From 9962ee99d9d98f442281909a2c8f01827d2d7f2c Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sat, 25 Apr 2026 00:29:52 +0200
Subject: [PATCH] fix(ci): drop ssh-keyscan, use
 StrictHostKeyChecking=accept-new instead

ssh-keyscan fails when the runner can't reach the host on port 22
during that step. Using accept-new on the ssh command itself is
equivalent for an ephemeral CI runner.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/sync-images.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/sync-images.yml b/.gitea/workflows/sync-images.yml
index ba57c7e..870ecfb 100644
--- a/.gitea/workflows/sync-images.yml
+++ b/.gitea/workflows/sync-images.yml
@@ -26,13 +26,12 @@ jobs:
       - name: Set up SSH key
         run: |
           mkdir -p ~/.ssh
-          echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/deploy_key
+          printf '%s\n' "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
-          ssh-keyscan -p 22 "${{ secrets.APP_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null
 
       - name: Sync images to server
         run: |
-          SSH_CMD="ssh -i ~/.ssh/deploy_key -p 22 root@${{ secrets.APP_HOST }}"
+          SSH_CMD="ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new -p 22 root@${{ secrets.APP_HOST }}"
 
           IMAGES=(
             gitea.siegeln.net/cameleer/cameleer-saas:latest