30 lines
1.0 KiB
YAML
30 lines
1.0 KiB
YAML
kind: pipeline
|
|
name: ssh_and_execute
|
|
|
|
# Define a step to execute the SSH command on the server
|
|
steps:
|
|
- name: ssh_execute
|
|
image: alpine:latest # Lightweight base image (adjust if needed)
|
|
# Fetch the private key securely from Drone secrets
|
|
environment:
|
|
KEY_DATA:
|
|
from_secret: SSH_KEY_SECRET
|
|
KNOWN_HOSTS:
|
|
from_secret: KNOWN_HOSTS
|
|
commands:
|
|
# Ensure key data is not accidentally logged
|
|
- apk update
|
|
- apk add openssh
|
|
- mkdir ~/.ssh/
|
|
- echo "$KNOWN_HOSTS" > ~/.ssh/known_hosts
|
|
- echo "$KEY_DATA" | tr -d '\r' > /tmp/drone_key # Remove carriage returns (if any) and store in temp file
|
|
|
|
- chmod 600 /tmp/drone_key # Set strict permissions
|
|
- eval "$(ssh-agent -s)" # Start SSH agent
|
|
|
|
# Add the private key to the agent securely
|
|
- ssh-add /tmp/drone_key
|
|
|
|
# Replace with actual server details (host, username, command)
|
|
- ssh crystal@tilde.institute -i /tmp/drone_key "cd public_html && git pull && cd src/org/ && chmod +x ./export.sh && ./export.sh"
|