source/pedini.dev
1
0
Fork 0
Code Issues Pull Requests Actions Releases Activity
Files
9463c44034d52b1c9c82d5b5538c3c5b01b98b3c
pedini.dev/.gitea/workflows/deploy.yaml
Bryan Joshua Pedini 9463c44034
Some checks failed
Deploy website on production server when committing on main / test (push) Failing after 9s
Details
feat(deploy): improve ssh key handling and deployment security 
- Remove hardcoded SSH private key file path from workflow
- Use proper SSH directory structure (~/.ssh/) for key storage
- Add known_hosts file for improved SSH security
- Move environment variables to dedicated env block
- Remove StrictHostKeyChecking=no for better security
- Update deploy script to use proper SSH key path
- Maintain deployment path configuration via environment variables
2026-02-01 18:35:37 +01:00

42 lines
1.3 KiB
YAML
Raw Blame History

---
name: Deploy website on production server when committing on main
concurrency:
group: deploy-website
cancel-in-progress: false
on:
push:
tags:
- '*'
defaults:
run:
shell: bash
jobs:
test:
runs-on: ubuntu-latest
steps:
- run: |
export HUGO_VERSION=$(curl --silent -I https://github.com/gohugoio/hugo/releases/latest | grep location | sed 's|.*tag/||' | tr -d '\r')
export HUGO_VERSION_SHORT=$(echo ${HUGO_VERSION} | sed 's/v//')
wget https://github.com/gohugoio/hugo/releases/download/${HUGO_VERSION}/hugo_${HUGO_VERSION_SHORT}_linux-amd64.deb
dpkg -i hugo_*.deb
- uses: actions/checkout@v4
with:
submodules: true
- run: |
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
make
make deploy
env:
SSH_USERNAME: ${{ vars.SSH_USERNAME }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ vars.SSH_KNOWN_HOSTS }}
DEPLOYMENT_HOST: ${{ vars.DEPLOYMENT_HOST }}
DEPLOYMENT_PATH: ${{ vars.DEPLOYMENT_PATH }}
APP_VERSION: ${{ vars.GITHUB_REF_NAME }}
Reference in New Issue View Git Blame Copy Permalink