From 91ad7ad5e0f1de1225e97a3d8b98058469800b75 Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Mon, 1 Dec 2025 04:40:38 +0000
Subject: [PATCH] Update .gitlab-ci.yml change https to ssh

---
 .gitlab-ci.yml | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3aa6389b..53f28b3e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,24 +6,45 @@ deploy-dev:
   image: alpine:3.20
   variables:
     DEPLOY_APP: "LTI-MBUGROUP"
+    # Opsional: kalau pakai submodule, ini bikin clone submodule pakai SSH juga
+    GIT_SUBMODULE_STRATEGY: recursive
+    GIT_DEPTH: "1"
 
   before_script:
     - echo "🧰 Installing dependencies..."
-    - apk update && apk add --no-cache openssh git curl
+    - apk update && apk add --no-cache openssh git curl bash
+
+    # Setup SSH di runner
     - mkdir -p ~/.ssh
-    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
     - chmod 600 ~/.ssh/id_rsa
-    - eval $(ssh-agent -s)
+    - eval "$(ssh-agent -s)"
     - ssh-add ~/.ssh/id_rsa
+
+    # Trust host keys (server + gitlab) biar SSH gak nanya interaktif
     - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+    - ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
 
   script:
     - echo "🚀 Deploying latest code to $SERVER_USER@$SERVER_IP"
+
     - >
       if ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
-        cd /home/devops/docker/deployment/development/lti-api &&
-        git fetch origin development &&
-        git reset --hard origin/development &&
+        set -e
+
+        cd /home/devops/docker/deployment/development/lti-api
+
+        # Pastikan remote origin SSH (antisipasi kalau pernah ke-set HTTPS)
+        git remote set-url origin git@gitlab.com:mbugroup/lti-api.git
+
+        # Pastikan server percaya gitlab.com juga (untuk git fetch via SSH)
+        mkdir -p ~/.ssh
+        ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
+
+        # Fetch/reset pakai SSH
+        GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git fetch origin development
+        git reset --hard origin/development
+
         docker compose restart dev-api-lti || docker compose up -d dev-api-lti
       "; then
         STATUS='success';