From df4fc3681973b0a9c151a6db96b648c2f35237f4 Mon Sep 17 00:00:00 2001
From: root <root@nepiedg.quitsmoke.site>
Date: Tue, 10 Mar 2026 00:27:03 +0800
Subject: [PATCH] ci: harden ssh upload step with timeout and legacy scp

---
 .github/workflows/deploy-prod.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index 062d1d3..f01a25b 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -57,7 +57,8 @@ jobs:
         run: |
           set -e
           REMOTE_BIN="/tmp/wx_service-${GITHUB_SHA}"
-          scp -P "${PORT:-22}" tmp/wx_service "${USER:-root}@${HOST}:${REMOTE_BIN}"
+          SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o ServerAliveInterval=10 -o ServerAliveCountMax=3"
+          scp -O ${SSH_OPTS} -P "${PORT:-22}" tmp/wx_service "${USER:-root}@${HOST}:${REMOTE_BIN}"
 
       - name: Deploy on server
         env:
@@ -67,7 +68,8 @@ jobs:
         run: |
           set -e
           REMOTE_BIN="/tmp/wx_service-${GITHUB_SHA}"
-          ssh -p "${PORT:-22}" "${USER:-root}@${HOST}" \
+          SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o ServerAliveInterval=10 -o ServerAliveCountMax=3"
+          ssh ${SSH_OPTS} -p "${PORT:-22}" "${USER:-root}@${HOST}" \
             "APP_DIR='/www/wwwroot/wx_service' \
              DIST_DIR='/www/wwwroot/wx_service/dist' \
              SOURCE_BIN='${REMOTE_BIN}' \