DEV Community: Ali Sahin The latest articles on DEV Community by Ali Sahin (@ali_sahin). https://dev.to/ali_sahin https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3353092%2F747c5783-a09f-45f7-9a24-025bf29b5d96.png DEV Community: Ali Sahin https://dev.to/ali_sahin en Deploy Next.js Application on AWS Lightsail with GitHub Actions Ali Sahin Thu, 12 Feb 2026 06:10:19 +0000 https://dev.to/ali_sahin/deploy-nextjs-application-on-aws-lightsail-with-github-actions-1ii1 https://dev.to/ali_sahin/deploy-nextjs-application-on-aws-lightsail-with-github-actions-1ii1 <p>In this article, we'll walk through deploying Next.js and Node.js applications on AWS Lightsail using Nginx, PM2, GitHub Actions, and Cloudflare.</p> <h2> Prerequisites </h2> <p>Before starting, ensure you have:</p> <ul> <li>AWS account with Lightsail access</li> <li>GitHub account for repository hosting</li> <li>Cloudflare account for DNS management</li> <li>Domain name pointed to Cloudflare nameservers</li> <li>Basic knowledge of Linux commands and Git</li> <li>Node.js applications ready for deployment</li> </ul> <h2> Architecture Overview </h2> <p>Our deployment architecture includes:</p> <ul> <li> <strong>AWS Lightsail:</strong> Virtual private server hosting the applications</li> <li> <strong>Nginx:</strong> Reverse proxy routing traffic to applications</li> <li> <strong>PM2:</strong> Process manager keeping Node.js apps running</li> <li> <strong>GitHub Actions:</strong> CI/CD pipeline for automated deployments</li> <li> <strong>Cloudflare:</strong> DNS management and SSL/TLS termination</li> </ul> <h2> Performance Improvement </h2> <p>This architecture provides several performance benefits:</p> <p><strong>Application-Level Performance:</strong><br> Nginx serves as an efficient reverse proxy, handling SSL termination and static file serving, which reduces load on the Node.js applications. PM2 enables zero-downtime deployments through its cluster mode and automatic restarts, ensuring applications remain available during updates.</p> <p><strong>Caching and CDN:</strong><br> Cloudflare's global CDN caches static assets at edge locations worldwide, significantly reducing latency for users. Nginx can also implement additional caching layers for API responses and dynamic content, further improving response times.</p> <p><strong>Resource Optimization:</strong><br> PM2's cluster mode allows Node.js applications to utilize all available CPU cores, maximizing server resource utilization. Lightsail provides predictable performance with fixed resource allocations, making capacity planning straightforward.</p> <h2> Implementation Steps </h2> <h3> Step 1: Set Up AWS Lightsail Instance </h3> <p>Create a new Lightsail instance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Use AWS Console or CLI</span> aws lightsail create-instances <span class="se">\</span> <span class="nt">--instance-names</span> my-app-server <span class="se">\</span> <span class="nt">--availability-zone</span> us-east-1a <span class="se">\</span> <span class="nt">--blueprint-id</span> ubuntu_22_04 <span class="se">\</span> <span class="nt">--bundle-id</span> nano_2_0 </code></pre> </div> <p><strong>Console Steps:</strong></p> <ol> <li>Log in to AWS Lightsail console</li> <li>Click "Create instance"</li> <li>Select Linux/Unix platform</li> <li>Choose Ubuntu 22.04 LTS blueprint</li> <li>Select an instance plan (recommend at least $5/month for production)</li> <li>Name your instance (e.g., "my-app-server")</li> <li>Click "Create instance"</li> </ol> <p>Once the instance is running, note its static IP address. Configure the Lightsail firewall:</p> <p><strong>Firewall Rules:</strong></p> <ul> <li>SSH (Port 22) - Your IP only</li> <li>HTTP (Port 80) - All traffic</li> <li>HTTPS (Port 443) - All traffic</li> </ul> <h3> Step 2: Connect and Set Up the Server </h3> <p>Connect to your Lightsail instance via SSH:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Download the SSH key from Lightsail console</span> <span class="nb">chmod </span>400 lightsail-key.pem ssh <span class="nt">-i</span> lightsail-key.pem ubuntu@YOUR_STATIC_IP </code></pre> </div> <p>Update the system and install required packages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Update package list</span> <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt upgrade <span class="nt">-y</span> <span class="c"># Install Nginx and Git</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> nginx git <span class="c"># Install Node.js 24.x (LTS)</span> curl <span class="nt">-fsSL</span> https://deb.nodesource.com/setup_24.x | <span class="nb">sudo</span> <span class="nt">-E</span> bash - <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> nodejs <span class="c"># Verify installation</span> node <span class="nt">--version</span> npm <span class="nt">--version</span> <span class="c"># Install PM2 globally</span> <span class="nb">sudo </span>npm <span class="nb">install</span> <span class="nt">-g</span> pm2 <span class="c"># Verify PM2 installation</span> pm2 <span class="nt">--version</span> </code></pre> </div> <h3> Step 3: Configure Nginx as Reverse Proxy </h3> <p>Create Nginx configuration for your applications:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create configuration file</span> <span class="nb">sudo </span>nano /etc/nginx/sites-available/myapp </code></pre> </div> <p>Add the following configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">yourdomain.com</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/api</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://localhost:4000</span><span class="p">;</span> <span class="c1"># backend port</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_cache_bypass</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="c1"># CORS headers (if needed)</span> <span class="kn">add_header</span> <span class="s">Access-Control-Allow-Origin</span> <span class="s">*</span><span class="p">;</span> <span class="c1"># Rate limiting for API endpoints</span> <span class="kn">location</span> <span class="n">/api</span> <span class="p">{</span> <span class="kn">limit_req</span> <span class="s">zone=api_limit</span> <span class="s">burst=20</span> <span class="s">nodelay</span><span class="p">;</span> <span class="kn">proxy_pass</span> <span class="s">http://localhost:4000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://localhost:3000</span><span class="p">;</span> <span class="c1"># frontend port</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_cache_bypass</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="c1"># Cache static assets</span> <span class="kn">location</span> <span class="n">/_next/static</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://localhost:3000</span><span class="p">;</span> <span class="kn">proxy_cache_valid</span> <span class="mi">60m</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">Cache-Control</span> <span class="s">"public,</span> <span class="s">max-age=3600,</span> <span class="s">immutable"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Rate limiting configuration</span> <span class="k">limit_req_zone</span> <span class="nv">$binary_remote_addr</span> <span class="s">zone=api_limit:10m</span> <span class="s">rate=10r/s</span><span class="p">;</span> </code></pre> </div> <p>Enable the configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create symbolic link</span> <span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/ <span class="c"># Remove default configuration</span> <span class="nb">sudo rm</span> /etc/nginx/sites-enabled/default <span class="c"># Test configuration</span> <span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="c"># Reload Nginx</span> <span class="nb">sudo </span>systemctl reload nginx <span class="c"># Enable Nginx to start on boot</span> <span class="nb">sudo </span>systemctl <span class="nb">enable </span>nginx </code></pre> </div> <h3> Step 4: Set Up Application Directories </h3> <p>Create directories for your applications:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create application directories</span> <span class="nb">sudo mkdir</span> <span class="nt">-p</span> /var/www/my-app <span class="c"># Set ownership to ubuntu user</span> <span class="nb">sudo chown</span> <span class="nt">-R</span> ubuntu:ubuntu /var/www/my-app <span class="c"># Create environment files directory</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /home/ubuntu/.env-files </code></pre> </div> <h3> Step 5: Configure PM2 for Process Management </h3> <p>Create PM2 ecosystem configuration file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create ecosystem file</span> nano /var/www/ecosystem.config.js </code></pre> </div> <p>Add the following PM2 configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="na">apps</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">frontend</span><span class="dl">"</span><span class="p">,</span> <span class="na">cwd</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/var/www/my-app/frontend</span><span class="dl">"</span><span class="p">,</span> <span class="na">script</span><span class="p">:</span> <span class="dl">"</span><span class="s2">npm</span><span class="dl">"</span><span class="p">,</span> <span class="na">args</span><span class="p">:</span> <span class="dl">"</span><span class="s2">start</span><span class="dl">"</span><span class="p">,</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">NODE_ENV</span><span class="p">:</span> <span class="dl">"</span><span class="s2">production</span><span class="dl">"</span><span class="p">,</span> <span class="na">PORT</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="p">},</span> <span class="na">instances</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">exec_mode</span><span class="p">:</span> <span class="dl">"</span><span class="s2">cluster</span><span class="dl">"</span><span class="p">,</span> <span class="na">autorestart</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">watch</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">max_memory_restart</span><span class="p">:</span> <span class="dl">"</span><span class="s2">500M</span><span class="dl">"</span><span class="p">,</span> <span class="na">error_file</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/var/www/logs/nextjs-error.log</span><span class="dl">"</span><span class="p">,</span> <span class="na">out_file</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/var/www/logs/nextjs-out.log</span><span class="dl">"</span><span class="p">,</span> <span class="na">merge_logs</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">time</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">api</span><span class="dl">"</span><span class="p">,</span> <span class="na">cwd</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/var/www/my-app/api</span><span class="dl">"</span><span class="p">,</span> <span class="na">script</span><span class="p">:</span> <span class="dl">"</span><span class="s2">dist/index.js</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// or 'src/index.js' if not using TypeScript</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">NODE_ENV</span><span class="p">:</span> <span class="dl">"</span><span class="s2">production</span><span class="dl">"</span><span class="p">,</span> <span class="na">PORT</span><span class="p">:</span> <span class="mi">4000</span><span class="p">,</span> <span class="p">},</span> <span class="na">instances</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">exec_mode</span><span class="p">:</span> <span class="dl">"</span><span class="s2">cluster</span><span class="dl">"</span><span class="p">,</span> <span class="na">autorestart</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">watch</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">max_memory_restart</span><span class="p">:</span> <span class="dl">"</span><span class="s2">500M</span><span class="dl">"</span><span class="p">,</span> <span class="na">error_file</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/var/www/logs/api-error.log</span><span class="dl">"</span><span class="p">,</span> <span class="na">out_file</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/var/www/logs/api-out.log</span><span class="dl">"</span><span class="p">,</span> <span class="na">merge_logs</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">time</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">};</span> </code></pre> </div> <p>Create logs directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo mkdir</span> <span class="nt">-p</span> /var/www/logs <span class="nb">sudo chown</span> <span class="nt">-R</span> ubuntu:ubuntu /var/www/logs </code></pre> </div> <h3> Step 6: Configure Cloudflare DNS and SSL </h3> <p><strong>DNS Configuration:</strong></p> <ol> <li>Log in to your Cloudflare dashboard</li> <li>Select your domain</li> <li>Go to DNS settings</li> <li>Add A records: <ul> <li>Name: <code>nextapp</code>, Content: <code>YOUR_LIGHTSAIL_STATIC_IP</code>, Proxy: Enabled (Orange cloud)</li> <li>Name: <code>api</code>, Content: <code>YOUR_LIGHTSAIL_STATIC_IP</code>, Proxy: Enabled (Orange cloud)</li> </ul> </li> </ol> <p><strong>SSL/TLS Configuration:</strong></p> <ol> <li>Go to SSL/TLS settings in Cloudflare</li> <li>Set SSL/TLS encryption mode to "Flexible" (or "Full" if you configure SSL on Lightsail)</li> <li>Enable "Always Use HTTPS"</li> <li>Enable "Automatic HTTPS Rewrites"</li> <li>For production, consider "Full (Strict)" mode with origin certificates</li> </ol> <p><strong>Optional: Generate Cloudflare Origin Certificate (for Full Strict mode):</strong></p> <ol> <li>In Cloudflare, go to SSL/TLS → Origin Server</li> <li>Click "Create Certificate"</li> <li>Keep default settings (RSA, 15-year validity)</li> <li>Save the certificate and private key</li> </ol> <p>Install on Lightsail:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Save certificate</span> <span class="nb">sudo </span>nano /etc/ssl/certs/cloudflare-origin.pem <span class="c"># Paste certificate content</span> <span class="c"># Save private key</span> <span class="nb">sudo </span>nano /etc/ssl/private/cloudflare-origin.key <span class="c"># Paste private key content</span> <span class="c"># Set permissions</span> <span class="nb">sudo chmod </span>644 /etc/ssl/certs/cloudflare-origin.pem <span class="nb">sudo chmod </span>600 /etc/ssl/private/cloudflare-origin.key </code></pre> </div> <p>Update Nginx configuration to use SSL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">yourdomain.com</span><span class="p">;</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/certs/cloudflare-origin.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/cloudflare-origin.key</span><span class="p">;</span> <span class="kn">ssl_protocols</span> <span class="s">TLSv1.2</span> <span class="s">TLSv1.3</span><span class="p">;</span> <span class="kn">ssl_ciphers</span> <span class="s">HIGH:!aNULL:!MD5</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://localhost:3000</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_cache_bypass</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Redirect HTTP to HTTPS</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">yourdomain.com</span><span class="p">;</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name$request_uri</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Step 7: Set Up GitHub Actions SSH Access </h3> <p>Generate SSH key for GitHub Actions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># On your Lightsail instance, create deployment user SSH key</span> ssh-keygen <span class="nt">-t</span> ed25519 <span class="nt">-C</span> <span class="s2">"myapp-github-actions"</span> <span class="nt">-f</span> ~/.ssh/myapp-github-actions <span class="nt">-N</span> <span class="s2">""</span> <span class="c"># Add public key to authorized_keys</span> <span class="nb">cat</span> ~/.ssh/myapp-github-actions.pub <span class="o">&gt;&gt;</span> ~/.ssh/authorized_keys <span class="c"># Display private key (copy this for GitHub Secrets)</span> <span class="nb">cat</span> ~/.ssh/myapp-github-actions </code></pre> </div> <p><strong>Add Secrets to GitHub Repository:</strong></p> <ol> <li>Go to your GitHub repository</li> <li>Navigate to Settings → Secrets and variables → Actions</li> <li>Add the following secrets: <ul> <li> <code>LIGHTSAIL_HOST</code>: Your Lightsail static IP</li> <li> <code>LIGHTSAIL_USERNAME</code>: <code>ubuntu</code> </li> <li> <code>LIGHTSAIL_SSH_KEY</code>: Contents of the private key from above</li> <li> <code>LIGHTSAIL_PORT</code>: <code>22</code> </li> </ul> </li> </ol> <h3> Step 8: Create GitHub Actions Workflow for monorepo Application </h3> <p>Create <code>.github/workflows/deploy-to-lightsail.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy To Lightsail</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build-deploy</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build &amp; Deploy</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">continue-on-error</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">outputs</span><span class="pi">:</span> <span class="na">node_modules_cache_key</span><span class="pi">:</span> <span class="s">${{ steps.cache.outputs.cache-hit }}</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v5</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Use Node.js </span><span class="m">24</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="m">24</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Cache node_modules</span> <span class="na">id</span><span class="pi">:</span> <span class="s">cache</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/cache@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">node_modules</span> <span class="s">~/.npm</span> <span class="na">key</span><span class="pi">:</span> <span class="s">${{ runner.os }}-node-${{ hashFiles('package-lock.json') }}</span> <span class="c1"># ---------------- Backend Build ----------------</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install backend dependencies</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">api</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build backend</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">api</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> <span class="c1"># ---------------- Frontend Build ----------------</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install frontend dependencies</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">frontend</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build frontend</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">frontend</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> <span class="c1"># ---------------- Package Artifacts ----------------</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Prepare deployment package</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">mkdir -p deploy/api deploy/frontend</span> <span class="s">cp -r api/dist deploy/api/</span> <span class="s">cp api/package*.json deploy/api/</span> <span class="s">cp -r frontend/.next frontend/public frontend/package*.json deploy/frontend/</span> <span class="s">cp ecosystem.config.js deploy/</span> <span class="c1"># ---------------- Deploy to Server ----------------</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy via rsync</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">burnett01/rsync-deployments@7.0.1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">switches</span><span class="pi">:</span> <span class="s">-avzr --delete</span> <span class="na">path</span><span class="pi">:</span> <span class="s">deploy/</span> <span class="na">remote_path</span><span class="pi">:</span> <span class="s">/var/www/my-app</span> <span class="na">remote_host</span><span class="pi">:</span> <span class="s">${{ secrets.SERVER_IP }}</span> <span class="na">remote_user</span><span class="pi">:</span> <span class="s">${{ secrets.SERVER_USER }}</span> <span class="na">remote_key</span><span class="pi">:</span> <span class="s">${{ secrets.SSH_PRIVATE_KEY }}</span> <span class="c1"># ---------------- Install &amp; Restart on Server ----------------</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">SSH and restart apps</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">appleboy/ssh-action@v1.2.2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">${{ secrets.SERVER_IP }}</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ secrets.SERVER_USER }}</span> <span class="na">key</span><span class="pi">:</span> <span class="s">${{ secrets.SSH_PRIVATE_KEY }}</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cp ~/.env-files/.env.api /var/www/my-app/api/.env </span> <span class="s">cp ~/.env-files/.env.frontend /var/www/my-app/frontend/.env.production</span> <span class="s">cd /var/www/my-app/api</span> <span class="s">npm ci</span> <span class="s">cd /var/www/my-app/frontend</span> <span class="s">npm ci --omit=dev</span> <span class="s">cd /var/www/my-app</span> <span class="s">pm2 startOrRestart ecosystem.config.js</span> </code></pre> </div> <h3> Step 9: Test GitHub Actions Deployment </h3> <p>Push changes to your <code>main</code> branch to trigger the workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git add <span class="nb">.</span> git commit <span class="nt">-m</span> <span class="s2">"Set up GitHub Actions deployment"</span> git push origin main </code></pre> </div> <p>Monitor the Actions tab in your GitHub repository to ensure the deployment completes successfully.</p> <h3> Step 10: Initial Manual Deployment </h3> <p>Before using GitHub Actions, manually deploy your applications:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Clone your repository</span> <span class="nb">cd</span> /var/www/my-app git clone https://github.com/yourusername/my-app.git <span class="nb">.</span> <span class="c"># Build Next.js app</span> <span class="nb">cd</span> /var/www/my-app/frontend npm <span class="nb">install </span>npm run build <span class="c"># Build Node.js API</span> <span class="nb">cd</span> /var/www/my-app/api npm <span class="nb">install </span>npm run build <span class="c"># If using TypeScript</span> <span class="c"># Start applications with PM2</span> pm2 start /var/www/my-app/ecosystem.config.js <span class="c"># Save PM2 configuration</span> pm2 save <span class="c"># Set PM2 to start on system boot</span> pm2 startup <span class="c"># Follow the instructions provided by the command</span> </code></pre> </div> <h3> Step 11: Configure Environment Variables </h3> <p>Store environment variables securely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create .env file for Next.js app</span> nano /var/www/my-app/frontend/.env.production <span class="c"># Add your variables</span> <span class="nv">NEXT_PUBLIC_API_URL</span><span class="o">=</span>https://yourdomain.com/api <span class="nv">DATABASE_URL</span><span class="o">=</span>your_database_url <span class="nv">API_SECRET_KEY</span><span class="o">=</span>your_secret_key <span class="c"># Create .env file for Node.js API</span> nano /var/www/my-app/api/.env <span class="c"># Add your variables</span> <span class="nv">PORT</span><span class="o">=</span>4000 <span class="nv">DATABASE_URL</span><span class="o">=</span>your_database_url <span class="nv">JWT_SECRET</span><span class="o">=</span>your_jwt_secret <span class="nv">NODE_ENV</span><span class="o">=</span>production <span class="c"># Secure the files</span> <span class="nb">chmod </span>600 /var/www/my-app/frontend/.env.production <span class="nb">chmod </span>600 /var/www/my-app/api/.env </code></pre> </div> <p><strong>Add environment variables to GitHub Secrets</strong> for use in workflows if needed.</p> <h2> Verification </h2> <p>After deployment, verify everything is working:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check PM2 status</span> pm2 status <span class="c"># View application logs</span> pm2 logs nextjs-app <span class="nt">--lines</span> 50 pm2 logs nodejs-api <span class="nt">--lines</span> 50 <span class="c"># Check Nginx status</span> <span class="nb">sudo </span>systemctl status nginx <span class="c"># Test local endpoints</span> curl http://localhost:3000 curl http://localhost:4000 <span class="c"># Test public endpoints</span> curl https://yourdomain.com curl https://yourdomain.com/api </code></pre> </div> <h2> Security Enhancement </h2> <p><strong>SSL/TLS Encryption:</strong><br> Cloudflare provides free SSL certificates with automatic renewal, ensuring all traffic between users and your applications is encrypted. Cloudflare's Full (Strict) SSL mode encrypts traffic end-to-end, from users to Cloudflare to your Lightsail instance.</p> <p><strong>DDoS Protection:</strong><br> Cloudflare's built-in DDoS protection shields your applications from attacks at the edge, preventing malicious traffic from reaching your Lightsail instance. This protection is included in the free tier and automatically scales with attack volume.</p> <p><strong>Firewall and Access Control:</strong><br> Lightsail's firewall allows you to restrict access to specific ports, ensuring only necessary services are exposed. Cloudflare's WAF (Web Application Firewall) can be configured to block common attack patterns and malicious requests before they reach your server.</p> <p><strong>Secure Deployments:</strong><br> GitHub Actions with OIDC or SSH key authentication eliminates the need for long-lived credentials in your CI/CD pipeline. PM2 runs applications with limited user privileges, following the principle of least privilege.</p> <h2> Cost Efficiency </h2> <p><strong>Predictable Pricing:</strong><br> AWS Lightsail offers fixed monthly pricing starting at $3.50/month, including data transfer allowances. This predictable cost structure makes budgeting simple compared to pay-per-use EC2 instances.</p> <p><strong>Cloudflare Free Tier:</strong><br> Cloudflare's free tier includes DNS management, SSL certificates, and DDoS protection at no cost. The CDN caching reduces bandwidth usage on your Lightsail instance, potentially allowing you to use a smaller instance size.</p> <p><strong>Resource Consolidation:</strong><br> Hosting multiple applications on a single Lightsail instance with Nginx as a reverse proxy maximizes resource utilization. PM2's efficient process management ensures applications use only necessary resources, preventing waste.</p> <p><strong>No Additional Service Costs:</strong><br> Unlike managed container services or serverless platforms, Lightsail with Nginx and PM2 has no additional service fees—you only pay for the compute instance.</p> <h2> Troubleshooting </h2> <h3> Issue: PM2 Applications Not Starting </h3> <p><strong>Symptoms:</strong> PM2 shows applications as "errored" or "stopped"</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check detailed logs</span> pm2 logs nextjs-app <span class="nt">--lines</span> 100 <span class="c"># Check if port is already in use</span> <span class="nb">sudo </span>netstat <span class="nt">-tulpn</span> | <span class="nb">grep</span> :3000 <span class="c"># Verify Node.js version</span> node <span class="nt">--version</span> <span class="c"># Restart with verbose output</span> pm2 delete nextjs-app pm2 start /var/www/ecosystem.config.js <span class="nt">--only</span> nextjs-app </code></pre> </div> <h3> Issue: Nginx 502 Bad Gateway </h3> <p><strong>Symptoms:</strong> Nginx returns 502 error when accessing applications</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check if applications are running</span> pm2 status <span class="c"># Verify applications are listening on correct ports</span> curl http://localhost:3000 curl http://localhost:4000 <span class="c"># Check Nginx error logs</span> <span class="nb">sudo tail</span> <span class="nt">-f</span> /var/log/nginx/error.log <span class="c"># Test Nginx configuration</span> <span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="c"># Restart Nginx</span> <span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <h3> Issue: GitHub Actions Deployment Fails </h3> <p><strong>Symptoms:</strong> GitHub Actions workflow shows SSH connection errors</p> <p><strong>Solution:</strong></p> <ol> <li>Verify SSH key is correctly added to GitHub Secrets</li> <li>Check Lightsail firewall allows SSH from GitHub Actions IPs</li> <li>Test SSH connection manually: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh <span class="nt">-i</span> myapp-github-actions ubuntu@YOUR_LIGHTSAIL_IP </code></pre> </div> <ol> <li>Ensure <code>authorized_keys</code> file has correct permissions: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod </span>700 ~/.ssh <span class="nb">chmod </span>600 ~/.ssh/authorized_keys </code></pre> </div> <h3> Issue: Cloudflare SSL Errors </h3> <p><strong>Symptoms:</strong> "Too many redirects" or "SSL handshake failed"</p> <p><strong>Solution:</strong></p> <ol> <li>Check Cloudflare SSL mode matches your Nginx configuration: <ul> <li>Flexible: No SSL on Lightsail (HTTP only)</li> <li>Full: Self-signed certificate on Lightsail</li> <li>Full (Strict): Cloudflare Origin Certificate on Lightsail</li> </ul> </li> <li>Disable "Always Use HTTPS" temporarily in Cloudflare</li> <li>Check Nginx SSL certificate paths are correct</li> <li>Verify Nginx is listening on port 443: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>netstat <span class="nt">-tulpn</span> | <span class="nb">grep</span> :443 </code></pre> </div> <h3> Issue: High Memory Usage </h3> <p><strong>Symptoms:</strong> PM2 apps restarting frequently due to memory limits</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check memory usage</span> pm2 status free <span class="nt">-h</span> <span class="c"># Adjust max_memory_restart in ecosystem.config.js</span> <span class="c"># Reduce number of instances if needed</span> <span class="c"># Consider upgrading Lightsail plan</span> <span class="c"># Monitor memory over time</span> pm2 monit </code></pre> </div> <h2> Monitoring and Maintenance </h2> <p><strong>PM2 Monitoring:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># View real-time monitoring</span> pm2 monit <span class="c"># View process list</span> pm2 status <span class="c"># View logs</span> pm2 logs <span class="c"># Flush logs</span> pm2 flush </code></pre> </div> <p><strong>Nginx Monitoring:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check access logs</span> <span class="nb">sudo tail</span> <span class="nt">-f</span> /var/log/nginx/access.log <span class="c"># Check error logs</span> <span class="nb">sudo tail</span> <span class="nt">-f</span> /var/log/nginx/error.log <span class="c"># Check Nginx status</span> <span class="nb">sudo </span>systemctl status nginx </code></pre> </div> <p><strong>System Monitoring:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check disk space</span> <span class="nb">df</span> <span class="nt">-h</span> <span class="c"># Check memory usage</span> free <span class="nt">-h</span> <span class="c"># Check CPU usage</span> top <span class="c"># Check running processes</span> ps aux </code></pre> </div> <p><strong>Regular Maintenance Tasks:</strong></p> <ol> <li>Update system packages monthly: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt upgrade <span class="nt">-y</span> </code></pre> </div> <ol> <li>Rotate logs to prevent disk space issues: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pm2 <span class="nb">install </span>pm2-logrotate pm2 <span class="nb">set </span>pm2-logrotate:max_size 10M pm2 <span class="nb">set </span>pm2-logrotate:retain 7 </code></pre> </div> <ol> <li>Monitor Lightsail metrics in AWS console</li> <li>Review Cloudflare analytics for traffic patterns</li> <li>Set up CloudWatch alarms for Lightsail instance health</li> </ol> <h2> Next Steps </h2> <p>After successfully deploying your applications, consider these enhancements:</p> <p><strong>Caching Layer:</strong></p> <ul> <li>Install Redis for session storage and caching</li> <li>Configure Nginx caching for static assets</li> <li>Use Cloudflare's cache rules for optimal CDN performance</li> </ul> <p><strong>Monitoring and Logging:</strong></p> <ul> <li>Set up PM2 Plus for advanced monitoring</li> <li>Configure CloudWatch Logs for centralized logging</li> <li>Set up Uptime monitoring with services like UptimeRobot</li> </ul> <p><strong>Backup Strategy:</strong></p> <ul> <li>Configure Lightsail automatic snapshots</li> <li>Set up database backup scripts</li> <li>Store critical data in S3</li> </ul> <p><strong>Scaling Considerations:</strong></p> <ul> <li>Use Lightsail load balancer with multiple instances for high availability</li> <li>Migrate to ECS or EC2 Auto Scaling Groups for advanced scaling needs</li> <li>Consider using Amazon CloudFront in addition to Cloudflare for AWS-native CDN</li> </ul> <p><strong>Security Hardening:</strong></p> <ul> <li>Configure Cloudflare WAF rules for application protection</li> <li>Implement rate limiting at multiple layers</li> <li>Regular security updates and vulnerability scanning</li> </ul> <h2> Summary </h2> <p>In this tutorial, we successfully deployed Next.js and Node.js applications on AWS Lightsail using a production-ready stack. By combining Nginx as a reverse proxy, PM2 for robust process management, GitHub Actions for automated CI/CD, and Cloudflare for DNS and SSL management, we created a reliable, secure, and cost-effective deployment pipeline.</p> nextjs githubactions aws node Optimized GitHub Actions Pipeline for Laravel Application Ali Sahin Tue, 12 Aug 2025 13:24:01 +0000 https://dev.to/ali_sahin/building-ci-pipeline-for-laravel-applications-using-github-actions-747 https://dev.to/ali_sahin/building-ci-pipeline-for-laravel-applications-using-github-actions-747 <p>In this article, we'll walk through implementing a CI pipeline for a Laravel application that automates code quality checks, security scanning, and parallel testing. This pipeline will help you catch issues early and maintain code standards.</p> <h2> What You’ll Need </h2> <p>Before implementing the CI pipeline, ensure you have:</p> <ul> <li> Your Laravel app code hosted on GitHub</li> <li> Test suite set up with PHPUnit</li> </ul> <h2> Pipeline Overview </h2> <p>Our CI pipeline consists of four main components:</p> <ol> <li> <strong>Code Quality Checks</strong> - Ensuring consistent code style and identifying potential issues</li> <li> <strong>Security Scanning</strong> - Detecting vulnerabilities in dependencies</li> <li> <strong>Parallel Testing</strong> - Running tests efficiently across multiple jobs</li> <li> <strong>Notifications</strong> - Keeping team members informed of pipeline status</li> </ol> <p>Let's dive into each component and see how to implement them effectively.</p> <h2> Step 1: Code Quality Checks </h2> <p>Maintaining consistent code style and identifying potential issues early is crucial for code maintainability. Our pipeline implements two key quality checks:</p> <h3> Laravel Pint for Code Styling </h3> <p>Laravel Pint is an opinionated PHP code style fixer for minimalists. It automatically formats your code according to Laravel's coding standards.</p> <h3> PHPStan for Static Analysis </h3> <p>PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.</p> <p>Implementation in workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Laravel Pint (Code Style)</span> <span class="na">run</span><span class="pi">:</span> <span class="s">vendor/bin/pint --test</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run PHPStan (Static Analysis)</span> <span class="na">run</span><span class="pi">:</span> <span class="s">vendor/bin/phpstan analyse --memory-limit=1G</span> </code></pre> </div> <h2> Step 2: Security Scanning </h2> <p>Our pipeline includes security scanning using Composer's built-in audit tool which checks your dependencies against a database of known security vulnerabilities. It can be configured to fail the pipeline based on severity levels.</p> <p>Implementation in workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Composer Audit</span> <span class="na">run</span><span class="pi">:</span> <span class="s">composer audit --ignore-severity medium --locked</span> </code></pre> </div> <p>This command checks for vulnerabilities and ignores medium severity issues, but will fail the pipeline for high or critical vulnerabilities.</p> <h2> Step 3: Parallel Testing Implementation </h2> <p>Testing is a critical part of any application, but as your test suite grows, it can become time-consuming. Our pipeline implements parallel testing to significantly reduce execution time.</p> <h3> Test Splitting Strategy </h3> <p>The pipeline splits tests into 10 parallel jobs, each running a portion of the test suite:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">split</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">1</span><span class="pi">,</span> <span class="nv">2</span><span class="pi">,</span> <span class="nv">3</span><span class="pi">,</span> <span class="nv">4</span><span class="pi">,</span> <span class="nv">5</span><span class="pi">,</span> <span class="nv">6</span><span class="pi">,</span> <span class="nv">7</span><span class="pi">,</span> <span class="nv">8</span><span class="pi">,</span> <span class="nv">9</span><span class="pi">,</span> <span class="nv">10</span><span class="pi">]</span> <span class="c1"># 10 parallel jobs</span> </code></pre> </div> <h3> Test Distribution </h3> <p>Tests are distributed evenly across jobs using the split command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Find all test files and split them into 10 chunks</span> <span class="nb">mkdir</span> <span class="nt">-p</span> .test-splits find tests/Unit <span class="nt">-name</span> <span class="s2">"*Test.php"</span> | <span class="nb">sort</span> | <span class="nb">split</span> <span class="nt">-n</span> l/10 <span class="nt">-d</span> - .test-splits/test_ <span class="nb">echo</span> <span class="s2">"TEST_FILES=</span><span class="si">$(</span><span class="nb">cat</span> .test-splits/test_<span class="si">$(</span><span class="nb">printf</span> <span class="s1">'%02d'</span> <span class="k">$((</span> <span class="k">${</span><span class="p">{ matrix.split </span><span class="k">}</span><span class="o">}</span> <span class="o">-</span> <span class="m">1</span> <span class="k">))</span><span class="si">))</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$GITHUB_ENV</span> </code></pre> </div> <h3> ParaTest for Parallel Execution </h3> <p>ParaTest is used to run PHPUnit tests in parallel within each job:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run ParaTest (Job ${{ matrix.split }})</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "Running tests for chunk ${{ matrix.split }}"</span> <span class="s">vendor/bin/paratest \</span> <span class="s">--runner=WrapperRunner \</span> <span class="s">--processes=4 \</span> <span class="s">--functional \</span> <span class="s">--colors \</span> <span class="s">--filter=$(echo $TEST_FILES | tr '\n' ',' | sed 's/,$//')</span> </code></pre> </div> <p>This approach can reduce test execution time by up to 90% compared to running tests sequentially.</p> <h2> Step 4: Send Notifications </h2> <p>Keeping your team informed about pipeline status helps maintain awareness of the application's health. The pipeline includes optional Slack notifications.</p> <p>Implementation in workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">notifications</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">tests</span><span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Notify Slack</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">8398a7/action-slack@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">status</span><span class="pi">:</span> <span class="s">${{ job.status }}</span> <span class="na">fields</span><span class="pi">:</span> <span class="s">repo,commit,author</span> <span class="na">env</span><span class="pi">:</span> <span class="na">SLACK_WEBHOOK_URL</span><span class="pi">:</span> <span class="s">${{ secrets.SLACK_WEBHOOK_URL }}</span> <span class="na">SLACK_WEBHOOK_TYPE</span><span class="pi">:</span> <span class="s">INCOMING_WEBHOOK</span> </code></pre> </div> <h2> Best Practices and Optimization Tips </h2> <ol> <li><p><strong>Separated jobs</strong>: Separating jobs improves both performance and maintainability of the pipeline. By running these jobs in parallel, overall execution time is reduced, which becomes increasingly valuable as the codebase grows. This separation also makes it easier to pinpoint the source of failures, whether they are related to code quality, security vulnerabilities, or functional issues. Resource usage is optimized since each job can be configured according to its specific demands, and failures can be retried independently without re-running the entire pipeline. Additionally, each job can operate in a tailored environment with only the necessary dependencies, minimizing overhead and reducing potential conflicts.</p></li> <li> <p><strong>Cache Dependencies</strong>: Use GitHub Actions caching to speed up dependency installation:<br> </p> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Cache dependencies</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/cache@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">~/.composer/cache</span> <span class="s">vendor</span> <span class="na">key</span><span class="pi">:</span> <span class="s">dependencies-${{ hashFiles('**/composer.lock') }}</span> </code></pre> </li> <li> <p><strong>Matrix Testing for PHP Versions</strong>: Test your application against multiple PHP versions:<br> </p> <pre class="highlight yaml"><code><span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">php</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">8.1</span><span class="pi">,</span> <span class="nv">8.2</span><span class="pi">,</span> <span class="nv">8.3</span><span class="pi">]</span> </code></pre> </li> </ol> <p>Here's a full example for the CI pipeline<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">CI Pipeline</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">main"</span><span class="pi">]</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">*"</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="c1"># -----------------------</span> <span class="c1"># 1. Code Quality Checks</span> <span class="c1"># -----------------------</span> <span class="na">quality</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Code Quality Checks</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up PHP</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">shivammathur/setup-php@v2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">php-version</span><span class="pi">:</span> <span class="m">8.2</span> <span class="na">extensions</span><span class="pi">:</span> <span class="s">mbstring, pdo, bcmath</span> <span class="na">tools</span><span class="pi">:</span> <span class="s">composer:v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Cache dependencies</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/cache@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">~/.composer/cache</span> <span class="s">vendor</span> <span class="na">key</span><span class="pi">:</span> <span class="s">dependencies-${{ hashFiles('**/composer.lock') }}</span> <span class="na">restore-keys</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">dependencies-</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">composer install --no-progress --prefer-dist --optimize-autoloader</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Laravel Pint (Code Style)</span> <span class="na">run</span><span class="pi">:</span> <span class="s">vendor/bin/pint --test</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run PHPStan (Static Analysis)</span> <span class="na">run</span><span class="pi">:</span> <span class="s">vendor/bin/phpstan analyse --memory-limit=1G</span> <span class="c1"># -----------------------</span> <span class="c1"># 2. Security Checks</span> <span class="c1"># -----------------------</span> <span class="na">security</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Security Checks</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up PHP</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">shivammathur/setup-php@v2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">php-version</span><span class="pi">:</span> <span class="m">8.2</span> <span class="na">extensions</span><span class="pi">:</span> <span class="s">mbstring, pdo, bcmath</span> <span class="na">tools</span><span class="pi">:</span> <span class="s">composer:v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Cache dependencies</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/cache@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">~/.composer/cache</span> <span class="s">vendor</span> <span class="na">key</span><span class="pi">:</span> <span class="s">dependencies-${{ hashFiles('**/composer.lock') }}</span> <span class="na">restore-keys</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">dependencies-</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">composer install --no-progress --prefer-dist --optimize-autoloader</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Composer Audit</span> <span class="na">run</span><span class="pi">:</span> <span class="s">composer audit --ignore-severity medium --locked</span> <span class="c1"># -----------------------</span> <span class="c1"># 3. Run Tests (Matrix)</span> <span class="c1"># -----------------------</span> <span class="na">tests</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">PHPUnit (Parallel Job ${{ matrix.split }})</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">quality</span><span class="pi">,</span> <span class="nv">security</span><span class="pi">]</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">split</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">1</span><span class="pi">,</span> <span class="nv">2</span><span class="pi">,</span> <span class="nv">3</span><span class="pi">,</span> <span class="nv">4</span><span class="pi">,</span> <span class="nv">5</span><span class="pi">,</span> <span class="nv">6</span><span class="pi">,</span> <span class="nv">7</span><span class="pi">,</span> <span class="nv">8</span><span class="pi">,</span> <span class="nv">9</span><span class="pi">,</span> <span class="nv">10</span><span class="pi">]</span> <span class="c1"># 10 parallel jobs</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up PHP</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">shivammathur/setup-php@v2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">php-version</span><span class="pi">:</span> <span class="m">8.2</span> <span class="na">extensions</span><span class="pi">:</span> <span class="s">mbstring, pdo, bcmath, sqlite</span> <span class="na">tools</span><span class="pi">:</span> <span class="s">composer:v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Cache dependencies</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/cache@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">~/.composer/cache</span> <span class="s">vendor</span> <span class="na">key</span><span class="pi">:</span> <span class="s">dependencies-${{ hashFiles('**/composer.lock') }}</span> <span class="na">restore-keys</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">dependencies-</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">composer install --no-progress --prefer-dist --optimize-autoloader</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install ParaTest</span> <span class="na">run</span><span class="pi">:</span> <span class="s">composer require --dev brianium/paratest</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Prepare Laravel</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cp .env.example .env</span> <span class="s">php artisan key:generate</span> <span class="s">php artisan config:cache</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Split Tests</span> <span class="na">id</span><span class="pi">:</span> <span class="s">split-tests</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s"># Find all test files and split them into 10 chunks</span> <span class="s">mkdir -p .test-splits</span> <span class="s">find tests/Unit -name "*Test.php" | sort | split -n l/10 -d - .test-splits/test_</span> <span class="s">echo "TEST_FILES=$(cat .test-splits/test_$(printf '%02d' $(( ${{ matrix.split }} - 1 ))))" &gt;&gt; $GITHUB_ENV</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run ParaTest (Job ${{ matrix.split }})</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "Running tests for chunk ${{ matrix.split }}"</span> <span class="s">vendor/bin/paratest \</span> <span class="s">--runner=WrapperRunner \</span> <span class="s">--processes=4 \</span> <span class="s">--functional \</span> <span class="s">--colors \</span> <span class="s">--filter=$(echo $TEST_FILES | tr '\n' ',' | sed 's/,$//')</span> </code></pre> </div> <p>You now have a professional CI pipeline that's designed for both performance and reliability. It optimizes execution time by running jobs sequentially, leveraging a matrix strategy, and caching dependencies to reduce execution time of the workflow. The workflow is structured with clear separation between jobs and steps, making troubleshooting more efficient. Security scanning is integrated into the process to align with DevSecOps best practices, and real-time notifications are sent to Slack to keep your team informed about deployment activities.</p> <p>In the upcoming article, we’ll take the workflow a step further by introducing a continuous deployment (CD) stage.</p> laravel githubactions cicd phpunit Deploy Laravel App to a Linux Server Using GitHub Actions Ali Sahin Mon, 14 Jul 2025 10:15:14 +0000 https://dev.to/ali_sahin/deploy-laravel-app-to-a-linux-server-using-github-actions-3jpm https://dev.to/ali_sahin/deploy-laravel-app-to-a-linux-server-using-github-actions-3jpm <p>In this guide, you’ll learn how to build a simple, secure, and automated deployment pipeline for your Laravel application using <strong>GitHub Actions</strong> and <strong>SSH</strong>. This setup will automatically deploy your app to a Linux server every time you push updates to a specific Git branch.</p> <p>Whether you’re just getting started with CI/CD or want to streamline your team’s workflow, this step-by-step guide is designed to walk you through the process clearly and confidently.</p> <h2> What You’ll Need </h2> <p>Before we begin, make sure you have:</p> <ul> <li>A Linux server you can SSH into.</li> <li>Your Laravel app code hosted on GitHub.</li> <li>Some Docker experience (since our deploy script uses Docker).</li> </ul> <h2> Step 1: Create an SSH Key to Let GitHub Talk to Your Server </h2> <p>Before we jump into creating SSH keys, let’s quickly understand what they are.</p> <h3> What Are Public and Private Keys? </h3> <p>SSH uses a <strong>key pair</strong> for secure communication:</p> <ul> <li>The <strong>public key</strong> is like a lock. You place it on the server you want to access.</li> <li>The <strong>private key</strong> is like the key that opens that lock. You keep this on your local machine (or in GitHub Secret vault).</li> </ul> <p>Only someone with the private key can connect to the server where the public key is installed. This allows passwordless and secure logins, which is perfect for automation.</p> <ul> <li>The <strong>public key</strong> (<code>.pub</code> file) goes on your server in <code>~/.ssh/authorized_keys</code>.</li> <li>The <strong>private key</strong> is added to your GitHub repository's secrets as <code>SSH_KEY</code>.</li> </ul> <p>Now, let’s create that key pair.</p> <p>Imagine your server is your home. You want GitHub to have a spare key so it can enter without ringing the bell (or typing a password).</p> <p>Here’s how to give GitHub that key:</p> <ol> <li> <strong>Open your terminal</strong> and run: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ssh-keygen <span class="nt">-t</span> ed25519 <span class="nt">-C</span> <span class="s2">"deploy-laravel-app-with-github-actions"</span> </code></pre> </div> <ul> <li>Hit <strong>Enter</strong> to accept the default location.</li> <li>When it asks for a passphrase, just press Enter again (we want this to be automatic).</li> </ul> <ol> <li> <p><strong>Find your keys</strong>:</p> <ul> <li>Private key: <code>~/.ssh/id_ed25519</code> </li> <li>Public key: <code>~/.ssh/id_ed25519.pub</code> </li> </ul> </li> <li><p><strong>Add the public key to your server</strong> so it trusts GitHub:<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ssh-copy-id <span class="nt">-i</span> ~/.ssh/id_ed25519.pub user@your.server.ip </code></pre> </div> <p>Replace user and your.server.ip with your server’s SSH username and IP address.</p> <ol> <li> <strong>Copy the private key</strong> content so we can use it in GitHub Actions: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">cat</span> ~/.ssh/id_ed25519 </code></pre> </div> <h2> Step 2: Add Secrets in GitHub </h2> <p>GitHub needs to know how to log in to your server. So let’s give it all the details safely using <strong>Secrets</strong>.</p> <p>In your GitHub repo, go to <strong>Settings &gt; Secrets &gt; Actions</strong>, then add:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Name</th> <th>What to Put There</th> </tr> </thead> <tbody> <tr> <td><code>HOST</code></td> <td>Your server's IP address or domain name</td> </tr> <tr> <td><code>USERNAME</code></td> <td>The SSH username (like <code>ubuntu</code>)</td> </tr> <tr> <td><code>SSH_KEY</code></td> <td>Paste your <strong>private key</strong> here (from last step)</td> </tr> <tr> <td><code>SSH_PORT</code></td> <td>Usually <code>22</code> unless you changed it</td> </tr> <tr> <td><code>APP_PATH</code></td> <td>The full path to your app on the server</td> </tr> </tbody> </table></div> <h2> Step 3: Write a Simple Deploy Script </h2> <p>This is a short script that tells your server <em>what to do</em> when it's time to deploy. Save it as <code>.scripts/deploy.sh</code> in your project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nb">echo</span> <span class="s2">"🚀 Starting deployment..."</span> <span class="nb">cd</span> .. <span class="c"># Put app in maintenance mode</span> <span class="o">(</span>docker-compose <span class="nb">exec </span>app php artisan down<span class="o">)</span> <span class="o">||</span> <span class="nb">true</span> <span class="c"># Install PHP dependencies</span> docker-compose <span class="nb">exec </span>app composer <span class="nb">install</span> <span class="nt">--no-dev</span> <span class="nt">--no-interaction</span> <span class="nt">--prefer-dist</span> <span class="nt">--optimize-autoloader</span> <span class="c"># Clear and rebuild cache</span> docker-compose <span class="nb">exec </span>app php artisan clear-compiled docker-compose <span class="nb">exec </span>app php artisan optimize:clear <span class="c"># Run migrations</span> docker-compose <span class="nb">exec </span>app php artisan migrate <span class="nt">--force</span> <span class="c"># Bring app back online</span> docker-compose <span class="nb">exec </span>app php artisan up <span class="nb">echo</span> <span class="s2">"✅ Deployment finished!"</span> </code></pre> </div> <p>Note: Change <code>app</code> to whatever your Laravel container is named if it’s different.</p> <h2> Step 4: Let GitHub Deploy Automatically </h2> <p>Now for the magic. Create a file in your project at:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.github/workflows/deploy.yml </code></pre> </div> <p>Paste this in:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Server</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">develop</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">token</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">SSH into server and deploy</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">appleboy/ssh-action@v1.2.0</span> <span class="na">with</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">${{ secrets.HOST }}</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ secrets.USERNAME }}</span> <span class="na">key</span><span class="pi">:</span> <span class="s">${{ secrets.SSH_KEY }}</span> <span class="na">port</span><span class="pi">:</span> <span class="s">${{ secrets.SSH_PORT }}</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">set -e</span> <span class="s">cd ${{ secrets.APP_PATH }}</span> <span class="s">git config --local url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"</span> <span class="s">git fetch origin</span> <span class="s">git reset --hard origin/develop</span> <span class="s">git config --local --remove-section url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/"</span> <span class="s">bash .scripts/deploy.sh</span> </code></pre> </div> <p>Here’s what’s happening:</p> <ul> <li>GitHub waits for a push to the <code>develop</code> branch.</li> <li>It connects to your server.</li> <li>It pulls the latest code.</li> <li>It runs your <code>deploy.sh</code> script.</li> </ul> <h3> Breaking Down the <code>script</code> Section </h3> <p>Let’s go over what’s happening in the <code>script</code> part of the SSH step:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">set -e</span> <span class="s">cd ${{ secrets.APP_PATH }}</span> <span class="s">git config --local url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"</span> <span class="s">git fetch origin</span> <span class="s">git reset --hard origin/develop</span> <span class="s">git config --local --remove-section url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/"</span> <span class="s">bash .scripts/deploy.sh</span> </code></pre> </div> <ul> <li> <code>set -e</code>: Stops the script immediately if any command fails.</li> <li> <code>cd ${{ secrets.APP_PATH }}</code>: Navigates to your Laravel app folder on the server.</li> <li>The <code>git config</code> commands: <ul> <li>Temporarily override GitHub URLs to use the built-in <code>GITHUB_TOKEN</code> so your server can fetch private repos.</li> <li>This is useful when your Laravel project is private or depends on private packages.</li> </ul> </li> <li> <code>git fetch origin</code>: Pulls the latest code from the remote repository.</li> <li> <code>git reset --hard origin/develop</code>: Replaces local code with the latest from the <code>develop</code> branch. (helpful if you made some changes on the server, like a quick fix or debugging, so you can reset it to the latest code)</li> <li> <code>git config --local --remove-section</code>: Cleans up the temporary GitHub auth config. (as the <code>GITHUB_TOKEN</code> is only useed for this deployment, and will expires after the action runs)</li> <li> <code>bash .scripts/deploy.sh</code>: Finally runs your deployment script.</li> </ul> <p>Note: You <strong>don’t need to manually add <code>GITHUB_TOKEN</code></strong> in your GitHub Secrets — it’s automatically provided by GitHub Actions at runtime.</p> <h2> Step 5: Test It! </h2> <p>Now try it out:</p> <ol> <li>Push any change to your <code>develop</code> branch.</li> <li>Go to your GitHub repo → <strong>Actions</strong> tab.</li> <li>Watch the magic happen! If it works, your Laravel app gets updated on the server instantly.</li> </ol> <p>You now have a secure, automated CI/CD pipeline using GitHub Actions to deploy your Laravel app to a remote Linux server using SSH.</p> <p>In the next article, we'll take things a step further by adding features like code quality checks, automated testing, and send notifications to enhance your CI/CD pipeline. Stay tuned!</p> laravel githubactions docker cicd