diff --git a/.woodpecker.yml b/.woodpecker.yml
index 142eca1..ea94c5e 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -1,38 +1,36 @@
 steps:
-  ssh-test:                       # name unchanged
+  ssh-test:
     image: google/cloud-sdk:latest
-    commands:
-      - |
-        #!/usr/bin/env bash
+    commands: |
+      #!/usr/bin/env bash
+      set -euo pipefail
+
+      mkdir -p ~/.ssh
+
+      # ── Fetch & install secrets from Secret Manager ─────────────
+      gcloud secrets versions access latest \
+        --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev | base64 -d > ~/.ssh/known_hosts
+      chmod 644 ~/.ssh/known_hosts
+
+      gcloud secrets versions access latest \
+        --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519
+      chmod 600 ~/.ssh/id_ed25519
+
+      echo "🔑  SSH material ready"
+
+      # ── Tag comes from the commit that triggered Woodpecker ─────
+      TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
+      echo "🚀  Deploying tag ${TAG} to staging"
+
+      # ── SSH into the staging VM and re‑create the stack ─────────
+      ssh -o StrictHostKeyChecking=yes \
+          -i ~/.ssh/id_ed25519 \
+          jcoakley@10.128.0.12 <<'EOF'
         set -euo pipefail
-
-        mkdir -p ~/.ssh
-
-        # ── Fetch & install secrets from Secret Manager ─────────────
-        gcloud secrets versions access latest \
-          --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev | base64 -d > ~/.ssh/known_hosts
-        chmod 644 ~/.ssh/known_hosts
-
-        gcloud secrets versions access latest \
-          --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519
-        chmod 600 ~/.ssh/id_ed25519
-
-        echo "🔑  SSH material ready"
-
-        # ── Tag comes from the commit that triggered Woodpecker ─────
-        TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
-        echo "🚀  Deploying tag ${TAG} to staging"
-
-        # ── SSH into the staging VM and re‑create the stack ─────────
-          ssh -o StrictHostKeyChecking=yes \
-            -i ~/.ssh/id_ed25519 \
-            jcoakley@10.128.0.12 <<'EOF'
-          set -euo pipefail
-          cd /opt/aptiva-staging-app
-          echo "Pulling containers with IMG_TAG=${TAG}"
-          IMG_TAG=${TAG} docker compose pull
-          echo "Recreating services"
-          IMG_TAG=${TAG} docker compose up -d --force-recreate --remove-orphans
-          echo "✅  Staging stack refreshed"
-EOF
-
+        cd /opt/aptiva-staging-app
+        echo "Pulling containers with IMG_TAG=${TAG}"
+        IMG_TAG=${TAG} docker compose pull
+        echo "Recreating services"
+        IMG_TAG=${TAG} docker compose up -d --force-recreate --remove-orphans
+        echo "✅  Staging stack refreshed"
+      EOF