From 77585666a5fcbc6f14c50f99d23c85a96d316fa9 Mon Sep 17 00:00:00 2001
From: Jonah Bull <jonah.bull@elastic.co>
Date: Tue, 23 Apr 2024 12:25:31 -0500
Subject: [PATCH] update build scripts to pull ssh key at runtime

Update build scripts to pull SSH key pair and set it up at runtime.
---
 .buildkite/scripts/build.sh                  | 6 ++++++
 .buildkite/scripts/build_pr.sh               | 6 ++++++
 .buildkite/scripts/clean_preview_branches.sh | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/.buildkite/scripts/build.sh b/.buildkite/scripts/build.sh
index 831e7684606e9..d3cf3171599ac 100755
--- a/.buildkite/scripts/build.sh
+++ b/.buildkite/scripts/build.sh
@@ -31,6 +31,12 @@ fi
 # The docs build can use the ssh agent's authentication socket
 # but can't use ssh keys directly so we start an ssh-agent.
 
+# Temporary workaround until we can move to HTTPS auth
+vault read -field=private-key secret/ci/elastic-docs/elasticmachine-ssh-key > "$HOME/.ssh/id_rsa"
+vault read -field=public-key secret/ci/elastic-docs/elasticmachine-ssh-key > "$HOME/.ssh/id_rsa.pub"
+ssh-keyscan github.com >> "$HOME/.ssh/known_hosts"
+chmod 600 "$HOME/.ssh/id_rsa"
+
 ssh-agent bash -c "
   ssh-add &&
   ./build_docs --all \
diff --git a/.buildkite/scripts/build_pr.sh b/.buildkite/scripts/build_pr.sh
index 39cdd321c338f..3aa9159e5bae2 100755
--- a/.buildkite/scripts/build_pr.sh
+++ b/.buildkite/scripts/build_pr.sh
@@ -85,6 +85,12 @@ build_cmd="./build_docs --all \
 echo "The following build command will be used"
 echo $build_cmd
 
+# Temporary workaround until we can move to HTTPS auth
+vault read -field=private-key secret/ci/elastic-docs/elasticmachine-ssh-key > "$HOME/.ssh/id_rsa"
+vault read -field=public-key secret/ci/elastic-docs/elasticmachine-ssh-key > "$HOME/.ssh/id_rsa.pub"
+ssh-keyscan github.com >> "$HOME/.ssh/known_hosts"
+chmod 600 "$HOME/.ssh/id_rsa"
+
 # Kick off the build
 ssh-agent bash -c "ssh-add && $build_cmd"
 
diff --git a/.buildkite/scripts/clean_preview_branches.sh b/.buildkite/scripts/clean_preview_branches.sh
index 0255e2dc981f4..aa41997a8a245 100755
--- a/.buildkite/scripts/clean_preview_branches.sh
+++ b/.buildkite/scripts/clean_preview_branches.sh
@@ -4,6 +4,12 @@ set -eo pipefail
 export REPO=git@github.com:elastic/built-docs.git
 export IMAGE=docker.elastic.co/docs/build:latest
 
+# Temporary workaround until we can move to HTTPS auth
+vault read -field=private-key secret/ci/elastic-docs/elasticmachine-ssh-key > "$HOME/.ssh/id_rsa"
+vault read -field=public-key secret/ci/elastic-docs/elasticmachine-ssh-key > "$HOME/.ssh/id_rsa.pub"
+ssh-keyscan github.com >> "$HOME/.ssh/known_hosts"
+chmod 600 "$HOME/.ssh/id_rsa"
+
 ./build_docs --docker-build build
 ssh-agent bash -c '
     ssh-add &&