ci: secure ssh deployment workflow #21

	name: Deploy TripTogether

	on:
	push:
	branches:
	- main
	- staging

	jobs:
	deploy:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Setup SSH agent
	uses: webfactory/ssh-agent@v0.9.0
	with:
	ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

	- name: Setup known_hosts
	run: \|
	mkdir -p ~/.ssh
	echo "${{ secrets.VPS_KNOWN_HOST }}" > ~/.ssh/known_hosts
	chmod 644 ~/.ssh/known_hosts

	- name: Deploy
	run: \|
	if [ "${{ github.ref }}" = "refs/heads/main" ]; then
	echo "🚀 Deploying PRODUCTION"
	ssh ${{ secrets.VPS_USER }}@${{ secrets.VPS_HOST }} "bash /home/ubuntu/deploy-triptogether.sh"
	else
	echo "🧪 Deploying STAGING"
	ssh ${{ secrets.VPS_USER }}@${{ secrets.VPS_HOST }} "bash /home/ubuntu/deploy-triptogether-staging.sh"
	fi

Provide feedback