In this tutorial, you will be able to configure a simple CI you can use directly with GitLab

For my current web app project called watermarkme.io, I have implemented a simple CI to deploy automatically on a sub domain (test.watermarkme.io) and the main domain (watermarkme.io) for the production.

Private SSH Key

You need to create a private and public SSH key. In this case, you will be able to access the server via SSH without any password.Use your terminal or Putty to access the server via SSH

Create a ssh folder at the root of your server with :

mkdir .ssh

In this new folder, generate the SSH key with :

ssh-keygen -t ecdsa (optional: -f filename )

After that, you will see 2 new files : id_ecdsa and id_ecdsa.pub

Add the content of the id_rsa.pub in the file authorized_keys with :

cat id_ecdsa.pub >> authorized_keys

Change the permissions of authorized_keys with :

chmod 600 authorized_keys

600 means: Read (4) and Write (2) for the Owner

« Connect » GitLab with your server

To be able to deploy automatically with your server without any password, first you need to add your ssh private key in a variable. This variable will be use directly in your gitlab-ci.yml.

In your project, go to Settings – CI/CD – Variables and then click on Add variable

  • Key: SSH_PRIVATE_KEY
  • Value
-----BEGIN EC PRIVATE KEY-----
 YOUR PRIVATE KEY FROM ID_ECDSA
 -----END EC PRIVATE KEY-----
  • Type: Variable
  • Environment Scope: All
  • Flags: Uncheck « Protect variable » and « Mask variable »

CI script

In your project, add a new file called « gitlab-ci.yml » and the following example

deploy_prod:
  type: deploy
  script:
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh -o StrictHostKeyChecking=no username@yourserver -p 2121 "cd /httpdocs && git checkout main && git pull origin main && exit"
  only:
    - main

deploy_test:
  type: deploy
  script:
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh -o StrictHostKeyChecking=no username@yourserver -p 2121 "cd /test.watermarkme.io/watermarkme.io && git checkout dev && git pull origin dev && exit"
  only:
    - dev

  • eval ssh-agent handles the password for SSH privates keys
  • echo « $SSH_PRIVATE_KEY » | tr -d ‘\r’ | ssh-add – : authenticate with your ssh private key
  • OPTIONAL: Create and change the permissions of the ssh folder in your server
  • Connect to the server with port 2121. Go to a specific folder (in the server) with the « cd » command and do a checkout in a specific branch to pull the content.

deploy_prod: deploy the project on your server only when you push on the main branch.
deploy_test: deploy the project on your server only when you push on the dev branch.

Don’t forget to clone and pull your git repo directly in your server via SSH

More informations about using private and public key

ServerGithub/Gitlab
id_ecdsa.pub (ssh-ecdsa KEY)– Used by deploy key (here it’s SSH_DEPLOY)
– Used in the authorized_keys file
id_ecdsaUsed by action key for the workflow/deployment
Here it’s SSH_DEPLOY_TO_SERVER