Added support for updated CircleCI SSH fingerprint format. Part 13.

AlexSkrypnyk · Feb 1, 2024 · a6c3ea9 · a6c3ea9
1 parent 16c134a
commit a6c3ea9
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 120 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -114,7 +114,7 @@ jobs:
   deploy:
     <<: *container_config
     environment:
-      SSH_KEY_FINGERPRINT: *deploy_ssh_key_fingerprint
+      DEPLOY_SSH_KEY_FINGERPRINT: *deploy_ssh_key_fingerprint
     steps:
       - checkout
 
@@ -124,10 +124,7 @@ jobs:
 
       - run:
           name: Deploy
-          command: |
-            .devtools/setup-ssh.sh
-            export DEPLOY_BRANCH=${DEPLOY_BRANCH:-${CIRCLE_BRANCH}}
-            .devtools/deploy.sh
+          command: DEPLOY_BRANCH=${DEPLOY_BRANCH:-${CIRCLE_BRANCH}} .devtools/deploy.sh
 
 workflows:
   version: 2

diff --git a/.devtools/deploy.sh b/.devtools/deploy.sh
@@ -14,59 +14,6 @@
 set -eu
 [ -n "${DEBUG:-}" ] && set -x
 
-
-# The fingerprint of the SSH key.
-SSH_KEY_FINGERPRINT="${SSH_KEY_FINGERPRINT:-}"
-
-#-------------------------------------------------------------------------------
-
-[ -z "${SSH_KEY_FINGERPRINT}" ] && echo "ERROR: Missing required value for SSH_FINGERPRINT" && exit 1
-
-mkdir -p "${HOME}/.ssh/"
-
-echo -e "\nHost *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n" >"${HOME}/.ssh/config"
-rm -f "${HOME}/.ssh/known_hosts" > /dev/null 2>&1 || true
-
-# The given SHA256 fingerprint, change this value as needed
-SSH_KEY_FINGERPRINT="SHA256:AND4unJGhp4XCwNKyLj6uY3eJtUCZrVbpAtogtvxHbs"
-
-# Find the MD5 hash if the SSH_KEY_FINGERPRINT starts with SHA256.
-if [ "${SSH_KEY_FINGERPRINT#SHA256:}" != "${SSH_KEY_FINGERPRINT}" ]; then
-  for file in "${HOME}"/.ssh/id_rsa*; do
-    calculated_sha256_fingerprint=$(ssh-keygen -l -E sha256 -f "${file}" | awk '{print $2}')
-    if [ "${calculated_sha256_fingerprint}" = "${SSH_KEY_FINGERPRINT}" ]; then
-      SSH_KEY_FINGERPRINT=$(ssh-keygen -l -E md5 -f "${file}" | awk '{print $2}')
-      SSH_KEY_FINGERPRINT="${SSH_KEY_FINGERPRINT#MD5:}"
-      break
-    fi
-  done
-fi
-
-file="${SSH_KEY_FINGERPRINT//:/}"
-file="${HOME}/.ssh/id_rsa_${file//\"/}"
-
-if [ ! -f "${file:-}" ]; then
-  echo "ERROR: Unable to find SSH key file ${file}."
-  exit 1
-fi
-
-if [ -z "${SSH_AGENT_PID:-}" ]; then
-  eval "$(ssh-agent)"
-fi
-
-ssh-add -D
-ssh-add "${file}"
-
-echo "-------------------------------"
-echo "          Setup SSH            "
-echo "-------------------------------"
-echo
-echo "SSH file          : ${file}"
-echo "SSH fingerprint   : ${SSH_KEY_FINGERPRINT}"
-echo "Loaded identities :"
-ssh-add -l
-
-
 #-------------------------------------------------------------------------------
 # Variables (passed from environment; provided for reference only).
 #-------------------------------------------------------------------------------
@@ -87,8 +34,48 @@ DEPLOY_BRANCH="${DEPLOY_BRANCH:-}"
 # before an actual code push.
 DEPLOY_PROCEED="${DEPLOY_PROCEED:-0}"
 
+# The fingerprint of the SSH key.
+DEPLOY_SSH_KEY_FINGERPRINT="${DEPLOY_SSH_KEY_FINGERPRINT:-}"
+
 #-------------------------------------------------------------------------------
 
+if [ -n "${DEPLOY_SSH_KEY_FINGERPRINT}" ]; then
+  echo "-------------------------------"
+  echo "          Setup SSH            "
+  echo "-------------------------------"
+
+  mkdir -p "${HOME}/.ssh/"
+  echo -e "\nHost *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n" >"${HOME}/.ssh/config"
+
+  # Find the MD5 hash if the SSH_KEY_FINGERPRINT starts with SHA256.
+  if [ "${DEPLOY_SSH_KEY_FINGERPRINT#SHA256:}" != "${DEPLOY_SSH_KEY_FINGERPRINT}" ]; then
+    for file in "${HOME}"/.ssh/id_rsa*; do
+      calculated_sha256_fingerprint=$(ssh-keygen -l -E sha256 -f "${file}" | awk '{print $2}')
+      if [ "${calculated_sha256_fingerprint}" = "${DEPLOY_SSH_KEY_FINGERPRINT}" ]; then
+        DEPLOY_SSH_KEY_FINGERPRINT=$(ssh-keygen -l -E md5 -f "${file}" | awk '{print $2}')
+        DEPLOY_SSH_KEY_FINGERPRINT="${DEPLOY_SSH_KEY_FINGERPRINT#MD5:}"
+        break
+      fi
+    done
+  fi
+
+  file="${DEPLOY_SSH_KEY_FINGERPRINT//:/}"
+  file="${HOME}/.ssh/id_rsa_${file//\"/}"
+
+  if [ ! -f "${file:-}" ]; then
+    echo "ERROR: Unable to find SSH key file ${file}."
+    exit 1
+  fi
+
+  if [ -z "${SSH_AGENT_PID:-}" ]; then
+    eval "$(ssh-agent)"
+  fi
+
+  ssh-add -D
+  ssh-add "${file}"
+  ssh-add -l
+fi
+
 echo "-------------------------------"
 echo "          Deploy code          "
 echo "-------------------------------"

diff --git a/.devtools/setup-ssh.sh b/.devtools/setup-ssh.sh