From fdbc3525731510b4489ec7fccc78d50cad3e55c7 Mon Sep 17 00:00:00 2001 From: Joshua Dirga Date: Thu, 19 Feb 2026 00:41:53 -0500 Subject: [PATCH] safe writing of private key --- .github/workflows/deploy-prod.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index dfd6d63..dddebe4 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -44,13 +44,12 @@ jobs: mkdir -p ~/.ssh chmod 700 ~/.ssh - # Using printf instead of echo prevents newline formatting bugs - printf "%s\n" "$PRIVATE_KEY" > ~/.ssh/id_rsa + # Safely write the key and strip any invisible Windows carriage returns + echo "$PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H "$HOST" >> ~/.ssh/known_hosts - # Added -v for debugging, -o for RSA support, and $REMOTE_USER ssh -v -o PubkeyAcceptedKeyTypes=+ssh-rsa -i ~/.ssh/id_rsa "$REMOTE_USER@$HOST" " export IMAGE_TAG=$IMAGE_TAG cd docker-compose