Heroku Git Transport Feature Retirement

We recently received an email from Heroku telling us that we would need to transition our deployments away from the ssh transport that we’ve been using on Semaphore CI to deploy our Elixir Phoenix app. The Semaphore deployment documentation only covers the ssh transport route. We needed to figure out how to move to the https deployments from our CI server. The instructions in the email were’t too helpful as those steps had already been taken in our project, the Semaphore solution replaces https with ssh for deployments. The real issue was how to authenticate to Heroku now that SSH was off the table.

Heroku uses an API key to authenticate their CLI actions, and that key is stored in a .netrc file in your home directory. The solution that we came up with was to upload the .netrc file as a secret to Semaphore and then use that in the pipeline configuration for the deployments. Here’s how it is used in the deployment yml file:

Add the file as a secret in the Semaphore Organization settings:

Modify the pipline file that does the deploy

# .semaphore/heroku.yml
version: v1.0
name: Heroku deployment
agent:
  machine:
    type: e1-standard-2
    os_image: ubuntu1804

blocks:
  - name: Deploy
    task:
      secrets:
        - name: heroku-netrc
      env_vars:
        - name: HEROKU_REMOTE
          value: https://git.heroku.com/<app-name>.git
      jobs:
        - name: Push code
          commands:
            - checkout --use-cache
            - git remote add heroku $HEROKU_REMOTE
            - git push heroku -f $SEMAPHORE_GIT_BRANCH:master
            - heroku run -a <app-name> MIX_ENV=prod POOL_SIZE=2 mix ecto.migrate
            - heroku dyno:restart -a <app-name>

Now you should be able to deploy to Heroku using your CI server!

• deployment
• heroku
• phoenix