You know the ritual.
New project. New VPS. Generate keypair. SSH in. Paste into authorized_keys. Go to GitHub Settings. Add SSH_KEY. Add SSH_HOST. Add SSH_PORT. Add SSH_USER. Write deploy.yml from memory. Commit. Push. It fails because you mixed up a secret name. Fix. Push again.
15 minutes. Every time. For the rest of your career.
I got tired of it. So I killed it.
npx deploymate-cli
That's it. One command. Fill in 5 fields. Done.
What happens under the hood
┌─────────────────────────────────────────────────────────┐
│ ✓ Generating RSA key pair (in memory only) │
│ ✓ Uploading public key to server │
│ ✓ Injecting GitHub secrets │
│ ✓ Committing deploy.yml │
│ │
│ └─ CI/CD is live. Every push to main deploys. │
└─────────────────────────────────────────────────────────┘
Every push to main now runs:
git fetch + reset --hard
docker compose down
docker compose up -d --build
No agent. No dashboard. No new service to babysit. Just a GitHub Actions workflow that does exactly what it says.
The security bit — since you'll ask
The SSH password is used exactly once to bootstrap key auth. Never logged. Never stored. The private key is generated fresh, goes straight into a GitHub secret via libsodium box seal (how the API requires it), and then it's gone. After setup, your server only speaks to GitHub via the key we just installed.
Source is all on GitHub. src/services/ssh.ts and src/services/github.ts if you want to audit — it's small.
This isn't Coolify
No UI to manage. No containers to run. No database to back up. This is for when you want git push to deploy on a $6 VPS and you don't want to think about it again.
Small scope. Does one thing. Does it well.
→ github.com/Benyaminrmb/deploymate
→ npmjs.com/package/deploymate-cli
PRs welcome. Issues too — I actually read them.
Top comments (0)