diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index 66e852f..b76b98b 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -84,6 +84,7 @@ jobs: config database public + public/.htaccess resources routes vendor @@ -105,22 +106,18 @@ jobs: name: laravel-build path: release - - name: Install sshpass - run: sudo apt-get update && sudo apt-get install -y sshpass + - name: Install SSH deployment tools + run: sudo apt-get update && sudo apt-get install -y openssh-client sshpass rsync - - name: Install rsync - run: sudo apt-get install -y rsync - - - name: Add SSH host to known_hosts + - name: Configure SSH env: - DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} - DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }} DEPLOY_KNOWN_HOSTS: ${{ secrets.DEPLOY_KNOWN_HOSTS }} run: | + mkdir -p ~/.ssh + chmod 700 ~/.ssh if [ -n "$DEPLOY_KNOWN_HOSTS" ]; then echo "$DEPLOY_KNOWN_HOSTS" >> ~/.ssh/known_hosts - else - ssh-keyscan -p "${DEPLOY_PORT:-22}" "$DEPLOY_HOST" >> ~/.ssh/known_hosts + chmod 600 ~/.ssh/known_hosts fi - name: Deploy files with rsync over SSH env: @@ -137,7 +134,7 @@ jobs: fi mkdir -p ~/.ssh rsync -az --delete \ - -e "sshpass -e ssh -p ${DEPLOY_PORT:-22}" \ + -e "sshpass -e ssh -p ${DEPLOY_PORT:-22} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" \ --exclude='.env' \ --exclude='storage/' \ --exclude='storage/logs/*' \ @@ -163,7 +160,12 @@ jobs: echo "DEPLOY_PASSWORD secret is empty." exit 1 fi - printf '%s' "$DEPLOY_ENV_FILE" | sshpass -e ssh -p "${DEPLOY_PORT:-22}" "${DEPLOY_USER}@${DEPLOY_HOST}" "mkdir -p \"${DEPLOY_PATH}\" && cat > \"${DEPLOY_PATH}/.env\" && chmod 600 \"${DEPLOY_PATH}/.env\"" + printf '%s' "$DEPLOY_ENV_FILE" | sshpass -e ssh \ + -p "${DEPLOY_PORT:-22}" \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "${DEPLOY_USER}@${DEPLOY_HOST}" \ + "mkdir -p \"${DEPLOY_PATH}\" && cat > \"${DEPLOY_PATH}/.env\" && chmod 600 \"${DEPLOY_PATH}/.env\"" - name: Run post-deploy Laravel commands env: DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} @@ -177,7 +179,12 @@ jobs: echo "DEPLOY_PASSWORD secret is empty." exit 1 fi - sshpass -e ssh -p "${DEPLOY_PORT:-22}" "${DEPLOY_USER}@${DEPLOY_HOST}" "cd ${DEPLOY_PATH} && mkdir -p storage/framework/cache/data storage/framework/sessions storage/framework/views storage/logs bootstrap/cache && chmod -R ug+rw storage bootstrap/cache && php artisan optimize:clear && php artisan config:cache && php artisan route:cache && php artisan view:cache" + sshpass -e ssh \ + -p "${DEPLOY_PORT:-22}" \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "${DEPLOY_USER}@${DEPLOY_HOST}" \ + "cd ${DEPLOY_PATH} && mkdir -p storage/framework/cache/data storage/framework/sessions storage/framework/views storage/logs bootstrap/cache && chmod -R ug+rw storage bootstrap/cache && php artisan optimize:clear && php artisan config:cache && php artisan route:cache && php artisan view:cache" # Required repository secrets: # - DEPLOY_HOST: Server hostname or IP. # - DEPLOY_PORT: SSH port (optional, defaults to 22). @@ -185,4 +192,4 @@ jobs: # - DEPLOY_PASSWORD: SSH password for deployment user. # - DEPLOY_PATH: Absolute path of the Laravel app on the server. # - DEPLOY_KNOWN_HOSTS: Optional pinned known_hosts line(s) for stricter host verification. -# - DEPLOY_ENV_FILE: Full .env content as a multiline secret (contains APP_KEY, DB_*, etc). \ No newline at end of file +# - DEPLOY_ENV_FILE: Full .env content as a multiline secret (contains APP_KEY, DB_*, etc).