ci(deploy): use vars.SSH_PRIVATE_KEY — same pattern as ghost-blog-bot
All checks were successful
Deploy Max Bot Test / deploy (push) Successful in 11s
All checks were successful
Deploy Max Bot Test / deploy (push) Successful in 11s
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -12,24 +12,12 @@ jobs:
|
||||
steps:
|
||||
- name: Setup SSH
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
SSH_KEY_B64: ${{ secrets.SSH_PRIVATE_KEY_B64 }}
|
||||
SSH_KEY: ${{ vars.SSH_PRIVATE_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
if [ -n "$SSH_KEY_B64" ]; then
|
||||
echo "Using base64-encoded key"
|
||||
echo "$SSH_KEY_B64" | base64 -d > ~/.ssh/id_rsa
|
||||
else
|
||||
echo "Using raw key, fixing newlines"
|
||||
printf '%s' "$SSH_KEY" | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
|
||||
fi
|
||||
echo "$SSH_KEY" | sed 's/^[[:space:]]*//' > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
# Sanity check — fail fast with a readable message if key is broken
|
||||
ssh-keygen -y -f ~/.ssh/id_rsa > /dev/null || {
|
||||
echo "::error::SSH key is invalid (libcrypto parse error). Use SSH_PRIVATE_KEY_B64 instead: base64 the file and put the result in the secret."
|
||||
exit 1
|
||||
}
|
||||
ssh-keyscan -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
ssh-keyscan -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_HOST }} >> ~/.ssh/known_hosts
|
||||
|
||||
- name: Clone or pull on server
|
||||
run: |
|
||||
@@ -49,7 +37,7 @@ jobs:
|
||||
DEBUG_CHAT_ID: ${{ vars.DEBUG_CHAT_ID }}
|
||||
SELFTEST_CHAT_ID: ${{ vars.SELFTEST_CHAT_ID }}
|
||||
run: |
|
||||
ssh -i ~/.ssh/id_rsa -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_USER }}@${{ vars.SERVER_HOST }} "cat > /home/pkirillw/dockered-services/max-bot-test/.env <<'ENVEOF'
|
||||
ssh -i ~/.ssh/id_rsa -p ${{ vars.SERVER_PORT }} ${{ vars.SERVER_USER }}@${{ vars.SERVER_HOST }} "cat > /home/pkirillw/dockered-services/max-bot-test/.env << 'ENVEOF'
|
||||
BOT_TOKEN=$BOT_TOKEN
|
||||
MAX_BOT_API_SECRET=$MAX_BOT_API_SECRET
|
||||
WEBHOOK_URL=$WEBHOOK_URL
|
||||
|
||||
Reference in New Issue
Block a user