Added support for updated CircleCI SSH fingerprint format.

.circleci/config.yml

@@ -114,15 +114,13 @@ jobs:
   deploy:
     <<: *container_config
     environment:
-      SSH_KEY_FINGERPRINT: *deploy_ssh_key_fingerprint
+      DEPLOY_SSH_KEY_FINGERPRINT: *deploy_ssh_key_fingerprint
     steps:
       - checkout
+
       - add_ssh_keys:
           fingerprints:
             - *deploy_ssh_key_fingerprint
-      - run:
-          name: Setup SSH
-          command: .devtools/setup-ssh.sh
 
       - run:
           name: Deploy

.devtools/deploy.sh

@@ -5,9 +5,6 @@
 # - configures local git
 # - force-pushes code to a remote code repository branch
 #
-# It is a good practice to create a separate Deployer user with own SSH key for
-# every project.
-#
 # Add the following variables through CI provider UI.
 # - DEPLOY_USER_NAME - name of the user who will be committing to a remote repository.
 # - DEPLOY_USER_EMAIL - email address of the user who will be committing to a remote repository.
@@ -37,8 +34,48 @@ DEPLOY_BRANCH="${DEPLOY_BRANCH:-}"
 # before an actual code push.
 DEPLOY_PROCEED="${DEPLOY_PROCEED:-0}"
 
+# The fingerprint of the SSH key.
+DEPLOY_SSH_KEY_FINGERPRINT="${DEPLOY_SSH_KEY_FINGERPRINT:-}"
+
 #-------------------------------------------------------------------------------
 
+if [ -n "${DEPLOY_SSH_KEY_FINGERPRINT}" ]; then
+  echo "-------------------------------"
+  echo "          Setup SSH            "
+  echo "-------------------------------"
+
+  mkdir -p "${HOME}/.ssh/"
+  echo -e "\nHost *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n" >"${HOME}/.ssh/config"
+
+  # Find the MD5 hash if the SSH_KEY_FINGERPRINT starts with SHA256.
+  if [ "${DEPLOY_SSH_KEY_FINGERPRINT#SHA256:}" != "${DEPLOY_SSH_KEY_FINGERPRINT}" ]; then
+    for file in "${HOME}"/.ssh/id_rsa*; do
+      calculated_sha256_fingerprint=$(ssh-keygen -l -E sha256 -f "${file}" | awk '{print $2}')
+      if [ "${calculated_sha256_fingerprint}" = "${DEPLOY_SSH_KEY_FINGERPRINT}" ]; then
+        DEPLOY_SSH_KEY_FINGERPRINT=$(ssh-keygen -l -E md5 -f "${file}" | awk '{print $2}')
+        DEPLOY_SSH_KEY_FINGERPRINT="${DEPLOY_SSH_KEY_FINGERPRINT#MD5:}"
+        break
+      fi
+    done
+  fi
+
+  file="${DEPLOY_SSH_KEY_FINGERPRINT//:/}"
+  file="${HOME}/.ssh/id_rsa_${file//\"/}"
+
+  if [ ! -f "${file:-}" ]; then
+    echo "ERROR: Unable to find SSH key file ${file}."
+    exit 1
+  fi
+
+  if [ -z "${SSH_AGENT_PID:-}" ]; then
+    eval "$(ssh-agent)"
+  fi
+
+  ssh-add -D
+  ssh-add "${file}"
+  ssh-add -l
+fi
+
 echo "-------------------------------"
 echo "          Deploy code          "
 echo "-------------------------------"
@@ -59,6 +96,10 @@ git config --global push.default matching
 echo "> Add remote ${DEPLOY_REMOTE}."
 git remote add deployremote "${DEPLOY_REMOTE}"
 
+if [ -z "${DEPLOY_BRANCH}" ]; then
+  DEPLOY_BRANCH="$(git symbolic-ref --short HEAD)"
+fi
+
 echo "> Push code to branch ${DEPLOY_BRANCH}."
 git push --force deployremote HEAD:"${DEPLOY_BRANCH}"
 

README.md

@@ -121,7 +121,7 @@ ssh-keygen -m PEM -t rsa -b 4096 -C "[email protected]"
     file with this copied fingerprint string.
   - Push the code to your repository.
 
-4. In CI, UI add the following variables:
+4. In CI, use UI to add the following variables:
 
 - `DEPLOY_USER_NAME` - the name of the user who will be committing to a
   remote repository (i.e., your name on drupal.org).
@@ -132,6 +132,10 @@ ssh-keygen -m PEM -t rsa -b 4096 -C "[email protected]"
 - `DEPLOY_PROCEED` - set to `1` once CI is working, and you are ready to
   deploy.
 
+To debug SSH connection used by Git, add `GIT_SSH_COMMAND` variable with value
+`ssh -vvv`. This will output verbose information about the SSH connection and
+key used.
+
 </details>
 
 ---