From e47445e4578da62944deacf21755c6f9711885bf Mon Sep 17 00:00:00 2001
From: JosueDev-afk <josue_ceballos12@hotmail.com>
Date: Mon, 1 Jun 2026 22:34:38 -0600
Subject: [PATCH] ci: use sshpass with env vars for passphrase-protected SSH
 keys

---
 .gitea/workflows/deploy-qa.yml | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/deploy-qa.yml b/.gitea/workflows/deploy-qa.yml
index 824227a..158dd72 100644
--- a/.gitea/workflows/deploy-qa.yml
+++ b/.gitea/workflows/deploy-qa.yml
@@ -55,18 +55,24 @@ jobs:
     needs: build-and-push
     steps:
       - name: Deploy via SSH
+        env:
+          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+          DEPLOY_PASSPHRASE: ${{ secrets.DEPLOY_PASSPHRASE }}
         run: |
           set -euo pipefail
           IMAGE_TAG="${{ needs.build-and-push.outputs.image_tag }}"
-          eval $(ssh-agent -s)
-          echo "${{ secrets.DEPLOY_SSH_KEY }}" > /tmp/deploy_key
+
+          printf '%s\n' "$DEPLOY_SSH_KEY" > /tmp/deploy_key
           chmod 600 /tmp/deploy_key
-          ssh-keygen -p -P "${{ secrets.DEPLOY_PASSPHRASE }}" -N "" -f /tmp/deploy_key
-          ssh-add /tmp/deploy_key
-          rm -f /tmp/deploy_key
-          mkdir -p ~/.ssh
+          printf '%s\n' "$DEPLOY_PASSPHRASE" > /tmp/passphrase
+
+          sudo apt-get update -qq && sudo apt-get install -y -qq sshpass
+
           ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
-          ssh ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
+
+          sshpass -f /tmp/passphrase ssh -i /tmp/deploy_key \
+            -o StrictHostKeyChecking=no \
+            ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
             -e REGISTRY_URL=${{ env.REGISTRY_URL }} \
             -e IMAGE_NAME=${{ env.IMAGE_NAME }} \
             -e IMAGE_TAG=${IMAGE_TAG} \