-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
B dont ask login for public git (#612)
* Update run-ansible.sh * Update run-ansible.sh * Update run-ansible.sh * testing what happens if we don't auth ssh * fixes * add workaround for rate limiting * still testing * try passing var * try with external var * testing * seems to work (need to test ssh end of things for private repos * Update run-ansible.sh * Update run-ansible.sh * trigger pr checks again * debugging failing test * debugging * trigger pr checks * plz do something * debugging * tidying * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * tidying and trying to trigger rate limit * trying to trigger rate limit * trying to trigger rate limit * trying to trigger rate limit * trying to trigger rate limit * trying to trigger rate limit * trying to trigger rate limit * trying to trigger rate limit * trying to trigger rate limit --------- Co-authored-by: carebare47 <[email protected]> Co-authored-by: Build Tools <[email protected]> Co-authored-by: Nikolaus Holmes <[email protected]> Co-authored-by: rnzenha-s <[email protected]>
- Loading branch information
1 parent
ecdd129
commit 71bfd77
Showing
7 changed files
with
166 additions
and
73 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 20 additions & 11 deletions
31
...ble/roles/products/common/resources/templates/scripts/pull-pr-branches-and-catkin-make.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,29 @@ | ||
#! /bin/bash | ||
set -e | ||
source /home/user/projects/shadow_robot/base/devel/setup.bash | ||
|
||
PR_BRANCHES="{{ pr_branches_value }}" | ||
eval $(ssh-agent) | ||
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &) | ||
results="" | ||
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then | ||
echo " ---------------------------------" | ||
echo "Github SSH key successfully added!" | ||
echo " ---------------------------------" | ||
SKIP_GIT_SSH_AUTH="{{ skip_git_ssh_auth }}" | ||
|
||
if [[ $SKIP_GIT_SSH_AUTH != "true" ]]; then | ||
eval $(ssh-agent) | ||
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &) | ||
results="" | ||
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then | ||
echo " ---------------------------------" | ||
echo "Github SSH key successfully added!" | ||
echo " ---------------------------------" | ||
else | ||
echo " -------------------------------------------------------" | ||
echo "Github SSH authentication failed with message: $ssh_test" | ||
echo " -------------------------------------------------------" | ||
exit 1 | ||
fi | ||
else | ||
echo " -------------------------------------------------------" | ||
echo "Github SSH authentication failed with message: $ssh_test" | ||
echo " -------------------------------------------------------" | ||
exit 1 | ||
eval $(ssh-agent) | ||
fi | ||
|
||
|
||
for i in $PR_BRANCHES; do | ||
repo="" | ||
ros_repo="" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -156,73 +156,160 @@ for extra_var in $extra_vars; do | |
done | ||
IFS=${old_IFS} | ||
|
||
github_ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" | ||
github_ssh_private_key_path="${HOME}/.ssh/id_rsa" | ||
if [[ $extra_vars == *"pr_branches="* ]]; then | ||
echo " -------------------------------------------------------------------------------------" | ||
echo "Testing SSH connection to Github with ssh -oStrictHostKeyChecking=no -T [email protected]" | ||
echo "Using SSH key from $github_ssh_private_key_path" | ||
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &) | ||
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then | ||
echo " ---------------------------------" | ||
echo "Github SSH key successfully added!" | ||
echo " ---------------------------------" | ||
is_repo_public() { | ||
local user_slash_repo=$1 | ||
ERROR=$(curl -fsS "https://api.github.com/repos/${user_slash_repo}" 2>&1 >/dev/null) | ||
if [ $? -eq 0 ]; then | ||
printf '%s\n' "The GitHub repo ${user_slash_repo} exists." >&2 | ||
echo "true" | ||
else | ||
if [[ "${ERROR}" == *"error: 403"* ]]; then | ||
echo "403" | ||
else | ||
if [[ -z ${read_input} ]]; then | ||
read_input="github_email" | ||
printf '%s\n' "Error: no GitHub repo ${user_slash_repo} found." >&2 | ||
echo "false" | ||
fi | ||
fi | ||
} | ||
|
||
confirm() { | ||
# call with a prompt string or use a default | ||
read -r -p "${1:-[y/N]} " response | ||
case "$response" in | ||
[yY][eE][sS]|[yY]) | ||
echo "y" | ||
;; | ||
*) | ||
echo "n" | ||
;; | ||
esac | ||
} | ||
|
||
are_all_pr_repos_public(){ | ||
REPO_IS_PRIVATE="true" | ||
printf '\n%s\n' "Testing if repos specified in pr_branches are all public" >&2 | ||
PR_BRANCHES="$@" | ||
for i in $PR_BRANCHES; do | ||
echo "Testing URL: ${i}" >&2 | ||
# Convert github URL to shadow-robot/repo_name | ||
user_slash_repo=$(echo $i | sed -r 's/.*github\.com\///g' | sed -r s'/\/tree.*//g' | sed -r 's/\/pull.*//g') | ||
REPO_IS_PUBLIC=$(is_repo_public $user_slash_repo) | ||
if [[ $REPO_IS_PUBLIC == "false" ]]; then | ||
REPO_IS_PRIVATE="false" | ||
break | ||
elif [[ $REPO_IS_PUBLIC == "403" ]]; then | ||
REPO_IS_PRIVATE="403" | ||
break | ||
fi | ||
done | ||
echo $REPO_IS_PRIVATE | ||
} | ||
|
||
check_github_next_steps(){ | ||
PUBLIC_REPO_STATUS=$1 | ||
NEXT_STEP=0 | ||
if [[ $PUBLIC_REPO_STATUS == "403" ]]; then | ||
printf '%s' "WARNING: Rate limit exceeded for github api requests." >&2 | ||
printf '%s\n' " It is not currently possible to confirm whether all the URLs specified in PR_BRANCHES belong to public repos" >&2 | ||
printf '%s\n' "(Rate limits only last for 60 minutes, if you are unsure then please try again later)" >&2 | ||
if [[ $(confirm "Would you like to create a key and authenticate it? y/N") == "y" ]]; then | ||
NEXT_STEP="generate_key" | ||
elif [[ $(confirm "Would you like to continue without this check? y/N") == "y" ]] ; then | ||
NEXT_STEP="skip_check" | ||
else | ||
read_input=$read_input",github_email" | ||
NEXT_STEP="exit" | ||
fi | ||
# Wait for apt-get install lock file to be released | ||
while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do | ||
echo "Waiting for apt-get install file lock..." | ||
sleep 1 | ||
done | ||
sudo apt-get install -y xclip | ||
elif [[ $PUBLIC_REPO_STATUS == "true" ]]; then | ||
NEXT_STEP="all_public" | ||
else | ||
NEXT_STEP="generate_key" | ||
fi | ||
fi | ||
echo "$NEXT_STEP" | ||
} | ||
|
||
IFS=',' read -ra inputdata <<< "$read_input" | ||
for i in "${inputdata[@]}"; do | ||
printf "Data input for $i:" | ||
read -r input_data | ||
if [[ "${i}" = "github_email" ]]; then | ||
if [[ ! -f "$github_ssh_public_key_path" ]]; then | ||
ssh-keygen -t rsa -b 4096 -q -C "$github_email" -N "" -f ${HOME}/.ssh/id_rsa | ||
fi | ||
eval "$(ssh-agent -s)" | ||
ssh-add $github_ssh_private_key_path | ||
xclip -sel clip < $github_ssh_public_key_path | ||
echo " ----------------------------------------------------------------------------------------------------" | ||
echo "There is an ssh public key in $github_ssh_public_key_path" | ||
echo "xclip is installed and public ssh key is copied into clipboard" | ||
echo "Right-click the URL below (don't copy the URL since your clipboard has the ssh key)" | ||
echo "Select Open Link and follow the steps from number 2 onwards:" | ||
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account" | ||
echo " ----------------------------------------------------------------------------------------------------" | ||
printf "Confirm if you have added the SSH key to your Github account (y/n):" | ||
read -r ssh_key_added | ||
if [[ "$ssh_key_added" == "y" ]]; then | ||
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &) | ||
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then | ||
echo " ---------------------------------" | ||
echo "Github SSH key successfully added!" | ||
echo " ---------------------------------" | ||
github_ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" | ||
github_ssh_private_key_path="${HOME}/.ssh/id_rsa" | ||
SKIP_GIT_SSH_AUTH="false" | ||
if [[ $extra_vars == *"pr_branches="* ]]; then | ||
PR_BRANCHES="$(echo $extra_vars | sed -r 's/.*pr_branches=//g' | sed -r 's/;.*//g')" | ||
ARE_ALL_REPOS_PUBLIC=$(are_all_pr_repos_public $PR_BRANCHES) | ||
NEXT_STEPS=$(check_github_next_steps ${ARE_ALL_REPOS_PUBLIC}) | ||
if [[ $NEXT_STEPS == "exit" ]]; then | ||
exit 0 | ||
elif [[ $NEXT_STEPS == "skip_check" ]]; then | ||
echo "Skipping ssh auth and github login" | ||
formatted_extra_vars="$formatted_extra_vars skip_git_ssh_auth=true" | ||
elif [[ $NEXT_STEPS == "all_public" ]]; then | ||
echo "All pr_branch URLs are public, continuing without ssh authentication" | ||
formatted_extra_vars="$formatted_extra_vars skip_git_ssh_auth=true" | ||
else | ||
formatted_extra_vars="$formatted_extra_vars skip_git_ssh_auth=false" | ||
echo " -------------------------------------------------------------------------------------" | ||
echo "Testing SSH connection to Github with ssh -oStrictHostKeyChecking=no -T [email protected]" | ||
echo "Using SSH key from $github_ssh_private_key_path" | ||
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &) | ||
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then | ||
echo " ---------------------------------" | ||
echo "Github SSH key successfully added!" | ||
echo " ---------------------------------" | ||
else | ||
if [[ -z ${read_input} ]]; then | ||
read_input="github_email" | ||
else | ||
read_input=$read_input",github_email" | ||
fi | ||
# Wait for apt-get install lock file to be released | ||
while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do | ||
echo "Waiting for apt-get install file lock..." | ||
sleep 1 | ||
done | ||
sudo apt-get install -y xclip | ||
fi | ||
IFS=',' read -ra inputdata <<< "$read_input" | ||
for i in "${inputdata[@]}"; do | ||
printf "Data input for $i:" | ||
read -r input_data | ||
if [[ "${i}" = "github_email" ]]; then | ||
if [[ ! -f "$github_ssh_public_key_path" ]]; then | ||
ssh-keygen -t rsa -b 4096 -q -C "$github_email" -N "" -f ${HOME}/.ssh/id_rsa | ||
fi | ||
eval "$(ssh-agent -s)" | ||
ssh-add $github_ssh_private_key_path | ||
xclip -sel clip < $github_ssh_public_key_path | ||
echo " ----------------------------------------------------------------------------------------------------" | ||
echo "Github SSH authentication failed with message: $ssh_test" | ||
echo "There is an ssh public key in $github_ssh_public_key_path" | ||
echo "xclip is installed and public ssh key is copied into clipboard" | ||
echo "Right-click the URL below (don't copy the URL since your clipboard has the ssh key)" | ||
echo "Select Open Link and follow the steps from number 2 onwards:" | ||
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account" | ||
echo " ----------------------------------------------------------------------------------------------------" | ||
exit 1 | ||
printf "Confirm if you have added the SSH key to your Github account (y/n):" | ||
read -r ssh_key_added | ||
if [[ "$ssh_key_added" == "y" ]]; then | ||
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &) | ||
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then | ||
echo " ---------------------------------" | ||
echo "Github SSH key successfully added!" | ||
echo " ---------------------------------" | ||
else | ||
echo " ----------------------------------------------------------------------------------------------------" | ||
echo "Github SSH authentication failed with message: $ssh_test" | ||
echo " ----------------------------------------------------------------------------------------------------" | ||
exit 1 | ||
fi | ||
else | ||
echo "You have specified pr_branches but haven't added a Github SSH key" | ||
echo "Unable to proceed. See the link below" | ||
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account" | ||
exit 1 | ||
fi | ||
fi | ||
else | ||
echo "You have specified pr_branches but haven't added a Github SSH key" | ||
echo "Unable to proceed. See the link below" | ||
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account" | ||
exit 1 | ||
fi | ||
formatted_extra_vars="$formatted_extra_vars $i=$input_data" | ||
done | ||
fi | ||
formatted_extra_vars="$formatted_extra_vars $i=$input_data" | ||
done | ||
fi | ||
|
||
|
||
IFS=',' read -ra securedata <<< "$read_secure" | ||
for i in "${securedata[@]}"; do | ||
printf "\nSecure data input for $i:" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters