diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..e9a74f4
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,28 @@
+---
+kind: pipeline
+name: linters
+steps:
+  - name: run shellcheck
+    image: koalaman/shellcheck-alpine
+    commands:
+      - shellcheck backup.sh
+
+  - name: publish image
+    image: plugins/docker
+    settings:
+      auto_tag: true
+      username: thecoopcloud
+      password:
+        from_secret: thecoopcloud_password
+      repo: thecoopcloud/abra
+      tags: latest
+    depends_on:
+      - run shellcheck
+    when:
+      event:
+        exclude:
+          - pull_request
+
+trigger:
+  branch:
+    - main
diff --git a/backup.sh b/backup.sh
index 5e2278a..7141323 100755
--- a/backup.sh
+++ b/backup.sh
@@ -21,11 +21,13 @@ if [ -n "$ssh_key_file" ] && [ -f "$ssh_key_file" ]; then
 	if [ -n "$SSH_HOST_KEY" ]; then
 		tmpfile=$(mktemp)
 		echo "$SSH_HOST_KEY" >> "$tmpfile"
+		echo "using host key $SSH_HOST_KEY"
 		ssh_options="-o 'UserKnownHostsFile $tmpfile'"
 	elif [ "$SSH_HOST_KEY_DISABLE" = "1" ]; then
+		echo "disabling SSH host key checking"
 		ssh_options="-o 'StrictHostKeyChecking=No'"
 	else
-		echo "Neither SSH_HOST_KEY nor SSH_HOST_KEY_DISABLE set"
+		echo "neither SSH_HOST_KEY nor SSH_HOST_KEY_DISABLE set"
 	fi
 	restic_extra_options="sftp.command=ssh $ssh_options -i $ssh_key_file $restic_host -s sftp"
 fi
@@ -37,7 +39,7 @@ if [ -n "$s3_key_file" ] && [ -f "$s3_key_file" ] && [ -n "$AWS_ACCESS_KEY_ID" ]
 fi
 
 if [ -z "$restic_repo" ]; then
-	echo "You must configure either SFTP or S3 storage, see README"
+	echo "you must configure either SFTP or S3 storage, see README"
 	exit 1
 fi
 
diff --git a/compose.ssh.yml b/compose.ssh.yml
index ee143d0..1bd2909 100644
--- a/compose.ssh.yml
+++ b/compose.ssh.yml
@@ -5,6 +5,7 @@ services:
     environment:
       - SSH_KEY_FILE=/run/secrets/ssh_key
       - SSH_HOST_KEY
+      - SSH_HOST_KEY_DISABLE
     secrets:
       - source: ssh_key
         mode: 0400