source/pedini.dev
1
0
Fork 0
Code Issues Pull Requests Actions Releases Activity

feat(deploy): improve ssh key handling and deployment security
Some checks failed
Deploy website on production server when committing on main / test (push) Failing after 9s
Details

Browse Source 
- Remove hardcoded SSH private key file path from workflow
- Use proper SSH directory structure (~/.ssh/) for key storage
- Add known_hosts file for improved SSH security
- Move environment variables to dedicated env block
- Remove StrictHostKeyChecking=no for better security
- Update deploy script to use proper SSH key path
- Maintain deployment path configuration via environment variables
This commit is contained in:
Bryan Joshua Pedini
2026-02-01 18:25:55 +01:00
parent b7286eeeb6
commit 9463c44034
2 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
deploy.sh
View File

@@ -5,7 +5,6 @@ set -e
# FLOW
###
#
# if the private key variable is set, prepend "-i" to it
# if the username variable is set, append the at sign to it
# if either the deployment host or deployment path variables are not set, return an error
# tarball the built website and scp it to the deployment host
@@ -13,11 +12,6 @@ set -e
# then remove everything in the data path, untar the tarball and reload the server
# finally remove the tarball, both from the remote host and locally (cleanup)
# Check if the private key variable is set
if [ ! -z "${SSH_PRIVATE_KEY}" ]; then
SSH_PRIVATE_KEY="-i ${SSH_PRIVATE_KEY}"
fi
# Check if the username variable is set
if [ ! -z "${SSH_USERNAME}" ]; then
SSH_USERNAME="${SSH_USERNAME}@"
@@ -29,9 +23,12 @@ if [ -z "${DEPLOYMENT_HOST}" ] || [ -z "${DEPLOYMENT_PATH}" ]; then
exit 1
fi
# Compress the built website and scp it to the remote host
tar -czf httpdocs.tgz -C public .
scp -o StrictHostKeyChecking=no ${SSH_PRIVATE_KEY} httpdocs.tgz ${SSH_USERNAME}${DEPLOYMENT_HOST}:/tmp/httpdocs.tgz
ssh -o StrictHostKeyChecking=no ${SSH_PRIVATE_KEY} ${SSH_USERNAME}${DEPLOYMENT_HOST} "DEPLOYMENT_PATH=$DEPLOYMENT_PATH bash" << 'EOF'
scp ${SSH_PRIVATE_KEY} httpdocs.tgz ${SSH_USERNAME}${DEPLOYMENT_HOST}:/tmp/httpdocs.tgz
# SSH to the remote host, cd to the deployment path, and deploy the website (delete and overwrite everything)
ssh ${SSH_PRIVATE_KEY} ${SSH_USERNAME}${DEPLOYMENT_HOST} "DEPLOYMENT_PATH=$DEPLOYMENT_PATH bash" << 'EOF'
cd ${DEPLOYMENT_PATH}
DATAPATH=$(cat .env | grep "NGINX_DATA" | sed "s/NGINX_DATA=//g")
rm -rf ${DATAPATH}/{*,.*}