I'm trying to set up an automated process to deploy Docker containers whenever a new image is built in my continuous integration (CI) pipeline. The images are pushed to a container repository, and right now I'm using Ansible from my local machine to deploy the images to my VPS, which is running a basic Docker setup (though I could switch to Docker Compose if necessary).
I'm looking for a way to manage this deployment process automatically from the CI. Here are a few options I've considered:
- Running Ansible directly from CI, but I'm concerned about the security of storing SSH keys with sudo access in GitHub secrets.
- Using Docker commands from CI to update the server.
- Writing a bash script that checks for new images and updates containers on a regular schedule using cron or systemd. However, this approach is a bit more complex, especially for deploying specific versions.
In essence, I'm searching for a tool or method similar to ArgoCD but without using Kubernetes. I want a setup where I can specify an image version, and the server will regularly check for changes, pull the new image, and deploy it.
5 Answers
I've utilized GitHub Actions with SSH key login details along with a bash script that triggers either in the CI process or directly on the server. This method provides good control over deployments.
Sounds efficient! Using GitHub Actions together with SSH can be really powerful.
Storing access credentials in GitHub secrets is a solid approach for security. Just ensure that access to these secrets, as well as your CI pipeline outputs, is well-protected. This way, you can run your deployment scripts without worrying too much about exposure.
You might want to check out a service like Dokploy or Coolify; they can handle deploying your Docker containers pretty seamlessly. They may offer the automation you’re looking for!
A very lightweight approach is to set up a registry webhook that notifies a small listener on your VPS. This way, when CI pushes an image, the VPS gets notified and can automatically pull and restart the container. You could also use Watchtower to check for updates on a schedule if you prefer not to use a listener.
If you're using GitHub Actions, consider placing your Ansible playbook in the same repository and set up a deploy action to run this playbook automatically. That can streamline your deployment process significantly.
That sounds efficient! I like the idea of keeping everything centralized in one repo.
Definitely! It makes it easier to manage and version control your playbooks.
Thanks for that suggestion! I think using a bash script might simplify the deployment process for me.