From cbd0e0c2c8679139dc38497adf97463b1f999664 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 28 Feb 2026 21:26:14 +0000
Subject: [PATCH] fix: Write SSH keys to files before Terraform plan/apply

---
 .gitea/workflows/deploy.yml  | 16 ++++++++++++----
 .gitea/workflows/destroy.yml | 15 ++++++++++-----
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 9971151..28b87fa 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -49,13 +49,21 @@ jobs:
         working-directory: terraform
         run: terraform validate
 
+      - name: Setup SSH Keys
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed255
+          echo "${{ secrets.SSH_PUBLIC_KEY }}" > ~/.ssh/id_ed25519.pub
+          chmod 644 ~/.ssh/id_ed25519.pub
+
       - name: Terraform Plan
         id: plan
         working-directory: terraform
         run: |
           terraform plan \
-            -var="ssh_public_key=${{ secrets.SSH_PUBLIC_KEY }}" \
-            -var="ssh_private_key=${{ secrets.SSH_PRIVATE_KEY }}" \
+            -var="ssh_public_key=$HOME/.ssh/id_ed25519.pub" \
+            -var="ssh_private_key=$HOME/.ssh/id_ed25519" \
             -out=tfplan \
             -no-color
         continue-on-error: true
@@ -85,8 +93,8 @@ jobs:
         working-directory: terraform
         run: |
           terraform apply \
-            -var="ssh_public_key=${{ secrets.SSH_PUBLIC_KEY }}" \
-            -var="ssh_private_key=${{ secrets.SSH_PRIVATE_KEY }}" \
+            -var="ssh_public_key=$HOME/.ssh/id_ed25519.pub" \
+            -var="ssh_private_key=$HOME/.ssh/id_ed25519" \
             -auto-approve
 
       - name: Save Terraform Outputs
diff --git a/.gitea/workflows/destroy.yml b/.gitea/workflows/destroy.yml
index c1e2475..f713c86 100644
--- a/.gitea/workflows/destroy.yml
+++ b/.gitea/workflows/destroy.yml
@@ -42,14 +42,19 @@ jobs:
             -backend-config="secret_key=${{ secrets.S3_SECRET_KEY }}" \
             -backend-config="skip_requesting_account_id=true"
 
+      - name: Setup SSH Keys
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          echo "${{ secrets.SSH_PUBLIC_KEY }}" > ~/.ssh/id_ed25519.pub
+          chmod 644 ~/.ssh/id_ed25519.pub
+
       - name: Terraform Destroy
         working-directory: terraform
         run: |
           terraform destroy \
             -var="hcloud_token=${{ secrets.HCLOUD_TOKEN }}" \
-            -var="ssh_public_key=${{ secrets.SSH_PUBLIC_KEY }}" \
-            -var="ssh_private_key=${{ secrets.SSH_PRIVATE_KEY }}" \
-            -var="s3_access_key=${{ secrets.S3_ACCESS_KEY }}" \
-            -var="s3_secret_key=${{ secrets.S3_SECRET_KEY }}" \
-            -var="s3_endpoint=${{ secrets.S3_ENDPOINT }}" \
+            -var="ssh_public_key=$HOME/.ssh/id_ed25519.pub" \
+            -var="ssh_private_key=$HOME/.ssh/id_ed25519" \
             -auto-approve