Merge pull request #114 from screwdriver-cd/openssh

fix: use MD5 fingerprint

build/git-ssh.sh

@@ -0,0 +1,37 @@
+#!/bin/bash -e
+# GIT_KEY = SSH Deployment key
+if [ -z "$GIT_KEY" ]; then
+  echo Unable to git ssh, missing environment variables
+  exit 2
+fi
+
+GITHUB_FINGERPRINT=16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
+
+echo Addding github.com to known_hosts
+mkdir -p /root/.ssh
+touch /root/.ssh/known_hosts
+ssh-keyscan -H github.com >> /root/.ssh/known_hosts
+chmod 600 /root/.ssh/known_hosts
+
+echo Validating good known_hosts
+ssh-keygen -l -f ~/.ssh/known_hosts | grep $GITHUB_FINGERPRINT
+
+echo Starting ssh-agent
+eval "$(ssh-agent -s)"
+
+echo Loading github key
+echo $GIT_KEY | sed -E 's/([^ ]{40,64}) /*\1*/g' | tr "*" "\n" | sed '/^$/d' > /tmp/git_key
+chmod 600 /tmp/git_key
+ssh-keygen -y -f /tmp/git_key > /tmp/git_key.pub
+ssh-keygen -l -f /tmp/git_key.pub
+ssh-add /tmp/git_key
+rm /tmp/git_key
+
+echo Setting up secrets
+GIT_PATH=`git remote -v | grep fetch | sed 's/ (fetch)//' | cut -d'/' -f4-5`
+git remote set-url --push origin [email protected]:$GIT_PATH
+git remote -v
+
+echo Setting global username/email
+git config --global user.email "[email protected]"
+git config --global user.name "sd-buildbot"

screwdriver.yaml

@@ -3,7 +3,7 @@ workflow:
     - deploy
 
 shared:
-    image: ruby:2
+  image: ruby:2
 
 jobs:
   main:
@@ -20,7 +20,9 @@ jobs:
           - GIT_KEY
           - GITHUB_TOKEN
       steps:
-        - setup-ci: git clone https://github.com/screwdriver-cd/toolbox.git ci
+        - setup-ci: |
+            git clone https://github.com/screwdriver-cd/toolbox.git ci
+            cp build/git-ssh.sh ci/git-ssh.sh
         - install: bundle install
         - build: bundle exec jekyll build --source docs --destination _site
         - package: tar -C _site -cvzf $RELEASE_FILE .