fix(cd): correct YAML step indentation in Azure/GCP/Hetzner templates

Rust's line-continuation escape ("\) strips leading whitespace from the
first line of a format string. This caused 4 workflow steps per pipeline
to be emitted at column 0, producing invalid YAML.

Fixed by removing the backslash continuation from all affected format!()
openers in azure.rs (10 sites), gcp.rs (12 sites), hetzner.rs (13 sites).

Also gitignores generated pipeline output files (.github/workflows/deploy-*.yml,
.syncable/cd-manifest.toml, .syncable/SECRETS_REQUIRED.md) so they are
never accidentally committed.

Author: mitanuriel

.gitignore

@@ -48,3 +48,10 @@ syncable-ide-companion/dist/
 
 .DS_Store
 **/.DS_Store
+
+# Generated CD/CI pipeline output (sync-ctl generate cd/ci)
+.github/workflows/deploy-azure.yml
+.github/workflows/deploy-gcp.yml
+.github/workflows/deploy-hetzner.yml
+.syncable/cd-manifest.toml
+.syncable/SECRETS_REQUIRED.md

src/generator/cd_generation/templates/azure.rs

@@ -99,8 +99,7 @@ fn render_auth_step(pipeline: &CdPipeline) -> String {
         .unwrap_or("azure/login@v2");
 
     format!(
-        "\
-      - name: Azure login (OIDC)
+        "      - name: Azure login (OIDC)
         uses: {action}
         with:
           client-id: ${{{{ secrets.AZURE_CLIENT_ID }}}}
@@ -111,8 +110,7 @@ fn render_auth_step(pipeline: &CdPipeline) -> String {
 
 fn render_docker_step(pipeline: &CdPipeline) -> String {
     format!(
-        "\
-      - name: Set up Docker Buildx
+        "      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Build and push Docker image
@@ -135,8 +133,7 @@ fn render_migration_step(
 ) -> String {
     if migration.via_ssh {
         format!(
-            "\
-      - name: Run database migrations ({tool}) via SSH
+            "      - name: Run database migrations ({tool}) via SSH
         run: |
           ssh ${{{{ secrets.SSH_USER }}}}@${{{{ secrets.SSH_HOST }}}} << 'MIGRATE_EOF'
             cd /opt/app && {command}
@@ -148,8 +145,7 @@ fn render_migration_step(
         )
     } else {
         format!(
-            "\
-      - name: Run database migrations ({tool})
+            "      - name: Run database migrations ({tool})
         run: {command}
         env:
           DATABASE_URL: ${{{{ secrets.DATABASE_URL }}}}\n\n",
@@ -162,17 +158,15 @@ fn render_migration_step(
 fn render_deploy_step(pipeline: &CdPipeline) -> String {
     match pipeline.deploy_target {
         DeployTarget::AppService => format!(
-            "\
-      - name: Deploy to Azure App Service
+            "      - name: Deploy to Azure App Service
         uses: azure/webapps-deploy@v3
         with:
           app-name: ${{{{ secrets.AZURE_APP_NAME }}}}
           images: {image_tag}\n\n",
             image_tag = pipeline.docker_build_push.image_tag,
         ),
         DeployTarget::Aks => format!(
-            "\
-      - name: Set AKS context
+            "      - name: Set AKS context
         uses: azure/aks-set-context@v4
         with:
           resource-group: ${{{{ secrets.AKS_RESOURCE_GROUP }}}}
@@ -188,8 +182,7 @@ fn render_deploy_step(pipeline: &CdPipeline) -> String {
             image_tag = pipeline.docker_build_push.image_tag,
         ),
         DeployTarget::ContainerApps => format!(
-            "\
-      - name: Deploy to Azure Container Apps
+            "      - name: Deploy to Azure Container Apps
         uses: azure/container-apps-deploy@v2
         with:
           containerAppName: ${{{{ secrets.CONTAINER_APP_NAME }}}}
@@ -198,8 +191,7 @@ fn render_deploy_step(pipeline: &CdPipeline) -> String {
             image_tag = pipeline.docker_build_push.image_tag,
         ),
         _ => format!(
-            "\
-      - name: Deploy ({target})
+            "      - name: Deploy ({target})
         run: echo 'Deploy step for {target} — customize this step'
         env:
           IMAGE_TAG: {image_tag}\n\n",
@@ -213,17 +205,15 @@ fn render_health_check_step(pipeline: &CdPipeline) -> String {
     if is_kubectl_health_check(&pipeline.deploy_target) {
         let timeout = pipeline.health_check.retries * pipeline.health_check.interval_secs;
         format!(
-            "\
-      - name: Health check — rollout status
+            "      - name: Health check — rollout status
         run: |
           kubectl rollout status deployment/${{{{ secrets.K8S_DEPLOYMENT_NAME }}}} \\
             --namespace=${{{{ secrets.K8S_NAMESPACE }}}} \\
             --timeout={timeout}s\n\n",
         )
     } else {
         format!(
-            "\
-      - name: Health check
+            "      - name: Health check
         run: |
           curl --fail \\
             --retry {retries} \\

src/generator/cd_generation/templates/gcp.rs

@@ -102,8 +102,7 @@ fn render_auth_step(pipeline: &CdPipeline) -> String {
         .unwrap_or("google-github-actions/auth@v2");
 
     format!(
-        "\
-      - name: Authenticate to Google Cloud
+        "      - name: Authenticate to Google Cloud
         id: auth
         uses: {action}
         with:
@@ -116,16 +115,14 @@ fn render_auth_step(pipeline: &CdPipeline) -> String {
 }
 
 fn render_gar_docker_auth() -> String {
-    "\
-      - name: Configure Docker for Artifact Registry
+    "      - name: Configure Docker for Artifact Registry
         run: gcloud auth configure-docker ${{ secrets.GAR_LOCATION }}-docker.pkg.dev --quiet\n\n"
         .to_string()
 }
 
 fn render_docker_step(pipeline: &CdPipeline) -> String {
     format!(
-        "\
-      - name: Set up Docker Buildx
+        "      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Build and push Docker image
@@ -148,8 +145,7 @@ fn render_migration_step(
 ) -> String {
     if migration.via_ssh {
         format!(
-            "\
-      - name: Run database migrations ({tool}) via SSH
+            "      - name: Run database migrations ({tool}) via SSH
         run: |
           ssh ${{{{ secrets.SSH_USER }}}}@${{{{ secrets.SSH_HOST }}}} << 'MIGRATE_EOF'
             cd /opt/app && {command}
@@ -161,8 +157,7 @@ fn render_migration_step(
         )
     } else {
         format!(
-            "\
-      - name: Run database migrations ({tool})
+            "      - name: Run database migrations ({tool})
         run: {command}
         env:
           DATABASE_URL: ${{{{ secrets.DATABASE_URL }}}}\n\n",
@@ -175,8 +170,7 @@ fn render_migration_step(
 fn render_deploy_step(pipeline: &CdPipeline) -> String {
     match pipeline.deploy_target {
         DeployTarget::CloudRun => format!(
-            "\
-      - name: Deploy to Cloud Run
+            "      - name: Deploy to Cloud Run
         id: deploy
         uses: google-github-actions/deploy-cloudrun@v2
         with:
@@ -186,8 +180,7 @@ fn render_deploy_step(pipeline: &CdPipeline) -> String {
             image_tag = pipeline.docker_build_push.image_tag,
         ),
         DeployTarget::Gke => format!(
-            "\
-      - name: Get GKE credentials
+            "      - name: Get GKE credentials
         uses: google-github-actions/get-gke-credentials@v2
         with:
           cluster_name: ${{{{ secrets.GKE_CLUSTER_NAME }}}}
@@ -204,8 +197,7 @@ fn render_deploy_step(pipeline: &CdPipeline) -> String {
             image_tag = pipeline.docker_build_push.image_tag,
         ),
         _ => format!(
-            "\
-      - name: Deploy ({target})
+            "      - name: Deploy ({target})
         run: echo 'Deploy step for {target} — customize this step'
         env:
           IMAGE_TAG: {image_tag}\n\n",
@@ -219,17 +211,15 @@ fn render_health_check_step(pipeline: &CdPipeline) -> String {
     if is_kubectl_health_check(&pipeline.deploy_target) {
         let timeout = pipeline.health_check.retries * pipeline.health_check.interval_secs;
         format!(
-            "\
-      - name: Health check — rollout status
+            "      - name: Health check — rollout status
         run: |
           kubectl rollout status deployment/${{{{ secrets.K8S_DEPLOYMENT_NAME }}}} \\
             --namespace=${{{{ secrets.K8S_NAMESPACE }}}} \\
             --timeout={timeout}s\n\n",
         )
     } else if matches!(pipeline.deploy_target, DeployTarget::CloudRun) {
         format!(
-            "\
-      - name: Health check
+            "      - name: Health check
         run: |
           curl --fail \\
             --retry {retries} \\
@@ -242,8 +232,7 @@ fn render_health_check_step(pipeline: &CdPipeline) -> String {
         )
     } else {
         format!(
-            "\
-      - name: Health check
+            "      - name: Health check
         run: |
           curl --fail \\
             --retry {retries} \\

src/generator/cd_generation/templates/hetzner.rs

@@ -108,8 +108,7 @@ env:
 }
 
 fn render_ghcr_login() -> String {
-    "\
-      - name: Log in to GitHub Container Registry
+    "      - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -120,8 +119,7 @@ fn render_ghcr_login() -> String {
 
 fn render_docker_step(pipeline: &CdPipeline) -> String {
     format!(
-        "\
-      - name: Set up Docker Buildx
+        "      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Build and push Docker image
@@ -140,17 +138,15 @@ fn render_docker_step(pipeline: &CdPipeline) -> String {
 }
 
 fn render_ssh_agent() -> String {
-    "\
-      - name: Set up SSH agent
+    "      - name: Set up SSH agent
         uses: webfactory/ssh-agent@v0.9.0
         with:
           ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}\n\n"
         .to_string()
 }
 
 fn render_kubeconfig() -> String {
-    "\
-      - name: Set up kubeconfig
+    "      - name: Set up kubeconfig
         run: |
           mkdir -p ~/.kube
           echo \"${{ secrets.KUBECONFIG }}\" > ~/.kube/config
@@ -163,8 +159,7 @@ fn render_migration_step(
 ) -> String {
     if migration.via_ssh {
         format!(
-            "\
-      - name: Run database migrations ({tool}) via SSH
+            "      - name: Run database migrations ({tool}) via SSH
         run: |
           ssh ${{{{ secrets.SSH_USER }}}}@${{{{ secrets.SSH_HOST }}}} << 'MIGRATE_EOF'
             cd /opt/app && {command}
@@ -176,8 +171,7 @@ fn render_migration_step(
         )
     } else {
         format!(
-            "\
-      - name: Run database migrations ({tool})
+            "      - name: Run database migrations ({tool})
         run: {command}
         env:
           DATABASE_URL: ${{{{ secrets.DATABASE_URL }}}}\n\n",
@@ -190,8 +184,7 @@ fn render_migration_step(
 fn render_deploy_step(pipeline: &CdPipeline) -> String {
     match pipeline.deploy_target {
         DeployTarget::Vps => format!(
-            "\
-      - name: Deploy to VPS via SSH
+            "      - name: Deploy to VPS via SSH
         run: |
           ssh ${{{{ secrets.SSH_USER }}}}@${{{{ secrets.SSH_HOST }}}} << 'DEPLOY_EOF'
             docker pull {image_tag}
@@ -200,8 +193,7 @@ fn render_deploy_step(pipeline: &CdPipeline) -> String {
             image_tag = pipeline.docker_build_push.image_tag,
         ),
         DeployTarget::HetznerK8s => format!(
-            "\
-      - name: Deploy to Hetzner Kubernetes
+            "      - name: Deploy to Hetzner Kubernetes
         run: |
           kubectl set image deployment/${{{{ secrets.K8S_DEPLOYMENT_NAME }}}} \\
             ${{{{ secrets.K8S_DEPLOYMENT_NAME }}}}={image_tag} \\
@@ -211,14 +203,12 @@ fn render_deploy_step(pipeline: &CdPipeline) -> String {
             --timeout=300s\n\n",
             image_tag = pipeline.docker_build_push.image_tag,
         ),
-        DeployTarget::Coolify => "\
-      - name: Deploy via Coolify webhook
+        DeployTarget::Coolify => "      - name: Deploy via Coolify webhook
         run: |
           curl -fsSL -X POST ${{ secrets.COOLIFY_WEBHOOK_URL }}\n\n"
             .to_string(),
         _ => format!(
-            "\
-      - name: Deploy ({target})
+            "      - name: Deploy ({target})
         run: echo 'Deploy step for {target} — customize this step'
         env:
           IMAGE_TAG: {image_tag}\n\n",
@@ -232,17 +222,15 @@ fn render_health_check_step(pipeline: &CdPipeline) -> String {
     if is_kubectl_health_check(&pipeline.deploy_target) {
         let timeout = pipeline.health_check.retries * pipeline.health_check.interval_secs;
         format!(
-            "\
-      - name: Health check — rollout status
+            "      - name: Health check — rollout status
         run: |
           kubectl rollout status deployment/${{{{ secrets.K8S_DEPLOYMENT_NAME }}}} \\
             --namespace=${{{{ secrets.K8S_NAMESPACE }}}} \\
             --timeout={timeout}s\n\n",
         )
     } else {
         format!(
-            "\
-      - name: Health check
+            "      - name: Health check
         run: |
           curl --fail \\
             --retry {retries} \\