From ac8135aec865c8535b9d0d3b3f71b5539f1be0a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joe=20K=C3=BCng?= Date: Thu, 29 Jan 2026 22:28:09 +0100 Subject: [PATCH] fix: cicdl.yaml --- .gitea/workflows/cicd.yaml | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml index 22adccb..b17f3fe 100644 --- a/.gitea/workflows/cicd.yaml +++ b/.gitea/workflows/cicd.yaml @@ -96,19 +96,30 @@ jobs: shell: bash run: | set -euo pipefail - + apt-get update - apt-get install -y --no-install-recommends openssh-client ca-certificates - + apt-get install -y --no-install-recommends openssh-client + mkdir -p ~/.ssh chmod 700 ~/.ssh - - printf '%s' "${{ secrets.SSH_PRIVATE_KEY_B64 }}" | base64 -d > ~/.ssh/id_ed25519 + + # 1) Prende il secret base64 e rimuove spazi/newline/CR + printf '%s' "${{ secrets.SSH_PRIVATE_KEY_B64 }}" | tr -d '\r\n\t ' > /tmp/key.b64 + + # 2) (debug sicuro) stampa solo la lunghezza della base64 + echo "b64_len=$(wc -c < /tmp/key.b64)" + + # 3) Decodifica in chiave privata + base64 -d /tmp/key.b64 > ~/.ssh/id_ed25519 + + # 4) Rimuove eventuali CRLF dentro la chiave (se proviene da Windows) + tr -d '\r' < ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.clean + mv ~/.ssh/id_ed25519.clean ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 - - # Debug sicuro: stampa solo la prima riga (non rivela la chiave) - head -n 1 ~/.ssh/id_ed25519 - + + # 5) Validazione: se fallisce qui, la chiave NON รจ valida/corrotta + ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null + ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null - + ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" "${{ env.ENV }}"