From cdb6cbd2b033228b87dc3ee8749eee7255ff60d9 Mon Sep 17 00:00:00 2001
From: juanatsap <juanatsap@gmail.com>
Date: Fri, 31 Oct 2025 12:26:37 +0000
Subject: [PATCH] fix: improve SSH key handling with validation and debugging

- Use printf instead of echo for proper SSH key formatting
- Add ssh-keygen validation before attempting connection
- Show first 50 chars of key on validation failure for debugging
- Maintains proper line endings and key structure

This will help identify if the SSH_PRIVATE_KEY secret is malformed.
---
 .github/workflows/deploy.yml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 9905de9..3808330 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -26,8 +26,23 @@ jobs:
           # Setup SSH
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+
+          # Write SSH key with proper formatting
+          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
+
+          # Validate SSH key format
+          echo "🔍 Validating SSH key..."
+          if ! ssh-keygen -l -f ~/.ssh/deploy_key >/dev/null 2>&1; then
+            echo "❌ Invalid SSH key format!"
+            echo "Key preview (first 50 chars):"
+            head -c 50 ~/.ssh/deploy_key
+            echo ""
+            exit 1
+          fi
+          echo "✅ SSH key validation passed"
+
+          # Add host to known_hosts
           ssh-keyscan -p $SSH_PORT -H $SSH_HOST >> ~/.ssh/known_hosts 2>/dev/null
 
           # Pull latest code and restart service
@@ -71,7 +86,7 @@ jobs:
           echo "🔍 Verifying deployment..."
 
           # Setup SSH for verification
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
 
           # Test health endpoint