ci(deploy): base64-encoded SSH key fallback + ssh-keygen sanity check
Some checks failed
Deploy Max Bot Test / deploy (push) Failing after 2s
Some checks failed
Deploy Max Bot Test / deploy (push) Failing after 2s
Fixes 'error in libcrypto' when SSH_PRIVATE_KEY secret mangles newlines. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -13,11 +13,23 @@ jobs:
|
|||||||
- name: Setup SSH
|
- name: Setup SSH
|
||||||
env:
|
env:
|
||||||
SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||||
|
SSH_KEY_B64: ${{ secrets.SSH_PRIVATE_KEY_B64 }}
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.ssh
|
mkdir -p ~/.ssh
|
||||||
echo "$SSH_KEY" | sed 's/^[[:space:]]*//' > ~/.ssh/id_rsa
|
if [ -n "$SSH_KEY_B64" ]; then
|
||||||
|
echo "Using base64-encoded key"
|
||||||
|
echo "$SSH_KEY_B64" | base64 -d > ~/.ssh/id_rsa
|
||||||
|
else
|
||||||
|
echo "Using raw key, fixing newlines"
|
||||||
|
printf '%s' "$SSH_KEY" | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
|
||||||
|
fi
|
||||||
chmod 600 ~/.ssh/id_rsa
|
chmod 600 ~/.ssh/id_rsa
|
||||||
ssh-keyscan -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_HOST }} >> ~/.ssh/known_hosts
|
# Sanity check — fail fast with a readable message if key is broken
|
||||||
|
ssh-keygen -y -f ~/.ssh/id_rsa > /dev/null || {
|
||||||
|
echo "::error::SSH key is invalid (libcrypto parse error). Use SSH_PRIVATE_KEY_B64 instead: base64 the file and put the result in the secret."
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
ssh-keyscan -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||||
|
|
||||||
- name: Clone or pull on server
|
- name: Clone or pull on server
|
||||||
run: |
|
run: |
|
||||||
@@ -36,18 +48,16 @@ jobs:
|
|||||||
WEB_APP_URL: ${{ vars.WEB_APP_URL }}
|
WEB_APP_URL: ${{ vars.WEB_APP_URL }}
|
||||||
DEBUG_CHAT_ID: ${{ vars.DEBUG_CHAT_ID }}
|
DEBUG_CHAT_ID: ${{ vars.DEBUG_CHAT_ID }}
|
||||||
SELFTEST_CHAT_ID: ${{ vars.SELFTEST_CHAT_ID }}
|
SELFTEST_CHAT_ID: ${{ vars.SELFTEST_CHAT_ID }}
|
||||||
APP_ENV: prod
|
|
||||||
APP_DEBUG: 'false'
|
|
||||||
run: |
|
run: |
|
||||||
ssh -i ~/.ssh/id_rsa -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_USER }}@${{ vars.SERVER_HOST }} "cat > /home/pkirillw/dockered-services/max-bot-test/.env << 'ENVEOF'
|
ssh -i ~/.ssh/id_rsa -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_USER }}@${{ vars.SERVER_HOST }} "cat > /home/pkirillw/dockered-services/max-bot-test/.env <<'ENVEOF'
|
||||||
BOT_TOKEN=$BOT_TOKEN
|
BOT_TOKEN=$BOT_TOKEN
|
||||||
MAX_BOT_API_SECRET=$MAX_BOT_API_SECRET
|
MAX_BOT_API_SECRET=$MAX_BOT_API_SECRET
|
||||||
WEBHOOK_URL=$WEBHOOK_URL
|
WEBHOOK_URL=$WEBHOOK_URL
|
||||||
WEB_APP_URL=$WEB_APP_URL
|
WEB_APP_URL=$WEB_APP_URL
|
||||||
DEBUG_CHAT_ID=$DEBUG_CHAT_ID
|
DEBUG_CHAT_ID=$DEBUG_CHAT_ID
|
||||||
SELFTEST_CHAT_ID=$SELFTEST_CHAT_ID
|
SELFTEST_CHAT_ID=$SELFTEST_CHAT_ID
|
||||||
APP_ENV=$APP_ENV
|
APP_ENV=prod
|
||||||
APP_DEBUG=$APP_DEBUG
|
APP_DEBUG=false
|
||||||
ENVEOF"
|
ENVEOF"
|
||||||
|
|
||||||
- name: Build and restart
|
- name: Build and restart
|
||||||
@@ -60,4 +70,4 @@ jobs:
|
|||||||
- name: Health check
|
- name: Health check
|
||||||
run: |
|
run: |
|
||||||
ssh -i ~/.ssh/id_rsa -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_USER }}@${{ vars.SERVER_HOST }} "
|
ssh -i ~/.ssh/id_rsa -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_USER }}@${{ vars.SERVER_HOST }} "
|
||||||
sleep 5 && docker compose -f /home/pkirillw/dockered-services/max-bot-test/docker-compose.yml ps"
|
sleep 5 && cd /home/pkirillw/dockered-services/max-bot-test && docker compose ps"
|
||||||
|
|||||||
Reference in New Issue
Block a user