From 96c35afab69193d0494c9c5e5caa10f9f635087a Mon Sep 17 00:00:00 2001
From: voson <voson.wang.s@aliyun.com>
Date: Tue, 3 Feb 2026 17:31:42 +0800
Subject: [PATCH] chore: update deploy workflow to use sshpass for SSH
 authentication and cache npm dependencies

---
 .gitea/workflows/deploy.yml | 41 ++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 8f74c28..90503c6 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -16,37 +16,44 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20
-          cache: npm
+
+      - name: Cache npm dependencies
+        # gitea 不支持 actions/cache@v4，使用 v3 代替
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: npm-${{ hashFiles('package-lock.json') }}
+          restore-keys: npm-
 
       - name: Install
         run: npm ci
 
       - name: Build
         env:
-          SITE_URL: ${{ secrets.SITE_URL }}
+          SITE_URL: ${{ vars.SITE_URL }}
         run: npm run build
 
-      - name: Write deploy key
-        env:
-          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+      - name: Install sshpass
         run: |
-          mkdir -p ~/.ssh
-          python3 - <<'PY'
-          import os
-          from pathlib import Path
-          key = os.environ['DEPLOY_SSH_KEY']
-          p = Path.home() / '.ssh' / 'deploy_key'
-          p.write_text(key, encoding='utf-8')
-          PY
-          chmod 600 ~/.ssh/deploy_key
+          if ! command -v sshpass &> /dev/null; then
+            if command -v apt-get &> /dev/null; then
+              sudo apt-get update && sudo apt-get install -y sshpass
+            elif command -v yum &> /dev/null; then
+              sudo yum install -y sshpass
+            elif command -v apk &> /dev/null; then
+              sudo apk add --no-cache sshpass
+            fi
+          fi
 
       - name: Add known_hosts
         run: |
           mkdir -p ~/.ssh
-          ssh-keyscan -p "${{ secrets.DEPLOY_SSH_PORT }}" -H "${{ secrets.DEPLOY_SSH_HOST }}" >> ~/.ssh/known_hosts
+          ssh-keyscan -p "${{ vars.DEPLOY_SSH_PORT }}" -H "${{ vars.DEPLOY_SSH_HOST }}" >> ~/.ssh/known_hosts
 
       - name: Deploy via tar over SSH
+        env:
+          SSHPASS: ${{ secrets.DEPLOY_SSH_PASSWORD }}
         run: |
           tar -C dist -czf - . | \
-            ssh -o BatchMode=yes -o StrictHostKeyChecking=yes -o ConnectTimeout=15 -i ~/.ssh/deploy_key -p "${{ secrets.DEPLOY_SSH_PORT }}" "${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }}" \
-              "bash -lc 'set -euo pipefail; tmp=\"\${{ secrets.DEPLOY_PATH }}.tmp\"; rm -rf \"\$tmp\"; mkdir -p \"\$tmp\"; tar -xzf - -C \"\$tmp\"; rm -rf \"\${{ secrets.DEPLOY_PATH }}\"; mv \"\$tmp\" \"\${{ secrets.DEPLOY_PATH }}\"'"
+            sshpass -e ssh -o StrictHostKeyChecking=yes -o ConnectTimeout=15 -p "${{ vars.DEPLOY_SSH_PORT }}" "${{ vars.DEPLOY_SSH_USER }}@${{ vars.DEPLOY_SSH_HOST }}" \
+              "set -euo pipefail; tmp='${{ vars.DEPLOY_PATH }}.tmp'; rm -rf \"\$tmp\"; mkdir -p \"\$tmp\"; tar -xzf - -C \"\$tmp\"; rm -rf '${{ vars.DEPLOY_PATH }}'; mv \"\$tmp\" '${{ vars.DEPLOY_PATH }}'"