Work around OpenSSH being dumb

tools/publish.bash

@@ -84,8 +84,18 @@ image="${DOCKER_REPO}:app-${sha}"
 docker tag "${DOCKER_REPO}:app" "${image}"
 docker push "${image}"
 
+tmpdir="$(mktemp -d)"
+
+function cleanup {
+    rm -rf "${tmpdir}"
+}
+
+trap cleanup EXIT
+
+base64 -d <<< "${DEPLOY_SSH_PRIVATE_KEY}" > "${tmpdir}/id"
+chmod go-rwx "${tmpdir}/id"
+
 ssh -o IdentitiesOnly=yes \
     -o StrictHostKeyChecking=no \
     -o UserKnownHostsFile=/dev/null \
-    -i <(base64 -d <<< "${DEPLOY_SSH_PRIVATE_KEY}") \
-    "deploy@${DOMAIN}" "${image}"
+    -i "${tmpdir}/id" "deploy@${DOMAIN}" "${image}"