Skip to content

Commit

Permalink
B dont ask login for public git (#612)
Browse files Browse the repository at this point in the history
* Update run-ansible.sh

* Update run-ansible.sh

* Update run-ansible.sh

* testing what happens if we don't auth ssh

* fixes

* add workaround for rate limiting

* still testing

* try passing var

* try with external var

* testing

* seems to work (need to test ssh end of things for private repos

* Update run-ansible.sh

* Update run-ansible.sh

* trigger pr checks again

* debugging failing test

* debugging

* trigger pr checks

* plz do something

* debugging

* tidying

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* tidying and trying to trigger rate limit

* trying to trigger rate limit

* trying to trigger rate limit

* trying to trigger rate limit

* trying to trigger rate limit

* trying to trigger rate limit

* trying to trigger rate limit

* trying to trigger rate limit

* trying to trigger rate limit

---------

Co-authored-by: carebare47 <[email protected]>
Co-authored-by: Build Tools <[email protected]>
Co-authored-by: Nikolaus Holmes <[email protected]>
Co-authored-by: rnzenha-s <[email protected]>
  • Loading branch information
5 people authored Jul 29, 2024
1 parent ecdd129 commit 71bfd77
Show file tree
Hide file tree
Showing 7 changed files with 166 additions and 73 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@
mode: '755'
vars:
pr_branches_value: "{{ pr_branches }}"
skip_git_ssh_auth: "{{ skip_git_ssh_auth }}"

- name: Copying the pull pull_pr_branches_and_catkin_make bash script into docker container
changed_when: false
Expand All @@ -97,6 +98,7 @@
changed_when: false
shell: "docker cp /home/{{ user }}/.ssh/id_rsa {{ container_name }}:/home/user/.ssh/id_rsa"
become: yes
when: not skip_git_ssh_auth

- name: Check-out any branches inside docker container and catkin_make
import_tasks: modify-container.yml
Expand Down
Original file line number Diff line number Diff line change
@@ -1,20 +1,29 @@
#! /bin/bash
set -e
source /home/user/projects/shadow_robot/base/devel/setup.bash

PR_BRANCHES="{{ pr_branches_value }}"
eval $(ssh-agent)
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &)
results=""
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then
echo " ---------------------------------"
echo "Github SSH key successfully added!"
echo " ---------------------------------"
SKIP_GIT_SSH_AUTH="{{ skip_git_ssh_auth }}"

if [[ $SKIP_GIT_SSH_AUTH != "true" ]]; then
eval $(ssh-agent)
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &)
results=""
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then
echo " ---------------------------------"
echo "Github SSH key successfully added!"
echo " ---------------------------------"
else
echo " -------------------------------------------------------"
echo "Github SSH authentication failed with message: $ssh_test"
echo " -------------------------------------------------------"
exit 1
fi
else
echo " -------------------------------------------------------"
echo "Github SSH authentication failed with message: $ssh_test"
echo " -------------------------------------------------------"
exit 1
eval $(ssh-agent)
fi


for i in $PR_BRANCHES; do
repo=""
ros_repo=""
Expand Down
201 changes: 144 additions & 57 deletions bin/run-ansible.sh
Original file line number Diff line number Diff line change
Expand Up @@ -156,73 +156,160 @@ for extra_var in $extra_vars; do
done
IFS=${old_IFS}

github_ssh_public_key_path="${HOME}/.ssh/id_rsa.pub"
github_ssh_private_key_path="${HOME}/.ssh/id_rsa"
if [[ $extra_vars == *"pr_branches="* ]]; then
echo " -------------------------------------------------------------------------------------"
echo "Testing SSH connection to Github with ssh -oStrictHostKeyChecking=no -T [email protected]"
echo "Using SSH key from $github_ssh_private_key_path"
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &)
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then
echo " ---------------------------------"
echo "Github SSH key successfully added!"
echo " ---------------------------------"
is_repo_public() {
local user_slash_repo=$1
ERROR=$(curl -fsS "https://api.github.com/repos/${user_slash_repo}" 2>&1 >/dev/null)
if [ $? -eq 0 ]; then
printf '%s\n' "The GitHub repo ${user_slash_repo} exists." >&2
echo "true"
else
if [[ "${ERROR}" == *"error: 403"* ]]; then
echo "403"
else
if [[ -z ${read_input} ]]; then
read_input="github_email"
printf '%s\n' "Error: no GitHub repo ${user_slash_repo} found." >&2
echo "false"
fi
fi
}

confirm() {
# call with a prompt string or use a default
read -r -p "${1:-[y/N]} " response
case "$response" in
[yY][eE][sS]|[yY])
echo "y"
;;
*)
echo "n"
;;
esac
}

are_all_pr_repos_public(){
REPO_IS_PRIVATE="true"
printf '\n%s\n' "Testing if repos specified in pr_branches are all public" >&2
PR_BRANCHES="$@"
for i in $PR_BRANCHES; do
echo "Testing URL: ${i}" >&2
# Convert github URL to shadow-robot/repo_name
user_slash_repo=$(echo $i | sed -r 's/.*github\.com\///g' | sed -r s'/\/tree.*//g' | sed -r 's/\/pull.*//g')
REPO_IS_PUBLIC=$(is_repo_public $user_slash_repo)
if [[ $REPO_IS_PUBLIC == "false" ]]; then
REPO_IS_PRIVATE="false"
break
elif [[ $REPO_IS_PUBLIC == "403" ]]; then
REPO_IS_PRIVATE="403"
break
fi
done
echo $REPO_IS_PRIVATE
}

check_github_next_steps(){
PUBLIC_REPO_STATUS=$1
NEXT_STEP=0
if [[ $PUBLIC_REPO_STATUS == "403" ]]; then
printf '%s' "WARNING: Rate limit exceeded for github api requests." >&2
printf '%s\n' " It is not currently possible to confirm whether all the URLs specified in PR_BRANCHES belong to public repos" >&2
printf '%s\n' "(Rate limits only last for 60 minutes, if you are unsure then please try again later)" >&2
if [[ $(confirm "Would you like to create a key and authenticate it? y/N") == "y" ]]; then
NEXT_STEP="generate_key"
elif [[ $(confirm "Would you like to continue without this check? y/N") == "y" ]] ; then
NEXT_STEP="skip_check"
else
read_input=$read_input",github_email"
NEXT_STEP="exit"
fi
# Wait for apt-get install lock file to be released
while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do
echo "Waiting for apt-get install file lock..."
sleep 1
done
sudo apt-get install -y xclip
elif [[ $PUBLIC_REPO_STATUS == "true" ]]; then
NEXT_STEP="all_public"
else
NEXT_STEP="generate_key"
fi
fi
echo "$NEXT_STEP"
}

IFS=',' read -ra inputdata <<< "$read_input"
for i in "${inputdata[@]}"; do
printf "Data input for $i:"
read -r input_data
if [[ "${i}" = "github_email" ]]; then
if [[ ! -f "$github_ssh_public_key_path" ]]; then
ssh-keygen -t rsa -b 4096 -q -C "$github_email" -N "" -f ${HOME}/.ssh/id_rsa
fi
eval "$(ssh-agent -s)"
ssh-add $github_ssh_private_key_path
xclip -sel clip < $github_ssh_public_key_path
echo " ----------------------------------------------------------------------------------------------------"
echo "There is an ssh public key in $github_ssh_public_key_path"
echo "xclip is installed and public ssh key is copied into clipboard"
echo "Right-click the URL below (don't copy the URL since your clipboard has the ssh key)"
echo "Select Open Link and follow the steps from number 2 onwards:"
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account"
echo " ----------------------------------------------------------------------------------------------------"
printf "Confirm if you have added the SSH key to your Github account (y/n):"
read -r ssh_key_added
if [[ "$ssh_key_added" == "y" ]]; then
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &)
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then
echo " ---------------------------------"
echo "Github SSH key successfully added!"
echo " ---------------------------------"
github_ssh_public_key_path="${HOME}/.ssh/id_rsa.pub"
github_ssh_private_key_path="${HOME}/.ssh/id_rsa"
SKIP_GIT_SSH_AUTH="false"
if [[ $extra_vars == *"pr_branches="* ]]; then
PR_BRANCHES="$(echo $extra_vars | sed -r 's/.*pr_branches=//g' | sed -r 's/;.*//g')"
ARE_ALL_REPOS_PUBLIC=$(are_all_pr_repos_public $PR_BRANCHES)
NEXT_STEPS=$(check_github_next_steps ${ARE_ALL_REPOS_PUBLIC})
if [[ $NEXT_STEPS == "exit" ]]; then
exit 0
elif [[ $NEXT_STEPS == "skip_check" ]]; then
echo "Skipping ssh auth and github login"
formatted_extra_vars="$formatted_extra_vars skip_git_ssh_auth=true"
elif [[ $NEXT_STEPS == "all_public" ]]; then
echo "All pr_branch URLs are public, continuing without ssh authentication"
formatted_extra_vars="$formatted_extra_vars skip_git_ssh_auth=true"
else
formatted_extra_vars="$formatted_extra_vars skip_git_ssh_auth=false"
echo " -------------------------------------------------------------------------------------"
echo "Testing SSH connection to Github with ssh -oStrictHostKeyChecking=no -T [email protected]"
echo "Using SSH key from $github_ssh_private_key_path"
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &)
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then
echo " ---------------------------------"
echo "Github SSH key successfully added!"
echo " ---------------------------------"
else
if [[ -z ${read_input} ]]; then
read_input="github_email"
else
read_input=$read_input",github_email"
fi
# Wait for apt-get install lock file to be released
while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do
echo "Waiting for apt-get install file lock..."
sleep 1
done
sudo apt-get install -y xclip
fi
IFS=',' read -ra inputdata <<< "$read_input"
for i in "${inputdata[@]}"; do
printf "Data input for $i:"
read -r input_data
if [[ "${i}" = "github_email" ]]; then
if [[ ! -f "$github_ssh_public_key_path" ]]; then
ssh-keygen -t rsa -b 4096 -q -C "$github_email" -N "" -f ${HOME}/.ssh/id_rsa
fi
eval "$(ssh-agent -s)"
ssh-add $github_ssh_private_key_path
xclip -sel clip < $github_ssh_public_key_path
echo " ----------------------------------------------------------------------------------------------------"
echo "Github SSH authentication failed with message: $ssh_test"
echo "There is an ssh public key in $github_ssh_public_key_path"
echo "xclip is installed and public ssh key is copied into clipboard"
echo "Right-click the URL below (don't copy the URL since your clipboard has the ssh key)"
echo "Select Open Link and follow the steps from number 2 onwards:"
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account"
echo " ----------------------------------------------------------------------------------------------------"
exit 1
printf "Confirm if you have added the SSH key to your Github account (y/n):"
read -r ssh_key_added
if [[ "$ssh_key_added" == "y" ]]; then
ssh_test=$(ssh -oStrictHostKeyChecking=no -T [email protected] 2>&1 &)
if [[ "$ssh_test" == *"You've successfully authenticated"* ]]; then
echo " ---------------------------------"
echo "Github SSH key successfully added!"
echo " ---------------------------------"
else
echo " ----------------------------------------------------------------------------------------------------"
echo "Github SSH authentication failed with message: $ssh_test"
echo " ----------------------------------------------------------------------------------------------------"
exit 1
fi
else
echo "You have specified pr_branches but haven't added a Github SSH key"
echo "Unable to proceed. See the link below"
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account"
exit 1
fi
fi
else
echo "You have specified pr_branches but haven't added a Github SSH key"
echo "Unable to proceed. See the link below"
echo "https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account"
exit 1
fi
formatted_extra_vars="$formatted_extra_vars $i=$input_data"
done
fi
formatted_extra_vars="$formatted_extra_vars $i=$input_data"
done
fi


IFS=',' read -ra securedata <<< "$read_secure"
for i in "${securedata[@]}"; do
printf "\nSecure data input for $i:"
Expand Down
2 changes: 0 additions & 2 deletions docker/molecule/docker/bionic/buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,13 @@ phases:
api_response=$(curl -s "https://api.github.com/repos/shadow-robot/aurora/pulls/$pr_number")
if [[ $(echo $api_response | jq -r '.head.ref') == 'null' ]]; then
echo "$api_response" | jq
echo "is null"
fi
branch=$(echo $api_response | jq -r '.head.ref')
elif [[ $CODEBUILD_SOURCE_VERSION =~ ^[0-9a-f]{40}$ ]]; then
branch=$(git ls-remote --symref origin | grep -m1 $CODEBUILD_SOURCE_VERSION | awk -F '/' '{print $NF}')
else
branch=$CODEBUILD_SOURCE_VERSION
fi
- echo $branch
- cd ..
- rm -rf aurora
- git clone https://github.com/shadow-robot/aurora.git
Expand Down
1 change: 0 additions & 1 deletion docker/molecule/docker/focal/buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ phases:
api_response=$(curl -s "https://api.github.com/repos/shadow-robot/aurora/pulls/$pr_number")
if [[ $(echo $api_response | jq -r '.head.ref') == 'null' ]]; then
echo "$api_response" | jq
echo "is null"
fi
branch=$(echo $api_response | jq -r '.head.ref')
elif [[ $CODEBUILD_SOURCE_VERSION =~ ^[0-9a-f]{40}$ ]]; then
Expand Down
1 change: 0 additions & 1 deletion docker/test/docker/bionic/buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ phases:
api_response=$(curl -s "https://api.github.com/repos/shadow-robot/aurora/pulls/$pr_number")
if [[ $(echo $api_response | jq -r '.head.ref') == 'null' ]]; then
echo "$api_response" | jq
echo "is null"
fi
branch=$(echo $api_response | jq -r '.head.ref')
elif [[ $CODEBUILD_SOURCE_VERSION =~ ^[0-9a-f]{40}$ ]]; then
Expand Down
1 change: 0 additions & 1 deletion docker/test/docker/focal/buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ phases:
api_response=$(curl -s "https://api.github.com/repos/shadow-robot/aurora/pulls/$pr_number")
if [[ $(echo $api_response | jq -r '.head.ref') == 'null' ]]; then
echo "$api_response" | jq
echo "is null"
fi
branch=$(echo $api_response | jq -r '.head.ref')
elif [[ $CODEBUILD_SOURCE_VERSION =~ ^[0-9a-f]{40}$ ]]; then
Expand Down

0 comments on commit 71bfd77

Please sign in to comment.