.gitea/workflows/deploy-qa.yml

@@ -55,18 +55,24 @@ jobs:
     needs: build-and-push
     steps:
       - name: Deploy via SSH
+        env:
+          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+          DEPLOY_PASSPHRASE: ${{ secrets.DEPLOY_PASSPHRASE }}
         run: |
           set -euo pipefail
           IMAGE_TAG="${{ needs.build-and-push.outputs.image_tag }}"
-          eval $(ssh-agent -s)
+
-          echo "${{ secrets.DEPLOY_SSH_KEY }}" > /tmp/deploy_key
+          printf '%s\n' "$DEPLOY_SSH_KEY" > /tmp/deploy_key
           chmod 600 /tmp/deploy_key
-          ssh-keygen -p -P "${{ secrets.DEPLOY_PASSPHRASE }}" -N "" -f /tmp/deploy_key
+          printf '%s\n' "$DEPLOY_PASSPHRASE" > /tmp/passphrase
-          ssh-add /tmp/deploy_key
+
-          rm -f /tmp/deploy_key
+          sudo apt-get update -qq && sudo apt-get install -y -qq sshpass
-          mkdir -p ~/.ssh
+
           ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
-          ssh ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
+
+          sshpass -f /tmp/passphrase ssh -i /tmp/deploy_key \
+            -o StrictHostKeyChecking=no \
+            ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
             -e REGISTRY_URL=${{ env.REGISTRY_URL }} \
             -e IMAGE_NAME=${{ env.IMAGE_NAME }} \
             -e IMAGE_TAG=${IMAGE_TAG} \