Previously, because we were piping the compiled script blob over ssh to
decompress over there without creating an intermediated bundled file, we
were allocating the stdin of the ssh session to have the read from the
pipe.
This blocked the allocation of the /dev/tty over the session and
prevented users to interact with the script. We would like some of the
interactions to work, like prompting for a confirmation or typing a
password.
To fix this, the deployment process was split in two steps. The first
step still receives the bundled file over a pipe, decompresses it on a
temprary folder, and outputs the location of the deployment folder.
We grab this output to feed on the second step, which has a script to go
to the deployment folder and start the execution.
Now, roles can make use of read, as well as sudo with password.