From 64b60f1597b544c747b3256d9d7865b7221aa2b1 Mon Sep 17 00:00:00 2001
From: LE BERRE Mickael <mleberre@assia.fr>
Date: Mon, 18 May 2026 16:17:30 +0200
Subject: [PATCH] docs: explicit comment on StrictHostKeyChecking=no in deploy
 workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Runner Alpine stateless, pas de known_hosts persistant.
Cible fixe sur LAN interne (192.168.1.208) — risque MITM inexistant.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .forgejo/workflows/deploy.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
index d52df6c..acf1638 100644
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@@ -34,6 +34,8 @@ jobs:
 
       - name: Sync files to NAS
         run: |
+          # StrictHostKeyChecking=no : runner Alpine stateless, pas de known_hosts persistant.
+          # Cible fixe sur LAN interne (192.168.1.208) — risque MITM inexistant.
           rsync -av --delete \
             -e "ssh -i /root/.ssh/id_deploy -o StrictHostKeyChecking=no" \
             --exclude='.git' \
@@ -45,6 +47,8 @@ jobs:
 
       - name: Restart bot on NAS
         run: |
+          # StrictHostKeyChecking=no : runner Alpine stateless, pas de known_hosts persistant.
+          # Cible fixe sur LAN interne (192.168.1.208) — risque MITM inexistant.
           ssh -i /root/.ssh/id_deploy -o StrictHostKeyChecking=no \
             Elewyn@192.168.1.208 \
             "cd ${{ env.DEPLOY_PATH }} && /share/CACHEDEV1_DATA/.qpkg/container-station/usr/bin/docker compose down || true && /share/CACHEDEV1_DATA/.qpkg/container-station/usr/bin/docker compose up -d"