rcm-ci/.github/workflows/ssh-step-vagrant.yml at main · Giuncan/rcm-ci · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# This is a basic workflow to help you get started with Actions

name: ssh-step-vagrant

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the "main" branch
  # push:
  #   branches: [ "main" ]
  # pull_request:
  #   branches: [ "main" ]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# env:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  compile:
    name: Compile site assets
    runs-on: ubuntu-latest
    steps:
    - name: Checkout the repo
      uses: actions/checkout@v4.1.1

    - name: Set up Python
      uses: actions/setup-python@v5.0.0
      with:
        python-version: "3.10"

    - name: Install dependencies
      run: |
        pip install paramiko==3.4

    - name: Install vagrant
      run: |
        wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
        echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

        wget -qO - https://www.virtualbox.org/download/oracle_vbox_2016.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/oracle-virtualbox-2016.gpg -
        echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian jammy contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
        sudo apt update
        sudo apt search virtualbox
        sudo apt install vagrant virtualbox

    - name: Install smallstep
      run: |
        wget https://dl.smallstep.com/cli/docs-cli-install/latest/step-cli_amd64.deb
        sudo dpkg -i step-cli_amd64.deb
        which step

    - name: Startup step ca
      run: |
        vagrant up --provider=virtualbox 2>&1 | tee build.log
        vagrant ssh-config
        sudo echo "192.168.56.10 stepca" | sudo tee -a /etc/hosts

    - name: Add /root/.step/certs/ssh_host_ca_key.pub to .ssh/known_hosts
      run: |
        mkdir -p ~/.ssh
        grep cert-authority build.log | awk '{print $2, $3, $4, $5}' >> ~/.ssh/known_hosts
        cat ~/.ssh/known_hosts

    - name: Bootstrap step ca
      run: |
        FINGERPRINT=$(grep "Root fingerprint" build.log | awk '{print $NF}')
        echo "${FINGERPRINT:?}"
        step ca bootstrap --fingerprint "$FINGERPRINT" --ca-url=https://stepca:8443

    - name: Login
      run: |
        eval $(ssh-agent)
        echo password > password.txt
        step ssh login testuser --provisioner step-ca@example.com --password-file password.txt
        ssh-add -l
        ssh testuser@stepca 'echo SSH login successed'

        python test_paramiko.py stepca testuser 22 None True || echo "failed as expected"
        PARAMIKO_FILE="$(python -c "import paramiko, os; print(os.path.dirname(paramiko.__file__))")/auth_handler.py"
        sed -i'.bak' -e 's/if key.public_blob:/if hasattr(key, "public_blob") and key.public_blob:/' $PARAMIKO_FILE
        python test_paramiko.py stepca testuser 22 None True && echo "success as expected"