From 9bfb70232212a3d771c5b1cb00a1a663b79da9e1 Mon Sep 17 00:00:00 2001 From: jack Date: Sat, 21 Mar 2026 23:22:17 +0700 Subject: [PATCH] ci: fix syntax-check vault password, update CI deploy key - Add vault password step to syntax-check job (ansible needs it even for --syntax-check) - Regenerate CI deploy SSH key (old private key was lost, new pair generated) - Add VAULT_PASSWORD and SSH_PRIVATE_KEY secrets to Forgejo via API Co-Authored-By: Claude Sonnet 4.6 --- .forgejo/workflows/deploy.yml | 5 +++++ inventory/group_vars/all/main.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml index 83cd876..beb9543 100644 --- a/.forgejo/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -15,6 +15,11 @@ jobs: - name: Install ansible run: pip3 install ansible --quiet --break-system-packages + - name: Write vault password + run: | + echo "${{ secrets.VAULT_PASSWORD }}" > ~/.vault-password-file + chmod 600 ~/.vault-password-file + - name: Syntax check run: ansible-playbook playbooks/deploy.yml --syntax-check -i inventory/ diff --git a/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml index 380d52a..6895b4b 100644 --- a/inventory/group_vars/all/main.yml +++ b/inventory/group_vars/all/main.yml @@ -26,4 +26,4 @@ syncthing_basic_auth_htpasswd: "{{ vault_syncthing_basic_auth_htpasswd }}" forgejo_runner_token: "{{ vault_forgejo_runner_token }}" # CI/CD deploy key (public key — not a secret) -ci_deploy_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6kK8+/9cMo9sFUIQAupPfcD3A6UixmAzB0r8jAf0kz ci-deploy@forgejo-runner" +ci_deploy_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdr9mRSSUqt7Ym4wA5RpVyz76wEXSOtVfh2/yCSMIbg ci-deploy@forgejo-runner"