-
Notifications
You must be signed in to change notification settings - Fork 1
GitHub Actions
Deploy strut stacks to your VPS straight from CI using the official gfargo/strut-action — a thin wrapper that installs strut, wires up the SSH key and connection config, and runs a strut command against your server. No Kubernetes, no self-hosted runner.
The action lives in its own repo so it can be versioned independently and listed on the GitHub Marketplace.
Your repository is the strut project root — it must contain strut.conf and
stacks/<stack>/ (create them locally with strut init + strut scaffold).
# .github/workflows/deploy.yml
name: Deploy
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gfargo/strut-action@v1
with:
stack: my-app
command: release
env: prod
strict: true
host: ${{ secrets.STRUT_HOST }}
user: ${{ secrets.STRUT_USER }}
ssh-key: ${{ secrets.STRUT_SSH_KEY }}| Input | Required | Default | Description |
|---|---|---|---|
stack |
✅ | — | Stack name (a directory under stacks/). |
command |
release |
release | deploy | ship | health | stop | status | exec. |
|
env |
'' |
Environment name; reads .<env>.env (e.g. prod → .prod.env). |
|
services |
'' |
Service profile passed as --services (e.g. full). |
|
strict |
false |
Pass --strict (fail the release if migrations fail). |
|
dry-run |
false |
Pass --dry-run to preview without executing. |
|
args |
'' |
Extra raw arguments appended to the command. | |
ssh-key |
✅ | — | Private SSH key authorized on the VPS. Always pass via a secret. |
host |
'' |
VPS host/IP → VPS_HOST. |
|
user |
'' |
VPS SSH user → VPS_USER. |
|
port |
22 |
VPS SSH port → VPS_PORT. |
|
known-hosts |
'' |
known_hosts entries. If empty, the host key is fetched via ssh-keyscan. |
|
env-file |
'' |
Full contents of .<env>.env. Always pass via a secret. Optional. |
|
strut-version |
latest |
latest | main | vX.Y.Z. |
|
working-directory |
. |
Project root containing strut.conf. |
Add these under Settings → Secrets and variables → Actions:
| Secret | Purpose |
|---|---|
STRUT_SSH_KEY |
Private SSH key authorized on the VPS. |
STRUT_HOST |
VPS host or IP. |
STRUT_USER |
VPS SSH user (e.g. root, deploy). |
Optionally store the full env file as STRUT_PROD_ENV and pass it via env-file.
The action writes the VPS connection variables (VPS_HOST, VPS_USER,
VPS_PORT, VPS_SSH_KEY) into the target env file (.<env>.env). If you pass
env-file, its contents are written first and the connection variables are
appended last (so they win). strut sources this file before connecting.
If your repo already defines hosts via Multi-Host Topology in strut.conf,
you can omit host/user and just provide ssh-key.
-
releaseruns on the VPS over SSH (sync repo → migrate → deploy → verify) and is the usual choice for CI. It requires the VPS to be bootstrapped once with Remote Host Setup (strut remote:init). -
deployruns locally on the runner. Use it only when the runner itself is the target or has a remote Docker context configured.
- Pass
ssh-keyandenv-fileonly as GitHub secrets — never inline. - Secret values are written with
0600perms on the ephemeral runner and are never echoed to logs. - Use a dedicated deploy key scoped to the one VPS; rotate with
Key Rotation (
strut keys ssh:rotate) or regenerate withstrut <stack> ssh:keygen.
Pin @v1 to ride the moving major tag (automatic patch/minor updates), or pin an
exact release (@v1.0.0) for full reproducibility.
- Deployment · Ship and Rebuild · Remote Host Setup · Secrets Management
- Action source & issues: https://github.com/gfargo/strut-action
strut · v0.28.0 · Report an Issue
Getting Started
Core Concepts
Operations
- Deployment
- Ship and Rebuild
- GitHub Actions
- Remote Host Setup
- Provisioning
- Blue-Green Deploy
- Deploy Rollback
- Database Backups
- Secrets Management
- Stack Groups
- Lifecycle Hooks
- Notifications
- Key Rotation
- Drift Detection
- Domain and SSL
- Certificate Management
- Gateway Management
- Monitoring
- Volume Management
Advanced
- Security Posture
- VPS Audit and Migration
- Stack Validation
- Data Anonymization
- Debugging
- Local Development
Extending
Contributing