Rotate SSH key and use correct VPS_COMMIT_SHA on provisioning

1 files changed, 5 insertions, 4 deletions

diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh
index 2941d03..d0afb28 100755
--- a/scripts/ci/provision.sh
+++ b/scripts/ci/provision.sh
@@ -5,11 +5,12 @@ set -Eeuo pipefail
 cd "$(dirname "${BASH_SOURCE[0]}")"
 cd ../../
 
+export VPS_COMMIT_SHA="$(git rev-parse HEAD)"
 echo "Shutting down running containers and backing up data..."
 ssh "$TLD" "cd /home/vps/ && docker-compose down"
 scp ./secrets/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub
 scp ./secrets/borg_remote "$TLD":/root/.ssh/id_rsa
-VPS_COMMIT_SHA="$(git rev-parse HEAD)" envsubst < ./scripts/box/run-backup-template.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh'
+envsubst < ./scripts/box/run-backup-template.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh'
 ssh "$TLD" /home/vps/run-backup.sh
 echo "Done."
 
@@ -18,14 +19,14 @@ echo "Running 'terraform plan' and storing the planfile..."
 terraform --version
 terraform init
 mkdir -p "../vps-state/secrets/plan-files/"
-PLAN_FILE_NAME="$(date -Iseconds)-$(git rev-parse HEAD).tfplan"
+PLAN_FILE_NAME="$(date -Iseconds)-$VPS_COMMIT_SHA.tfplan"
 PLAN_FILE_PATH="../vps-state/secrets/plan-files/$PLAN_FILE_NAME"
 terraform plan -input=false -out="$PLAN_FILE_PATH"
 
 # Store on git repo
 pushd ../vps-state/
 git add "secrets/plan-files/$PLAN_FILE_NAME"
-git commit -m "CI: add .tfplan plan file for CI run $(git rev-parse HEAD)"
+git commit -m "CI: add .tfplan plan file for CI run $VPS_COMMIT_SHA"
 git push origin master
 popd
 echo "Done."
@@ -37,7 +38,7 @@ echo "Done."
 echo "Storing .tfstate file..."
 pushd ../vps-state/
 git add secrets/terraform.tfstate secrets/terraform.tfstate.backup
-git commit -m "CI: update Terraform .tfstate files for CI run $(git rev-parse HEAD)"
+git commit -m "CI: update Terraform .tfstate files for CI run $VPS_COMMIT_SHA"
 git push origin master
 popd
 echo "Done."