Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SSH keys for pushing tags #49

Merged
merged 4 commits into from
Jan 16, 2020
Merged

Support SSH keys for pushing tags #49

merged 4 commits into from
Jan 16, 2020

Conversation

christopher-dG
Copy link
Member

Closes #47
Closes #48

I haven't tested this on a real repo yet but it should work. I'm going on holiday so I might not get around to those tests until around Monday/Tuesday.

@christopher-dG
Copy link
Member Author

Managed to find a bit of time, it's working as expected on my machine and I can't think of anything that would cause it to break in the Actions environment. @ericphanson or @DilumAluthge could you be my guinea pigs and try enabling this feature for any upcoming releases?

@christopher-dG christopher-dG merged commit 1664e76 into master Jan 16, 2020
@christopher-dG christopher-dG deleted the cdg/ssh branch January 16, 2020 03:37
@ericphanson
Copy link
Member

Will do! Do I need to do anything to update the workflow, or does it automatically draw from the master branch here? (Besides adding the ssh deploy key, I mean).

@christopher-dG
Copy link
Member Author

Nope, v1 is updated.

@ericphanson
Copy link
Member

ericphanson commented Jan 16, 2020

I tagged a patch release to test this out and try to get some stable docs; did not work out: https://github.com/ericphanson/UnbalancedOptimalTransport.jl/commit/146998c0fa5e2dd66b9d06f0e9a7865309c218a3/checks?check_suite_id=404143684

(I reused my documenter deploy key, but I thought that should be fine)

@christopher-dG
Copy link
Member Author

Thanks for the report 🙂 That actually seems to be a random network failure... care to hit retry (or just wait 20 minutes)?

@ericphanson
Copy link
Member

Ah, good to know! Let’s see what the next round brings then.

@christopher-dG
Copy link
Member Author

Now there's a real error 🙂 link

Could you set the ACTIONS_STEP_DEBUG secret to true as described here then retry?

@ericphanson
Copy link
Member

Ok, I made the secret and retriggered. Gotta go for a bit but I'll be back later.

@christopher-dG
Copy link
Member Author

Hm, that's puzzling. By all means it should be working... I'll look at this again tomorrow if I have a chance.

@ericphanson
Copy link
Member

Ah, I think it's my fault. The documenter key is base64 encoded. I added a separate deploy key for tagbot and the corresponding secret. I'm seeing weird errors now both for tagbot and CI (The following team project collection is stopped: S8rOy8DcAc2xRd3DTm9VCQLjdgQWYJKI4M0591MhYn7UpUtwsr. Start the collection and then try again. Administrator Reason: Creating Collection Host) so I think that's unrelated. I'll see what happens in an hour when tagbot runs again.

@ericphanson
Copy link
Member

ericphanson commented Jan 16, 2020

@christopher-dG
Copy link
Member Author

I think I fixed it! We'll see in an hour...

@christopher-dG
Copy link
Member Author

Got past the previous error and onto a new one! An "invalid key format". Is the key secret still a base64 private key that comes out of ssh-keygen?

@christopher-dG
Copy link
Member Author

I believe I've squashed the bug... https://serverfault.com/a/960647

@fredrikekre
Copy link
Member

I believe that is why Documenter base64-encodes the key, to get a one-line key.

@christopher-dG
Copy link
Member Author

That seems like a good idea. I added the ability to recognize those keys too so that they can be reused for TagBot.

@ericphanson
Copy link
Member

Thanks for the fix; using the TAGBOT_KEY I added resulted in failures, but switching back to the base64-encoded DOCUMENTER_KEY and retriggering tagbot caused it to work successfully and tag the release. That in turn successfully caused github ci (due to the trigger on: release and the use of the ssh key, I believe) to run, which in turn caused the docs build step to trigger. Unfortunately, however, that still did not build docs for the tag i.e. the stable docs.

So I'm actually still not really sure what's needed in order to make github ci + tagbot + documenter work properly.

@christopher-dG
Copy link
Member Author

christopher-dG commented Jan 18, 2020

The docs deployment looks like an unknown host issue with SSH (which is the exact issue that we saw first with TagBot): https://github.com/ericphanson/UnbalancedOptimalTransport.jl/runs/395589862#step:5:79

Which seems like it was mentioned in JuliaDocs/Documenter.jl#625 but the resolution seems to be "manage your known hosts file yourself" (whereas with TagBot we chose the less secure resolution of disabling the host key check).

Also it's interesting that using the unencoded key still fails, I'll have to look into that. If I can't get it to work then I'm cool with just requiring the keys to be encoded in the same manner as Documenter.

Oh and one more thing: the docs build is actually a push event (the push of the tag), not a release (the token that created the release can't trigger events). So you can remove the release event from your CI workflow if you want.

@ericphanson
Copy link
Member

Thanks very much for the diagnosis :). Hmm, secure seems good but I’m not really sure how to add to the known hosts in this setting, or if they will be stable. Do you think my next step would be to ask on that documenter issue?

@christopher-dG
Copy link
Member Author

This seems to be the way to go https://stackoverflow.com/questions/13363553/git-error-host-key-verification-failed-when-connecting-to-remote-repository#29380765

I'll try that in TagBot in a while. But yes for the Documenter part, you can ask about it there or just do the keyscan in a step before the docs.

@ericphanson
Copy link
Member

This seems to be the way to go https://stackoverflow.com/questions/13363553/git-error-host-key-verification-failed-when-connecting-to-remote-repository#29380765

I'll try that in TagBot in a while. But yes for the Documenter part, you can ask about it there or just do the keyscan in a step before the docs.

It works! Just needed to add a mkdir -p ~/.ssh first to create the directory.

https://github.com/ericphanson/UnbalancedOptimalTransport.jl/blob/8585054cccb74a05a4624f1f915b9600f036eab2/.github/workflows/ci.yml#L40-L42

Finally, stable docs :). Thanks very much for the help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

TagBot workflow does not trigger CI, preventing docs for tags
3 participants