github-action-setup-ddev
github-action-setup-ddev copied to clipboard
jonaseberle
Option to still include ddev-ssh-agent container in order to run ddev pull for Pantheon in CI.
We need in some of our CI jobs to be able to run the following in order to pull the latest database from Pantheon:
ddev auth ssh
ddev pull pantheon
Unfortunately with this action this results in the following error:
Run ddev auth ssh
ddev-ssh-agent is omitted in your configuration so ssh auth cannot be used
Error: Process completed with exit code
Another option is that you can auth inside the container if you don't have the ddev-ssh-agent running, should work. You'll need to copy your keys inside the container and ssh-add /path/to/pantheon-key_rsa - Hope you're taking good secret care of those keys. And of course you can change the pantheon.yaml for the test, things like that.
Yeah, I'm also seeing that when installing DDEV manually in Github Actions that ddev auth ssh doesn't work as expected in CI:
Run ddev auth ssh
the input device is not a TTY
Docker command 'docker [run -it --rm --volumes-from=ddev-ssh-agent --user=1001 --entrypoint= --mount=type=bind,src=/home/runner/.ssh,dst=/tmp/sshtmp drud/ddev-ssh-agent:v1.19.5-built bash -c cp -r /tmp/sshtmp ~/.ssh && chmod -R go-rwx ~/.ssh && cd ~/.ssh && ssh-add $(file * | awk -F: "/private key/ { print \$1 }")]' failed: exit status 1
Error: Process completed with exit code 1.
TestCmdAuthSSH works around ssh-add's insistence on a tty by using expect, https://github.com/drud/ddev/blob/2ccfada109a8e7a52cd9209582c2e0fc76414659/cmd/ddev/cmd/auth-ssh_test.go#L20-L85
I'm going to try the following instead, which would allow me to use this action as normal:
- name: Setup the Pantheon SSH key to be available to DDEV
run: |
mkdir -p .ddev/homeadditions/.ssh
echo "${{ secrets.PANTHEON_SSH_KEY }}" > .ddev/homeadditions/.ssh/id_rsa
It's a good approach, assuming your key has no password and doesn't have to be auth'd. Make sure the permissions on .ssh and id_rsa are properly restrictive.
Ah, so I found that it's this line in the default pantheon.yaml source file:
auth_command:
command: |
set -eu -o pipefail
ssh-add -l >/dev/null || ( echo "Please 'ddev auth ssh' before running this command." && exit 1 )
The ssh-add fails because it fails to mount the directory needed from the container that was omitted. I wrapped it in a conditional based on the CI environment variable which we set manually (actually would be nice to have this set in this action as well).
auth_command:
command: |
set -eu -o pipefail
if [ "$CI" != "true" ]; then ssh-add -l >/dev/null || ( echo "Please 'ddev auth ssh' before running this command." && exit 1 ); fi
I never expected that we might need an SSH agent in a non-interactive environment ;)
Omitting it here was just a minor optimization that might save a second during startup. I am happy to bring it back if you send a PR.
In that case we might want to recommend putting keys into the runner's ~/.ssh/ directory directly instead: https://github.com/jonaseberle/github-action-setup-ddev#ssh-keys
Yeah I am adding the keys into the runner directly, and then symlinking to the .ddev/homeadditions/.ssh directory, but the ssh-add command still fails in this case without my modification above.
Symlinking DDEV homeadditions has stopped working at some point. You should copy them ;)
Actually, ddev now copies homeadditions in, so symlinking should work. https://github.com/drud/ddev/pull/3904
Hey, we have moved to https://github.com/ddev/github-action-setup-ddev. This repo will be archived (read-only). I am going to close all issues. Please feel free to open a new one in the new place if you think it makes sense.