Fix SSH host key checking in deployment workflow

olsenben · olsenben · commit bc74e7b3b266 · 2025-11-24T12:48:19.000-05:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -100,19 +100,23 @@ jobs:
       - name: Add server to known hosts
         run: |
           mkdir -p ~/.ssh
-          ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
+          chmod 700 ~/.ssh
+          ssh-keyscan -H ${{ secrets.SSH_HOST }} 2>/dev/null >> ~/.ssh/known_hosts || echo "Warning: ssh-keyscan failed, will use StrictHostKeyChecking=accept-new"
+          chmod 644 ~/.ssh/known_hosts
 
       - name: Deploy to ${{ env.ENVIRONMENT }}
         run: |
           DEPLOY_PATH="${{ env.DEPLOY_PATH }}"
           PM2_APP_NAME="${{ env.PM2_APP_NAME }}"
           ECOSYSTEM_FILE="${{ env.ECOSYSTEM_FILE }}"
           
-          # Copy files to server
-          scp -r deploy.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:$DEPLOY_PATH/
+          # Copy files to server (accept new host keys automatically)
+          scp -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=~/.ssh/known_hosts \
+            -r deploy.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:$DEPLOY_PATH/
           
-          # SSH into server and deploy
-          ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "bash -s" << EOF
+          # SSH into server and deploy (accept new host keys automatically)
+          ssh -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=~/.ssh/known_hosts \
+            ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "bash -s" << EOF
             set -e
             cd $DEPLOY_PATH
             
