test workflow #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a basic workflow to help you get started. | |
| # It will take the following action whenever a push is made to the "main" branch. | |
| on: | |
| push: | |
| branches: | |
| - auth | |
| jobs: | |
| demo: | |
| permissions: | |
| # The "id-token: write" permission is required or Machine ID will not be | |
| # able to authenticate with the cluster. | |
| id-token: write | |
| contents: read | |
| # The name of the workflow, and the Linux distro to be used to perform the | |
| # required steps. | |
| name: example | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Fetch Teleport binaries | |
| uses: teleport-actions/setup@v1 | |
| with: | |
| version: 16.4.6 | |
| - name: Fetch credentials using Machine ID | |
| id: auth | |
| uses: teleport-actions/auth@v2 | |
| with: | |
| # Use the address of the auth/proxy server for your own cluster. | |
| proxy: conductorone.teleport.sh:443 | |
| # Use the name of the join token resource you created in step 1. | |
| token: example-token | |
| # Specify the length of time that the generated credentials should be | |
| # valid for. This is optional and defaults to "1h" | |
| certificate-ttl: 1h | |
| # Enable the submission of anonymous usage telemetry. This | |
| # helps us shape the future development of `tbot`. You can disable this | |
| # by omitting this. | |
| anonymous-telemetry: 1 | |
| - name: List nodes (tsh) | |
| # Enters a command from the cluster, in this case "tsh ls" using Machine | |
| # ID credentials to list remote SSH nodes. | |
| run: tsh ls | |
| - name: List nodes (tctl) | |
| run: tctl nodes ls | |
| - name: Run hostname via SSH (tsh) | |
| # Ensure that `root` matches the username of a remote SSH username, and | |
| # that hostname matches an SSH host name that is a part of the Teleport | |
| # cluster configured for access. | |
| run: tsh ssh root@38362a9e9008 hostname | |
| - name: Run hostname via SSH (OpenSSH) | |
| run: ssh -F ${{ steps.auth.outputs.ssh-config }} [email protected] hostname |