fix ssh key parsing
This commit is contained in:
+17
-2
@@ -190,6 +190,12 @@ deploy_to_vps:
|
||||
- eval $(ssh-agent -s)
|
||||
- |
|
||||
key_file="$(mktemp)"
|
||||
decoded_key_file="$(mktemp)"
|
||||
|
||||
cleanup_key_files() {
|
||||
rm -f "$key_file" "$decoded_key_file"
|
||||
}
|
||||
trap cleanup_key_files EXIT
|
||||
|
||||
if [ -f "${SSH_PRIVATE_KEY:-}" ]; then
|
||||
tr -d '\r' < "$SSH_PRIVATE_KEY" > "$key_file"
|
||||
@@ -198,13 +204,22 @@ deploy_to_vps:
|
||||
fi
|
||||
|
||||
chmod 600 "$key_file"
|
||||
|
||||
if ! ssh-keygen -y -f "$key_file" >/dev/null 2>&1; then
|
||||
if [ ! -f "${SSH_PRIVATE_KEY:-}" ] && printf '%s' "$SSH_PRIVATE_KEY" | tr -d '\r\n\t ' | base64 -d > "$decoded_key_file" 2>/dev/null; then
|
||||
tr -d '\r' < "$decoded_key_file" > "$key_file"
|
||||
chmod 600 "$key_file"
|
||||
fi
|
||||
fi
|
||||
|
||||
ssh-keygen -y -f "$key_file" >/dev/null 2>&1 || {
|
||||
echo "SSH_PRIVATE_KEY is not a valid unencrypted private key that OpenSSH can read." >&2
|
||||
echo "SSH_PRIVATE_KEY must be an unencrypted OpenSSH private key. GitLab file variables, raw multiline keys, and base64-encoded keys are supported." >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
ssh-add "$key_file"
|
||||
rm -f "$key_file"
|
||||
cleanup_key_files
|
||||
trap - EXIT
|
||||
- mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
||||
# Scan and trust the VPS host key (avoids manual known_hosts management)
|
||||
- ssh-keyscan -H $VPS_IP >> ~/.ssh/known_hosts
|
||||
|
||||
Reference in New Issue
Block a user