From add2bb178b57aacfdb730b14d1440253a687d2c3 Mon Sep 17 00:00:00 2001
From: Tobias Poganiuch <tobias.poganiuch@seco.com>
Date: Tue, 16 Apr 2024 16:30:02 +0200
Subject: [PATCH] Revert "CI: remove 'setup_ssh' as ssh access is disabled"

The SSH setup is required for some private projects that pull in
external repos via SSH.

This reverts commit 4d5bca8fb8aaebf8794ffa88a6d0aef779c9eedf.
---
 build-pipeline-ci-test.yml |  2 ++
 build-pipeline.yml         | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/build-pipeline-ci-test.yml b/build-pipeline-ci-test.yml
index 0774eaba..0ff3259c 100644
--- a/build-pipeline-ci-test.yml
+++ b/build-pipeline-ci-test.yml
@@ -41,6 +41,7 @@ build:files:
     GIT_STRATEGY: none
   before_script:
     - !reference [.docker_check]
+    - !reference [.setup_ssh]
     - !reference [.setup_git_credentials]
     - !reference [.repo_checkout]
   script:
@@ -72,6 +73,7 @@ build:check-foo-branch:
     GIT_STRATEGY: none
   before_script:
     - !reference [.docker_check]
+    - !reference [.setup_ssh]
     - !reference [.setup_git_credentials]
     - !reference [.repo_checkout]
   script: |
diff --git a/build-pipeline.yml b/build-pipeline.yml
index 6ada22ca..89024fe9 100644
--- a/build-pipeline.yml
+++ b/build-pipeline.yml
@@ -21,6 +21,30 @@ workflow:
         exit 1
     fi
 
+.setup_ssh: &setup_ssh
+  # Setup ssh key to access private repos
+  # https://docs.gitlab.com/ee/ci/ssh_keys/#ssh-keys-when-using-the-docker-executor
+  # An SSH keypair has been generated for the manifest's pipeline to be able to access
+  # all private repositories in the manifest. The private key has been stored in the
+  # CI/CD variable GITLAB_PRIVATE_KEY of the manifest repository. The public key has
+  # been added as a deploy key in GitLab's repository settings for all contained
+  # repositories.
+  - echo "Setup SSH"
+  - eval $(ssh-agent -s)
+  - echo "$GITLAB_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+  - mkdir -p ~/.ssh
+  - chmod 700 ~/.ssh
+  # Add GitLab server to known hosts
+  # https://docs.gitlab.com/ee/ci/ssh_keys/#verifying-the-ssh-host-keys
+  # In order to access the private repositories via SSH, the GitLab server has to be
+  # added to the known_hosts file. The host keys were determined using the command
+  #   ssh-keyscan [-p port] <gitlab-server>
+  # and have been stored in the GITLAB_KNOWN_HOSTS CI/CD variable.
+  - echo "$GITLAB_KNOWN_HOSTS" >> ~/.ssh/known_hosts
+  - chmod 644 ~/.ssh/known_hosts
+  # Write SSH configuration from variable to config file
+  - echo "$SSH_CONFIG" > ~/.ssh/config
+
 .setup_git_credentials: &setup_git_credentials
   - echo "Setup Git Credentials Cache"
   - git config --global credential.helper 'cache --timeout 86400'
@@ -244,6 +268,7 @@ workflow:
     FNG_INSTALL_URL: "${JOB_URL}/artifacts/${IMAGE_PATH}/${INSTALL_SCRIPT}"
   before_script:
     - *docker_check
+    - *setup_ssh
     - *setup_git_credentials
     - *repo_checkout
     - *setup_build
@@ -321,6 +346,7 @@ workflow:
     reports:
       junit: results/results-*.xml
   before_script:
+    - !reference [.setup_ssh]
     - !reference [.setup_git_credentials]
   script:
     - .gitlab-ci/scripts/download_file_from_latest_job.py
-- 
GitLab