fix build 5
This commit is contained in:
@@ -183,6 +183,7 @@ jobs:
|
|||||||
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
|
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
|
||||||
key_fingerprint="$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')"
|
key_fingerprint="$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')"
|
||||||
echo "Loaded deploy key fingerprint: $key_fingerprint"
|
echo "Loaded deploy key fingerprint: $key_fingerprint"
|
||||||
|
echo "Deploy public key: $(cat ~/.ssh/id_rsa.pub)"
|
||||||
touch ~/.ssh/known_hosts
|
touch ~/.ssh/known_hosts
|
||||||
ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
|
ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
|
||||||
chmod 644 ~/.ssh/known_hosts
|
chmod 644 ~/.ssh/known_hosts
|
||||||
@@ -382,6 +383,7 @@ jobs:
|
|||||||
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
|
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
|
||||||
key_fingerprint="$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')"
|
key_fingerprint="$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')"
|
||||||
echo "Loaded deploy key fingerprint: $key_fingerprint"
|
echo "Loaded deploy key fingerprint: $key_fingerprint"
|
||||||
|
echo "Deploy public key: $(cat ~/.ssh/id_rsa.pub)"
|
||||||
touch ~/.ssh/known_hosts
|
touch ~/.ssh/known_hosts
|
||||||
ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
|
ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
|
||||||
chmod 644 ~/.ssh/known_hosts
|
chmod 644 ~/.ssh/known_hosts
|
||||||
|
|||||||
@@ -236,6 +236,18 @@ ssh-keygen -lf ~/.ssh/authorized_keys
|
|||||||
```
|
```
|
||||||
|
|
||||||
The matching public key must be present in `~/.ssh/authorized_keys` for the account named by `VPS_USER`.
|
The matching public key must be present in `~/.ssh/authorized_keys` for the account named by `VPS_USER`.
|
||||||
|
For example, a failed workflow that logs fingerprint `SHA256:mX9s/EluBlPKuKA+Vmc6HrbO6hpDLjBHtRi33mEOyhY` requires the matching public key line on the VPS.
|
||||||
|
|
||||||
|
To install the workflow's logged `Deploy public key` value for the selected SSH user:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
chmod 700 ~/.ssh
|
||||||
|
printf '%s\n' '<deploy-public-key-from-workflow-log>' >> ~/.ssh/authorized_keys
|
||||||
|
chmod 600 ~/.ssh/authorized_keys
|
||||||
|
```
|
||||||
|
|
||||||
|
Run those commands while logged in as the same account configured in `VPS_USER`. If `VPS_USER` is `deploy`, install the key under `/home/deploy/.ssh/authorized_keys`; if it is `root`, install it under `/root/.ssh/authorized_keys`.
|
||||||
|
|
||||||
The production compose file reads `APP_IMAGE` and `APP_VERSION` for pull-based deploys. The Gitea deploy job injects those values automatically and syncs the deployment assets to the VPS before running the server-side deploy script. Production no longer depends on `git pull` during release.
|
The production compose file reads `APP_IMAGE` and `APP_VERSION` for pull-based deploys. The Gitea deploy job injects those values automatically and syncs the deployment assets to the VPS before running the server-side deploy script. Production no longer depends on `git pull` during release.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user