From 653581a16ec01ea121a2e96dffaa421737d169f5 Mon Sep 17 00:00:00 2001 From: pesu98 Date: Wed, 13 May 2026 12:42:42 +0800 Subject: [PATCH] runner v6 --- .gitea/workflows/ci.yaml | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index 8f30949..80ec408 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -125,11 +125,17 @@ jobs: - name: Install SSH password helper run: sudo apt-get update && sudo apt-get install -y sshpass - - name: Configure SSH known hosts + - name: Validate deployment secrets + run: | + test -n "${SSH_HOST}" || (echo "Missing required secret: SSH_HOST" && exit 1) + test -n "${SSH_USER}" || (echo "Missing required secret: SSH_USER" && exit 1) + test -n "${SSH_PASSWORD}" || (echo "Missing required secret: SSH_PASSWORD" && exit 1) + test -n "${DEPLOY_PATH}" || (echo "Missing required secret: DEPLOY_PATH" && exit 1) + + - name: Configure SSH run: | mkdir -p ~/.ssh chmod 700 ~/.ssh - ssh-keyscan -p "${SSH_PORT:-22}" "${SSH_HOST}" >> ~/.ssh/known_hosts - name: Create deployment environment file if: env.APP_ENV_FILE != '' @@ -137,16 +143,24 @@ jobs: - name: Upload release to server run: | - SSHPASS="${SSH_PASSWORD}" sshpass -e rsync -avz -e "ssh -p ${SSH_PORT:-22}" "${RELEASE_FILE}" "${SSH_USER}@${SSH_HOST}:/tmp/${RELEASE_FILE}" + SSHPASS="${SSH_PASSWORD}" sshpass -e rsync -avz \ + -e "ssh -p ${SSH_PORT:-22} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" \ + "${RELEASE_FILE}" "${SSH_USER}@${SSH_HOST}:/tmp/${RELEASE_FILE}" - name: Upload environment file to server if: env.APP_ENV_FILE != '' run: | - SSHPASS="${SSH_PASSWORD}" sshpass -e rsync -avz -e "ssh -p ${SSH_PORT:-22}" .env.deploy "${SSH_USER}@${SSH_HOST}:/tmp/.env.deploy" + SSHPASS="${SSH_PASSWORD}" sshpass -e rsync -avz \ + -e "ssh -p ${SSH_PORT:-22} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" \ + .env.deploy "${SSH_USER}@${SSH_HOST}:/tmp/.env.deploy" - name: Extract release and finalize deployment run: | - SSHPASS="${SSH_PASSWORD}" sshpass -e ssh -p "${SSH_PORT:-22}" "${SSH_USER}@${SSH_HOST}" << EOF + SSHPASS="${SSH_PASSWORD}" sshpass -e ssh \ + -p "${SSH_PORT:-22}" \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "${SSH_USER}@${SSH_HOST}" << EOF set -e mkdir -p "${DEPLOY_PATH}" tar -xzf "/tmp/${RELEASE_FILE}" -C "${DEPLOY_PATH}"