fix(ci): use heredoc for SSH docker login to avoid token escaping issues

2026-03-04 15:47:04 +01:00
parent 2e706b1946
commit 6e80c91f7d
1 changed files with 7 additions and 1 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -398,7 +398,13 @@ jobs:
          scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml
          
          # Execute remote commands
-          ssh root@alpha.mintel.me "cd $SITE_DIR && echo \"$REGISTRY_PASS\" | docker login git.infra.mintel.me -u \"$REGISTRY_USER\" --password-stdin && docker compose -p \"${{ needs.prepare.outputs.project_name }}\" --env-file \"$ENV_FILE\" pull && docker compose -p \"${{ needs.prepare.outputs.project_name }}\" --env-file \"$ENV_FILE\" up -d --remove-orphans"
+          ssh root@alpha.mintel.me bash <<DEPLOYEOF
+          set -e
+          cd $SITE_DIR
+          printf '%s' '$REGISTRY_PASS' | docker login git.infra.mintel.me -u '$REGISTRY_USER' --password-stdin
+          docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull
+          docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans
+          DEPLOYEOF
          
          # Sanitize Payload Migrations: Replace 'dev' push entries with proper migration names.
          # Without this, Payload prompts interactively for confirmation and blocks forever in Docker.