miloserdow / capistrano-deploy Goto Github PK

View Code? Open in Web Editor NEW

127.0 3.0 43.0 1000 KB

Github Actions for Capistrano

License: MIT License

JavaScript 100.00%

github-actions github-action capistrano deployment-automation

capistrano-deploy's Introduction

Capistrano actions

Github deploy action for Capistrano. Use this action to automate your capistrano deployment process.

Dependencies

This action expects Ruby to be installed along with Capistrano, see below for a basic workflow example that uses ruby/setup-ruby.

Inputs

`target`

Environment where deploy is to be performed to. E.g. "production", "staging". Default value is empty.

`deploy_key`

Required Symmetric key to decrypt private key. Must be a string.

`enc_rsa_key_pth`

Path to the encrypted key. Default "config/deploy_id_rsa_enc". You have to use either enc_rsa_key_pth or enc_rsa_key_val.

`enc_rsa_key_val`

Contents of the encrypted key. Best to use as repository secret. You have to use either enc_rsa_key_pth or enc_rsa_key_val.

`working-directory`

The directory from which to run the deploy commands, including bundle install.

Outputs

No outputs

Setting up CD using this action

Generate SSH keys on the target machine

$ ssh-keygen -t ed25519

Export public key to the authorized_keys to allow the usage of this keypair to login

$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys

Add public key from ~/.ssh/id_ed25519.pub to your repository's deployment keys via Settings / Deploy keys / Add
Encrypt your private key with a strong password. Please use these options, otherwise this action may not be able to decrypt your key.

$ openssl enc -aes-256-cbc -md sha512 -salt -in ~/.ssh/id_ed25519 -out deploy_id_ed25519_enc -k "PASSWORD" -a -pbkdf2

Add deploy_id_ed25519_enc file to your repository. Suggested path is config/deploy_id_ed25519_enc
Save the password used in step 4 as a secret in repository settings via Settings / Secrets / Add
Create YAML configuration for your workflow (example below)

Workflow example

# This is a basic workflow to help you get started with Actions
name: Deploy with Capistrano

# Controls when the action will run.
on:
  # Triggers the workflow on push or pull request events but only for the main branch
  push:
    branches: [main]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  deploy:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2
      - uses: ruby/setup-ruby@v1
        with:
          # ruby-version: 3.0.1 # Not needed with a .ruby-version file
          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
      - uses: miloserdow/capistrano-deploy@v3 # you can use miloserdow/capistrano-deploy@master for the cuurent stable dev version
        with:
          target: development # Defines the environment that will be used for the deployment
          deploy_key: ${{ secrets.DEPLOY_ENC_KEY }} # Name of the variable configured in Settings/Secrets of your github project
          enc_rsa_key_pth: config/deploy_id_ed25519_enc

Example running this action with custom commands

In this example we are starting rails and Sidekiq with Capistrano

Personal access token

You need to create a personal access token with "repo" access like described here: https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token

Dispatch workflow

Create a new dispatch workflow like described here: https://docs.github.com/en/free-pro-team@latest/rest/reference/actions#create-a-workflow-dispatch-event

Workflow file:

name: Start Rails and Sidekiq with Capistrano

on:
  workflow_dispatch:
    inputs:
      environment:
        description: "The environment to deploy"
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Turnstyle
        uses: softprops/turnstyle@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          abort-after-seconds: 3600
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 2.6.6
          bundler-cache: true
      - name: Deploy
        uses: kaspernj/capistrano-deploy@custom-capistrano-command
        with:
          capistrano_commands: '["puma:start", "sidekiq:start"]'
          target: ${{ github.event.inputs.environment }}
          deploy_key: ${{ secrets.DEPLOY_ENC_KEY }}
          enc_rsa_key_pth: config/deploy_id_ed25519_enc

Curl command

curl \
  -X POST \
  -H "Accept: application/vnd.github.v3+json" \
  -H "Authorization: Bearer $PERSONAL_GITHUB_TOKEN" \
  https://api.github.com/repos/$GITHUB_USERNAME/$GITHUB_REPO_NAME/actions/workflows/$WORKFLOW_FILE_NAME/dispatches \
  -d "{\"ref\":\"master\",\"inputs\":{\"environment\":\"$ENVIRONMENT_TO_DEPLOY\"}}"

This command makes Github start Rails and Sidekiq at the deployment.

capistrano-deploy's People

Contributors

Stargazers

Watchers

capistrano-deploy's Issues

Workflow fails with error in /tmp/ssh-auth.sock after 2 or more runs in Github Actions

I encountered an error when running a GitHub Actions workflow, as detailed below:

/usr/bin/openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/deploy_id_rsa_enc -out config/deploy_id_rsa -k *** -a -pbkdf2
/usr/bin/chmod 0600 config/deploy_id_rsa
/usr/bin/ssh-agent -a /tmp/ssh-auth.sock
unix_listener: cannot bind to path /tmp/ssh-auth.sock: Address already in use
Error: Error: The process '/usr/bin/ssh-agent' failed with exit code 1

The workflow configuration is as follows:

name: Continuous Deployment

on:
  push:

env:
  RUBY_VERSION: 2.6.2

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Wait in-flight Deployment
        uses: softprops/turnstyle@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          abort-after-seconds: 3600

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ env.RUBY_VERSION }}
          bundler-cache: true

      - name: Deploy Check
        uses: miloserdow/capistrano-deploy@master
        with:
          target: Test
          deploy_key: ${{ secrets.DEPLOY_KEY }}
          enc_rsa_key_val: ${{ secrets.ENC_RSA_KEY_VAL }}
          capistrano_commands: '["deploy:check"]'

      - name: Deploy
        uses: miloserdow/capistrano-deploy@master
        with:
          target: Test
          deploy_key: ${{ secrets.DEPLOY_KEY }}
          enc_rsa_key_val: ${{ secrets.ENC_RSA_KEY_VAL }}

Is it necessary to explicitly delete /tmp/ssh-auth.sock? It would be helpful if this could be mentioned in the README or made configurable via the with clause.

Problem using custom working directory

Hello,

Thanks for this project.
there seems to be a problem checking if enc_rsa_key_pth exists if a custom working directory is set.

if (!fs.existsSync(enc_rsa_key_pth) && !enc_rsa_key_val) {
    core.setFailed('Encrypted RSA private key file or value does not exist.');
}

Here we can see that we omit the custom working directory and obviously set a failed message.
But then, in the decrypt_key function, everything is working correctly taking into account the custom working dir.
But the initial setFailed call, make my CI failed

Am I missing something here ?

Thanks

Unable to locate executable file: bundle.

Hi @miloserdow, I've setup my capistrano but not in ruby project, i use in my react project. is it possible use for non ruby project?
When i use this action in my react project i got error
Error: Error: Unable to locate executable file: bundle. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.

Thank u

missing gems to work with new key encryption type

After 0d78e2d
I was getting errors about failed authentication via key

net-ssh-7.0.1/lib/net/ssh/authentication/ed[25](https://github.com/novozhenets/trackfolio-backend/runs/7365266070?check_suite_focus=true#step:4:26)519_loader.rb:19:in `raiseUnlessLoaded': OpenSSH keys only supported if ED25519 is available (NotImplementedError)
net-ssh requires the following gems for ed25519 support:
 * ed25519 (>= 1.2, < 2.0)
 * bcrypt_pbkdf (>= 1.0, < 2.0)

Issue is described here net-ssh/net-ssh#565

This should probably be added to README, it took me quite some time to figure this out

Capistrano commands fail with bad authentication

I am trying to get this action to work but am having an issue.
This is running on a self hosted worker.
Once i get it to setup and run it fails on the capistrano commands as bad authentication, but the access keys are being decrypted, setup and connected to the agent properly as I can ssh in to the target deployment box without issue from the runner box.

Run miloserdow/capistrano-deploy@master
  with:
    target: production
    deploy_key: ***
    enc_rsa_key_pth: config/power@deploy_enc
    capistrano_commands: ["deploy"]
/usr/bin/openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/power@deploy_enc -out config/deploy_id_rsa -k *** -a -pbkdf2
/usr/bin/chmod 0600 config/deploy_id_rsa
/usr/bin/ssh-agent -a /tmp/ssh-auth.sock
SSH_AUTH_SOCK=/tmp/ssh-auth.sock; export SSH_AUTH_SOCK;
SSH_AGENT_PID=78309; export SSH_AGENT_PID;
echo Agent pid 78309;
/usr/bin/ssh-add config/deploy_id_rsa
Identity added: config/deploy_id_rsa (power@deploy)
/home/rails/actions-runner/_work/_tool/Ruby/3.1.4/arm64/bin/bundle exec cap production deploy
#<Thread:0x0000ffff9231efb0 /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:10 run> terminated with exception (report_on_exception is true):
/home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:15:in `rescue in block (2 levels) in execute': Exception while executing as rails@[deploy-target-ip]: Authentication failed for user rails@[deploy-target-ip] (SSHKit::Runner::ExecuteError)
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:11:in `block (2 levels) in execute'
/home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/net-ssh-7.2.0/lib/net/ssh.rb:273:in `start': Authentication failed for user rails@[deploy-target-ip] (Net::SSH::AuthenticationFailed)
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/connection_pool.rb:63:in `call'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/connection_pool.rb:63:in `with'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/netssh.rb:177:in `with_ssh'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/netssh.rb:130:in `execute_command'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:148:in `block in create_command_and_execute'
	from <internal:kernel>:90:in `tap'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:148:in `create_command_and_execute'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:61:in `test'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/capistrano-rbenv-install-1.2.0/lib/capistrano/tasks/rbenv_install.rake:17:in `block (3 levels) in <top (required)>'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:31:in `instance_exec'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/backends/abstract.rb:31:in `run'
	from /home/rails/actions-runner/_work/**repo-name**/**repo-name**/vendor/bundle/ruby/3.1.0/gems/sshkit-1.21.6/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute'
(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as rails@[deploy-target-ip]: Authentication failed for user rails@[deploy-target-ip]

I have connected to the instance and confirmed that the agent is running, and I can ssh to the target box without supplying the additional options for the ssh key.

Deploying hangs

Deploying hangs on step /usr/bin/ssh-add config/deploy_id_rsa

No matter how long I will be waiting this process is infinity, also nothing is happen in server project folder.

##[error]Error: The process 'sudo' failed with exit code 1

I am getting this error in your code.

sudo bundle install --deployment
/usr/lib/ruby/2.5.0/rubygems.rb:289:in `find_spec_for_exe': can't find gem bundler (>= 0.a) with executable bundle (Gem::GemNotFoundException)
	from /usr/lib/ruby/2.5.0/rubygems.rb:308:in `activate_bin_path'
	from /usr/local/bin/bundle:23:in `<main>'
##[error]Error: The process 'sudo' failed with exit code 1
##[error]Node run failed with exit code 1

Remove node_modules from the repository, if possible

Probably need to update package.json and run npm install at some point.

Warning: The `set-env` command is deprecated and will be disabled soon

When running this action I get a warning:

Warning: The set-env command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

Not sure if it's only my setup, or a general problem with action or some of dependancies.

Can't decrypt key: deprecated key derivation used.

I couldn't make step 4 work:

openssl enc -aes-256-cbc -md sha512 -salt -in id_rsa -out deploy_id_rsa_enc -k PASSWORD -a 
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

It does create the encrypted file but doesn't ask to enter a password though.

When I run the job It fails with this error:

Error: No deploy key given
/usr/bin/openssl version
OpenSSL 1.1.1f  31 Mar 2020
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/deploy_id_rsa_enc -out config/deploy_id_rsa -k  -a
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140220230804800:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
Error: Error: The process '/usr/bin/openssl' failed with exit code 1

Any suggestion how to overcome this?

[Bug?] Error message "Valid ciphername values:"

I'm trying to encrypt my local key using the provided options and I get an error on macos Monterey. Not sure if I'm doing something wrong

cannot ssh into server: [error]: unix_listener: cannot bind to path /tmp/ssh-auth.sock: Address already in use

quick fix was to manually deleting the sock /tmp/ssh-auth.sock.

[note: I am using on a self hosted runner ]

Ruby version mismatch

Hi! I'm really interested in using this deploy action, but I can't figure out how to get around this error:

Your Ruby version is 2.5.1, but your Gemfile specified 2.4.0
##[error]Error: The process 'sudo' failed with exit code 18
##[error]Node run failed with exit code 1

Is there a way to specify what Ruby version to use for the deploy?

Rollback capability

Hello, I was wondering if it's easy to add support for rollback capability, i.e. if the commit message includes 'rollback' then cap deploy:rollback, or even support ROLLBACK_RELEASE.

Net::SSH::ConnectionTimeout: Net::SSH::ConnectionTimeout

hi, guys

I just encountered some problems here.
I have no idea about this, hope somebody can give me advices, really appreciate it!

log refer below:

Run miloserdow/capistrano-deploy@master
/opt/hostedtoolcache/Ruby/2.4.2/x64/bin/bundle exec cap staging deploy
[Deprecation Notice] `set :scm, :git` is deprecated.
To ensure your project is compatible with future versions of Capistrano,
remove the :scm setting and instead add these lines to your Capfile after
`require "capistrano/deploy"`:

    require "capistrano/scm/git"
    install_plugin Capistrano::SCM::Git

(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing on host MYHOST: Net::SSH::ConnectionTimeout


Caused by:
Net::SSH::ConnectionTimeout: Net::SSH::ConnectionTimeout


Caused by:
Errno::ETIMEDOUT: Connection timed out - connect(2) for MYIP 

Tasks: TOP => rbenv:validate
(See full trace by running task with --trace)
Error: Error: The process '/opt/hostedtoolcache/Ruby/2.4.2/x64/bin/bundle' failed with exit code 1

Pass Host Attribute

I've 2 staging servers. Both are having same SSH keys, but different domains.

For Example:
develop.host.com
release.host.com:

I setup all the instruction explained in the Workflow example for release.host.com but script is going to the other server develop.host.com and giving the following error.

SSHKit::Runner::ExecuteError: Exception while executing on host develop.host.com: Inappropriate ioctl for device
** DEPLOY FAILED
** Refer to log/capistrano.log for details. Here are the last 20 lines:
** Logfile created on 2020-11-22 09:07:23 +0000 by logger.rb/61378
** INFO ---------------------------------------------------------------------------
** INFO START 2020-11-22 09:07:23 +0000 cap staging deploy
** INFO ---------------------------------------------------------------------------
** INFO [c6df5283] Running /usr/bin/env mkdir -p /tmp on develop.host.com
** DEBUG [c6df5283] Command: /usr/bin/env mkdir -p /tmp
** No api key set, not submitting to Datadog
**Error: Error: The process '/opt/hostedtoolcache/Ruby/2.5.3/x64/bin/bundle' failed with exit code 1

How I can fix this, if i don't want to modify the SSH keys ? Can I pass Host params in the script to identify the target host ?

Authentication failed

Hi,

I'm trying to switch to latest version and ed25519 cypher key, but in two different repositories action fails to connect to server. With old keys everything works.

Steps:

ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
cat ~/.ssh/id_ed25519.pub #add to deploy keys
openssl enc -aes-256-cbc -md sha512 -salt -in ~/.ssh/id_ed25519 -out deploy_id_ed25519_enc -k "PASSWORD" -a -pbkdf2 #used PASSWORD for testing
cat deploy_id_ed25519_enc #added to repository
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Result:

/opt/hostedtoolcache/Ruby/2.6.10/x64/bin/bundle exec cap staging deploy
00:00 git:wrapper
      01 mkdir -p /tmp/Mod24_Blog/

...

cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as [email protected]: Authentication failed for user [email protected]


Caused by:
Net::SSH::AuthenticationFailed: Authentication failed for user [email protected]

My YAML:

...
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/[email protected]
    - name: Set up Ruby
      uses: ruby/[email protected]
      with:
        ruby-version: 2.6
        bundler-cache: true
    - uses: miloserdow/capistrano-deploy@master
      with:
        target: staging
        enc_rsa_key_pth: 'config/deploy/keys/deploy_staging_enc'
        deploy_key: ${{ secrets.TEST_DEPLOY_KEY }}

Is there something else that needs to be changed? Any ideas?

bad decrypt error message on Deployment

Deployment was working fine , but suddenly today i started getting this message, any idea what's happening or why I'm getting this error?

/usr/bin/openssl version
OpenSSL 1.1.1 11 Sep 2018
/usr/bin/openssl enc -d -aes-256-cbc -md sha512 -salt -in config/deploy/production_deploy_key -out config/deploy_id_rsa -k *** -a -pbkdf2
bad decrypt
140322642260416:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:564:
Error: Error: The process '/usr/bin/openssl' failed with exit code 1

BUNDLE_GEMFILE env variable support

I like to keep a separate Gemfile for deployment with cap, is there a way i can specify a Gemfile e.g. Gemfile.deploy to be used when running bundle exec cap <target> deploy via the github action? or a group to be used from the default Gemfile?

How to setup secrets on repository?

Save the password used in step 4 as a secret in repository settings via Settings / Secrets / Add

I am not a author of repository ( But I can contribute ), where is this settings of repository ? May be general settings https://github.com/settings/keys ?

Regression: Encrypted RSA private key file or value does not exist.

I'm getting the message above even though the deployment seems to complete successfully.
Github ends up marking the workflow as failed though. It seems to be an issue with working-directory, that's my first guess.
I'll poke around a bit
Action version 2.2

working-directory not operational

I have rails code in api folder.

- uses: miloserdow/capistrano-deploy@v2
        with:
          working-directory: ./api
          target: staging
          deploy_key: ${{ secrets.DEPLOY_ENC_KEY }}

Error coming is:

Could not locate Gemfile
##[error]Error: The process 'bundle' failed with exit code 10

fatal: Could not read from remote repository. when deploy

hi, I have encountered a problem when I just deploy my repo with GitHub action.
I have no idea what the problem probably is. Hope somebody can discuss with me.
really appreciate it.

refer log below:

00:53 bundler:install
      01 RBENV_ROOT=/usr/local/rbenv RBENV_VERSION=2.4.2 /usr/local/rbenv/bin/rbenv exec bundle install --path /home/apps/MyApp/shared/bundle --without development test --deployment --quiet
      01 ERROR: Repository not found.
      01 fatal: Could not read from remote repository.
      01 
      01 Please make sure you have the correct access rights
      01 and the repository exists.
      01 ERROR: Repository not found.
      01 fatal: Could not read from remote repository.

My guess is there are private gems in my repo.
Before deploy, I need to set up my ruby app first, I already handled about private gems with setting ssh-keys
Also, I need bundle install my app before deploy, and already pass it.
I thought I should already have enough permission about private gems.
Can't understand about no access rights here.

Node.js 12 actions are deprecated

Hello, I have deprecation notice

Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: miloserdow/capistrano-***

Bundle install is not using cached bundle

The README shows a cache step before the deployment runs where the bundle is vendored to vendor/bundle

The bundle install command here does not have the --path argument set to vendor/bundle therefore causing the cache to not be used at all (and a fresh bundle is installed on every deploy - taking minutes++)

Before I submit a PR was wondering if this was an oversight or am I missing a config setting somewhere?

Private key cannot have a passphrase

If the key generated with ssh-keygen has a passphrase set, later running ssh-add will require the passphrase with a terminal prompt which cannot be fulfilled during the workflow run, causing it to get stuck indefinitely.
I could not find a way to provide the passphrase to ssh-add via command line so, to avoid confusion, I'd suggest just adding that as a disclaimer to the project readme, so people don't get tripped on that in the future.
Thoughts?

Major version tag (v2) does not point to current release (v2.2)

Thanks for your work on this action!

The GitHub Actions documentation has this recommendation:

Move the major version tag (such as v1, v2) to point to the Git ref of the current release.

Is it possible for you to move the v2 tag?

Deploy on workflow_dispatch

The deploy is made only from master branch, is there a way to set the branch?