fix: improve SSH key handling with validation and debugging

- Use printf instead of echo for proper SSH key formatting - Add ssh-keygen validation before attempting connection - Show first 50 chars of key on validation failure for debugging - Maintains proper line endings and key structure This will help identify if the SSH_PRIVATE_KEY secret is malformed.
2025-10-31 12:26:37 +00:00
parent eb920baace
commit cdb6cbd2b0
1 changed files with 17 additions and 2 deletions
@@ -26,8 +26,23 @@ jobs:
          # Setup SSH
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+
+          # Write SSH key with proper formatting
+          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
+
+          # Validate SSH key format
+          echo "🔍 Validating SSH key..."
+          if ! ssh-keygen -l -f ~/.ssh/deploy_key >/dev/null 2>&1; then
+            echo "❌ Invalid SSH key format!"
+            echo "Key preview (first 50 chars):"
+            head -c 50 ~/.ssh/deploy_key
+            echo ""
+            exit 1
+          fi
+          echo "✅ SSH key validation passed"
+
+          # Add host to known_hosts
          ssh-keyscan -p $SSH_PORT -H $SSH_HOST >> ~/.ssh/known_hosts 2>/dev/null

          # Pull latest code and restart service
@@ -71,7 +86,7 @@ jobs:
          echo "🔍 Verifying deployment..."

          # Setup SSH for verification
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key

          # Test health endpoint