The roots/setup-trellis-cli
action is a JavaScript action that sets up Trellis CLI in your GitHub Actions workflow by:
- Downloading a specific version of trellis-cli (defaults the latest) and adding it to the
PATH
. - Creating a
.vault_pass
file with your Ansible Vault password input. - Initializing the Trellis project in the GitHub repo by running the
trellis init
command.- Creates a virtual environment and installs dependencies (mainly Ansible) with automatic caching.
- Installs Ansible galaxy roles by running
trellis galaxy install
with automatic caching.
See the Deploying Trellis WordPress Sites with GitHub Actions guide.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: roots/setup-trellis-cli@v1
with:
ansible-vault-password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- run: trellis deploy production
See the examples for some full workflow examples including a site with a Sage-based theme and a project with a multi-repo setup.
See Workflow syntax for GitHub Actions for more details on writing GitHub workflows.
Required Ansible Vault password. Use a GitHub secret for this value (example in usage above).
This can also be set using the GitHub CLI:
gh secret set ANSIBLE_VAULT_PASSWORD -b $(cat trellis/.vault_pass)
Note: this is a required input even if you don't use Ansible Vault. Just set this to any random placeholder string.
Optionally set the GitHub token for API authorization. Setting this token will avoid any potential API rate limits.
The best option is to set this to the default token secret which GitHub automatically sets: secrets.GITHUB_TOKEN
.
See https://docs.github.com/en/actions/security-guides/automatic-token-authentication
Whether to automatically run the trellis init
command after install.
Default: true
If you want to manage dependencies manually yourself, disable this option.
When enabled, the virtualenv created by the trellis init
command is automatically
cached.
Default: true
Whether to automatically run the trellis galaxy install
command to install
Ansible Galaxy roles.
Default: true
Path to the Trellis project directory. This defaults to trellis
to match the default directory structure of a project created with trellis new
.
Default: trellis
Version of Trellis CLI to install. See Releases for all possible versions.
Note: if you want a specific version, include the 'v' in the version name (eg:
v1.5.1
).
Default: latest
Most usages of this action will require SSH known hosts to be set, including the example workflow which uses shimataro/ssh-key-action
.
Since the GitHub Action runner will be the client SSHing into your remote Trellis server, this is needed to allow a connection from GitHub -> your server, which means the known host is for the remote server hostname.
This value is not just the hostname/IP, it needs be in OpenSSH format which looks like this:
example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
Or the hashed output:
|1|nLf9avvc+tz8nFgUW/3tPwjTA4Q=|dLZn1guXUrBjLg4s23ird724guA= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
There's a few ways to get this value:
- using trellis-cli:
trellis key generate
- manually using
ssh-keyscan
:
ssh-keyscan -t ed25519 -H MY_SERVER_HOSTNAME
- from your
~/.ssh/known_hosts
file (if you've previously SSH'd into the server):
Note: always use a GitHub secret to store this value. Do not hardcode the plain
text value in your workflow file. trellis key generate
will use a secret
automatically.
The Trellis CLI version installed. Example: v1.5.1
Contributions are welcome from everyone. We have contributing guidelines to help you get started.
Keep track of development and community news.
- Join us on Roots Slack by becoming a GitHub sponsor or patron
- Participate on the Roots Discourse
- Follow @rootswp on Twitter
- Read and subscribe to the Roots Blog
- Subscribe to the Roots Newsletter