This workflow deploys automatically to your VPS after the Publish Image workflow pushes a fresh image on main.
.github/workflows/deploy-vps.yml
Create these repository secrets in GitHub under Settings → Secrets and variables → Actions:
VPS_HOST— your VPS IP or hostnameVPS_USER— SSH user on the VPSVPS_PORT— SSH port, usually22VPS_SSH_KEY— private SSH key used by GitHub ActionsVPS_APP_DIR— absolute path to the cloned repo on the VPS
Example values:
VPS_HOST=203.0.113.10VPS_USER=rootVPS_PORT=22VPS_APP_DIR=/opt/AiKitzLabsDashboard
The VPS must already have:
- Docker installed
- The repo cloned locally
ops/docker/kitz-dashboard.envfilled out on the server with the live secrets- Access to pull
ghcr.io/kitz-labs/aikitz-dashboard:latest(public package, ordocker login ghcr.ioif you keep it private) - Nginx or another proxy forwarding traffic to
127.0.0.1:3000
Generate a deploy key locally if you do not already have one:
ssh-keygen -t ed25519 -C "github-actions-deploy" -f ~/.ssh/github-actions-deployAdd the public key to the VPS user:
ssh-copy-id -i ~/.ssh/github-actions-deploy.pub user@your-vps-hostThen copy the contents of ~/.ssh/github-actions-deploy into the GitHub secret VPS_SSH_KEY.
After a successful push to main, the workflow:
- Opens an SSH connection to the VPS
- Changes into
VPS_APP_DIR - Fetches and hard-resets to
origin/main - Pulls the latest GHCR-backed image via
bash ops/docker/deploy.sh, which passesops/docker/kitz-dashboard.envexplicitly to Compose - Checks that
http://127.0.0.1:3000responds
You can also trigger the workflow manually from the Actions tab using workflow_dispatch.
- Check the
Deploy VPSworkflow logs in GitHub Actions - Verify the SSH key can log in non-interactively
- Verify
VPS_APP_DIRpoints to the repo root on the server - If the GHCR package is private, run
docker login ghcr.ioon the VPS first - Run
bash ops/docker/deploy.shmanually once on the VPS before enabling auto-deploy