From cf1cb65168b0b352d28716db8545b513eb328e31 Mon Sep 17 00:00:00 2001
From: JosueDev-afk <josue_ceballos12@hotmail.com>
Date: Mon, 1 Jun 2026 22:29:56 -0600
Subject: [PATCH] ci: replace appleboy ssh action with native ssh-agent

---
 .gitea/workflows/deploy-qa.yml | 57 +++++++++++++++++++---------------
 1 file changed, 32 insertions(+), 25 deletions(-)

diff --git a/.gitea/workflows/deploy-qa.yml b/.gitea/workflows/deploy-qa.yml
index a537b0e..824227a 100644
--- a/.gitea/workflows/deploy-qa.yml
+++ b/.gitea/workflows/deploy-qa.yml
@@ -55,37 +55,44 @@ jobs:
     needs: build-and-push
     steps:
       - name: Deploy via SSH
-        uses: appleboy/ssh-action@v1.2.5
-        with:
-          host: ${{ secrets.DEPLOY_HOST }}
-          username: ${{ secrets.DEPLOY_USERNAME }}
-          key: ${{ secrets.DEPLOY_SSH_KEY }}
-          passphrase: ${{ secrets.DEPLOY_PASSPHRASE }}
-          script: |
+        run: |
+          set -euo pipefail
+          IMAGE_TAG="${{ needs.build-and-push.outputs.image_tag }}"
+          eval $(ssh-agent -s)
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" > /tmp/deploy_key
+          chmod 600 /tmp/deploy_key
+          ssh-keygen -p -P "${{ secrets.DEPLOY_PASSPHRASE }}" -N "" -f /tmp/deploy_key
+          ssh-add /tmp/deploy_key
+          rm -f /tmp/deploy_key
+          mkdir -p ~/.ssh
+          ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
+          ssh ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
+            -e REGISTRY_URL=${{ env.REGISTRY_URL }} \
+            -e IMAGE_NAME=${{ env.IMAGE_NAME }} \
+            -e IMAGE_TAG=${IMAGE_TAG} \
+            -e GIT_SHA=${{ gitea.sha }} \
+            -e GIT_BRANCH=dev \
+            -e GITEA_ACTOR=${{ gitea.actor }} \
+            -e BUILD_NUMBER=${{ gitea.run_id }} \
+            -e TOKEN=${{ secrets.TOKEN }} << 'EOF'
             set -euo pipefail
-
+            BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
             echo "Pulling image..."
-            echo "${{ secrets.TOKEN }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ gitea.actor }} --password-stdin
-            docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ needs.build-and-push.outputs.image_tag }}
-
+            echo "$TOKEN" | docker login $REGISTRY_URL -u $GITEA_ACTOR --password-stdin
+            docker pull $REGISTRY_URL/$IMAGE_NAME:$IMAGE_TAG
             echo "Stopping existing container..."
             docker stop cicd-qa 2>/dev/null || true
             docker rm cicd-qa 2>/dev/null || true
-
             echo "Starting new container..."
-            docker run -d \
-              --name cicd-qa \
-              --restart unless-stopped \
-              -p 8081:80 \
+            docker run -d --name cicd-qa --restart unless-stopped -p 8081:80 \
               -e APP_ENV=qa \
-              -e APP_VERSION=dev-${{ gitea.sha }} \
-              -e GIT_COMMIT=${{ gitea.sha }} \
-              -e GIT_BRANCH=dev \
-              -e BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-              -e DEPLOY_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-              -e BUILD_NUMBER=${{ gitea.run_id }} \
-              ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ needs.build-and-push.outputs.image_tag }}
-
+              -e APP_VERSION=dev-${GIT_SHA} \
+              -e GIT_COMMIT=${GIT_SHA} \
+              -e GIT_BRANCH=${GIT_BRANCH} \
+              -e BUILD_DATE=${BUILD_DATE} \
+              -e DEPLOY_TIME=${BUILD_DATE} \
+              -e BUILD_NUMBER=${BUILD_NUMBER} \
+              $REGISTRY_URL/$IMAGE_NAME:$IMAGE_TAG
             echo "Waiting for health check..."
             for i in $(seq 1 12); do
               if curl -sf http://localhost:8081/health > /dev/null 2>&1; then
@@ -94,8 +101,8 @@ jobs:
               fi
               sleep 5
             done
-
             echo "::error::QA health check failed"
             exit 1
+          EOF