From 65aedf04f8b4ba1045d0244721f9648297da6306 Mon Sep 17 00:00:00 2001
From: Dominic Ayre <dominicayre@microsoft.com>
Date: Tue, 17 Jan 2023 17:00:37 +0000
Subject: [PATCH] Separate SSH key generation into independent job (#4853)

---
 .azure-pipelines-templates/deploy_aci.yml     | 36 +++++++++++++------
 .../install_ssh_key.yml                       |  4 ++-
 .azure-pipelines-templates/test_on_remote.yml |  4 +--
 .azure_pipelines_snp.yml                      |  6 ++--
 4 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml
index e49f95d590..17f768a7d9 100644
--- a/.azure-pipelines-templates/deploy_aci.yml
+++ b/.azure-pipelines-templates/deploy_aci.yml
@@ -1,23 +1,38 @@
 jobs:
-  - job: deploy_aci
-    displayName: "Deploy ACI"
+  - job: generate_ssh_key
+    displayName: "Generate SSH Key"
     variables:
       Codeql.SkipTaskAutoInjection: true
       skipComponentGovernanceDetection: true
     pool:
       vmImage: ubuntu-20.04
+    steps:
+      - script: |
+          set -ex
+          ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
+          echo "##vso[task.setvariable variable=sshKey;isOutput=true;issecret=true]`base64 -w 0 ~/.ssh/id_rsa`"
+        name: generate_ssh_key
+        displayName: "Generate SSH Key"
+
+  - job: deploy_aci
+    displayName: "Deploy ACI"
+    dependsOn:
+      - generate_ssh_key
+    variables:
+      Codeql.SkipTaskAutoInjection: true
+      skipComponentGovernanceDetection: true
+      sshKey: $[ dependencies.generate_ssh_key.outputs['generate_ssh_key.sshKey'] ]
+    pool:
+      vmImage: ubuntu-20.04
     steps:
       - script: |
           env
         name: print_env
         displayName: "Print Environment Variables"
 
-      - script: |
-          set -ex
-          ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
-          echo "##vso[task.setvariable variable=hostPrivKey;isOutput=true;issecret=true]`base64 -w 0 ~/.ssh/id_rsa`"
-        name: generate_ssh_key
-        displayName: "Generate SSH Key"
+      - template: install_ssh_key.yml
+        parameters:
+          ssh_key: $(sshKey)
 
       - template: azure_cli.yml
         parameters:
@@ -71,12 +86,13 @@ jobs:
     pool:
       vmImage: ubuntu-20.04
     dependsOn:
+      - generate_ssh_key
       - deploy_aci
       - ${{ parameters.used_by }}
     condition: always()
     variables:
       IpAddresses: $[ dependencies.deploy_aci.outputs['deploy_aci.ipAddresses'] ]
-      HOST_PRIVATE_KEY: $[ dependencies.deploy_aci.outputs['generate_ssh_key.hostPrivKey'] ]
+      sshKey: $[ dependencies.generate_ssh_key.outputs['generate_ssh_key.sshKey'] ]
     steps:
       - template: azure_cli.yml
         parameters:
@@ -86,7 +102,7 @@ jobs:
 
       - template: install_ssh_key.yml
         parameters:
-          host_private_key: $(HOST_PRIVATE_KEY)
+          ssh_key: $(sshKey)
 
       - script: |
           set -ex
diff --git a/.azure-pipelines-templates/install_ssh_key.yml b/.azure-pipelines-templates/install_ssh_key.yml
index 99634a2b63..b8736a3734 100644
--- a/.azure-pipelines-templates/install_ssh_key.yml
+++ b/.azure-pipelines-templates/install_ssh_key.yml
@@ -2,7 +2,9 @@ steps:
   - script: |
       set -ex
       mkdir ~/.ssh
-      echo ${{ parameters.host_private_key }} | base64 -d > ~/.ssh/id_rsa
+      echo ${{ parameters.ssh_key }} | base64 -d > ~/.ssh/id_rsa
       sudo chmod 600 ~/.ssh/id_rsa
+      sudo ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+      sudo chmod 600 ~/.ssh/id_rsa.pub
     name: setup_key
     displayName: "Install SSH Key from Deployment Step"
diff --git a/.azure-pipelines-templates/test_on_remote.yml b/.azure-pipelines-templates/test_on_remote.yml
index 74dcad6f9d..d2b7421d3e 100644
--- a/.azure-pipelines-templates/test_on_remote.yml
+++ b/.azure-pipelines-templates/test_on_remote.yml
@@ -12,14 +12,14 @@ jobs:
     timeoutInMinutes: 120
     variables:
       RUN_ON: ${{ parameters.run_on }}
-      HOST_PRIVATE_KEY: ${{ parameters.host_private_key }}
+      sshKey: ${{ parameters.ssh_key }}
       Codeql.SkipTaskAutoInjection: true
       skipComponentGovernanceDetection: true
 
     steps:
       - template: install_ssh_key.yml
         parameters:
-          host_private_key: $(HOST_PRIVATE_KEY)
+          ssh_key: $(sshKey)
 
       - script: |
           set -ex
diff --git a/.azure_pipelines_snp.yml b/.azure_pipelines_snp.yml
index 267f671013..b7d26265c3 100644
--- a/.azure_pipelines_snp.yml
+++ b/.azure_pipelines_snp.yml
@@ -40,6 +40,8 @@ jobs:
     parameters:
       job_name: test_snp
       display_name: "Test SNP"
-      depends_on: deploy_aci
+      depends_on:
+        - generate_ssh_key
+        - deploy_aci
       run_on: $[ dependencies.deploy_aci.outputs['deploy_aci.ipAddresses'] ]
-      host_private_key: $[ dependencies.deploy_aci.outputs['generate_ssh_key.hostPrivKey'] ]
+      ssh_key: $[ dependencies.generate_ssh_key.outputs['generate_ssh_key.sshKey'] ]