ci(deploy): use vars.SSH_PRIVATE_KEY — same pattern as ghost-blog-bot
All checks were successful
Deploy Max Bot Test / deploy (push) Successful in 11s

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
pkirillw
2026-06-18 00:29:08 +03:00
parent 71554483ef
commit a103074a71

View File

@@ -12,24 +12,12 @@ jobs:
steps: steps:
- name: Setup SSH - name: Setup SSH
env: env:
SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} SSH_KEY: ${{ vars.SSH_PRIVATE_KEY }}
SSH_KEY_B64: ${{ secrets.SSH_PRIVATE_KEY_B64 }}
run: | run: |
mkdir -p ~/.ssh mkdir -p ~/.ssh
if [ -n "$SSH_KEY_B64" ]; then echo "$SSH_KEY" | sed 's/^[[:space:]]*//' > ~/.ssh/id_rsa
echo "Using base64-encoded key"
echo "$SSH_KEY_B64" | base64 -d > ~/.ssh/id_rsa
else
echo "Using raw key, fixing newlines"
printf '%s' "$SSH_KEY" | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
fi
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
# Sanity check — fail fast with a readable message if key is broken ssh-keyscan -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_HOST }} >> ~/.ssh/known_hosts
ssh-keygen -y -f ~/.ssh/id_rsa > /dev/null || {
echo "::error::SSH key is invalid (libcrypto parse error). Use SSH_PRIVATE_KEY_B64 instead: base64 the file and put the result in the secret."
exit 1
}
ssh-keyscan -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Clone or pull on server - name: Clone or pull on server
run: | run: |