From db7b8751ecf687c904d1f799cf9129753f7f95ea Mon Sep 17 00:00:00 2001 From: pesu98 Date: Wed, 13 May 2026 15:23:31 +0800 Subject: [PATCH] runner v7 --- .gitea/workflows/ci.yaml | 50 ++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index d502574..f3e2a6d 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -108,22 +108,18 @@ jobs: name: laravel-build path: release - - name: Install sshpass - run: sudo apt-get update && sudo apt-get install -y sshpass + - name: Install SSH deployment tools + run: sudo apt-get update && sudo apt-get install -y openssh-client sshpass rsync - - name: Install rsync - run: sudo apt-get install -y rsync - - - name: Add SSH host to known_hosts + - name: Configure SSH env: - DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} - DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }} DEPLOY_KNOWN_HOSTS: ${{ secrets.DEPLOY_KNOWN_HOSTS }} run: | + mkdir -p ~/.ssh + chmod 700 ~/.ssh if [ -n "$DEPLOY_KNOWN_HOSTS" ]; then echo "$DEPLOY_KNOWN_HOSTS" >> ~/.ssh/known_hosts - else - ssh-keyscan -p "${DEPLOY_PORT:-22}" "$DEPLOY_HOST" >> ~/.ssh/known_hosts + chmod 600 ~/.ssh/known_hosts fi - name: Deploy files with rsync over SSH @@ -141,8 +137,8 @@ jobs: fi mkdir -p ~/.ssh - rsync -az --delete \ - -e "sshpass -e ssh -p ${DEPLOY_PORT:-22}" \ + sshpass -e rsync -az --delete \ + -e "ssh -p ${DEPLOY_PORT:-22} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PreferredAuthentications=password -o PubkeyAuthentication=no -o NumberOfPasswordPrompts=1" \ --exclude='.env' \ --exclude='storage/' \ --exclude='storage/logs/*' \ @@ -151,7 +147,15 @@ jobs: --exclude='storage/framework/views/*' \ release/ "${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}" - sshpass -e ssh -p "${DEPLOY_PORT:-22}" "${DEPLOY_USER}@${DEPLOY_HOST}" "test -f \"${DEPLOY_PATH}/public/.htaccess\" || { echo 'public/.htaccess missing after rsync'; exit 1; }" + sshpass -e ssh \ + -p "${DEPLOY_PORT:-22}" \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + -o PreferredAuthentications=password \ + -o PubkeyAuthentication=no \ + -o NumberOfPasswordPrompts=1 \ + "${DEPLOY_USER}@${DEPLOY_HOST}" \ + "test -f \"${DEPLOY_PATH}/public/.htaccess\" || { echo 'public/.htaccess missing after rsync'; exit 1; }" - name: Create .env on server from secret env: @@ -173,7 +177,15 @@ jobs: exit 1 fi - printf '%s' "$DEPLOY_ENV_FILE" | sshpass -e ssh -p "${DEPLOY_PORT:-22}" "${DEPLOY_USER}@${DEPLOY_HOST}" "mkdir -p \"${DEPLOY_PATH}\" && cat > \"${DEPLOY_PATH}/.env\" && chmod 600 \"${DEPLOY_PATH}/.env\"" + printf '%s' "$DEPLOY_ENV_FILE" | sshpass -e ssh \ + -p "${DEPLOY_PORT:-22}" \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + -o PreferredAuthentications=password \ + -o PubkeyAuthentication=no \ + -o NumberOfPasswordPrompts=1 \ + "${DEPLOY_USER}@${DEPLOY_HOST}" \ + "mkdir -p \"${DEPLOY_PATH}\" && cat > \"${DEPLOY_PATH}/.env\" && chmod 600 \"${DEPLOY_PATH}/.env\"" - name: Run post-deploy Laravel commands env: @@ -189,7 +201,15 @@ jobs: exit 1 fi - sshpass -e ssh -p "${DEPLOY_PORT:-22}" "${DEPLOY_USER}@${DEPLOY_HOST}" "cd ${DEPLOY_PATH} && mkdir -p storage/framework/cache/data storage/framework/sessions storage/framework/views storage/logs bootstrap/cache && chmod -R ug+rw storage bootstrap/cache && php artisan optimize:clear && php artisan config:cache && php artisan route:cache && php artisan view:cache" + sshpass -e ssh \ + -p "${DEPLOY_PORT:-22}" \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + -o PreferredAuthentications=password \ + -o PubkeyAuthentication=no \ + -o NumberOfPasswordPrompts=1 \ + "${DEPLOY_USER}@${DEPLOY_HOST}" \ + "cd ${DEPLOY_PATH} && mkdir -p storage/framework/cache/data storage/framework/sessions storage/framework/views storage/logs bootstrap/cache && chmod -R ug+rw storage bootstrap/cache && php artisan optimize:clear && php artisan config:cache && php artisan route:cache && php artisan view:cache" # Required repository secrets: # - DEPLOY_HOST: Server hostname or IP.