GitHub CI/CD
For advanced users, GitHub CI/CD (Continuous Integration/Continuous Delivery or Continuous Deployment) can automatically deploy code changes to your Kinsta site whenever a new commit is pushed to the designated branch. This setup enables seamless code deployment from your local environment via SSH and GitHub actions, allowing continuous updates to your site.
To follow these steps, you must have an existing site hosted on Kinsta and a GitHub account.
1. Download a backup of your site
You can download a backup of your site to set up the GitHub repository and work on it locally. Alternatively, you can use DevKinsta to pull your site from the Kinsta server and work on it locally.
In MyKinsta, go to WordPress Sites > sitename > Backups > Download > Create backup now.
When your backup is ready, click Download, save this to your local computer and unzip the files to a folder.
2. Set up the GitHub repository
Open the folder containing your site’s files in your preferred code editor. To prevent uploading unnecessary WordPress core files, media uploads, or sensitive information, add a .gitignore file to the root directory of your project. You can use a standard WordPress .gitignore template, copy its contents, and save it to ensure only the essential files are tracked.
Create a GitHub repository and push your site’s files to GitHub.
3. Set up GitHub secrets for Kinsta
To automate deployments from GitHub to Kinsta, you need key SSH details, including your username, password, port, and IP address. As these are sensitive, you must store them securely as GitHub Secrets.
Within GitHub go to your repository, click Settings > Secrets and variables > Actions > New repository secret.
Add the following secrets using the SFTP/SSH details from your site’s Info page in MyKinsta:
| Secret name | Secret |
| KINSTA_SERVER_IP | Host e.g. 12.34.56.78 |
| KINSTA_USERNAME | Username e.g. kinstahelp |
| PASSWORD | Password |
| PORT | Port e.g. 12345 |
4. Create a bare Git repository on Kinsta
A bare Git repository is a remote destination where GitHub will push your code. This repository is a central repository designed to receive and store your code.
Open a new terminal and SSH into your Kinsta server using the SSH terminal command from your site’s Info page in MyKinsta.
Enter your site’s password from the Info page in MyKinsta, then copy the Path from Environment details.
Navigate to the private folder on your server by replacing public with private and your-site with the folder name from the path of your site:
cd /www/your-site/privateIf the private folder doesn’t exist, use the following command to create it:
mkdir -p /www/your-site/privateCreate the bare Git repository with the following command, replacing your-repo.git with the name of your GitHub repository:
git init --bare your-repo.git5. Set up the post-receive hook
The post-receive hook automatically deploys the code to your live site whenever new changes are pushed to the main branch in GitHub.
Navigate to the hooks directory in your bare Git repository, replacing your-site with the folder name of your site and your-repo with the name of your GitHub repository:
cd /www/your-site/private/your-repo.git/hooksCreate and edit the post-receive hook:
nano post-receiveAdd the following script to the post-receive file. This checks out the latest code into the public directory of your live site:
#!/bin/bash
TARGET="/www/your-site/public"
GIT_DIR="/www/your-site/private/your-repo.git"
while read oldrev newrev ref
do
BRANCH=$(git rev-parse --symbolic --abbrev-ref $ref)
if [[ $BRANCH == "main" ]];
then
echo "Ref $ref received. Deploying ${BRANCH} branch to production..."
git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f
else
echo "Ref $ref received. Doing nothing: only the main branch may be deployed on this server."
fi
doneThe script deploys code from just the main branch. The TARGET variable points to the directory where your live site’s files are located and the GIT_DIR variable points to the bare Git repository.
Save and exit the file by pressing Ctrl + X, then Y, and Enter.
Make the script executable so it can run automatically after each push:
chmod +x post-receive6. Generate and add a GitHub personal access token (PAT)
When pushing code to GitHub via SSH, you must use a PAT to authenticate. This token allows GitHub to accept your pushes securely.
To generate the PAT:
- Go to your GitHub account, click on your profile picture, then select Settings.
- Click Developer settings > Personal access tokens > Tokens (classic).
- Click Generate new token > Generate new token (classic), and within Note give it a name (e.g., “Kinsta Deployment Token”).
- Under Select scopes, check repo (for full control of private repositories).
- Click Generate token, and copy the token. (You won’t be able to see it again.)
Run the following command to add your GitHub repository as a remote, replacing your-username with your GitHub username, YOUR_PERSONAL_ACCESS_TOKEN with the PAT you just generated, and your-repo with the name of your GitHub repository:
git remote add origin https://your-username:[email protected]/your-username/your-repo.git7. Create the GitHub Actions workflow
This workflow deploys changes to Kinsta automatically whenever you push to the main branch. To automate the deployment, you need to define how the deployment will happen using a YAML file.
In your GitHub repository, create a new directory called .github/workflows inside this directory, create a new file called deploy.yml and add the following content to the file, replacing your-site with the folder name from the path on your Kinsta site and your-repo with your GitHub repository name:
name: Deploy to Kinsta
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
# Setup Node.js
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20.x'
# Checkout the latest code from your repository
- name: Checkout code
uses: actions/[email protected]
# Deploy to Kinsta via SSH
- name: Deploy via SSH
uses: appleboy/[email protected]
with:
host: ${{ secrets.KINSTA_SERVER_IP }}
username: ${{ secrets.KINSTA_USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }} # Optional, default is 22
script: |
cd /www/your-site/private/your-repo.git # Navigate to the bare Git repository on Kinsta
git --work-tree=/www/your-site/public --git-dir=/www/your-site/private/your-repo.git fetch origin main # Fetch the latest changes from GitHub
git --work-tree=/www/your-site/public --git-dir=/www/your-site/private/your-repo.git reset --hard origin/main # Deploy changes to the live siteThis workflow does the following:
- Trigger: The workflow is triggered every time code is pushed to the
mainbranch of your GitHub repository. - Jobs: The workflow contains one
jobcalleddeploy, which runs on an Ubuntu virtual machine (ubuntu-latest). - Checkout code: This uses the
actions/checkoutaction to pull the latest code from your GitHub repository. - Deploy to Kinsta via SSH: The
appleboy/ssh-actionis used to securely connect to your Kinsta server via SSH using the secrets you configured (server IP, username, password, and port). The script within this step runs the following commands:cd /www/your-site/private/your-repo.git: Navigates to the bare Git repository on your Kinsta server.git fetch origin main: Fetches the latest changes from themainbranch in your GitHub repository.git reset --hard origin/main: Applies those changes by updating the live site in thepublicdirectory where WordPress is hosted.
8. Test the workflow
Once you’ve set up the workflow, you can test it by pushing a small change to your GitHub repository’s main branch. Each time you push a change, GitHub Actions automatically triggers the deployment, pulling the latest version of your code and deploying it to your live site on Kinsta.
You can monitor the status of your deployment by going to the Actions tab in your GitHub repository. If the workflow encounters errors, you’ll see detailed logs to help you troubleshoot and fix the issues.