Gravatar of Jeroen Jeroen Pelgrims

Pushing to Dokku from GitLab CI

Posted on in git, dokku, software-development

![GitLab CI logo](/images/gitlab-ci-logo.png)

I had heard about GitLab for a while ago but it was only recently that I actually tried it out a bit more thorougly and discovered they have quite a few cool features.
Just like Bitbucket they have a free tier which includes private repositories, or projects in GitLab lingo.

But on their free solution on —the .org domain is for the project itself— you can also make use of their CI service GitLab CI. Making use of the CI service is as easy as adding a file called .gitlab-ci.yml.
This makes the CI usage so much faster and easier than configuring everything on a separate site like CodeShip or Semaphore. Another big benefit is that there are no limitations of how many builds you can do per month or restrictions on private projects.

My projects are hosted on my own Dokku setup and I needed to find a way to automatically push from my GitLab repo to my Dokku server (using ssh authentication) on a successful build by GitLab CI.

Getting Gitlab CI to push to Dokku§

Generating an SSH keypair§

$ ssh-keygen -t rsa
Enter file in which to save the key (/home/<username>/.ssh/id_rsa): /home/<username>/.ssh/example
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/<username>/.ssh/example.
Your public key has been saved in /home/<username>/.ssh/

For the rest of the tutorial I'll assume you left the passphrase empty.

Adding the keypair to Dokku #§

sshcommand should already be installed on your server by Dokku by default.

$ cat /home/<username>/.ssh/ | ssh root@<yourdokkuinstance> "sudo sshcommand acl-add dokku <description>"

Where <yourdokkuinstance> is the domain or ip where your dokku is running.
It'll show a bunch of hexadecimal numbers separated by parentheses here if successful.

Adding the private key to GitLab§

Print out the contents of your private key and copy them to your keyboard.

cat /home/resurge/.ssh/example

Copy everything from

  • Open GitLab.
  • Go to the project you want to deploy
  • Open the settings
  • Open the Variables tab
  • Add a new variable with the key SSH_PRIVATE_KEY and paste the contents of the private key file.

Using the private key in the GitLab CI script§

Create a file called .gitlab-ci.yml in your project repository.

Add the following contents:

  - mkdir -p ~/.ssh
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
  - chmod 600 ~/.ssh/id_rsa
  - ssh-keyscan -H '<yourdokkuinstance>' >> ~/.ssh/known_hosts

  - deploy

  stage: deploy
    - git push dokku@<yourdokkuinstance>:<projectname> master

Useful info: Removing the key from Dokku when it's obsolete§

To remove the key you added earlier to the server where your Dokku installation is running you can SSH into the server and run the following command:
sshcommand acl-remove dokku <description>
Where <description> is the description you entered at the sshcommand acl-add step.

Other Paas providers§

Most of the steps in this post should be easily usable for other Paas providers as well like Heroku or OpenShift.
You'll have to ignore step 2 (Adding the keypair to Dokku) and possibly step 1 as well (Generating an SSH keypair). Instead, you should attach the generated key to your repository or account on your Paas provider's site or it's possible you'll be provided with one (and thus don't need to generate one).

This post was deployed using Gitlab CI as described in the post above :)

This post is written by Jeroen Pelgrims, an independent software developer who runs

Hire Jeroen