diff --git a/deploy/README.md b/deploy/README.md index 0dccaae..6752e40 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -20,30 +20,17 @@ master: # Path to deploy. Can be auto-determined using EE version if not specified explicitly. deploy_path: /opt/easyengine/sites/example.com/app/htdocs - - # Setting these options because of ssh-issues in GH actions. - # Should not be needed in future, hopefully :fingers-crossed: - sshOptions: - UserKnownHostsFile: /dev/null - StrictHostKeyChecking: no - staging: hostname: stag.example.com user: root stage: develop deploy_path: /opt/easyengine/sites/stag.example.com/app/htdocs - sshOptions: - UserKnownHostsFile: /dev/null - StrictHostKeyChecking: no develop: hostname: dev.example.com user: root stage: develop deploy_path: /opt/easyengine/sites/dev.example.com/app/htdocs - sshOptions: - UserKnownHostsFile: /dev/null - StrictHostKeyChecking: no ci_script_options: vip: true diff --git a/deploy/deploy.sh b/deploy/deploy.sh index 65ed9e6..34ef46b 100755 --- a/deploy/deploy.sh +++ b/deploy/deploy.sh @@ -32,18 +32,23 @@ ssh-keygen -t rsa -b 4096 -C "GH-actions-ssh-deploy-key" -f "$HOME/.ssh/id_rsa" # Get signed key from vault vault write -field=signed_key ssh-client-signer/sign/my-role public_key=@$HOME/.ssh/id_rsa.pub > $HOME/.ssh/signed-cert.pub +# Setup known_hosts +known_hosts_file="${SSH_DIR}/known_hosts" +known_host_data="@cert-authority ${hostname} " +host_signer=$(vault read -field=public_key ssh-host-signer/config/ca) +known_host_data="${known_host_data}${host_signer}" +echo "$known_host_data" >> "$known_hosts_file" + # Create ssh config file. `~/.ssh/config` does not work. cat > /etc/ssh/ssh_config < "$SSH_DIR/known_hosts" -# chmod 644 "$SSH_DIR/known_hosts" - mkdir -p "$HTDOCS" cd "$HTDOCS" export build_root="$(pwd)"