ricardo/NALU
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use env var + sed for SSH key CRLF/escaped-newline handling
Some checks failed
NALU Deployment Pipeline / Run Tests (push) Successful in 1m9s
Details
NALU Deployment Pipeline / PR Validation (push) Has been skipped
Details
NALU Deployment Pipeline / Build and Push Image (push) Successful in 9m41s
Details
NALU Deployment Pipeline / Deploy naluai.dev (push) Failing after 20s
Details
NALU Deployment Pipeline / Cleanup Old Resources (push) Has been skipped
Details

Browse Source 
Pass secret via env var (not inline), strip \r, convert literal \n to real newlines.
Added head/wc debug output to diagnose key format.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Ricardo Carneiro 2026-05-15 14:44:51 -03:00
parent ba72b04313
commit c5cb9df468
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.gitea/workflows/deploy-nalu.yml
View File

@ -87,11 +87,16 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Setup SSH - name: Setup SSH
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: | run: |
mkdir -p ~/.ssh mkdir -p ~/.ssh
printf '%s' "${{ secrets.SSH_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_rsa printf '%s' "${SSH_PRIVATE_KEY}" | tr -d '\r' | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
echo "" >> ~/.ssh/id_rsa echo "" >> ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
# debug key format (no content exposed)
head -1 ~/.ssh/id_rsa
wc -l ~/.ssh/id_rsa
ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Build image on ARM server - name: Build image on ARM server
@ -196,9 +201,11 @@ jobs:
echo "✅ appsettings.nalu.json gerado" echo "✅ appsettings.nalu.json gerado"
- name: Deploy nalu stack - name: Deploy nalu stack
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: | run: |
mkdir -p ~/.ssh mkdir -p ~/.ssh
printf '%s' "${{ secrets.SSH_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_rsa printf '%s' "${SSH_PRIVATE_KEY}" | tr -d '\r' | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
echo "" >> ~/.ssh/id_rsa echo "" >> ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null
@ -256,9 +263,11 @@ jobs:
steps: steps:
- name: Cleanup - name: Cleanup
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: | run: |
mkdir -p ~/.ssh mkdir -p ~/.ssh
printf '%s' "${{ secrets.SSH_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_rsa printf '%s' "${SSH_PRIVATE_KEY}" | tr -d '\r' | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
echo "" >> ~/.ssh/id_rsa echo "" >> ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null