From e0ecac20aa2f6af462cff3439b8b8b17307ec39d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20G=C3=BCttler?= Date: Tue, 2 Jun 2026 16:24:56 +0200 Subject: [PATCH] fix: ensure remote DAGGER_HOST is set and use more robust SSH setup --- scripts/setup_dagger_remote.sh | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/scripts/setup_dagger_remote.sh b/scripts/setup_dagger_remote.sh index fa13ee9..651d2d2 100755 --- a/scripts/setup_dagger_remote.sh +++ b/scripts/setup_dagger_remote.sh @@ -16,20 +16,23 @@ sops --decrypt --output-type json secrets.enc.yaml > "$SECRETS_JSON" DAGGER_SSH_KEY=$(jq -r '.DAGGER_SSH_KEY' "$SECRETS_JSON") DAGGER_ENGINE_HOST=$(jq -r '.DAGGER_ENGINE_HOST' "$SECRETS_JSON") -# Setup SSH +# Setup SSH directory and keys mkdir -p ~/.ssh chmod 700 ~/.ssh echo "$DAGGER_SSH_KEY" > ~/.ssh/dagger_key chmod 600 ~/.ssh/dagger_key -# Add remote host to known_hosts to satisfy Dagger's internal SSH client +# Add remote host to known_hosts to satisfy Dagger's internal Go SSH client. +# This prevents verification failures that could block the connection. ssh-keyscan -H "$DAGGER_ENGINE_HOST" >> ~/.ssh/known_hosts 2>/dev/null -# Use ssh-agent to manage the key for Dagger's internal SSH client +# Use ssh-agent to manage the key. Dagger's internal client will use this +# to authenticate without needing explicit identity file parameters in the URL. eval "$(ssh-agent -s)" ssh-add ~/.ssh/dagger_key -# Export _EXPERIMENTAL_DAGGER_RUNNER_HOST for redirection +# Export _EXPERIMENTAL_DAGGER_RUNNER_HOST for Dagger engine redirection. +# This tells the local Dagger CLI to use the remote engine via an SSH tunnel. export _EXPERIMENTAL_DAGGER_RUNNER_HOST="ssh://dagger@$DAGGER_ENGINE_HOST" if [ -n "${GITHUB_ENV:-}" ]; then echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=ssh://dagger@$DAGGER_ENGINE_HOST" >> "$GITHUB_ENV" @@ -37,12 +40,12 @@ if [ -n "${GITHUB_ENV:-}" ]; then echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" fi -# Verify -echo "Verifying connection to remote Dagger engine..." +# Verify the connection by running a simple Dagger query. +echo "Verifying connection to remote Dagger engine at $DAGGER_ENGINE_HOST..." if ! timeout 45 dagger query --progress=plain '{ version }' ; then echo "Error: Dagger engine unreachable via SSH at $DAGGER_ENGINE_HOST" - # Debug: try to just run id over ssh + # Debug: verify raw SSH connectivity to rule out basic network/auth issues. ssh -i ~/.ssh/dagger_key -o StrictHostKeyChecking=no "dagger@$DAGGER_ENGINE_HOST" "id" exit 1 fi -echo "Dagger connection verified." +echo "Dagger connection verified successfully."