From fee4969910196ba674b302e3cdc9899a7c8ee1c9 Mon Sep 17 00:00:00 2001
From: syntaxbullet <syntaxbullet@protonmail.com>
Date: Fri, 30 Jan 2026 15:26:07 +0100
Subject: [PATCH] feat: configure dedicated bot SSH key and non-interactive SSH
 for git operations.

---
 docker-compose.prod.yml                | 3 +--
 shared/modules/admin/update.service.ts | 6 +++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 7d80902..ee21c1f 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -59,8 +59,7 @@ services:
       # Project directory - allows git pull and rebuild
       - .:/app/deploy
       # SSH Keys for git authentication
-      - ~/.ssh/id_rsa:/home/bun/.ssh/id_rsa:ro
-      - ~/.ssh/id_ed25519:/home/bun/.ssh/id_ed25519:ro
+      - ~/.ssh/aurora_bot_key:/home/bun/.ssh/id_ed25519:ro
       - ~/.ssh/known_hosts:/home/bun/.ssh/known_hosts:ro
     working_dir: /app
     environment:
diff --git a/shared/modules/admin/update.service.ts b/shared/modules/admin/update.service.ts
index 278efd4..489963e 100644
--- a/shared/modules/admin/update.service.ts
+++ b/shared/modules/admin/update.service.ts
@@ -26,7 +26,11 @@ async function execWithTimeout(
     return new Promise((resolve, reject) => {
         const child = exec(cmd, {
             cwd: options.cwd,
-            env: { ...process.env, GIT_TERMINAL_PROMPT: "0" }
+            env: {
+                ...process.env,
+                GIT_TERMINAL_PROMPT: "0",
+                GIT_SSH_COMMAND: "ssh -o BatchMode=yes"
+            }
         }, (error: ExecException | null, stdout: string, stderr: string) => {
             if (error) {
                 reject(error);