From f55c5fd7d61f337408889926d93194b36139572c Mon Sep 17 00:00:00 2001 From: npmrun <1549469775@qq.com> Date: Thu, 30 Apr 2026 09:53:15 +0800 Subject: [PATCH] fix(drone): enhance SSH configuration for deployment process - Updated the .drone.yml file to include GIT_SSH_HOST and GIT_SSH_PORT variables for improved SSH handling. - Refined the SSH key scanning and command execution to ensure compatibility with the specified remote host and port. - These changes enhance the reliability of the deployment process by ensuring proper SSH configuration and host verification. --- .drone.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index c8dedeb..2371dce 100644 --- a/.drone.yml +++ b/.drone.yml @@ -16,16 +16,19 @@ steps: DEPLOY_BRANCH: deploy REPO_DIR: /root/projects/nuxt4-demo/nuxt4-demo-origin GIT_REMOTE: ssh://root@git.xieyaxin.top:8892/topuser/nuxt4-demo.git + GIT_SSH_HOST: git.xieyaxin.top + GIT_SSH_PORT: "8892" UNZIP_DIR: /root/projects/nuxt4-demo/nuxt4-demo DEPLOY_SSH_KEY: from_secret: DEPLOY_SSH_KEY commands: - mkdir -p -m 700 "/root/.ssh" - umask 077 && printf '%s\n' "$DEPLOY_SSH_KEY" > "/root/.ssh/id_rsa" - - 'ssh-keyscan -H -T 15 gitee.com > "/root/.ssh/known_hosts" && chmod 644 "/root/.ssh/known_hosts"' - - 'export SSH_OPTS="-i /root/.ssh/id_rsa -o IdentitiesOnly=yes -o UserKnownHostsFile=/root/.ssh/known_hosts -o StrictHostKeyChecking=yes -o BatchMode=yes -o ConnectTimeout=10 -o ServerAliveInterval=15 -o ServerAliveCountMax=3"' - # Gitee 等在认证成功时仍可能返回非 0,故忽略退出码 - - 'ssh $SSH_OPTS -T git@gitee.com || true' + # 须与 GIT_REMOTE 主机一致,否则 StrictHostKeyChecking 会因缺少 [host]:port 的密钥失败 + - 'ssh-keyscan -p "$GIT_SSH_PORT" -H -T 15 "$GIT_SSH_HOST" > "/root/.ssh/known_hosts" && chmod 644 "/root/.ssh/known_hosts"' + - 'export SSH_OPTS="-i /root/.ssh/id_rsa -p $GIT_SSH_PORT -o IdentitiesOnly=yes -o UserKnownHostsFile=/root/.ssh/known_hosts -o StrictHostKeyChecking=yes -o BatchMode=yes -o ConnectTimeout=10 -o ServerAliveInterval=15 -o ServerAliveCountMax=3"' + # 自托管 Gitea 等在认证成功时仍可能返回非 0,故忽略退出码 + - 'ssh $SSH_OPTS -T root@"$GIT_SSH_HOST" || true' - 'export GIT_SSH_COMMAND="ssh $SSH_OPTS"' - | set -e