fix ssh key parsing
This commit is contained in:
@@ -200,6 +200,22 @@ REGISTRY_USER=<registry-user>
|
||||
REGISTRY_PASSWORD=<registry-password>
|
||||
```
|
||||
|
||||
For the deploy job, add these GitLab CI variables as well:
|
||||
|
||||
```text
|
||||
VPS_IP=<server-ip-or-hostname>
|
||||
VPS_USER=<ssh-user>
|
||||
SSH_PRIVATE_KEY=<deployment-private-key>
|
||||
```
|
||||
|
||||
`SSH_PRIVATE_KEY` must be an unencrypted private key that OpenSSH can read in a non-interactive job. The pipeline accepts any of these formats:
|
||||
|
||||
- GitLab `File` variable containing the private key
|
||||
- Standard multiline key pasted directly into the variable value
|
||||
- Base64-encoded private key stored as a single line
|
||||
|
||||
If your key is passphrase-protected, generate a dedicated deploy key without a passphrase for CI instead of reusing an interactive workstation key.
|
||||
|
||||
The production compose file reads `APP_IMAGE` and `APP_VERSION` for pull-based deploys. The GitLab deploy job injects those values automatically and now syncs the deployment assets to the VPS before running the server-side deploy script. Production no longer depends on `git pull` during release.
|
||||
|
||||
The CI pipeline publishes and deploys from the GitLab default branch (`$CI_DEFAULT_BRANCH`). If you change your release branch, update the repository default branch in GitLab instead of hard-coding branch names in `.gitlab-ci.yml`.
|
||||
|
||||
Reference in New Issue
Block a user