From b97979487e63a7ebad70f4d62c332328d63dde81 Mon Sep 17 00:00:00 2001
From: Sudarsan Reddy <sreddy@cloudflare.com>
Date: Tue, 28 Feb 2023 12:54:30 +0000
Subject: [PATCH] TUN-7213: Decode Base64 encoded key before writing it

---
 .teamcity/update-homebrew.sh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.teamcity/update-homebrew.sh b/.teamcity/update-homebrew.sh
index 7e44b787..838b4745 100755
--- a/.teamcity/update-homebrew.sh
+++ b/.teamcity/update-homebrew.sh
@@ -3,9 +3,6 @@
 set -euo pipefail
 
 FILENAME="${PWD}/artifacts/cloudflared-darwin-amd64.tgz"
-
-echo "$GITHUB_PRIVATE_KEY"
-
 if ! VERSION="$(git describe --tags --exact-match 2>/dev/null)" ; then
     echo "Skipping public release for an untagged commit."
     echo "##teamcity[buildStatus status='SUCCESS' text='Skipped due to lack of tag']"
@@ -34,7 +31,7 @@ SHA256=$(sha256sum "$FILENAME" | cut -b1-64)
 # set up git (note that UserKnownHostsFile is an absolute path so we can cd wherever)
 mkdir -p tmp
 ssh-keyscan -t rsa github.com > tmp/github.txt
-echo "$GITHUB_PRIVATE_KEY" > tmp/private.key
+echo "$GITHUB_PRIVATE_KEY_B64" | base64 --decode > tmp/private.key
 chmod 0400 tmp/private.key
 export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=$PWD/tmp/github.txt -i $PWD/tmp/private.key -o IdentitiesOnly=yes"