From 815bdfed8002dd5652768f7b15fa4955becd44da Mon Sep 17 00:00:00 2001
From: Hein <hein@bitechsystems.co.za>
Date: Wed, 8 Apr 2026 15:41:35 +0200
Subject: [PATCH] chore(release): enhance AUR SSH setup for key handling *
 Improve SSH key setup by auto-detecting key format * Add diagnostics for key
 validation and size

---
 .gitea/workflows/release.yml | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 3d2aecb..c6d40fa 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -105,14 +105,27 @@ jobs:
           VERSION="${{ github.event.inputs.tag || github.ref_name }}"
           PKGVER="${VERSION#v}"
 
-          # Setup SSH for AUR (key is stored base64-encoded to avoid newline mangling in secrets)
+          # Setup SSH for AUR
           mkdir -p ~/.ssh
-          echo "$AUR_SSH_KEY" | base64 -d > ~/.ssh/aur
+          chmod 700 ~/.ssh
+
+          # Auto-detect: raw PEM key or base64-encoded key
+          if printf '%s' "$AUR_SSH_KEY" | grep -q "BEGIN"; then
+            printf '%b' "$AUR_SSH_KEY" > ~/.ssh/aur
+          else
+            printf '%s' "$AUR_SSH_KEY" | tr -d '[:space:]' | base64 -d > ~/.ssh/aur
+          fi
           chmod 600 ~/.ssh/aur
+
+          # Diagnostics (no key content exposed)
+          echo "Key file size: $(wc -c < ~/.ssh/aur) bytes"
+          echo "Key file first line: $(head -1 ~/.ssh/aur)"
+          echo "Key file last line: $(tail -1 ~/.ssh/aur)"
+          ssh-keygen -l -f ~/.ssh/aur && echo "Key is valid" || echo "Key is INVALID"
           ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
 
           # Clone AUR repo
-          GIT_SSH_COMMAND="ssh -i ~/.ssh/aur" git clone ssh://aur@aur.archlinux.org/unitdore.git aur-repo
+          GIT_SSH_COMMAND="ssh -vvv -i ~/.ssh/aur" git clone ssh://aur@aur.archlinux.org/unitdore.git aur-repo
 
           # Compute SHA256 of the release tarball (same URL the PKGBUILD will download)
           SHA=$(curl -fsSL "https://git.warky.dev/wdevs/unitdore/archive/v${PKGVER}.zip" | sha256sum | cut -d' ' -f1)
@@ -141,7 +154,7 @@ jobs:
           git config user.name "Hein"
           git add PKGBUILD .SRCINFO
           git commit -m "Update to v${PKGVER}"
-          GIT_SSH_COMMAND="ssh -i ~/.ssh/aur" git push origin HEAD:master
+          GIT_SSH_COMMAND="ssh -vvv -i ~/.ssh/aur" git push origin HEAD:master
 
   pkg-deb:
     needs: release