ci/ipsec: Print more info to debug credentials removal check failures

In commit 6fee46f ("ci/ipsec: Fix downgrade version retrieval") we added a check to make sure that GitHub credentials are removed before pulling the untrusted branch from the Pull Request's author. It appears that this check occasionally fails and causes the whole job to abort. But Cilium's repository _is_ public, and it's unclear why ".private == false" does not evaluate to "false" as we expected in that case. Did the curl request fail? Did the reply miss the expected .private field? We'll probably loosen the check as a workaround, but before that it would be interesting to understand better what's going on. Here we remove the -s flag from curl and print the reply from the GitHub API request, so we can better understand what's going on next time we observe a failure. Signed-off-by: Quentin Monnet <qmo@qmon.net>
cilium · Mar 28, 2024 · 34e8045 · 34e8045
1 parent 458b5cc
commit 34e8045
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/tests-ipsec-upgrade.yaml b/.github/workflows/tests-ipsec-upgrade.yaml
@@ -222,11 +222,12 @@ jobs:
         run: |
           # For private repositories requiring authentication, check that we
           # can no longer fetch from the repository.
-          if ! curl -sL \
+          if ! curl -L \
             -H "Accept: application/vnd.github+json" \
             -H "X-GitHub-Api-Version: 2022-11-28" \
             "https://api.github.com/repos/${{ github.repository }}" | \
-            jq --exit-status '.private == false'; then
+            tee /dev/stderr | \
+            'jq --exit-status ".private == false"'; then
             echo 'Checking whether "git fetch" succeeds'
             if git fetch origin HEAD; then
               echo "::error::Git credentials not removed, aborting now."