From b97979487e63a7ebad70f4d62c332328d63dde81 Mon Sep 17 00:00:00 2001 From: Sudarsan Reddy Date: Tue, 28 Feb 2023 12:54:30 +0000 Subject: [PATCH] TUN-7213: Decode Base64 encoded key before writing it --- .teamcity/update-homebrew.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.teamcity/update-homebrew.sh b/.teamcity/update-homebrew.sh index 7e44b787..838b4745 100755 --- a/.teamcity/update-homebrew.sh +++ b/.teamcity/update-homebrew.sh @@ -3,9 +3,6 @@ set -euo pipefail FILENAME="${PWD}/artifacts/cloudflared-darwin-amd64.tgz" - -echo "$GITHUB_PRIVATE_KEY" - if ! VERSION="$(git describe --tags --exact-match 2>/dev/null)" ; then echo "Skipping public release for an untagged commit." echo "##teamcity[buildStatus status='SUCCESS' text='Skipped due to lack of tag']" @@ -34,7 +31,7 @@ SHA256=$(sha256sum "$FILENAME" | cut -b1-64) # set up git (note that UserKnownHostsFile is an absolute path so we can cd wherever) mkdir -p tmp ssh-keyscan -t rsa github.com > tmp/github.txt -echo "$GITHUB_PRIVATE_KEY" > tmp/private.key +echo "$GITHUB_PRIVATE_KEY_B64" | base64 --decode > tmp/private.key chmod 0400 tmp/private.key export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=$PWD/tmp/github.txt -i $PWD/tmp/private.key -o IdentitiesOnly=yes"