From 16bc9d0c0d0060c78400d2255e92b3bc80574e91 Mon Sep 17 00:00:00 2001
From: Vadym Samoilenko <vadymsamoilenko@oliver.agency>
Date: Mon, 23 Mar 2026 14:25:44 +0000
Subject: [PATCH] fix: run git pull as SUDO_USER to use correct SSH keys

---
 deploy.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/deploy.sh b/deploy.sh
index 6c30a75..9756544 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -79,15 +79,17 @@ else
 fi
 
 # ── 5. Git pull ───────────────────────────────────────────────────────────────
-log "Pulling latest code..."
+# Run git as the invoking user (not root) so SSH keys work
+GIT_USER="${SUDO_USER:-$(whoami)}"
+log "Pulling latest code (as $GIT_USER)..."
 cd "$APP_DIR"
-git fetch origin
+sudo -u "$GIT_USER" git fetch origin
 LOCAL=$(git rev-parse HEAD)
 REMOTE=$(git rev-parse '@{u}')
 if [[ "$LOCAL" == "$REMOTE" ]]; then
   ok "Already up to date ($(git rev-parse --short HEAD))"
 else
-  git pull --ff-only || die "git pull failed — local changes detected. Stash or reset them first."
+  sudo -u "$GIT_USER" git pull --ff-only || die "git pull failed — local changes detected. Stash or reset them first."
   ok "Updated to $(git rev-parse --short HEAD)"
 fi