rdenadai/web.redecapivara.social
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add SSH connection test step in deploy workflow #14

Merged
rdenadai merged 1 commit from rdenadai-patch-4 into main 2025-10-18 17:55:25 +00:00
Conversation 1 Commits 1 Files changed 1 +4
rdenadai commented 2025-10-18 17:55:19 +00:00 (Migrated from github.com)
Copy link

Added a step to test the SSH connection before deployment.

Added a step to test the SSH connection before deployment.
copilot-pull-request-reviewer[bot] (Migrated from github.com) reviewed 2025-10-18 17:55:39 +00:00
copilot-pull-request-reviewer[bot] (Migrated from github.com) left a comment
Copy link

Pull Request Overview

This PR adds an SSH connection test step to the deployment workflow to verify connectivity before attempting the actual deployment. This helps catch connection issues early and provides better debugging information.

  • Adds a new "Test SSH connection" step with verbose SSH output for troubleshooting
  • Places the test step before the actual deployment to validate the connection

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

## Pull Request Overview This PR adds an SSH connection test step to the deployment workflow to verify connectivity before attempting the actual deployment. This helps catch connection issues early and provides better debugging information. - Adds a new "Test SSH connection" step with verbose SSH output for troubleshooting - Places the test step before the actual deployment to validate the connection --- <sub>**Tip:** Customize your code reviews with copilot-instructions.md. <a href="/rdenadai/web.redecapivara.social/new/main/.github?filename=copilot-instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Create the file</a> or <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">learn how to get started</a>.</sub>
.github/workflows/deploy.yml
@ -44,1 +44,4 @@
- name: Test SSH connection
run: |
ssh -vvv -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no ${{ secrets.VM_USER }}@${{ secrets.VM_IP }} "echo 'SSH connection successful'"
copilot-pull-request-reviewer[bot] (Migrated from github.com) commented 2025-10-18 17:55:38 +00:00
Copy link

The triple verbose flag (-vvv) produces excessive debug output that may expose sensitive information in CI logs. Consider using single -v for basic connection verification or remove verbose flags entirely for production workflows.

          ssh -v -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no ${{ secrets.VM_USER }}@${{ secrets.VM_IP }} "echo 'SSH connection successful'"
The triple verbose flag (-vvv) produces excessive debug output that may expose sensitive information in CI logs. Consider using single -v for basic connection verification or remove verbose flags entirely for production workflows. ```suggestion ssh -v -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no ${{ secrets.VM_USER }}@${{ secrets.VM_IP }} "echo 'SSH connection successful'" ```
.github/workflows/deploy.yml
@ -45,3 +48,4 @@
- name: Deploy dist/ to VM:/pds
run: |
rsync -avz --delete -e "ssh -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no" ./dist/ ${{ secrets.VM_USER }}@${{ secrets.VM_IP }}:/pds/web/
copilot-pull-request-reviewer[bot] (Migrated from github.com) commented 2025-10-18 17:55:38 +00:00
Copy link

Using StrictHostKeyChecking=no bypasses host key verification, making the connection vulnerable to man-in-the-middle attacks. Since ssh-keyscan is used in line 43 to add the host key to known_hosts, this option should be removed to use the proper host verification.

          ssh -vvv -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa ${{ secrets.VM_USER }}@${{ secrets.VM_IP }} "echo 'SSH connection successful'"

      - name: Deploy dist/ to VM:/pds
        run: |
          rsync -avz --delete -e "ssh -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa" ./dist/ ${{ secrets.VM_USER }}@${{ secrets.VM_IP }}:/pds/web/
Using StrictHostKeyChecking=no bypasses host key verification, making the connection vulnerable to man-in-the-middle attacks. Since ssh-keyscan is used in line 43 to add the host key to known_hosts, this option should be removed to use the proper host verification. ```suggestion ssh -vvv -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa ${{ secrets.VM_USER }}@${{ secrets.VM_IP }} "echo 'SSH connection successful'" - name: Deploy dist/ to VM:/pds run: | rsync -avz --delete -e "ssh -p ${{ secrets.SSH_PORT }} -i ~/.ssh/id_rsa" ./dist/ ${{ secrets.VM_USER }}@${{ secrets.VM_IP }}:/pds/web/ ```
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something isn't working

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rdenadai/web.redecapivara.social!14
No description provided.