From 1c98f102fcc832bcf39cc0d45da0bc0f1ef75c98 Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Wed, 28 Aug 2024 18:43:01 +0100
Subject: [PATCH] Save server public key as gh actions secret

---
 .github/workflows/deploy.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 12e643b..e49c1a5 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -33,11 +33,16 @@ jobs:
 
       - name: Run playbook
         working-directory: ansible
+        env:
+          ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
+          ansible_vault_key: ${{ secrets.ANSIBLE_VAULT_KEY }}
+          server_public_key: ${{ secrets.SERVER_PUBLIC_KEY }}
         run: |
           source .venv/bin/activate
           mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
-          echo "${{ secrets.ANSIBLE_VAULT_KEY }}" > ~/.vault_pass.txt
+          echo "$ssh_private_key" > ~/.ssh/id_ed25519
+          echo "$ansible_vault_key" > ~/.vault_pass.txt
+          echo "$server_public_key" > ~/.ssh/known_hosts
           ansible-playbook \
             -i inventory.yml playbook.yml \
             --vault-password-file ~/.vault_pass.txt \