check known hosts in deploy

cmd/gcx/main.go

@@ -740,39 +740,9 @@ func publishToSSH(cfg *SSHPublishConfig, artifactsDir string, tmplData map[strin
 	remoteDir := dirBuffer.String()
 
 	// Check if known_hosts file exists and create it if it doesn't
-	knownHostsPath, err := helpers.ExpandPath("~/.ssh/known_hosts")
-	if err != nil {
-		return fmt.Errorf("failed to expand known hosts path: %w", err)
-	}
-
-	if _, err := os.Stat(knownHostsPath); os.IsNotExist(err) {
-		// Create ~/.ssh directory if it doesn't exist
-		sshDir := filepath.Dir(knownHostsPath)
-		if err := os.MkdirAll(sshDir, 0o700); err != nil {
-			return fmt.Errorf("failed to create .ssh directory: %w", err)
-		}
-
-		// Create empty known_hosts file
-		if err := os.WriteFile(knownHostsPath, []byte{}, 0o600); err != nil {
-			return fmt.Errorf("failed to create known_hosts file: %w", err)
-		}
-
-		// Run ssh-keyscan to add the server to known_hosts
-		cmd := exec.Command("ssh-keyscan", "-H", cfg.Server)
-		output, err := cmd.Output()
-		if err != nil {
-			return fmt.Errorf("ssh-keyscan failed: %w", err)
-		}
-
-		// Append the output to the known_hosts file
-		f, err := os.OpenFile(knownHostsPath, os.O_APPEND|os.O_WRONLY, 0o600)
-		if err != nil {
-			return fmt.Errorf("failed to open known_hosts file: %w", err)
-		}
-		defer f.Close()
-
-		if _, err := f.Write(output); err != nil {
-			return fmt.Errorf("failed to write to known_hosts file: %w", err)
+	if !cfg.InsecureIgnoreHostKey {
+		if err := checkKnonwnHost(cfg.Server); err != nil {
+			return fmt.Errorf("failed to check known_hosts file: %w", err)
 		}
 	}
 
@@ -1101,6 +1071,13 @@ func executeSSHDeploy(cfg *SSHDeployConfig) error {
 		return fmt.Errorf("invalid SSH configuration: %w", err)
 	}
 
+	// Check if known_hosts file exists and create it if it doesn't
+	if !cfg.InsecureIgnoreHostKey {
+		if err := checkKnonwnHost(cfg.Server); err != nil {
+			return fmt.Errorf("failed to check known_hosts file: %w", err)
+		}
+	}
+
 	// Create SSH client
 	var auth goph.Auth
 	var err error
@@ -1148,6 +1125,47 @@ func executeSSHDeploy(cfg *SSHDeployConfig) error {
 	return nil
 }
 
+func checkKnonwnHost(server string) error {
+	// Check if known_hosts file exists and create it if it doesn't
+	knownHostsPath, err := helpers.ExpandPath("~/.ssh/known_hosts")
+	if err != nil {
+		return fmt.Errorf("failed to expand known hosts path: %w", err)
+	}
+
+	if _, err := os.Stat(knownHostsPath); os.IsNotExist(err) {
+		// Create ~/.ssh directory if it doesn't exist
+		sshDir := filepath.Dir(knownHostsPath)
+		if err := os.MkdirAll(sshDir, 0o700); err != nil {
+			return fmt.Errorf("failed to create .ssh directory: %w", err)
+		}
+
+		// Create empty known_hosts file
+		if err := os.WriteFile(knownHostsPath, []byte{}, 0o600); err != nil {
+			return fmt.Errorf("failed to create known_hosts file: %w", err)
+		}
+
+		// Run ssh-keyscan to add the server to known_hosts
+		cmd := exec.Command("ssh-keyscan", "-H", server)
+		output, err := cmd.Output()
+		if err != nil {
+			return fmt.Errorf("ssh-keyscan failed: %w", err)
+		}
+
+		// Append the output to the known_hosts file
+		f, err := os.OpenFile(knownHostsPath, os.O_APPEND|os.O_WRONLY, 0o600)
+		if err != nil {
+			return fmt.Errorf("failed to open known_hosts file: %w", err)
+		}
+		defer f.Close()
+
+		if _, err := f.Write(output); err != nil {
+			return fmt.Errorf("failed to write to known_hosts file: %w", err)
+		}
+	}
+
+	return nil
+}
+
 func main() {
 	// Load environment variables from .env file, if it exists.
 	godotenv.Load()