From 27ef15a13df996298d42b2b2d55cc80f4a1f9833 Mon Sep 17 00:00:00 2001
From: xengi <cccb-git@xengi.de>
Date: Sun, 15 Feb 2026 19:28:08 +0100
Subject: [PATCH] Update .forgejo/workflows/deploy.yaml

---
 .forgejo/workflows/deploy.yaml | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
index 3fa01ca..ab34bac 100644
--- a/.forgejo/workflows/deploy.yaml
+++ b/.forgejo/workflows/deploy.yaml
@@ -32,34 +32,23 @@ jobs:
         run: ./build.sh
 
       - name: Setup SSH
+        env:
+          SSH_PRIVATE_KEY: ${{ forgejo.ref_name == 'production' && secrets.SSH_PRIVATE_KEY_PRODUCTION || secrets.SSH_PRIVATE_KEY_STAGING }}
         run: |
           mkdir -p .ssh
           echo "${{ secrets.KNOWN_HOSTS }}" | base64 -d > .ssh/known_hosts
-
-      - name: Setup SSH key
-        if: forgejo.ref_name == 'staging'
-        run: |
-          echo "${{ secrets.SSH_PRIVATE_KEY_STAGING }}" | base64 -d > .ssh/id_ed25519
-          chmod 600 .ssh/id_ed25519
-          ssh-keygen -f .ssh/id_ed25519 -y > .ssh/id_ed25519.pub
-          cat .ssh/id_ed25519.pub
-
-      - name: Setup SSH key
-        if: forgejo.ref_name == 'production'
-        run: |
-          echo "${{ secrets.SSH_PRIVATE_KEY_PRODUCTION }}" | base64 -d > .ssh/id_ed25519
+          printf "%s" "$SSH_PRIVATE_KEY" | base64 -d > .ssh/id_ed25519
           chmod 600 .ssh/id_ed25519
           ssh-keygen -f .ssh/id_ed25519 -y > .ssh/id_ed25519.pub
           cat .ssh/id_ed25519.pub
 
       - name: Sync rendered site to staging
-        if: forgejo.ref_name == 'staging'
-        run: rsync -var -e 'ssh -i .ssh/id_ed25519 -o StrictHostKeyChecking=no' ./public/ deploy@www.berlin.ccc.de:srv/http/www-staging/
-        continue-on-error: true
-      - name: Sync rendered site to production
-        if: forgejo.ref_name == 'production'
-        run: rsync -var -e 'ssh -i .ssh/id_ed25519 -o StrictHostKeyChecking=no' ./public/ deploy@www.berlin.ccc.de:srv/http/www/
-        continue-on-error: true
+        env:
+          DEPLOY_DIR: ${{ forgejo.ref_name == 'production' && '/srv/http/www/' || '/srv/http/www-staging/' }}
+        run: rsync -var -e 'ssh -i .ssh/id_ed25519 -o StrictHostKeyChecking=no' ./public/ deploy@www.berlin.ccc.de:$DEPLOY_DIR
+
+      - run: cat ~/.ssh/known_hosts
 
       - name: Cleanup
+        if: ${{ always() }}
         run: rm -rf .ssh