fix: use custom SSH port for deploy_key in fetch/submodule/lfs (fixes #7139)

When using a deploy key with a custom SSH port (e.g. Gitea on 222), git clone
had port, but fetch, checkout, submodule update, and git lfs did not
This commit is contained in:
Miroslav Banov 2026-03-10 02:25:42 +02:00
parent 5b701ebb07
commit e5bfd87c53
No known key found for this signature in database

View file

@ -1093,6 +1093,14 @@ class Application extends BaseModel
$escapedBaseDir = escapeshellarg($baseDir);
$isShallowCloneEnabled = $this->settings?->is_git_shallow_clone_enabled ?? false;
// For deploy_key (e.g. Gitea with custom port), fetch/submodule/lfs must use same SSH port as clone
if ($this->deploymentType() === 'deploy_key') {
['port' => $customPort] = $this->customRepository();
$git_ssh_followup = "ssh -p {$customPort} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
} else {
$git_ssh_followup = 'ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null';
}
// Use the explicitly passed commit (e.g. from rollback), falling back to the application's git_commit_sha.
// Invalid refs will cause the git checkout/fetch command to fail on the remote server.
$commitToUse = $commit ?? $this->git_commit_sha;
@ -1102,9 +1110,9 @@ class Application extends BaseModel
// If shallow clone is enabled and we need a specific commit,
// we need to fetch that specific commit with depth=1
if ($isShallowCloneEnabled) {
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git fetch --depth=1 origin {$escapedCommit} && git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1";
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git fetch --depth=1 origin {$escapedCommit} && git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1";
} else {
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1";
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1";
}
}
if ($this->settings->is_git_submodules_enabled) {
@ -1115,10 +1123,10 @@ class Application extends BaseModel
}
// Add shallow submodules flag if shallow clone is enabled
$submoduleFlags = $isShallowCloneEnabled ? '--depth=1' : '';
$git_clone_command = "{$git_clone_command} git submodule sync && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git submodule update --init --recursive {$submoduleFlags}; fi";
$git_clone_command = "{$git_clone_command} git submodule sync && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git submodule update --init --recursive {$submoduleFlags}; fi";
}
if ($this->settings->is_git_lfs_enabled) {
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git lfs pull";
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git lfs pull";
}
return $git_clone_command;