skip to contentW3CSVG

Using github pages with a private repo

Publish date: Mar 18, 2021
Tags:

Normally github pages can only be used with a public repository. But say for example you want to publish a blog, and do not want to have everything available on a public github repo, especially when blog post are still in “draft” status.

The solution is simple: we use a private repo (blog-private) to keep our blog sources (input to hugo) and whenever we push to the main branch, a github action is triggered that builds the actual hugo site and pushes the files to a public repo which which github pages activated:


 ┌─────────────┐         ┌──────────────────┐       ┌─────────────────────┐
 │blog-private ├────────►│ blog repo (pub)  ├──────►│myname.github.io/blog│
 │repo (priv)  │pushes to│ branch gh-pages  │ backs │       website       │
 └─────────────┘         └──────────────────┘       └─────────────────────┘

This is what the action in blog-private looks like (file .github/workflows/publish.yml):

on:
  push:
    branches:
      - main

name: publish to blog
jobs:
  update-blog:
    runs-on: ubuntu-latest
    steps:
    - name: checkout code
      uses: actions/checkout@v2
      with:
        submodules: 'recursive'

    - name: install exif tool
      run: sudo apt install libimage-exiftool-perl

    - name: Setup Hugo
      uses: peaceiris/actions-hugo@2e89aa66d0093e4cd14751b3028fc1a179452c2e
      with:
        hugo-version: '0.81.0'

    - name: Hugo Build
      run: hugo --minify

    - name: clean Exif metadata
      run: exiftool -overwrite_original -recurse -all= public/

    - name: publish blog to jandelgado/blog:gh-pages
      run: |
        eval "$(ssh-agent -s)"
        ssh-add - <<< "${{ secrets.BLOG_DEPLOY }}"
        git config --global user.name "Jan Delgado"
        git config --global user.email "myemail@example.com"

        git clone git@github.com:jandelgado/blog.git && cd blog
        git checkout --orphan gh-pages
        git rm -rf .
        cp -ar ../public/* .
        git add .
        git commit -m "update blog"
        git push --set-upstream --force origin gh-pages

The github workflow is triggered whenever a commit to the main branch of the private blog repo is made. The following actions are run:

  • install hugo and other needed tools
  • clean EXIF metadata from images
  • build the blog website using hugo
  • push the resulting public directory containing the blog html files to the public blog repository, which has github pages enabled

In order to do the git push to a foreign repository, we created a deploy key in the blog (public) repository and stored the corresponding private key as a secret named BLOG_DEPLOY in the private repository, which triggers the action.