-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates windows-wcow runner to be GitHub-hosted vs self-hosted #1491
Conversation
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Looks like some of the directory permissions also need to be adjusted for the tests |
ssh_dialer_test.go is failing with errors such as: Following the code, I believe we may need to update the following file: https://github.com/buildpacks/pack/blob/main/internal/sshdialer/windows_test.go As I'm not too familiar with this code, I'm unsure how to proceed. |
@matejvasek @jromero do you have any advice here? |
No idea why it cannot be read. |
I mean I don't see why it would behave differently on this runner. |
func fixupPrivateKeyMod(path string) {
err := acl.Chmod(path, 0400)
if err != nil {
panic(err)
}
} |
@matejvasek still seeing failure (though not as many?) here: https://github.com/buildpacks/pack/runs/7526815315?check_suite_focus=true#step:11:3891
|
Is there more of the output? |
This may be too caused by access right -- if private key file is "too visible" |
maybe not, the dial-stdio test uses ssh agent not direct file access. |
actually it's not using agent but file |
but if it was access right there should be message about it in output |
|
diff --git a/internal/sshdialer/ssh_dialer_test.go b/internal/sshdialer/ssh_dialer_test.go
index 9912f853..0c13a05a 100644
--- a/internal/sshdialer/ssh_dialer_test.go
+++ b/internal/sshdialer/ssh_dialer_test.go
@@ -948,7 +948,7 @@ SSH_BIN -o PasswordAuthentication=no -o ConnectTimeout=3 -o UserKnownHostsFile="
`
if runtime.GOOS == "windows" {
sshScript = `@echo off
-SSH_BIN -o PasswordAuthentication=no -o ConnectTimeout=3 -o UserKnownHostsFile=%USERPROFILE%\.ssh\known_hosts %*
+"SSH_BIN" -o PasswordAuthentication=no -o ConnectTimeout=3 -o UserKnownHostsFile=%USERPROFILE%\.ssh\known_hosts %*
`
}
sshScript = strings.ReplaceAll(sshScript, "SSH_BIN", sshAbsPath) maybe just maybe |
or maybe |
quotes are not helping... |
@natalieparellano any idea what could cause:
|
Isn't the test running under some weird user? |
@matejvasek thanks for looking into this. I am not sure who the user in this case - I will check. |
@natalieparellano diff --git a/internal/sshdialer/ssh_dialer_test.go b/internal/sshdialer/ssh_dialer_test.go
index 3872ef54..2bb40d5d 100644
--- a/internal/sshdialer/ssh_dialer_test.go
+++ b/internal/sshdialer/ssh_dialer_test.go
@@ -932,17 +932,9 @@ func (b badAgent) Signers() ([]ssh.Signer, error) {
func withFixedUpSSHCLI(t *testing.T) func() {
t.Helper()
- which := "which"
- if runtime.GOOS == "windows" {
- which = "where"
- }
-
- out, err := exec.Command(which, "ssh").CombinedOutput()
+ sshAbsPath, err := exec.LookPath("ssh")
th.AssertNil(t, err)
- sshAbsPath := string(out)
- sshAbsPath = strings.Trim(sshAbsPath, "\r\n")
-
sshScript := `#!/bin/sh
"SSH_BIN" -o PasswordAuthentication=no -o ConnectTimeout=3 -o UserKnownHostsFile="$HOME/.ssh/known_hosts" $@
`
|
Seems this is not correct, it makes key "too visible". We need to revert this, which gets us back. |
diff --git a/internal/sshdialer/windows_test.go b/internal/sshdialer/windows_test.go
index 304549d9..29ba7319 100644
--- a/internal/sshdialer/windows_test.go
+++ b/internal/sshdialer/windows_test.go
@@ -10,6 +10,7 @@ import (
"strings"
"github.com/hectane/go-acl"
+ "golang.org/x/sys/windows"
"gopkg.in/natefinch/npipe.v2"
)
@@ -18,11 +19,17 @@ func fixupPrivateKeyMod(path string) {
if err != nil {
panic(err)
}
+
+ sid, err := windows.StringToSid(usr.Uid)
+ if err != nil {
+ panic(err)
+ }
+
mode := uint32(0400)
err = acl.Apply(path,
true,
false,
- acl.GrantName(((mode&0700)<<23)|((mode&0200)<<9), usr.Name))
+ acl.GrantSid(((mode&0700)<<23)|((mode&0200)<<9), sid))
// See https://github.com/hectane/go-acl/issues/1
if err != nil && err.Error() != "The operation completed successfully." { |
The name is empty hence the patch above using sid. |
The sid it not working either 😢 |
maybe |
Username seems to work. |
Beside |
Signed-off-by: Natalie Arellano <narellano@vmware.com>
e782d2d
to
4fc0140
Compare
Codecov Report
@@ Coverage Diff @@
## main #1491 +/- ##
==========================================
+ Coverage 77.54% 81.37% +3.84%
==========================================
Files 151 152 +1
Lines 9859 9864 +5
==========================================
+ Hits 7644 8026 +382
+ Misses 1760 1361 -399
- Partials 455 477 +22
Flags with carried forward coverage won't be shown. Click here to find out more. |
Thank you so much @matejvasek !!! |
We have migrated WCOW from a self-hosted runner to a GH hosted runner (thanks to buildpacks/pack#1491). Additionally, new changes to Terraform Cloud environment nc is no longer available. We removed the script that waits for SSH connection and instead simply increased the connection timeout to 15m. Signed-off-by: Javier Romero <rjavier@vmware.com>
In theory this would allow us to maintain one less worker