Fix CI deploy: default talkpro host, require only SSH secret

Gitea workflow no longer needs TALKPRO_HOST secret; defaults match talkpro VPS. Fail fast with a clear message if TALKPRO_SSH_PRIVATE_KEY is missing. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-18 15:06:14 +08:00
parent 6e90a4adb6
commit 77485eee63
4 changed files with 49 additions and 25 deletions
--- a/.gitea/workflows/deploy-talkpro.yml
+++ b/.gitea/workflows/deploy-talkpro.yml
@@ -1,15 +1,14 @@
-# Build talk-pro and rsync dist/ to the marketing VPS (SSH host talkpro).
+# Build talk-pro and rsync dist/ to the marketing VPS (talkpro.info).
 #
-# Gitea repo secrets (Settings → Secrets):
+# Required Gitea repo secret (Settings → Secrets → Actions):
 #   TALKPRO_SSH_PRIVATE_KEY  full PEM for ubuntu@talkpro (same as luis-only.pem)
-#   TALKPRO_HOST             e.g. 13.214.179.69
 #
-# Optional secrets:
+# Optional secrets (override defaults below):
+#   TALKPRO_HOST             default 13.214.179.69
 #   TALKPRO_USER             default ubuntu
 #   TALKPRO_REMOTE_ROOT      default /home/ubuntu/talkpro
 #
 # Requires a runner with: node 22+, npm, rsync, ssh, ssh-keyscan.
-# Site-links API (/api/site-links) is deployed separately from the parent talkpro repo.

 name: Deploy to talkpro

@@ -20,6 +19,11 @@ on:
      - master
  workflow_dispatch:

+env:
+  TALKPRO_HOST: "13.214.179.69"
+  TALKPRO_USER: ubuntu
+  TALKPRO_REMOTE_ROOT: /home/ubuntu/talkpro
+
 jobs:
  build-and-sync:
    runs-on: ubuntu-latest
@@ -33,9 +37,28 @@ jobs:
          node-version: "22"
          cache: npm

-      - name: Trust host key
+      - name: Check deploy secrets
        env:
-          TALKPRO_HOST: ${{ secrets.TALKPRO_HOST }}
+          TALKPRO_SSH_PRIVATE_KEY: ${{ secrets.TALKPRO_SSH_PRIVATE_KEY }}
+        run: |
+          if [ -z "${TALKPRO_SSH_PRIVATE_KEY}" ]; then
+            echo "ERROR: Missing Gitea secret TALKPRO_SSH_PRIVATE_KEY"
+            echo "Add it under Repository → Settings → Secrets (Actions)."
+            echo "Value: full contents of your ubuntu@talkpro SSH private key (PEM)."
+            exit 1
+          fi
+
+      - name: Apply optional secret overrides
+        env:
+          SECRET_HOST: ${{ secrets.TALKPRO_HOST }}
+          SECRET_USER: ${{ secrets.TALKPRO_USER }}
+          SECRET_ROOT: ${{ secrets.TALKPRO_REMOTE_ROOT }}
+        run: |
+          [ -n "$SECRET_HOST" ] && echo "TALKPRO_HOST=$SECRET_HOST" >> "$GITHUB_ENV"
+          [ -n "$SECRET_USER" ] && echo "TALKPRO_USER=$SECRET_USER" >> "$GITHUB_ENV"
+          [ -n "$SECRET_ROOT" ] && echo "TALKPRO_REMOTE_ROOT=$SECRET_ROOT" >> "$GITHUB_ENV"
+
+      - name: Trust host key
        run: |
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
@@ -43,8 +66,5 @@ jobs:

      - name: Build and rsync to talkpro
        env:
-          TALKPRO_HOST: ${{ secrets.TALKPRO_HOST }}
-          TALKPRO_USER: ${{ secrets.TALKPRO_USER }}
-          TALKPRO_REMOTE_ROOT: ${{ secrets.TALKPRO_REMOTE_ROOT }}
          TALKPRO_SSH_PRIVATE_KEY: ${{ secrets.TALKPRO_SSH_PRIVATE_KEY }}
        run: bash scripts/deploy-talkpro.sh