The test is checking that opal common can clone a private repo.
we sometimes need to clone a private repo when the policy code synced to opal is stored on a private git repo.
the only way to authenticate to a private github repo is with SSH, and not with HTTPS.
when running in CI (github actions) if the repo is private or (currently) when running locally on a machine of a developer who does not have the private ssh key to this repo: https://github.com/authorizon/fastapi_websocket_pubsub
creates to files (one with .pub ext which is the public key and one without ext which is the private key)
add the public key you creates as a deploy key on github (on the disposable repo settings)
the test needs to get the ssh key
RepoCloner(
repo_url=VALID_REPO_REMOTE_URL_SSH,
clone_path=target_path,
ssh_key=PRIVATE_SSH_KEY_FOR_TEST. <- can get from env var (default empty string)
).clone()
Background
The test is checking that opal common can clone a private repo.
we sometimes need to clone a private repo when the policy code synced to opal is stored on a private git repo. the only way to authenticate to a private github repo is with SSH, and not with HTTPS.
cloning with HTTPS is done with a clone url like this: https://github.com/authorizon/fastapi_websocket_pubsub.git cloning with SSH is done with a clone url like this: git@github.com:authorizon/fastapi_websocket_pubsub.git
why the test is failing
when running in CI (github actions) if the repo is private or (currently) when running locally on a machine of a developer who does not have the private ssh key to this repo: https://github.com/authorizon/fastapi_websocket_pubsub
The test is failing on line: https://github.com/authorizon/opal/blob/380eed6812a5452935bb93f37f733690280550b2/opal_common/git/tests/repo_cloner_test.py#L111
in CI we do this, and although the clone is failing, the test expects to fail:
what we should do instead:
creates to files (one with .pub ext which is the public key and one without ext which is the private key)
add the public key you creates as a deploy key on github (on the disposable repo settings)
the test needs to get the ssh key
can test that works with
PRIVATE_SSH_KEY_FOR_TEST= pytest -s path/to/test.py
key contents should be the contents of the private ssh key file, but with newlines encoded as _
in ipython