- Add knownHosts *dagger.Secret parameter to Deployer(), DeployLinux(),
DeployApk(), PublishWebsite(), BuildWebsite(), GenerateBuildHistory()
- Mount SSH_KNOWN_HOSTS secret at /root/.ssh/known_hosts (mode 0644) in
both the Deployer container and the GenerateBuildHistory container
- Remove all -o StrictHostKeyChecking=no flags from ssh/scp/rsync calls
in ci/main.go and scripts/generate_build_history.py
- Update Taskfile dagger tasks (deploy-linux, deploy-apk, publish-website)
to require SSH_KNOWN_HOSTS and pass --known-hosts env:SSH_KNOWN_HOSTS
- Fix non-Dagger Taskfile tasks to write SSH_KNOWN_HOSTS to ~/.ssh/known_hosts
- Fix .forgejo/workflows/deploy.yml to pass SSH_KNOWN_HOSTS secret
- Fix .github/workflows/ci.yml SSH setup step to write known_hosts file
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
