1
0
mirror of synced 2026-07-01 15:40:49 +00:00
Files
flux2/.github/workflows/e2e-azure.yaml
Matheus Pimenta 13f99fa9a0 Debug SSH not working
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2026-06-30 15:12:15 +01:00

156 lines
6.0 KiB
YAML

name: e2e-azure
on:
workflow_dispatch:
schedule:
- cron: '0 6 * * *'
push:
branches:
- main
paths:
- 'tests/**'
- '.github/workflows/e2e-azure.yaml'
pull_request:
branches:
- main
paths:
- 'tests/**'
- '.github/workflows/e2e-azure.yaml'
permissions:
contents: read
jobs:
e2e-aks:
runs-on: ubuntu-latest
env:
SSH_SECRET_SMOKE_TEST_ONLY: "true"
defaults:
run:
working-directory: ./tests/integration
if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
steps:
- name: CheckoutD
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Smoke test Git SSH secrets
env:
GITREPO_SSH_CONTENTS: ${{ secrets.GIT_SSH_IDENTITY }}
GITREPO_SSH_PUB_CONTENTS: ${{ secrets.GIT_SSH_IDENTITY_PUB }}
run: |
set -euo pipefail
mkdir -p ./build/ssh
cat <<EOF > build/ssh/key
$GITREPO_SSH_CONTENTS
EOF
cat <<EOF > build/ssh/key.pub
$GITREPO_SSH_PUB_CONTENTS
EOF
chmod 600 build/ssh/key
key_lines=$(wc -l < build/ssh/key)
pub_lines=$(wc -l < build/ssh/key.pub)
echo "private key lines: ${key_lines}"
echo "public key lines: ${pub_lines}"
ssh-keygen -y -f build/ssh/key > build/ssh/derived.pub
if ! cmp -s build/ssh/derived.pub build/ssh/key.pub; then
echo "::error::derived public key does not match GIT_SSH_IDENTITY_PUB"
echo "derived public key fingerprint:"
ssh-keygen -lf build/ssh/derived.pub
echo "configured public key fingerprint:"
ssh-keygen -lf build/ssh/key.pub
exit 1
fi
echo "SSH key fingerprint:"
ssh-keygen -lf build/ssh/derived.pub
set +e
ssh_output=$(ssh -i build/ssh/key -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=build/ssh/known_hosts -T git@ssh.dev.azure.com 2>&1)
ssh_status=$?
set -e
echo "${ssh_output}"
if echo "${ssh_output}" | grep -q "Shell access is not supported"; then
echo "Azure DevOps SSH accepted the key"
exit 0
fi
if echo "${ssh_output}" | grep -Eq "Public key authentication failed|Permission denied"; then
echo "::error::Azure DevOps SSH rejected the key"
exit 1
fi
echo "::error::unexpected Azure DevOps SSH probe result, exit status ${ssh_status}"
exit 1
- name: Setup Go
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: 1.26.x
cache-dependency-path: tests/integration/go.sum
- name: Setup Terraform
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
uses: hashicorp/setup-terraform@dfe3c3f87815947d99a8997f908cb6525fc44e9e # v4.0.1
- name: Setup Flux CLI
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: make build
working-directory: ./
- name: Setup SOPS
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: |
mkdir -p $HOME/.local/bin
wget -O $HOME/.local/bin/sops https://github.com/mozilla/sops/releases/download/v$SOPS_VER/sops-v$SOPS_VER.linux
chmod +x $HOME/.local/bin/sops
env:
SOPS_VER: 3.7.1
- name: Authenticate to Azure
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
uses: Azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v1.4.6
with:
creds: '{"clientId":"${{ secrets.ARM_CLIENT_ID }}","clientSecret":"${{ secrets.ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.ARM_TENANT_ID }}"}'
- name: Set dynamic variables in .env
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: |
cat > .env <<EOF
export TF_VAR_tags='{ "environment"="github", "ci"="true", "repo"="flux2", "createdat"="$(date -u +x%Y-%m-%d_%Hh%Mm%Ss)" }'
EOF
- name: Print .env for dynamic tag value reference
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
run: cat .env
- name: Run Azure e2e tests
if: ${{ env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
TF_VAR_azuredevops_org: ${{ secrets.TF_VAR_azuredevops_org }}
TF_VAR_azuredevops_pat: ${{ secrets.TF_VAR_azuredevops_pat }}
TF_VAR_azure_location: ${{ vars.TF_VAR_azure_location }}
GITREPO_SSH_CONTENTS: ${{ secrets.GIT_SSH_IDENTITY }}
GITREPO_SSH_PUB_CONTENTS: ${{ secrets.GIT_SSH_IDENTITY_PUB }}
run: |
source .env
mkdir -p ./build/ssh
cat <<EOF > build/ssh/key
$GITREPO_SSH_CONTENTS
EOF
export GITREPO_SSH_PATH=build/ssh/key
cat <<EOF > build/ssh/key.pub
$GITREPO_SSH_PUB_CONTENTS
EOF
export GITREPO_SSH_PUB_PATH=build/ssh/key.pub
make test-azure
- name: Ensure resource cleanup
if: ${{ always() && env.SSH_SECRET_SMOKE_TEST_ONLY != 'true' }}
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
TF_VAR_azuredevops_org: ${{ secrets.TF_VAR_azuredevops_org }}
TF_VAR_azuredevops_pat: ${{ secrets.TF_VAR_azuredevops_pat }}
TF_VAR_azure_location: ${{ vars.TF_VAR_azure_location }}
run: source .env && make destroy-azure