fix: improve SSH key handling with validation and debugging

- Use printf instead of echo for proper SSH key formatting
- Add ssh-keygen validation before attempting connection
- Show first 50 chars of key on validation failure for debugging
- Maintains proper line endings and key structure

This will help identify if the SSH_PRIVATE_KEY secret is malformed.

.github/workflows/deploy.yml

@@ -26,8 +26,23 @@ jobs:
           # Setup SSH
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+
+          # Write SSH key with proper formatting
+          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
+
+          # Validate SSH key format
+          echo "🔍 Validating SSH key..."
+          if ! ssh-keygen -l -f ~/.ssh/deploy_key >/dev/null 2>&1; then
+            echo "❌ Invalid SSH key format!"
+            echo "Key preview (first 50 chars):"
+            head -c 50 ~/.ssh/deploy_key
+            echo ""
+            exit 1
+          fi
+          echo "✅ SSH key validation passed"
+
+          # Add host to known_hosts
           ssh-keyscan -p $SSH_PORT -H $SSH_HOST >> ~/.ssh/known_hosts 2>/dev/null
 
           # Pull latest code and restart service
@@ -71,7 +86,7 @@ jobs:
           echo "🔍 Verifying deployment..."
 
           # Setup SSH for verification
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
 
           # Test health endpoint