fix(ci): read single-node ssh key from org secret

2026-03-19 08:37:42 +08:00 · 2026-03-19 08:37:42 +08:00 · 2810be58af
commit 2810be58af
parent 8a5d6af1d7
3 changed files with 3 additions and 3 deletions
--- a/.github/workflows/service_release_frontend-deploy.yml
+++ b/.github/workflows/service_release_frontend-deploy.yml
@ -149,7 +149,7 @@ jobs:
          GHCR_REGISTRY: ${{ env.GHCR_REGISTRY }}
          GHCR_USERNAME: ${{ env.GHCR_USERNAME }}
          GHCR_PASSWORD: ${{ secrets.GHCR_TOKEN }}
-          SINGLE_NODE_VPS_SSH_PRIVATE_KEY: ${{ secrets.FRONTEND_DEPLOY_SSH_KEY }}
+          SINGLE_NODE_VPS_SSH_PRIVATE_KEY: ${{ secrets.SINGLE_NODE_VPS_SSH_PRIVATE_KEY || secrets.FRONTEND_DEPLOY_SSH_KEY }}
          FRONTEND_IMAGE: ${{ needs.stage-1-build-image.outputs.image_ref }}
          APP_BASE_URL: ${{ vars.APP_BASE_URL || format('https://{0}', env.PRIMARY_DOMAIN) }}
          NEXT_PUBLIC_APP_BASE_URL: ${{ vars.NEXT_PUBLIC_APP_BASE_URL || format('https://{0}', env.PRIMARY_DOMAIN) }}
--- a/docs/plans/2026-03-18-frontend-single-node-deploy.md
+++ b/docs/plans/2026-03-18-frontend-single-node-deploy.md
@ -208,7 +208,7 @@ This avoids rebuilding and keeps rollback cheap on the weak-IO host.

 Secrets must not be committed to the repo. The workflow should consume:

- `FRONTEND_DEPLOY_SSH_KEY`
+- `SINGLE_NODE_VPS_SSH_PRIVATE_KEY`
 - service tokens
 - vault tokens
 - internal service token
--- a/docs/usage/deployment.md
+++ b/docs/usage/deployment.md
@ -62,7 +62,7 @@ Workflow:

 Secrets required:

- `FRONTEND_DEPLOY_SSH_KEY`
+- `SINGLE_NODE_VPS_SSH_PRIVATE_KEY`
 - `OPENCLAW_GATEWAY_TOKEN` if used
 - `VAULT_TOKEN` if used
 - `AI_GATEWAY_ACCESS_TOKEN` if used