.drone.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

kind: pipeline
name: ssh_and_execute

# Define a step to execute the SSH command on the server
steps:
  - name: ssh_execute
    image: alpine:latest  # Lightweight base image (adjust if needed)
    # Fetch the private key securely from Drone secrets
    environment:
        KEY_DATA:
            from_secret: SSH_KEY_SECRET
        KNOWN_HOSTS:
            from_secret: KNOWN_HOSTS
    commands:
      # Ensure key data is not accidentally logged
      - apk update
      - apk add openssh
      - mkdir ~/.ssh/
      - echo "$KNOWN_HOSTS" > ~/.ssh/known_hosts
      - echo "$KEY_DATA" | tr -d '\r' > /tmp/drone_key  # Remove carriage returns (if any) and store in temp file

      - chmod 600 /tmp/drone_key  # Set strict permissions
      - eval "$(ssh-agent -s)"  # Start SSH agent

      # Add the private key to the agent securely
      - ssh-add /tmp/drone_key

      # Replace with actual server details (host, username, command)
      - ssh crystal@tilde.institute -i /tmp/drone_key "cd public_html && git pull && cd .. && touch success"