ci: add verbose debugging to Vault token step
Some checks failed
Deploy to K8s / deploy (push) Failing after 7s
Some checks failed
Deploy to K8s / deploy (push) Failing after 7s
Split curl calls into separate variables and log intermediate responses to stderr to identify which request is failing. Added set -euxo pipefail for immediate failure visibility. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jan Novak
@@ -19,15 +19,23 @@ jobs:
|
||||
- name: Get Kanidm token from Vault
|
||||
id: vault
|
||||
run: |
|
||||
set -euxo pipefail
|
||||
|
||||
# Authenticate to Vault (AppRole — no CLI needed)
|
||||
VAULT_TOKEN=$(curl -sf --request POST \
|
||||
VAULT_AUTH_RESPONSE=$(curl -f --request POST \
|
||||
--data '{"role_id":"${{ secrets.VAULT_ROLE_ID }}","secret_id":"${{ secrets.VAULT_SECRET_ID }}"}' \
|
||||
https://vault.hrajfrisbee.cz/v1/auth/approle/login | jq -r '.auth.client_token')
|
||||
https://vault.hrajfrisbee.cz/v1/auth/approle/login)
|
||||
|
||||
echo "Vault auth response: $VAULT_AUTH_RESPONSE" >&2
|
||||
VAULT_TOKEN=$(echo "$VAULT_AUTH_RESPONSE" | jq -r '.auth.client_token')
|
||||
|
||||
# Read the kanidm API token
|
||||
API_TOKEN=$(curl -sf \
|
||||
SECRET_RESPONSE=$(curl -f \
|
||||
-H "X-Vault-Token: ${VAULT_TOKEN}" \
|
||||
https://vault.hrajfrisbee.cz/v1/secret/data/k8s_home/gitea/gitea-ci-token | jq -r '.data.data.token')
|
||||
https://vault.hrajfrisbee.cz/v1/secret/data/k8s_home/gitea/gitea-ci-token)
|
||||
|
||||
echo "Secret response: $SECRET_RESPONSE" >&2
|
||||
API_TOKEN=$(echo "$SECRET_RESPONSE" | jq -r '.data.data.token')
|
||||
|
||||
echo "::add-mask::${API_TOKEN}"
|
||||
echo "api_token=${API_TOKEN}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
Reference in New Issue
Block a user