1
0
mirror of synced 2026-07-01 15:40:49 +00:00

Debug SSH not working

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
This commit is contained in:
Matheus Pimenta
2026-06-30 15:12:15 +01:00
parent dcc7def046
commit 13f99fa9a0
+62 -1
View File
@@ -23,6 +23,8 @@ permissions:
jobs:
e2e-aks:
runs-on: ubuntu-latest
env:
SSH_SECRET_SMOKE_TEST_ONLY: "true"
defaults:
run:
working-directory: ./tests/integration
@@ -30,17 +32,72 @@ jobs:
steps:
- name: CheckoutD
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Smoke test Git SSH secrets
env:
GITREPO_SSH_CONTENTS: ${{ secrets.GIT_SSH_IDENTITY }}
GITREPO_SSH_PUB_CONTENTS: ${{ secrets.GIT_SSH_IDENTITY_PUB }}
run: |
set -euo pipefail
mkdir -p ./build/ssh
cat <<EOF > build/ssh/key
$GITREPO_SSH_CONTENTS
EOF
cat <<EOF > build/ssh/key.pub
$GITREPO_SSH_PUB_CONTENTS
EOF
chmod 600 build/ssh/key
key_lines=$(wc -l < build/ssh/key)
pub_lines=$(wc -l < build/ssh/key.pub)
echo "private key lines: ${key_lines}"
echo "public key lines: ${pub_lines}"
ssh-keygen -y -f build/ssh/key > build/ssh/derived.pub
if ! cmp -s build/ssh/derived.pub build/ssh/key.pub; then
echo "::error::derived public key does not match GIT_SSH_IDENTITY_PUB"
echo "derived public key fingerprint:"
ssh-keygen -lf build/ssh/derived.pub
echo "configured public key fingerprint:"
ssh-keygen -lf build/ssh/key.pub
exit 1
fi
echo "SSH key fingerprint:"
ssh-keygen -lf build/ssh/derived.pub
set +e
ssh_output=$(ssh -i build/ssh/key -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=build/ssh/known_hosts -T git@ssh.dev.azure.com 2>&1)
ssh_status=$?
set -e
echo "${ssh_output}"
if echo "${ssh_output}" | grep -q "Shell access is not supported"; then
echo "Azure DevOps SSH accepted the key"
exit 0
fi
if echo "${ssh_output}" | grep -Eq "Public key authentication failed|Permission denied"; then
echo "::error::Azure DevOps SSH rejected the key"
exit 1
fi
echo "::error::unexpected Azure DevOps SSH probe result, exit status ${ssh_status}"
exit 1
- name: Setup Go
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: 1.26.x
cache-dependency-path: tests/integration/go.sum
- name: Setup Terraform
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
uses: hashicorp/setup-terraform@dfe3c3f87815947d99a8997f908cb6525fc44e9e # v4.0.1
- name: Setup Flux CLI
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: make build
working-directory: ./
- name: Setup SOPS
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: |
mkdir -p $HOME/.local/bin
wget -O $HOME/.local/bin/sops https://github.com/mozilla/sops/releases/download/v$SOPS_VER/sops-v$SOPS_VER.linux
@@ -48,17 +105,21 @@ jobs:
env:
SOPS_VER: 3.7.1
- name: Authenticate to Azure
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
uses: Azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v1.4.6
with:
creds: '{"clientId":"${{ secrets.ARM_CLIENT_ID }}","clientSecret":"${{ secrets.ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.ARM_TENANT_ID }}"}'
- name: Set dynamic variables in .env
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: |
cat > .env <<EOF
export TF_VAR_tags='{ "environment"="github", "ci"="true", "repo"="flux2", "createdat"="$(date -u +x%Y-%m-%d_%Hh%Mm%Ss)" }'
EOF
- name: Print .env for dynamic tag value reference
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: cat .env
- name: Run Azure e2e tests
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
@@ -82,7 +143,7 @@ jobs:
export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
make test-azure
- name: Ensure resource cleanup
if: ${{ always() }}
if: ${{ always() && env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}