From b69aa6ee27e75994eec34fb812635c12c962de3e Mon Sep 17 00:00:00 2001
From: imnyang <imnyang@pm.me>
Date: Sun, 31 May 2026 14:33:53 +0900
Subject: [PATCH] Update .forgejo/workflows/deploy.yml

---
 .forgejo/workflows/deploy.yml | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
index c3bb201..f56e3e4 100644
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@@ -13,22 +13,29 @@ jobs:
         uses: oven-sh/setup-bun@v2
       
       - name: Install rsync
-        run: sudo apt-get update && sudo apt-get install -y rsync openssh-client
+        run: |
+          sudo apt-get update && sudo apt-get install -y rsync openssh-client
+          # act 내부 컨테이너와 호스트 간의 workspace 권한 불일치 방지
+          chown -R $(id -u):$(id -g) $GITHUB_WORKSPACE
 
       - name: Setup SSH Key
         run: |
-          echo "${{ secrets.SSH_KEY }}" > ssh_key
-          chmod 600 ssh_key
+          # 격리된 임시 보안 디렉토리에 SSH 키 생성 (컨테이너 이탈 방지)
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
 
       - name: Build
         run: |
-          bun i && bun run build
+          bun i
+          bun run build
           
       - name: Deploy
         run: |
-          rsync -avz --delete -e "ssh -i ssh_key -o StrictHostKeyChecking=no" dist/* imnyang@10.11.8.101:/var/static/imnya.ng/.
+          # dist 폴더 경로를 $GITHUB_WORKSPACE 기준으로 절대 경로 명시
+          rsync -avz --delete -e "ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no" "$GITHUB_WORKSPACE/dist/" imnyang@10.11.8.101:/var/static/imnya.ng/
 
       - name: Cleanup
         if: always()
         run: |
-          rm -f ssh_key
\ No newline at end of file
+          rm -rf ~/.ssh/id_rsa
\ No newline at end of file