Explicitly avoid committing SSH key to gh-pages (#2018)

(cherry picked from commit 7560548)
JuliaDocs · Jan 20, 2023 · f31a0ab · f31a0ab
1 parent 327d155
commit f31a0ab
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Documenter.jl changelog
 
+## Version `v0.27.24`
+
+* ![Security][badge-security] `deploydocs` now takes extra care to avoid committing the temporary SSH key file to the Git repo. ([#2018][github-2018])
+
 ## Version `v0.27.23`
 
 * ![Enhancement][badge-enhancement] The `native` and `docker` PDF builds now run with the `-interaction=batchmode` (instead of `nonstopmode`) and `-halt-on-error` options to make the LaTeX error logs more readable and to fail the build early. ([#1908][github-1908])
@@ -1094,6 +1098,7 @@
 [github-1886]: https://github.com/JuliaDocs/Documenter.jl/pull/1886
 [github-1908]: https://github.com/JuliaDocs/Documenter.jl/pull/1908
 [github-1909]: https://github.com/JuliaDocs/Documenter.jl/pull/1909
+[github-2018]: https://github.com/JuliaDocs/Documenter.jl/pull/2018
 <!-- end of issue link definitions -->
 
 [julia-38054]: https://github.com/JuliaLang/julia/issues/38054

diff --git a/src/Documenter.jl b/src/Documenter.jl
@@ -710,7 +710,7 @@ function git_push(
         end
 
         # Add, commit, and push the docs to the remote.
-        run(`$(git()) add -A .`)
+        run(`$(git()) add -A -- ':!.documenter-identity-file.tmp' ':!**/.documenter-identity-file.tmp'`)
         if !success(`$(git()) diff --cached --exit-code`)
             if archive !== nothing
                 run(`$(git()) commit -m "build based on $sha"`)
@@ -732,14 +732,16 @@ function git_push(
         # Get the parts of the repo path and create upstream repo path
         user, host, upstream = user_host_upstream(repo)
 
-        keyfile = abspath(joinpath(root, ".documenter"))
+        keyfile = abspath(joinpath(root, ".documenter-identity-file.tmp"))
+        ispath(keyfile) && error("Keyfile not cleaned up from last run: $(keyfile)")
         try
             if is_preview
                 keycontent = documenter_key_previews(deploy_config)
             else
                 keycontent = documenter_key(deploy_config)
             end
             write(keyfile, base64decode(keycontent))
+            chmod(keyfile, 0o600) # user-only rw permissions
         catch e
             @error """
             Documenter failed to decode the DOCUMENTER_KEY environment variable.
@@ -749,7 +751,6 @@ function git_push(
             rm(keyfile; force=true)
             rethrow(e)
         end
-        chmod(keyfile, 0o600)
 
         try
             mktemp() do sshconfig, io