refactor: use appleboy/ssh-action for reliable SSH deployment

Replace manual SSH setup with proven appleboy/ssh-action@v1.0.3 - Automatically handles SSH key formatting and permissions - No manual key validation or cleanup needed - Consistent with working commando-web deployment - Pass environment variables via 'envs' parameter - Simplifies both deploy and verify steps This eliminates "error in libcrypto" and permission issues.
2025-10-31 12:27:46 +00:00
parent cdb6cbd2b0
commit 97ab363071
1 changed files with 18 additions and 56 deletions
@@ -13,43 +13,20 @@ jobs:

    steps:
      - name: Deploy to server
+        uses: appleboy/ssh-action@v1.0.3
        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_HOST: ${{ secrets.SSH_HOST }}
-          SSH_USER: ${{ secrets.SSH_USER }}
-          SSH_PORT: ${{ secrets.SSH_PORT || '22' }}
          SERVICE_NAME: ${{ secrets.SERVICE_NAME || 'cv' }}
          REPO_PATH: ${{ secrets.REPO_PATH || '/home/txeo/Git/yo/cv' }}
-        run: |
-          echo "🚀 Deploying to server..."
-
-          # Setup SSH
-          mkdir -p ~/.ssh
-          chmod 700 ~/.ssh
-
-          # Write SSH key with proper formatting
-          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
-          chmod 600 ~/.ssh/deploy_key
-
-          # Validate SSH key format
-          echo "🔍 Validating SSH key..."
-          if ! ssh-keygen -l -f ~/.ssh/deploy_key >/dev/null 2>&1; then
-            echo "❌ Invalid SSH key format!"
-            echo "Key preview (first 50 chars):"
-            head -c 50 ~/.ssh/deploy_key
-            echo ""
-            exit 1
-          fi
-          echo "✅ SSH key validation passed"
-
-          # Add host to known_hosts
-          ssh-keyscan -p $SSH_PORT -H $SSH_HOST >> ~/.ssh/known_hosts 2>/dev/null
-
-          # Pull latest code and restart service
-          echo "🔄 Pulling latest code and restarting service..."
-          ssh -i ~/.ssh/deploy_key -p $SSH_PORT $SSH_USER@$SSH_HOST << ENDSSH
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT || '22' }}
+          envs: SERVICE_NAME,REPO_PATH
+          script: |
            set -e

+            echo "🚀 Deploying to server..."
            echo "📥 Pulling latest changes..."
            cd $REPO_PATH
            git pull origin main
@@ -69,28 +46,16 @@ jobs:
              sudo journalctl -u $SERVICE_NAME -n 50 --no-pager
              exit 1
            fi
-          ENDSSH
-
-          # Cleanup
-          rm ~/.ssh/deploy_key
-
-          echo "✅ Deployment completed successfully!"

      - name: Verify deployment
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_HOST: ${{ secrets.SSH_HOST }}
-          SSH_USER: ${{ secrets.SSH_USER }}
-          SSH_PORT: ${{ secrets.SSH_PORT || '22' }}
-        run: |
-          echo "🔍 Verifying deployment..."
-
-          # Setup SSH for verification
-          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
-          chmod 600 ~/.ssh/deploy_key
-
-          # Test health endpoint
-          ssh -i ~/.ssh/deploy_key -p $SSH_PORT $SSH_USER@$SSH_HOST << 'ENDSSH'
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT || '22' }}
+          script: |
+            echo "🔍 Verifying deployment..."
            echo "Testing health endpoint..."
            sleep 2
            if curl -f http://localhost:1999/health > /dev/null 2>&1; then
@@ -100,7 +65,4 @@ jobs:
              echo "❌ Health check failed"
              exit 1
            fi
-          ENDSSH
-
-          rm ~/.ssh/deploy_key
-          echo "✅ Deployment verification complete!"
+            echo "✅ Deployment verification complete!"