From 632f143637ac96c46e13521340a608ee5bb2d301 Mon Sep 17 00:00:00 2001
From: Frank John Begornia <frank.begornia@yahoo.com>
Date: Tue, 16 Dec 2025 13:22:35 +0800
Subject: [PATCH] Refactor SSH setup in deployment workflows to enhance
 security and error handling

---
 .gitea/workflows/deploy-dev.yml | 4 +++-
 .gitea/workflows/deploy.yml     | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/deploy-dev.yml b/.gitea/workflows/deploy-dev.yml
index 5c6b3eb..a383f74 100644
--- a/.gitea/workflows/deploy-dev.yml
+++ b/.gitea/workflows/deploy-dev.yml
@@ -42,8 +42,10 @@ jobs:
         shell: sh
         run: |
           mkdir -p ~/.ssh
-          printf '%s' "$DEPLOY_SSH_KEY" > ~/.ssh/deploy_key
+          chmod 700 ~/.ssh
+          echo "$DEPLOY_SSH_KEY" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
+          ssh-keygen -y -f ~/.ssh/deploy_key > /dev/null 2>&1 || { echo "Error: Invalid SSH key format"; exit 1; }
           
           cd /workspace/repo
           scp -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key merchbay_admin_dev.tar.gz docker-compose.yml "$DEPLOY_USER@$DEPLOY_HOST:/tmp/"
diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index dc49d0c..f379cc9 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -34,8 +34,10 @@ jobs:
         shell: sh
         run: |
           mkdir -p ~/.ssh
-          printf '%s' "$PROD_DEPLOY_SSH_KEY" > ~/.ssh/deploy_key
+          chmod 700 ~/.ssh
+          echo "$PROD_DEPLOY_SSH_KEY" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
+          ssh-keygen -y -f ~/.ssh/deploy_key > /dev/null 2>&1 || { echo "Error: Invalid SSH key format"; exit 1; }
           
           cd /workspace/repo
           scp -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key merchbay_admin.tar.gz docker-compose.yml "$PROD_DEPLOY_USER@$PROD_DEPLOY_HOST:/tmp/"