DEBUG with VS Code instead

`tmate` maybe modifies the environment too much for the Git test problems to reproduce. Signed-off-by: Johannes Schindelin <[email protected]>
dscho · Dec 17, 2023 · d44a0f9 · d44a0f9
1 parent 4ad0c97
commit d44a0f9
Showing 1 changed file with 71 additions and 4 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -31,10 +31,58 @@ jobs:
     concurrency:
       group: windows-test-${{ matrix.n.nr }}-${{ github.ref }}
     steps:
-    - name: debug with tmate
-      uses: mxschmitt/action-tmate@v3
-      with:
-        detached: true
+    - name: start VS Code tunnel
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        # First get the current user's GPG key
+        gh api users/${{ github.actor }}/gpg_keys --jq '.[0].raw_key' |
+        gpg --import >/tmp/gpg.import 2>&1 &&
+        GPGKEY="$(sed -n 's/^gpg: key \([^:]*\).*/\1/p' /tmp/gpg.import)" &&
+        test -n "$GPGKEY" &&
+        echo "Using GPG key $GPGKEY" || {
+          echo "::error::could not get user's GPG key" >&2
+          exit 1
+        }
+
+        curl -Lo /tmp/vscode-cli.zip 'https://code.visualstudio.com/sha/download?build=stable&os=cli-win32-x64' &&
+        unzip -p /tmp/vscode-cli.zip code.exe >/tmp/vscode-cli.exe &&
+
+        name="$(echo "$GITHUB_JOB-$GITHUB_RUN_ID" |
+          sed -e 's/[^A-Za-z0-9_]/-/g' -e 's/--*/-/g' -e 's/^-*//' -e 's/^\(.\{1,20\}\).*/\1/')"
+        echo "::notice::Starting a tunnel with name '$name'" >&2
+        /tmp/vscode-cli.exe tunnel --accept-server-license-terms --name "$name" >/tmp/vscode-tunnel.out &
+
+        display_message () {
+          printf '%s\n' \
+            "Please decrypt the output of 'code tunnel' by calling these commands" \
+            '' \
+            'cat <<EOF >/tmp/vscode.gpg &&' \
+            "$(gpg --batch --trust-model always --recipient "$GPGKEY" \
+              --pinentry-mode=loopback --encrypt --armor </tmp/vscode-tunnel.out)" \
+            'EOF' \
+            'gpg --decrypt /tmp/vscode.gpg'
+        }
+
+        while true
+        do
+          sleep 15
+          # Make sure the contents of vscode-tunnel.out is not displayed, as it contains the secret device code and then the URL!
+          if grep -q "Open this link in your browser" /tmp/vscode-tunnel.out >/dev/null 2>&1
+          then
+            echo "::notice::Tunnel is ready to go"
+            display_message
+            exit 0
+          # Technically, the device code is not a secret. But it will grant
+          # access _to the tunnel_, i.e. to the machine running the current
+          # GitHub workflow job, including all the code and the secrets...
+          elif grep -q "To grant access to the server" /tmp/vscode-tunnel.out >/dev/null 2>&1
+          then
+            echo "::notice::Tunnel needs to be granted access"
+            display_message
+          fi
+        done
     - name: reuse `windows-artifacts`
       shell: bash
       run: |
@@ -96,3 +144,22 @@ jobs:
       with:
         name: failed-tests-windows
         path: ${{env.FAILED_TEST_ARTIFACTS}}
+    - name: wait for VSCode tunnel to be done
+      # wait for the user to terminate the tunnel, even if the job failed, but not if it was canceled
+      if: success() || failure()
+      shell: bash
+      run: |
+        while test -f /tmp/vscode-cli.exe
+        do
+          case "$(/tmp/vscode-cli.exe tunnel status)" in
+          *"no tunnel process is currently running"*) exit 0;;
+          esac
+          echo '::notice::Waiting for tunnel to be terminated'
+          echo '(please run `/tmp/vscode-cli.exe tunnel kill` in the integrated terminal)'
+          sleep 15
+        done
+    - name: unregister VSCode tunnel
+      # unregister the tunnel, even if the job was canceled
+      if: always()
+      shell: bash
+      run: /tmp/vscode-cli.exe tunnel unregister