From 12943ee6f40540b03c53fc1fd34d9e97ba256999 Mon Sep 17 00:00:00 2001
From: Mathias Bergqvist <mthbqv@gmail.com>
Date: Tue, 21 Apr 2026 19:28:28 +0200
Subject: [PATCH] fix(cd): use NodePort 30022 for Gitea SSH in infra repo
 update

gitea.d-ma.be port 22 is rejected (NPM only proxies HTTP/HTTPS).
The runner runs on koala where the Gitea SSH NodePort 30022 is
reachable locally. Use SSH config override instead of ssh-keyscan.
---
 .gitea/workflows/cd.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/cd.yml b/.gitea/workflows/cd.yml
index 6715ecd..85bfeff 100644
--- a/.gitea/workflows/cd.yml
+++ b/.gitea/workflows/cd.yml
@@ -45,10 +45,15 @@ jobs:
           set -e
           trap 'rm -rf /tmp/infra-update; rm -f ~/.ssh/infra_deploy_key' EXIT
           IMAGE_TAG="${{ github.sha }}"
+          # Use internal Gitea SSH (runner is on koala — NodePort 30022 is reachable locally)
           mkdir -p ~/.ssh
           echo "${{ secrets.INFRA_DEPLOY_KEY }}" > ~/.ssh/infra_deploy_key
           chmod 600 ~/.ssh/infra_deploy_key
-          ssh-keyscan gitea.d-ma.be >> ~/.ssh/known_hosts 2>/dev/null
+          cat >> ~/.ssh/config << 'SSHEOF'
+Host gitea.d-ma.be
+  Port 30022
+  StrictHostKeyChecking no
+SSHEOF
 
           GIT_SSH_COMMAND="ssh -i ~/.ssh/infra_deploy_key -o IdentitiesOnly=yes" \
             git clone "${INFRA_REPO}" /tmp/infra-update