoon.com