From 5417565e34230256446bd0120023979f5f2eb25d Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Fri, 24 Apr 2026 20:08:22 +0200 Subject: [PATCH] =?UTF-8?q?ci(deploy):=20fix=20lftp=20auth=20=E2=80=94=20e?= =?UTF-8?q?xplicit=20empty=20password=20+=20unindented=20script?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two issues from the previous lftp run: - "GetPass() failed -- assume anonymous login" / "Password required": without `-u USER,` (trailing comma = empty password), lftp tries to prompt for a password instead of relying on the ssh key passed via sftp:connect-program. - Heredoc body was indented with leading whitespace; lftp can mis- parse leading-whitespace lines as command continuations. Also bump verbosity (`debug 3`) so the ssh command lftp launches is logged — makes the next failure easier to read — and bound retries to 1 so we fail fast in CI. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitea/workflows/deploy.yml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 97b90aa..0b0b45d 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -118,12 +118,20 @@ jobs: : "${SFTP_USER:?SFTP_USER secret must be set}" : "${SFTP_HOST:?SFTP_HOST secret must be set}" : "${SFTP_PATH:?SFTP_PATH secret must be set}" + # `-u USER,` (with trailing comma = empty password) tells lftp not + # to prompt for a password; auth happens via the key passed to ssh + # by sftp:connect-program. Heredoc body is unindented so lftp's + # parser doesn't mistake leading whitespace for a continuation. + # `debug 3` prints the ssh command lftp invokes — useful if this + # ever breaks again. lftp <