fix ssh key parsing

This commit is contained in:
root
2026-06-04 00:13:58 -04:00
parent e0b2239f66
commit 52c1ecffe2
4 changed files with 130 additions and 3 deletions
+16
View File
@@ -200,6 +200,22 @@ REGISTRY_USER=<registry-user>
REGISTRY_PASSWORD=<registry-password>
```
For the deploy job, add these GitLab CI variables as well:
```text
VPS_IP=<server-ip-or-hostname>
VPS_USER=<ssh-user>
SSH_PRIVATE_KEY=<deployment-private-key>
```
`SSH_PRIVATE_KEY` must be an unencrypted private key that OpenSSH can read in a non-interactive job. The pipeline accepts any of these formats:
- GitLab `File` variable containing the private key
- Standard multiline key pasted directly into the variable value
- Base64-encoded private key stored as a single line
If your key is passphrase-protected, generate a dedicated deploy key without a passphrase for CI instead of reusing an interactive workstation key.
The production compose file reads `APP_IMAGE` and `APP_VERSION` for pull-based deploys. The GitLab deploy job injects those values automatically and now syncs the deployment assets to the VPS before running the server-side deploy script. Production no longer depends on `git pull` during release.
The CI pipeline publishes and deploys from the GitLab default branch (`$CI_DEFAULT_BRANCH`). If you change your release branch, update the repository default branch in GitLab instead of hard-coding branch names in `.gitlab-ci.yml`.