Fix sshing into macos host (#104)

* Run docker in interactive mode when passing arguments to inspec_runner * Fix SSH'ing into macOS host
vgijssel · Sep 11, 2022 · 75ae509 · 75ae509
1 parent 049bde0
commit 75ae509
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
     if: needs.select_tests_to_run.outputs.run-workstation-test == 'true'
     name: Workstation test
     needs: select_tests_to_run
-    timeout-minutes: 120
+    timeout-minutes: 30
     runs-on: macos-12
     steps:
       - uses: actions/checkout@v1
@@ -55,8 +55,6 @@ jobs:
       - run: brew install docker colima
       - run: colima start
       - run: docker image ls
-      - name: Setup tmate session
-        uses: mxschmitt/action-tmate@v3
       - run: bazel run //workstation:test
 
   hypervisor-test:

diff --git a/tools/docker/docker.bzl b/tools/docker/docker.bzl
@@ -17,13 +17,20 @@ def docker_load_and_run(name, image, command, docker_args = []):
         DOCKER_DIGEST=$$(cat $$DOCKER_DIGEST_FILE)
         DOCKER_LOAD_FILE=$$(rlocation $(WORKSPACE_NAME)/$(rootpath {image_label}))
 
+        # if CLI_ARGS is set, then add interactive flag
+        if [[ ! -z "$$CLI_ARGS" ]]; then
+            DOCKER_INTERACTIVE_ARGS="-it"
+        else
+            DOCKER_INTERACTIVE_ARGS=""
+        fi
+
         if ! docker image inspect $$DOCKER_DIGEST > /dev/null 2>&1 ; then
             $$DOCKER_LOAD_FILE
         else
             echo "Image already exists"
         fi
 
-        docker run --rm -t {docker_args} $$DOCKER_DIGEST $$ARGS
+        docker run --rm $$DOCKER_INTERACTIVE_ARGS {docker_args} $$DOCKER_DIGEST $$ARGS
         """.format(
             command = command,
             docker_args = " ".join(docker_args),

diff --git a/tools/macos/macos-remote-setup.sh b/tools/macos/macos-remote-setup.sh
@@ -17,9 +17,12 @@ fi
 # if authorized_keys does not exist, create it
 if [ ! -f "$AUTHORIZED_KEYS" ]; then
     touch "$AUTHORIZED_KEYS"
-    chmod 600 "$AUTHORIZED_KEYS"
 fi
 
+# Ensure the right permissions are set for SSH
+chmod 600 "$AUTHORIZED_KEYS"
+chmod 700 "$HOME/.ssh"
+
 # add the public key to the authorized_keys file if it is not already there
 if ! grep -q "$(cat $SECRETS_DIR/id_rsa.pub)" $AUTHORIZED_KEYS; then
     cat $SECRETS_DIR/id_rsa.pub >> $AUTHORIZED_KEYS