admin管理员组

文章数量:1205433

I'm setting up a CI/CD pipeline using GitHub Actions to deploy a Go backend application to a remote Ubuntu server. The workflow builds the application, transfers the binary using scp, and restarts the service on the server with sudo systemctl.

However, when the workflow runs, the following error occurs during the SSH step:

sudo: a terminal is required to read the password; either use the -S option to read 
from standard input or configure an askpass helper
sudo: a password is required
Error: Process completed with exit code 1.

Here is the relevant part of my workflow:

- name: Deploy to Server
  env:
    DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
    DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
    DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
    DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
  run: |
    scp -P $DEPLOY_PORT ./app $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/app
    ssh -p $DEPLOY_PORT $DEPLOY_USER@$DEPLOY_HOST "sudo systemctl restart my-app.service"

What I've Tried: Passwordless sudo:

I added DEPLOY_USER ALL=(ALL) NOPASSWD:ALL to the /etc/sudoers file, but it didn't work. sudo still prompts for a password. Echoing the password:

Tried adding the password to GitHub Secrets and passing it via echo $SUDO_PASSWORD | sudo -S, but it didn't solve the issue. Alternative Deployment Methods:

Wrapped the sudo command in a shell script on the server, but it still prompts for a password. Goal: How can I configure the server or adjust the GitHub Actions workflow to bypass the need for an interactive terminal or password prompt when using sudo? Any advice on resolving this issue securely would be greatly appreciated! can i do it without add my password to the "secrets"

I'm setting up a CI/CD pipeline using GitHub Actions to deploy a Go backend application to a remote Ubuntu server. The workflow builds the application, transfers the binary using scp, and restarts the service on the server with sudo systemctl.

However, when the workflow runs, the following error occurs during the SSH step:

sudo: a terminal is required to read the password; either use the -S option to read 
from standard input or configure an askpass helper
sudo: a password is required
Error: Process completed with exit code 1.

Here is the relevant part of my workflow:

- name: Deploy to Server
  env:
    DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
    DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
    DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
    DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
  run: |
    scp -P $DEPLOY_PORT ./app $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/app
    ssh -p $DEPLOY_PORT $DEPLOY_USER@$DEPLOY_HOST "sudo systemctl restart my-app.service"

What I've Tried: Passwordless sudo:

I added DEPLOY_USER ALL=(ALL) NOPASSWD:ALL to the /etc/sudoers file, but it didn't work. sudo still prompts for a password. Echoing the password:

Tried adding the password to GitHub Secrets and passing it via echo $SUDO_PASSWORD | sudo -S, but it didn't solve the issue. Alternative Deployment Methods:

Wrapped the sudo command in a shell script on the server, but it still prompts for a password. Goal: How can I configure the server or adjust the GitHub Actions workflow to bypass the need for an interactive terminal or password prompt when using sudo? Any advice on resolving this issue securely would be greatly appreciated! can i do it without add my password to the "secrets"

  • github
  • action
  • sudo
  • cicd
Share Improve this question asked Jan 20 at 11:20 YslamBYslamB 233 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 1

This is my CICD using ssh, so you can use scp command instead of ssh.

name: SSH Deploy

on:   push:
    branches:
      - main  # Replace with your branch name

jobs:   deploy:
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Setup SSH
      uses: webfactory/[email protected]
      with:
        ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

   run: |
        ssh -o StrictHostKeyChecking=no <username>@<IP> << 'EOF'
        cd /www/wwwroot/65.1.85.176/
        git pull origin feature/audio-module
        EOF

本文标签: GitHub Actions sudo requires a terminal or password during deployment via SSHStack Overflow

版权声明:本文标题:GitHub Actions: sudo requires a terminal or password during deployment via SSH - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738702635a2107750.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。