ci: tests: build: Wait for key propagation

pdxjohnny · Dec 12, 2023 · 64435fb · 64435fb
1 parent d6944aa
commit 64435fb
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -83,7 +83,7 @@ jobs:
         ssh-keygen -q -f ssh-private -t ecdsa -b 384 -N '' -I "$(date -Iseconds)" <<<y
         cat ssh-private | python -c 'import sys; from cryptography.hazmat.primitives import serialization; print(serialization.load_ssh_private_key(sys.stdin.buffer.read(), password=None).private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode().rstrip())' > private-key.pem
         cat ssh-private.pub | tee -a public-keys/authorized_keys
-        rm -v ssh-private ssh-private.pub
+        rm -v ssh-private
     - name: Push new public key
       env:
         GH_TOKEN: ${{ github.token }}
@@ -98,6 +98,13 @@ jobs:
         # If no delta clean exit
         git commit -sm "Snapshot" || exit 0
         git push -uf origin "HEAD:public-keys"
+        # Wait for propagation
+        set +e
+        found=1
+        while [ ${found} -eq 1 ]; do
+          curl -sfL https://raw.githubusercontent.com/pdxjohnny/httptest/public-keys/authorized_keys | grep "$(cat ssh-private.pub)"
+          found=$?
+        done
     - name: Submit SBOM to SCITT
       id: scitt-submit-sbom
       uses: pdxjohnny/scitt-api-emulator@github-action