From c1bc7376e73821eab843f11a4b6bcd3d2d45c2de Mon Sep 17 00:00:00 2001
From: Alex Skrypnyk <alex@drevops.com>
Date: Mon, 4 Mar 2024 10:54:52 +1100
Subject: [PATCH] t1

---
 scripts/drevops/deploy-lagoon.sh      |  3 +-
 scripts/drevops/download-db-lagoon.sh |  2 +-
 scripts/drevops/setup-ssh.sh          | 77 +++++++++++++++------------
 scripts/drevops/task-custom-lagoon.sh |  3 +-
 4 files changed, 46 insertions(+), 39 deletions(-)

diff --git a/scripts/drevops/deploy-lagoon.sh b/scripts/drevops/deploy-lagoon.sh
index 2133808c1..cfe1dccd0 100755
--- a/scripts/drevops/deploy-lagoon.sh
+++ b/scripts/drevops/deploy-lagoon.sh
@@ -83,8 +83,7 @@ info "Started LAGOON deployment."
 [ -z "${LAGOON_PROJECT}" ] && fail "Missing required value for LAGOON_PROJECT." && exit 1
 { [ -z "${DREVOPS_DEPLOY_BRANCH}" ] && [ -z "${DREVOPS_DEPLOY_PR}" ]; } && fail "Missing required value for DREVOPS_DEPLOY_BRANCH or DREVOPS_DEPLOY_PR." && exit 1
 
-# Use SSH key loader to find the SSH key file.
-DREVOPS_DEPLOY_SSH_FILE="$(DREVOPS_SSH_PREFIX="DEPLOY" ./scripts/drevops/setup-ssh.sh | grep 'Using SSH key file ' | cut -d ' ' -f 5 || false)"
+DREVOPS_SSH_PREFIX="DEPLOY" ./scripts/drevops/setup-ssh.sh
 
 if ! command -v lagoon >/dev/null || [ -n "${DREVOPS_DEPLOY_LAGOON_LAGOONCLI_FORCE_INSTALL}" ]; then
   note "Installing Lagoon CLI."
diff --git a/scripts/drevops/download-db-lagoon.sh b/scripts/drevops/download-db-lagoon.sh
index 0dd7f44a7..c6656e465 100755
--- a/scripts/drevops/download-db-lagoon.sh
+++ b/scripts/drevops/download-db-lagoon.sh
@@ -86,7 +86,7 @@ if [ -f ".env.local" ]; then
   t=$(mktemp) && export -p >"${t}" && set -a && . ".env.local" && set +a && . "${t}" && rm "${t}" && unset t
 fi
 
-DREVOPS_DB_DOWNLOAD_SSH_FILE="$(DREVOPS_SSH_PREFIX="DB_DOWNLOAD" ./scripts/drevops/setup-ssh.sh | grep 'Using SSH key file ' | cut -d ' ' -f 5 || false)"
+DREVOPS_SSH_PREFIX="DB_DOWNLOAD" ./scripts/drevops/setup-ssh.sh
 
 ssh_opts=(-o "UserKnownHostsFile=/dev/null")
 ssh_opts+=(-o "StrictHostKeyChecking=no")
diff --git a/scripts/drevops/setup-ssh.sh b/scripts/drevops/setup-ssh.sh
index dd26224fe..92fbf7b87 100755
--- a/scripts/drevops/setup-ssh.sh
+++ b/scripts/drevops/setup-ssh.sh
@@ -2,6 +2,12 @@
 ##
 # Setup SSH in the environment.
 #
+# - If key fingerprint provided in MD5 or SHA256 format, search for the existing
+#   key file. Export the key file path.
+# - Start SSH agent if not running. Export SSH_AGENT_PID and SSH_AUTH_SOCK.
+# - Load SSH key to the SSH agent.
+# - Disable strict host key checking in CI.
+#
 # IMPORTANT! This script runs outside the container on the host system.
 #
 # shellcheck disable=SC1090,SC1091
@@ -18,15 +24,6 @@ set -eu
 #   key file path.
 DREVOPS_SSH_PREFIX="${DREVOPS_SSH_PREFIX?Missing the required DREVOPS_SSH_PREFIX environment variable.}"
 
-# SSH key fingerprint used to load the key into an agent.
-# Used only if DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FINGERPRINT is not provided.
-DREVOPS_SSH_FINGERPRINT="${DREVOPS_SSH_FINGERPRINT:-}"
-
-# Default SSH file used if custom fingerprint is not provided.
-# Used only if $DREVOPS_SSH_FINGERPRINT, $DREVOPS_${DREVOPS_SSH_PREFIX}SSH_FINGERPRINT,
-# and $DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FILE values are not provided.
-DREVOPS_SSH_FILE="${DREVOPS_SSH_FILE:-${HOME}/.ssh/id_rsa}"
-
 # ------------------------------------------------------------------------------
 
 # @formatter:off
@@ -38,58 +35,70 @@ fail() { [ "${TERM:-}" != "dumb" ] && tput colors >/dev/null 2>&1 && printf "\03
 
 info "Started SSH setup."
 
-fingerprint="DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FINGERPRINT"
-if [ -n "${!fingerprint-}" ]; then
-  DREVOPS_SSH_FINGERPRINT="${!fingerprint}"
-  note "Found variable ${fingerprint} with value ${DREVOPS_SSH_FINGERPRINT}."
+fingerprint_var="DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FINGERPRINT"
+if [ -n "${!fingerprint_var-}" ]; then
+  fingerprint="${!fingerprint_var}"
+  note "Found variable ${fingerprint_var} with value ${fingerprint}."
 fi
 
-file="DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FILE"
-if [ -n "${!file-}" ]; then
-  DREVOPS_SSH_FILE="${!file}"
-  note "Found variable ${file} with value ${DREVOPS_SSH_FILE}."
+file_var="DREVOPS_${DREVOPS_SSH_PREFIX}_SSH_FILE"
+if [ -n "${!file_var-}" ]; then
+  file="${!file_var}"
+  note "Found variable ${file_var} with value ${file}."
+else
+  file="${HOME}/.ssh/id_rsa"
+  note "Using default SSH file ${file}."
 fi
 
-if [ -n "${DREVOPS_SSH_FINGERPRINT}" ]; then
+if [ -n "${fingerprint}" ]; then
   note "Using fingerprint-based deploy key because fingerprint was provided."
 
-  if [ "${DREVOPS_SSH_FINGERPRINT#SHA256:}" != "${DREVOPS_SSH_FINGERPRINT}" ]; then
+  if [ "${fingerprint#SHA256:}" != "${fingerprint}" ]; then
     note "Searching for MD5 hash as fingerprint starts with SHA256."
     for existing_file in "${HOME}"/.ssh/id_rsa*; do
-      calculated_sha256_fingerprint=$(ssh-keygen -l -E sha256 -f "${existing_file}" | awk '{print $2}')
-      if [ "${calculated_sha256_fingerprint}" = "${DREVOPS_SSH_FINGERPRINT}" ]; then
+      fingerprint_sha256=$(ssh-keygen -l -E sha256 -f "${existing_file}" | awk '{print $2}')
+      if [ "${fingerprint_sha256}" = "${fingerprint}" ]; then
         pass "Found matching existing key file ${existing_file}."
-        DREVOPS_SSH_FINGERPRINT=$(ssh-keygen -l -E md5 -f "${existing_file}" | awk '{print $2}')
-        DREVOPS_SSH_FINGERPRINT="${DREVOPS_SSH_FINGERPRINT#MD5:}"
+        fingerprint=$(ssh-keygen -l -E md5 -f "${existing_file}" | awk '{print $2}')
+        fingerprint="${fingerprint#MD5:}"
         break
       fi
     done
   fi
 
   # Cleanup the fingerprint and create a file name.
-  file="${DREVOPS_SSH_FINGERPRINT//:/}"
-  DREVOPS_SSH_FILE="${HOME}/.ssh/id_rsa_${file//\"/}"
+  file="${fingerprint//:/}"
+  file="${HOME}/.ssh/id_rsa_${file//\"/}"
 fi
 
-if [ ! -f "${DREVOPS_SSH_FILE}" ]; then
-  fail "SSH key file ${DREVOPS_SSH_FILE} does not exist."
+if [ ! -f "${file}" ]; then
+  fail "SSH key file ${file} does not exist."
   exit 1
 fi
 
-note "Using SSH key file ${DREVOPS_SSH_FILE}."
+note "Using SSH key file ${file}."
+if [ -n "${!file_var-}" ] && [ "${!file_var}" != "${file}" ]; then
+  note "Updating value of ${file_var} variable to ${file}."
+  export "${file_var}=${file}"
+fi
 
 if [ -z "${SSH_AGENT_PID:-}" ]; then
-  note "Starting SSH agent."
-  eval "$(ssh-agent)"
+  if ! pgrep -u "${USER}" ssh-agent >/dev/null; then
+    note "Starting SSH agent."
+    eval "$(ssh-agent)"
+  else
+    note "SSH agent already running but SSH_AGENT_PID not set."
+    SSH_AGENT_PID=$(pgrep -u "${USER}" ssh-agent)
+    export "${SSH_AGENT_PID?"[FAIL] Unable to find SSH agent PID"}"
+  fi
 fi
 
-if ssh-add -l | grep -q "${DREVOPS_SSH_FILE}"; then
-  note "SSH agent has ${DREVOPS_SSH_FILE} key loaded."
+if ssh-add -l | grep -q "${file}"; then
+  note "SSH agent has ${file} key loaded."
 else
   note "SSH agent does not have a required key loaded. Trying to load."
-  # Remove all other keys and add SSH key from provided fingerprint into SSH agent.
   ssh-add -D >/dev/null
-  ssh-add "${DREVOPS_SSH_FILE}"
+  ssh-add "${file}"
   ssh-add -l
 fi
 
diff --git a/scripts/drevops/task-custom-lagoon.sh b/scripts/drevops/task-custom-lagoon.sh
index 175a6461d..e011dc41b 100755
--- a/scripts/drevops/task-custom-lagoon.sh
+++ b/scripts/drevops/task-custom-lagoon.sh
@@ -67,8 +67,7 @@ info "Started Lagoon task ${DREVOPS_TASK_LAGOON_NAME}."
 [ -z "${DREVOPS_TASK_LAGOON_COMMAND}" ] && echo "Missing required value for DREVOPS_TASK_LAGOON_COMMAND." && exit 1
 [ -z "${DREVOPS_TASK_LAGOON_PROJECT}" ] && echo "Missing required value for DREVOPS_TASK_LAGOON_PROJECT." && exit 1
 
-# Use SSH key loader to find the SSH key file.
-DREVOPS_TASK_SSH_FILE="$(DREVOPS_SSH_PREFIX="TASK" ./scripts/drevops/setup-ssh.sh | grep 'Using SSH key file ' | cut -d ' ' -f 5 || false)"
+DREVOPS_SSH_PREFIX="TASK" ./scripts/drevops/setup-ssh.sh
 
 if ! command -v lagoon >/dev/null || [ -n "${DREVOPS_TASK_LAGOON_INSTALL_CLI_FORCE}" ]; then
   note "Installing Lagoon CLI."