From 75ae509755cec82bf5b4c2ff8643fbc7d5ad1f32 Mon Sep 17 00:00:00 2001
From: mvgijssel <6029816+mvgijssel@users.noreply.github.com>
Date: Sun, 11 Sep 2022 10:03:20 +0200
Subject: [PATCH] Fix sshing into macos host (#104)

* Run docker in interactive mode when passing arguments to inspec_runner

* Fix SSH'ing into macOS host
---
 .github/workflows/test.yml        | 4 +---
 tools/docker/docker.bzl           | 9 ++++++++-
 tools/macos/macos-remote-setup.sh | 5 ++++-
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6f5813a02..0629cf433 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
     if: needs.select_tests_to_run.outputs.run-workstation-test == 'true'
     name: Workstation test
     needs: select_tests_to_run
-    timeout-minutes: 120
+    timeout-minutes: 30
     runs-on: macos-12
     steps:
       - uses: actions/checkout@v1
@@ -55,8 +55,6 @@ jobs:
       - run: brew install docker colima
       - run: colima start
       - run: docker image ls
-      - name: Setup tmate session
-        uses: mxschmitt/action-tmate@v3
       - run: bazel run //workstation:test
 
   hypervisor-test:
diff --git a/tools/docker/docker.bzl b/tools/docker/docker.bzl
index 1c8502ba2..8dcd8a30e 100644
--- a/tools/docker/docker.bzl
+++ b/tools/docker/docker.bzl
@@ -17,13 +17,20 @@ def docker_load_and_run(name, image, command, docker_args = []):
         DOCKER_DIGEST=$$(cat $$DOCKER_DIGEST_FILE)
         DOCKER_LOAD_FILE=$$(rlocation $(WORKSPACE_NAME)/$(rootpath {image_label}))
 
+        # if CLI_ARGS is set, then add interactive flag
+        if [[ ! -z "$$CLI_ARGS" ]]; then
+            DOCKER_INTERACTIVE_ARGS="-it"
+        else
+            DOCKER_INTERACTIVE_ARGS=""
+        fi
+
         if ! docker image inspect $$DOCKER_DIGEST > /dev/null 2>&1 ; then
             $$DOCKER_LOAD_FILE
         else
             echo "Image already exists"
         fi
 
-        docker run --rm -t {docker_args} $$DOCKER_DIGEST $$ARGS
+        docker run --rm $$DOCKER_INTERACTIVE_ARGS {docker_args} $$DOCKER_DIGEST $$ARGS
         """.format(
             command = command,
             docker_args = " ".join(docker_args),
diff --git a/tools/macos/macos-remote-setup.sh b/tools/macos/macos-remote-setup.sh
index c7d67ceaa..55b144ce9 100755
--- a/tools/macos/macos-remote-setup.sh
+++ b/tools/macos/macos-remote-setup.sh
@@ -17,9 +17,12 @@ fi
 # if authorized_keys does not exist, create it
 if [ ! -f "$AUTHORIZED_KEYS" ]; then
     touch "$AUTHORIZED_KEYS"
-    chmod 600 "$AUTHORIZED_KEYS"
 fi
 
+# Ensure the right permissions are set for SSH
+chmod 600 "$AUTHORIZED_KEYS"
+chmod 700 "$HOME/.ssh"
+
 # add the public key to the authorized_keys file if it is not already there
 if ! grep -q "$(cat $SECRETS_DIR/id_rsa.pub)" $AUTHORIZED_KEYS; then
     cat $SECRETS_DIR/id_rsa.pub >> $AUTHORIZED_KEYS