From c3518e9f208c4b7218f1f2f1676abb95d850cc31 Mon Sep 17 00:00:00 2001
From: npmrun <1549469775@qq.com>
Date: Wed, 29 Apr 2026 14:34:25 +0800
Subject: [PATCH] fix(drone): enhance SSH configuration for deployment

- Updated the SSH command in the Drone configuration to include host key verification options, improving security during the deployment process.
- Changed the branch for cloning and pulling from 'deploy-branch' to 'main' to align with the current deployment strategy.

These changes ensure a more secure and streamlined deployment workflow.
---
 .drone.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 675d4ba..2cc9b9d 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -30,8 +30,8 @@ steps:
       - chmod 700 "$HOME/.ssh"
       - 'printf "%s\n" "$DEPLOY_SSH_KEY" > "$HOME/.ssh/id_rsa"'
       - chmod 600 "$HOME/.ssh/id_rsa"
-      - 'ssh-keyscan -p 8892 git.xieyaxin.top >> "$HOME/.ssh/known_hosts"'
+      - 'ssh-keyscan -p 8892 -H git.xieyaxin.top >> "$HOME/.ssh/known_hosts"'
       - chmod 644 "$HOME/.ssh/known_hosts"
-      - 'if [ ! -d "$HOME/projects/nuxt4-demo/nuxt4-demo" ]; then mkdir -p "$HOME/projects/nuxt4-demo" && GIT_SSH_COMMAND="ssh -i $HOME/.ssh/id_rsa -o IdentitiesOnly=yes" git clone -b deploy-branch "ssh://root@git.xieyaxin.top:8892/topuser/nuxt4-demo.git" "$HOME/projects/nuxt4-demo/nuxt4-demo"; else cd "$HOME/projects/nuxt4-demo/nuxt4-demo" && GIT_SSH_COMMAND="ssh -i $HOME/.ssh/id_rsa -o IdentitiesOnly=yes" git pull origin deploy-branch; fi'
+      - 'if [ ! -d "$HOME/projects/nuxt4-demo/nuxt4-demo" ]; then mkdir -p "$HOME/projects/nuxt4-demo" && GIT_SSH_COMMAND="ssh -i $HOME/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=$HOME/.ssh/known_hosts -o StrictHostKeyChecking=accept-new" git clone -b main "ssh://root@git.xieyaxin.top:8892/topuser/nuxt4-demo.git" "$HOME/projects/nuxt4-demo/nuxt4-demo"; else cd "$HOME/projects/nuxt4-demo/nuxt4-demo" && GIT_SSH_COMMAND="ssh -i $HOME/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=$HOME/.ssh/known_hosts -o StrictHostKeyChecking=accept-new" git pull origin main; fi'
       - pm2 stop nuxt4-demo
       - pm2 start nuxt4-demo
\ No newline at end of file