feat: Add SSH known hosts configuration and enhance connectivity checks in Tailscale deployment workflow

PhantomDave · PhantomDave · commit 0d6eb389ac8e · 2025-11-10T22:35:34.000Z
diff --git a/.github/workflows/deploy-tailscale.yml b/.github/workflows/deploy-tailscale.yml
@@ -64,6 +64,14 @@ jobs:
           sanitized_target="${user_prefix}${host_only}${port_suffix}"
           echo "target=$sanitized_target" >> "$GITHUB_OUTPUT"
 
+      - name: Configure SSH known hosts
+        shell: bash
+        run: |
+          mkdir -p "$HOME/.ssh"
+          touch "$HOME/.ssh/tailscale_known_hosts"
+          chmod 600 "$HOME/.ssh/tailscale_known_hosts"
+          echo "TAILSCALE_KNOWN_HOSTS=$HOME/.ssh/tailscale_known_hosts" >> "$GITHUB_ENV"
+
       - name: Validate deployment secrets
         run: |
           if [ -z "${{ steps.prepare.outputs.target }}" ]; then
@@ -78,16 +86,25 @@ jobs:
       - name: Test Tailscale connectivity
         run: |
           echo "Testing connection to target host..."
-          tailscale ssh "${{ steps.prepare.outputs.target }}" "echo 'Connected successfully' && whoami"
+          tailscale ssh "${{ steps.prepare.outputs.target }}" \
+            -o StrictHostKeyChecking=accept-new \
+            -o UserKnownHostsFile="$TAILSCALE_KNOWN_HOSTS" \
+            "echo 'Connected successfully' && whoami"
 
       - name: Deploy through Tailscale SSH
         run: |
           echo "🚀 Starting deployment..."
-          tailscale ssh "${{ steps.prepare.outputs.target }}" "${TAILSCALE_DEPLOY_COMMAND}"
+          tailscale ssh "${{ steps.prepare.outputs.target }}" \
+            -o StrictHostKeyChecking=accept-new \
+            -o UserKnownHostsFile="$TAILSCALE_KNOWN_HOSTS" \
+            "${TAILSCALE_DEPLOY_COMMAND}"
           echo "✅ Deployment completed"
 
       - name: Post-deployment verification (optional)
         if: success()
         run: |
           echo "Verifying deployment..."
-          tailscale ssh "${{ steps.prepare.outputs.target }}" "systemctl status your-app || echo 'Status command not available'"
+          tailscale ssh "${{ steps.prepare.outputs.target }}" \
+            -o StrictHostKeyChecking=accept-new \
+            -o UserKnownHostsFile="$TAILSCALE_KNOWN_HOSTS" \
+            "systemctl status your-app || echo 'Status command not available'"
