To use CI/CD for a GitHub repository on a DigitalOcean droplet, you'll typically use GitHub Actions (for CI) and an SSH-based deployment strategy (for CD).
Create SSH Key for GitHub Actions
On your local machine or a secure terminal:
ssh-keygen -t ed25519 -f ~/.ssh/github-actions-key -C "github-actions"
In Ubuntu: Generate SSH Keys
ssh-keygen -t ed25519 -C "github_actions@pythonct"
Copy public key:
cat ~/.ssh/id_ed25519.pub
This will return the public key.
Add to authorized_keys:
nano ~/.ssh/authorized_keys
Paste the public key here and save the file.
Get private key:
cat ~/.ssh/id_ed25519
It will look like this:
-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -----END OPENSSH PRIVATE KEY-----
Step 3: Add Private Key to GitHub Secrets
Go to your GitHub repo: Settings > Secrets and variables > Actions
Add a new secret:
- Name: SSH_PRIVATE_KEY
- Value: Paste the entire contents of
id_ed25519
Also add these secrets:
SSH_HOSTSSH_PRIVATE_KEYSSH_USERNAME
✅ Step 4: Create GitHub Actions Workflow
In your repo, create the file: .github/workflows/deploy.yml
name: auto deploy to ubuntu server
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v3
- name: deploy
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
cd /var/www/pythonct
git pull origin master
source venv/bin/activate
pip install -r requirements.txt
python manage.py migrate
python manage.py collectstatic --noinput
sudo systemctl restart gunicorn
Allow Passwordless Sudo for Specific Commands
On your server, open the sudoers file for a specific user:
sudo visudo
Add this line at the end, replacing yourusername with your actual Linux username:
yourusername ALL=(ALL) NOPASSWD: /bin/systemctl restart gunicorn
This allows yourusername to restart Gunicorn without a password — but only for this specific command.