This tutorial will show you how you can automate the deploy of your PHP codebase with the help of GitHub Actions and Ansible.

There are a lot of different approaches when it comes to deploying your PHP application to your production server(s). Nowadays, most projects use git and live on a platform like GitHub, GitLab or Bitbucket. But how do you roll out your changes to your server? You could manually SSH into your server after each change and pull the latest code from GitHub, you could use GitHub webhooks to do this automatically for you, or you could use an external software to manage and do all deploys for you. However, today I’d like to show you how you can automate your deploys with a tool called Ansible and GitHub Actions. Ansible is a powerful open-source automation software written in python which simplifies the process of setting up and managing remote machines in an automated way.

Generally, Ansible works like this: You need to create an Ansible Inventory which contains the information of your server(s) and you need to set up a way for Ansible to log into these servers. Ideally, you create a new user on your server just for Ansible which logs in with an SSH key for added security. Everything else gets configured with YAML files.
You can do a lot of things with Ansible: Set up your (web-)servers, keep them up-to-date, install software, automatically scale up or down and so much more – however, this guide will only focus on how to automatically deploy the latest version of your code with Ansible. We’ll prepare our servers and set up a GitHub Action which will automatically run Ansible and deploy our code to our server on each push to our production branch.

For Ansible to be able to connect to and work on your server, you need to do two things: install some required software (Python and Git) and create a separate admin user on your server for Ansible.

Now that you have an ansible user on your server, you should also create an SSH key-pair for it to use instead of a password, so it can connect more securely. Make sure to enable this SSH key for the newly created ansible user, not for your default root user on the server:

If you have multiple servers, repeat this step for each one of them (ideally, use the same SSH public key for the Ansible users on all servers).

Set up the Inventory
The so-called Ansible Inventory holds all information about your server(s) and any possible additional variables. You can either put the content in a file, or you can put the content in a GitHub “Repository Secret” and get the content later in your GitHub Action. I’d recommend going with the second option, because some of the content of the inventory (for example the IP addresses of the servers) may be considered confidential and shouldn’t appear in your git version control (especially when your server is behind a Cloudflare firewall or something similar).

Create the Playbook
To tell Ansible what to do when deploying our code, we need to create a so-called Ansible Playbook. It’s a YAML file with instructions for Ansible separated into different tasks (steps).
I’d recommend you to create a new directory for your Ansible Playbook in your PHP code repository.
You could also create a new repository just for your Ansible Playbooks and set it up so pushes to your main branch from your PHP code repository triggers the execution of the GitHub Action in your Ansible repository – this is great if you want to keep these things more separated, but it’s a bit more complicated to set up. That’s why I’d recommend you to go the easy route for now and just create a directory in your main repository.

Set up GitHub Actions
Now that we have an Ansible Playbook with instructions on how to deploy our code and Inventory containing our server IPs, we just need to set up GitHub actions to automatically run Ansible whenever we push to our production branch (or whatever you may have called it in your repository).

Luckily, there already exists a great pre-made GitHub action to do just that, called Run Ansible Playbook – we just need to set it up to work with our setup.

Credits :

Leave a Reply

Your email address will not be published. Required fields are marked *