mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-06 01:41:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

.github: make cigocacher script more robust

Browse Source 
We got a flake in https://github.com/tailscale/tailscale/actions/runs/19867229792/job/56933249360
but it's not obvious to me where it failed. Make it more robust and
print out more useful error messages for next time.

Updates tailscale/corp#10808

Change-Id: I9ca08ea1103b9ad968c9cc0c42a493981ea62435
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
This commit is contained in:
Tom Proctor 2025-12-02 17:35:15 +00:00
parent b8c58ca7c1
commit f8cd07fb8a
1 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.github/actions/go-cache/action.sh vendored
View File

@ -17,23 +17,52 @@ if [ -z "${GITHUB_ACTIONS:-}" ]; then
exit 1 exit 1
fi fi
if [ -z "$URL" ]; then if [ -z "${URL:-}" ]; then
echo "No cigocached URL is set, skipping cigocacher setup" echo "No cigocached URL is set, skipping cigocacher setup"
exit 0 exit 0
fi fi
JWT="$(curl -sSL -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=gocached" | jq -r .value)" curl_and_parse() {
local jq_filter="$1"
local step="$2"
shift 2
local response
local curl_exit
response="$(curl -sSL "$@" 2>&1)" || curl_exit="$?"
if [ "${curl_exit:-0}" -ne "0" ]; then
echo "${step}: ${response}" >&2
return 1
fi
local parsed
local jq_exit
parsed=$(echo "${response}" | jq -e -r "${jq_filter}" 2>&1) || jq_exit=$?
if [ "${jq_exit:-0}" -ne "0" ]; then
echo "${step}: Failed to parse JSON response:" >&2
echo "${response}" >&2
return 1
fi
echo "${parsed}"
return 0
}
JWT="$(curl_and_parse ".value" "Fetching GitHub identity JWT" \
-H "Authorization: Bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" \
"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=gocached")" || exit 0
# cigocached serves a TLS cert with an FQDN, but DNS is based on VM name. # cigocached serves a TLS cert with an FQDN, but DNS is based on VM name.
HOST_AND_PORT="${URL#http*://}" HOST_AND_PORT="${URL#http*://}"
FIRST_LABEL="${HOST_AND_PORT/.*/}" FIRST_LABEL="${HOST_AND_PORT/.*/}"
# Save CONNECT_TO for later steps to use. # Save CONNECT_TO for later steps to use.
echo "CONNECT_TO=${HOST_AND_PORT}:${FIRST_LABEL}:" >> "${GITHUB_ENV}" echo "CONNECT_TO=${HOST_AND_PORT}:${FIRST_LABEL}:" >> "${GITHUB_ENV}"
BODY="$(jq -n --arg jwt "$JWT" '{"jwt": $jwt}')" BODY="$(jq -n --arg jwt "$JWT" '{"jwt": $jwt}')"
CIGOCACHER_TOKEN="$(curl -sSL --connect-to "$HOST_AND_PORT:$FIRST_LABEL:" -H "Content-Type: application/json" "$URL/auth/exchange-token" -d "$BODY" | jq -r .access_token || true)" CIGOCACHER_TOKEN="$(curl_and_parse ".access_token" "Exchanging token with cigocached" \
if [ -z "$CIGOCACHER_TOKEN" ]; then --connect-to "${HOST_AND_PORT}:${FIRST_LABEL}:" \
echo "Failed token exchange with cigocached, skipping cigocacher setup" -H "Content-Type: application/json" \
exit 0 "$URL/auth/exchange-token" \
fi -d "$BODY")" || exit 0
# Wait until we successfully auth before building cigocacher to ensure we know # Wait until we successfully auth before building cigocacher to ensure we know
# it's worth building. # it's worth building.