Commit 5a00af91 authored by ale's avatar ale
Browse files

Add a wrapper command to load a SSH key

parent 1cd7b672
Pipeline #5302 passed with stages
in 2 minutes and 41 seconds
FROM debian:buster
COPY build.sh /tmp/build.sh
COPY with-ssh-key /usr/bin/with-ssh-key
RUN /tmp/build.sh && rm /tmp/build.sh
ENTRYPOINT ["/bin/sh"]
......@@ -67,6 +67,9 @@ mv $HOME/go/bin/* /usr/bin/
echo "@cert-authority *.investici.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMj0mYL4uZv4F8wSX4+o6FWPtpnKxi2IesJF7k/Wb/OD" \
> /etc/ssh/ssh_known_hosts
# Ensure our wrapper is executable.
chmod 755 /usr/bin/with-ssh-key
# Remove packages used for installation.
apt-get remove -y --purge ${BUILD_PACKAGES}
apt-get autoremove -y
......
#!/bin/sh
#
# Wrap a command with an ssh-agent with loaded credentials.
# The (optional) private key is passed as the environment variable
# SSH_PRIVATE_KEY.
#
key=${SSH_PRIVATE_KEY:-}
if [ -z "$key" ]; then
"$@"
exit $?
fi
mkdir -p ~/.ssh
chmod 0700 ~/.ssh
echo "$key" > ~/.ssh/key
chmod 0600 ~/.ssh/key
eval `ssh-agent -s`
trap "ssh-agent -k >/dev/null" EXIT
ssh-add ~/.ssh/key
if [ $? -gt 0 ]; then
echo "ERROR: could not load SSH_PRIVATE_KEY" >&2
exit 2
fi
"$@"
exit $?
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment