24 comments

[ 3.2 ms ] story [ 51.7 ms ] thread
Author here, this was something I wrote for fun/because I wanted to use it. Happy to answer any questions
I love this use of hole punching, also love how the author handled authentication.

I have definitely been in the position of needing to tweak a workflow over and over to get it to work, wasting hours when a terminal into the action would have allowed me to close the loop in minutes. Nice work to the author!

That's my hill to die on : you must have a self hosted agent.

You can have many cloud agents as you wish but you must at least have one where you can remotely connect.

It has saved me hours of troubleshooting and polluting "workflow v1.3.56_final_should_work_2" commits

There are many tools and techniques like this. Not a nock against this tool, just an observation that we seemingly need these tools.

Is there no better way, GitHub?

Dagger. Workflows that run anywhere, including locally.
I'll second this.

I've used this action to debug builds, and it works beautifully.

However, I've had to stop because the action isn't a 'verified' action and corporate policy.

I'd love to see github themselves offer something like this.

tmate.io returns a 503. Hugged to death by your comment?
I have written https://github.com/efrecon/sshd-cloudflared to solve the same problem. It provides you with an SSH connection inside a transient cloudflare tunnel. The connection is only accessible to the SSH public keys stored in your GitHub account.
That the entire ecosystem seems to have moved to GitHub Actions is such a loss for productivity. I remember when CircleCI first launched, and you could "Rebuild with SSH" which gave you a bash command to connect to the running instance whenever you wanted, was such a no-brainer, and I'm sure why many of us ended up using CircleCI for years. Eventually CircleCI became too expensive, but I still thought that if other services learnt anything from CircleCI, it would be this single feature, because of the amount of hours it saved thousands of developers.

Lo and behold, when GitHub Actions first launched, that feature was nowhere to be seen, and I knew from that moment on that betting on GitHub Actions would be a mistake, if they didn't launch with such a table-stakes feature. Seems still Microsoft didn't get their thumb out, and wasting countless developer's time with this, sad state of affairs.

Thank you pbiggar for the time we got with CircleCI :) Here's to hoping we'll have CircleCI.V2 appearing at some point in the future, I just know it involves DAGs and "Rebuild with SSH" somehow :)

Still using CircleCI. I do not love YAML at all, in fact I hate it because it's basically a 1980s text preprocessor on steroids and with dependency management. Too much logic applied to config that depends on implicit syntax and unintuitive significant whitespace.

I mean, I had an issue once where this broke the pipeline:

   key:
     - value 1
     - value 2
But this was fine:

    key:
    - value 1
    - value 2
Fuck that noise!

Otherwise it works just as good as it ever did and I don't miss Github Actions where every pipeline step is packaged into a dependency. I think Github has stagnated harder than CircleCI.

I've gotten used to this essential feature too via Semaphore CI, and I just can't stand not being able to SSH into a GitHub Action. Debugging is so slow.
You can use http://deadsimpleci.sparrowhub.io it allows to debug ci locally , as under the hood this is just a docker and your scripts ( Python, bash, whatever ), no magic, , the project is in active development and I am open for feedback
We (CircleCI) are still there, and doing just fine :) Out of interest, what are you currently missing and what would those "essential" V2 features be? tnx for sharing your thoughts!
When I see stuff like this, I think wow that is cool. But then I think about doing it myself and I get nervous about security ramifications. I don't know enough myself to know if author knows the right way ya know??
I gave GH actions a chance when our org moved from Bamboo but I still hate it. I think i have to do more to get a build going.
I want this for Gitlab so badly
I solved it by adding a simple Tailscale action to handle failure. It creates an ephemeral instance and waits for connections for 3 minutes. Then it loops while there's an active SSH session present.

It's that simple: https://gist.github.com/Cyberax/9edbde51380bf7e1b298245464a2... and it saved me _hours_ of debug time.

I've moved all my CI/CD to use Taskfiles inside a Docker container since then, so my local environment can replicate the CI/CD environment up to the GITHUB_TOKEN. Still, being able to poke around Github builders is great.

You also got the Tesla keys, nice!
Why SSH to the build agent when you can run your actions locally using the excellent https://github.com/nektos/act
I only have pretty tame actions workflows and I have had a hard time replicating simple set ups with this. I can't imagine a company with more complicated setups.

What I wish is github codespaces could just do this out of the box, at least for a specific action/runner.

Wow that's great, I'm definitely going to try it. This guy knows what he is doing.