From e7e80103c758e7b01f3d2eed662d4bd5a4a09e0b Mon Sep 17 00:00:00 2001 From: root Date: Sat, 4 Jul 2026 14:07:41 -0400 Subject: [PATCH] fix build 5 --- .gitea/workflows/build-and-deploy.yml | 2 ++ docs/DOCKER.md | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml index ad3bda7..0dc0405 100644 --- a/.gitea/workflows/build-and-deploy.yml +++ b/.gitea/workflows/build-and-deploy.yml @@ -183,6 +183,7 @@ jobs: ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub key_fingerprint="$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')" echo "Loaded deploy key fingerprint: $key_fingerprint" + echo "Deploy public key: $(cat ~/.ssh/id_rsa.pub)" touch ~/.ssh/known_hosts ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true chmod 644 ~/.ssh/known_hosts @@ -382,6 +383,7 @@ jobs: ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub key_fingerprint="$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')" echo "Loaded deploy key fingerprint: $key_fingerprint" + echo "Deploy public key: $(cat ~/.ssh/id_rsa.pub)" touch ~/.ssh/known_hosts ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true chmod 644 ~/.ssh/known_hosts diff --git a/docs/DOCKER.md b/docs/DOCKER.md index 2623a8b..e38f4ea 100644 --- a/docs/DOCKER.md +++ b/docs/DOCKER.md @@ -236,6 +236,18 @@ ssh-keygen -lf ~/.ssh/authorized_keys ``` The matching public key must be present in `~/.ssh/authorized_keys` for the account named by `VPS_USER`. +For example, a failed workflow that logs fingerprint `SHA256:mX9s/EluBlPKuKA+Vmc6HrbO6hpDLjBHtRi33mEOyhY` requires the matching public key line on the VPS. + +To install the workflow's logged `Deploy public key` value for the selected SSH user: + +```bash +mkdir -p ~/.ssh +chmod 700 ~/.ssh +printf '%s\n' '' >> ~/.ssh/authorized_keys +chmod 600 ~/.ssh/authorized_keys +``` + +Run those commands while logged in as the same account configured in `VPS_USER`. If `VPS_USER` is `deploy`, install the key under `/home/deploy/.ssh/authorized_keys`; if it is `root`, install it under `/root/.ssh/authorized_keys`. The production compose file reads `APP_IMAGE` and `APP_VERSION` for pull-based deploys. The Gitea deploy job injects those values automatically and syncs the deployment assets to the VPS before running the server-side deploy script. Production no longer depends on `git pull` during release.