From fdf7fe25bf8f4166e483595bf69bbb72139a2339 Mon Sep 17 00:00:00 2001 From: Clark Feusier Date: Fri, 13 Feb 2026 14:26:00 -0800 Subject: [PATCH] ci: Fix SSH key leak and connection timeouts in e2e workflow Pre-generates SSH key quietly to prevent ssh-keygen stdout leak. Sets ConnectTimeout in SSH config so attempts fail fast instead of hanging indefinitely. Both apply globally to all gcloud SSH/SCP calls including harness scripts. --- .github/workflows/e2e-smoke.yml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e-smoke.yml b/.github/workflows/e2e-smoke.yml index e3a8185..f4453f8 100644 --- a/.github/workflows/e2e-smoke.yml +++ b/.github/workflows/e2e-smoke.yml @@ -62,18 +62,24 @@ jobs: exit 1 fi - # DIAGNOSTIC RUN — stderr visible, connect timeout, 3 attempts only + # Pre-generate SSH key quietly (gcloud's ssh-keygen leaks to stdout) ssh-keygen -t rsa -b 3072 -f ~/.ssh/google_compute_engine -N "" -q 2>/dev/null || true + # Set connect timeout so SSH attempts fail fast instead of hanging + echo -e "\nHost *\n ConnectTimeout 10" >> ~/.ssh/config echo "Waiting for SSH readiness..." - for i in 1 2 3; do - echo "--- SSH attempt $i/3 ---" - gcloud compute ssh "$VM_NAME" \ + for i in $(seq 1 30); do + if gcloud compute ssh "$VM_NAME" --quiet \ --zone="$VM_ZONE" --project="$GCP_PROJECT" \ --tunnel-through-iap \ - --ssh-flag="-o ConnectTimeout=10" \ - --command="echo ready" && { echo "VM is ready"; break; } - echo "Attempt $i failed (exit $?)" + --command="echo ready" 2>/dev/null; then + echo "VM is ready" + break + fi + if [ "$i" -eq 30 ]; then + echo "Timed out waiting for VM SSH" + exit 1 + fi sleep 5 done