fix(scripts): correct known_hosts validation logic

warnyul · warnyul · commit 8b60a76689c9 · 2025-01-03T15:01:36.000+01:00
- Updated `check.sh` to verify that the SSH fingerprint exists in the `known_hosts` file using `grep`.
- Adjusted `post_check.sh` to confirm the SSH fingerprint is removed from the `known_hosts` file after the job.
- Added proper cleanup of `SSH_KNOWN_HOSTS_FILE` variable in both scripts for better environment management.
diff --git a/check.sh b/check.sh
@@ -1,7 +1,11 @@
 #!/usr/bin/env sh
 
-if [ ! -s "${HOME}/.ssh/known_hosts" ]; then
+SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts"
+
+if ! grep -q "${SSH_KNOWN_HOSTS}" "${SSH_KNOWN_HOSTS_FILE}"; then
     echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\
-~/.ssh/known_hosts is missing or empty."
+${SSH_KNOWN_HOSTS_FILE} file should contain the ssh fingerprint."
     exit 1
-fi
+fi
+
+unset SSH_KNOWN_HOSTS_FILE
diff --git a/post_check.sh b/post_check.sh
@@ -2,7 +2,7 @@
 
 SSH_KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts"
 
-if ! grep -q "${SSH_KNOWN_HOSTS}" "${SSH_KNOWN_HOSTS_FILE}" ; then
+if grep -q "${SSH_KNOWN_HOSTS}" "${SSH_KNOWN_HOSTS_FILE}" ; then
     echo "::error file=$(basename "$0"),line=${LINENO},endLine=${LINENO},title=Assertion Error::\
 ${SSH_KNOWN_HOSTS_FILE} file should not contain the ssh fingerprint after the job."
     exit 1
