From cdb53bde627147602c23d96f6c95120b7fa627b1 Mon Sep 17 00:00:00 2001
From: voson <voson.wang.s@aliyun.com>
Date: Tue, 3 Feb 2026 11:29:55 +0800
Subject: [PATCH] ci: inline deploy key setup for rsync

---
 .gitea/workflows/deploy.yml | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 102bc18..7839c0a 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -30,11 +30,20 @@ jobs:
           PUBLIC_NEWSLETTER_DESCRIPTION: ${{ secrets.PUBLIC_NEWSLETTER_DESCRIPTION }}
         run: npm run build
 
-      - name: Start SSH agent
+      - name: Write deploy key
         if: ${{ secrets.DEPLOY_SSH_KEY != '' }}
-        uses: webfactory/ssh-agent@v0.9.0
-        with:
-          ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }}
+        env:
+          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+        run: |
+          mkdir -p ~/.ssh
+          python3 - <<'PY'
+          import os
+          from pathlib import Path
+          key = os.environ['DEPLOY_SSH_KEY']
+          p = Path.home() / '.ssh' / 'deploy_key'
+          p.write_text(key, encoding='utf-8')
+          PY
+          chmod 600 ~/.ssh/deploy_key
 
       - name: Add known_hosts
         if: ${{ secrets.DEPLOY_SSH_KEY != '' }}
@@ -45,4 +54,4 @@ jobs:
       - name: Deploy via rsync
         if: ${{ secrets.DEPLOY_SSH_KEY != '' }}
         run: |
-          rsync -az --delete -e "ssh -p ${{ secrets.DEPLOY_SSH_PORT }}" dist/ "${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }}:${{ secrets.DEPLOY_PATH }}/"
+          rsync -az --delete -e "ssh -i ~/.ssh/deploy_key -p ${{ secrets.DEPLOY_SSH_PORT }}" dist/ "${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }}:${{ secrets.DEPLOY_PATH }}/"