Use github action to automatically deploy Hexo [transl.]

The GitHub Pages service is open to every user for domain name resolution and hosting of username.github.io. If you are an ordinary user, the Github-Page service will only be open to public repositories. After the repositories are converted to private, Github-Page will stop parsing And updates; for student Pro and paid Pro users and above, the Github-Page service will provide services for both public and private repositories, but Travis CI is only free for public repositories. In summary, this article is for guys who want to use GitHub Pages service for private repositories.

P.S. Privatizing the repository hosting Github-Page can reduce privacy leakage. However, all files (of the deployment branch) can still be crawled/scanned.

Preface

I have always used the most concise and straightforward GitHub Pages and Jekyll for blog writing. Recently, I was trembling at home because of the disease control problem, but I couldn’t stop studying and working, so I just did things that I haven’t had time to do.

  • Private Github-Pages repository
  • Use Hexo instead of Jekyll
  • Use Github Action for automatic deployment

Use ssh-keygen to generate a key pair for deployment

1
2
3
4
5
# set up private key for deploy
mkdir -p ~/.ssh/
echo "$ACTION_DEPLOY_KEY" | tr -d '\r' > ~/.ssh/id_rsa # configure the key
chmod 600 ~/.ssh/id_rsa
ssh-keyscan github.com >> ~/.ssh/known_hosts

Use github personal access token to implement deployment

Similar to the backup verification code in Google’s two-step verification, but google token is a single generation (visible/query) and destroyed after use, GitHub personal token is a single generation and destruction (invisible) multiple uses.

Go to Settings >> Developer settings >> Personal access tokens, and click Generate new token.

Deploying a blog only requires read and write permissions to the repo. The token will not be visible after this page is closed (write it down!!).

Set up repository

Because the branch deployed by the Github-Pages service is main by default, there are two common repository setting methods as follows:

  • Double repository: repository A is used to store Hexo source files, repository B (xxx.github.io) is used to deploy Hexo generated files, push A triggers GitHub Action to update deployment repository B
  • Single repository: source branch is used to store Hexo source files, main branch is used to deploy Hexo generated files, push source triggers GitHub Action to update main and deploy Github-Pages

Here I am using a single-repository dual-branch setting. Be careful not to merge manually, otherwise, it will take time (history will disappear after the action refreshes the main).

We cannot store the token generated in the previous step in plaintext, so we need to set it as the Secrets of the repository so that the token can be implicitly referenced by Secrets. Enter (in the repository) setting >> Secrets >> Add a new secret, fill in the name with GITHUB_ACCESS_TOKEN, and fill in the token just now.

Set up GitHub Action

Modify Hexo’s _config.yml, and modify the following id and repository name to your own.

1
2
3
4
deploy:
type: git
repo: https://[email protected]/your-github-id/your-github-repo-name.git
branch: main

Create a new .github/workflows/blogci.yml in the root directory of Hexo, the content is as follows, modify the git information to your own:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
name: BlogCI

on: [push]

jobs:
build:
runs-on: ubuntu-18.04
steps:
- name: Download Source file
uses: actions/[email protected]
with:
ref: source # Specify the name of the branch where you store Hexo source files
- name: Prepare Node env
uses: actions/[email protected]
with:
node-version: "10.x" # This corresponds to your own nodejs version (10.12 tested well)
- name: Set Env
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_ACCESS_TOKEN }}
run: |
git config --global user.name 'my_name' # github用户名
git config --global user.email 'my_email' # github邮箱
sed -i "s/GITHUB_ACCESS_TOKEN/$GITHUB_ACCESS_TOKEN/g" ./_config.yml
- name: Hexo
run: |
npm i -g Hexo-cli
npm i
Hexo clean && Hexo g && Hexo d

Finally, you can also use another way of writing (using local installation to avoid npm installation dependency errors):

1
2
3
4
5
6
- name: Hexo
run: |
npm install Hexo
npm install
npx Hexo clean
npx Hexo g -d

Save it and push it to GitHub, and then enter Actions and you will find that BlogCI is already working.

Price

At present, GitHub Action adopts a free time marketing strategy:

  • 2000 minutes of free usage per month for common users
  • 3000 minutes of free usage per month for pro users

According to my statistics, the execution time of successful push action is between 40~60s, and the execution time of longer (3~5min) is generally an error :(

According to this time to estimate, the user does not need to spend extra on the action :)

Reference

  1. Github-Pages service
  2. Jekyll framework
  3. Google backup verification code
  4. https://rook1e.com/p/6.html
  5. Hexo Docs