From f31a0abdf2736e4770b106f23fc8fd533bfa52c3 Mon Sep 17 00:00:00 2001
From: Morten Piibeleht <morten.piibeleht@juliahub.com>
Date: Fri, 20 Jan 2023 16:08:14 +1300
Subject: [PATCH] Explicitly avoid committing SSH key to gh-pages (#2018)

(cherry picked from commit 75605482da6b6d697a61761d90ecc71441af1c92)
---
 CHANGELOG.md      | 5 +++++
 src/Documenter.jl | 7 ++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 367c7bfab2..ead0922ee0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Documenter.jl changelog
 
+## Version `v0.27.24`
+
+* ![Security][badge-security] `deploydocs` now takes extra care to avoid committing the temporary SSH key file to the Git repo. ([#2018][github-2018])
+
 ## Version `v0.27.23`
 
 * ![Enhancement][badge-enhancement] The `native` and `docker` PDF builds now run with the `-interaction=batchmode` (instead of `nonstopmode`) and `-halt-on-error` options to make the LaTeX error logs more readable and to fail the build early. ([#1908][github-1908])
@@ -1094,6 +1098,7 @@
 [github-1886]: https://github.com/JuliaDocs/Documenter.jl/pull/1886
 [github-1908]: https://github.com/JuliaDocs/Documenter.jl/pull/1908
 [github-1909]: https://github.com/JuliaDocs/Documenter.jl/pull/1909
+[github-2018]: https://github.com/JuliaDocs/Documenter.jl/pull/2018
 <!-- end of issue link definitions -->
 
 [julia-38054]: https://github.com/JuliaLang/julia/issues/38054
diff --git a/src/Documenter.jl b/src/Documenter.jl
index edf481dcbd..9fec3e428f 100644
--- a/src/Documenter.jl
+++ b/src/Documenter.jl
@@ -710,7 +710,7 @@ function git_push(
         end
 
         # Add, commit, and push the docs to the remote.
-        run(`$(git()) add -A .`)
+        run(`$(git()) add -A -- ':!.documenter-identity-file.tmp' ':!**/.documenter-identity-file.tmp'`)
         if !success(`$(git()) diff --cached --exit-code`)
             if archive !== nothing
                 run(`$(git()) commit -m "build based on $sha"`)
@@ -732,7 +732,8 @@ function git_push(
         # Get the parts of the repo path and create upstream repo path
         user, host, upstream = user_host_upstream(repo)
 
-        keyfile = abspath(joinpath(root, ".documenter"))
+        keyfile = abspath(joinpath(root, ".documenter-identity-file.tmp"))
+        ispath(keyfile) && error("Keyfile not cleaned up from last run: $(keyfile)")
         try
             if is_preview
                 keycontent = documenter_key_previews(deploy_config)
@@ -740,6 +741,7 @@ function git_push(
                 keycontent = documenter_key(deploy_config)
             end
             write(keyfile, base64decode(keycontent))
+            chmod(keyfile, 0o600) # user-only rw permissions
         catch e
             @error """
             Documenter failed to decode the DOCUMENTER_KEY environment variable.
@@ -749,7 +751,6 @@ function git_push(
             rm(keyfile; force=true)
             rethrow(e)
         end
-        chmod(keyfile, 0o600)
 
         try
             mktemp() do sshconfig, io