Auto-deploy to production server on every merge to main
-
Go to your GitHub repository
-
Navigate to Settings → Secrets and variables → Actions
-
Click New repository secret
-
Create secret:
- Name:
SSH_PRIVATE_KEY - Value: Paste your SSH private key (entire file content)
# Get your SSH key (copy the output) cat ~/.ssh/id_rsa # OR if you have a specific key: cat ~/.ssh/devops_key
- Name:
-
Click Add secret
SSH to your server and set up the project:
ssh devops@91.99.186.83
# Option A: Install in /opt (recommended for production)
sudo mkdir -p /opt/canton-mcp-server
sudo chown devops:devops /opt/canton-mcp-server
cd /opt/canton-mcp-server
# OR Option B: Install in home directory
cd ~
mkdir -p canton-mcp-server
cd canton-mcp-server
# Clone the repository
git clone https://github.com/ChainSafe/canton-mcp-server.git .
# Create .env.canton if needed
cp .env.canton.example .env.canton # If you have one
# OR create manually with your API keys
# First build
docker compose build
docker compose up -d
# Verify it's running
docker compose ps
curl http://localhost:7284/healthThe CI workflow is configured to deploy to /opt/canton-mcp-server or ~/canton-mcp-server.
If your server uses a different path, update .github/workflows/ci.yml:
cd /opt/canton-mcp-server || cd ~/canton-mcp-server || cd /your/custom/path-
Make a small change and push to
main:git checkout main echo "# Test deployment" >> README.md git add README.md git commit -m "Test: trigger deployment" git push origin main
-
Watch the GitHub Actions run:
- Go to Actions tab in GitHub
- Click on the latest workflow run
- Watch the
deployjob
-
Verify on server:
ssh devops@91.99.186.83 cd /opt/canton-mcp-server docker compose ps # Should show running containers docker compose logs --tail=50 # Check logs curl http://localhost:7284/health # Test endpoint
Push to main
↓
GitHub Actions
↓
✅ Run tests (linting, type checking, unit tests)
↓
✅ Build Docker image
↓
✅ Deploy to 91.99.186.83
↓
1. SSH to server
2. cd /opt/canton-mcp-server
3. git pull origin main
4. docker compose down
5. docker compose up -d --build
↓
✅ Server updated!
# Check SSH key format in GitHub Secrets
# Should start with: -----BEGIN OPENSSH PRIVATE KEY-----
# Should end with: -----END OPENSSH PRIVATE KEY-----
# Test SSH manually:
ssh -i ~/.ssh/id_rsa devops@91.99.186.83# On server, check git status:
ssh devops@91.99.186.83
cd /opt/canton-mcp-server
git status
git pull origin main # Should work without password# On server, check docker:
ssh devops@91.99.186.83
docker compose ps
docker compose logs
docker compose down && docker compose up -d --build- SSH Key: Only the private key is in GitHub Secrets (encrypted)
- Server Access: Only
devopsuser can deploy - No Passwords: All auth via SSH keys
- Automatic Only: Deploys only trigger on
mainbranch pushes - PR Protection: Pull requests don't trigger deployment
# GitHub Actions logs
https://github.com/ChainSafe/canton-mcp-server/actions
# Server logs
ssh devops@91.99.186.83 "cd /opt/canton-mcp-server && docker compose logs --tail=100"
# Health check
curl http://91.99.186.83:7284/healthssh devops@91.99.186.83
cd /opt/canton-mcp-server
git log --oneline -10 # See recent commits
git reset --hard <commit-hash> # Rollback to specific commit
docker compose up -d --build # Rebuild- SSH key added to GitHub Secrets (
SSH_PRIVATE_KEY) - Server has project cloned in
/opt/canton-mcp-server - Server can
git pullwithout password - Docker and docker-compose installed on server
-
.env.cantonconfigured on server (if needed) - Initial manual deployment successful
- Test commit triggers auto-deployment
- Health check returns 200 OK
Ready to deploy! 🚀
Every merge to main will automatically update your production server.