From e5bfd87c5388599aabe33dabe8b91926873eb313 Mon Sep 17 00:00:00 2001 From: Miroslav Banov Date: Tue, 10 Mar 2026 02:25:42 +0200 Subject: [PATCH] fix: use custom SSH port for deploy_key in fetch/submodule/lfs (fixes #7139) When using a deploy key with a custom SSH port (e.g. Gitea on 222), git clone had port, but fetch, checkout, submodule update, and git lfs did not --- app/Models/Application.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/app/Models/Application.php b/app/Models/Application.php index a4f51780e..8d5024b46 100644 --- a/app/Models/Application.php +++ b/app/Models/Application.php @@ -1093,6 +1093,14 @@ class Application extends BaseModel $escapedBaseDir = escapeshellarg($baseDir); $isShallowCloneEnabled = $this->settings?->is_git_shallow_clone_enabled ?? false; + // For deploy_key (e.g. Gitea with custom port), fetch/submodule/lfs must use same SSH port as clone + if ($this->deploymentType() === 'deploy_key') { + ['port' => $customPort] = $this->customRepository(); + $git_ssh_followup = "ssh -p {$customPort} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; + } else { + $git_ssh_followup = 'ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'; + } + // Use the explicitly passed commit (e.g. from rollback), falling back to the application's git_commit_sha. // Invalid refs will cause the git checkout/fetch command to fail on the remote server. $commitToUse = $commit ?? $this->git_commit_sha; @@ -1102,9 +1110,9 @@ class Application extends BaseModel // If shallow clone is enabled and we need a specific commit, // we need to fetch that specific commit with depth=1 if ($isShallowCloneEnabled) { - $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git fetch --depth=1 origin {$escapedCommit} && git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1"; + $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git fetch --depth=1 origin {$escapedCommit} && git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1"; } else { - $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1"; + $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git -c advice.detachedHead=false checkout {$escapedCommit} >/dev/null 2>&1"; } } if ($this->settings->is_git_submodules_enabled) { @@ -1115,10 +1123,10 @@ class Application extends BaseModel } // Add shallow submodules flag if shallow clone is enabled $submoduleFlags = $isShallowCloneEnabled ? '--depth=1' : ''; - $git_clone_command = "{$git_clone_command} git submodule sync && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git submodule update --init --recursive {$submoduleFlags}; fi"; + $git_clone_command = "{$git_clone_command} git submodule sync && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git submodule update --init --recursive {$submoduleFlags}; fi"; } if ($this->settings->is_git_lfs_enabled) { - $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null\" git lfs pull"; + $git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$git_ssh_followup}\" git lfs pull"; } return $git_clone_command;