test workflow

.github/workflows/ci.yaml

@@ -87,6 +87,7 @@ jobs:
         run: ./scripts/get-baton.sh && mv baton /usr/local/bin
       - name: Get baton resources
         run: baton resources
+
       - name: Grant entitlement
         if: env.CONNECTOR_ENTITLEMENT != '' && env.CONNECTOR_PRINCIPAL != '' && env.CONNECTOR_PRINCIPAL_TYPE != ''
         run: | 

.github/workflows/example-workflow.yaml

@@ -0,0 +1,52 @@
+# This is a basic workflow to help you get started.
+# It will take the following action whenever a push is made to the "main" branch.
+on:
+  push:
+    branches:
+    - auth
+jobs:
+  demo:
+    permissions:
+      # The "id-token: write" permission is required or Machine ID will not be
+      # able to authenticate with the cluster.
+      id-token: write
+      contents: read
+    # The name of the workflow, and the Linux distro to be used to perform the
+    # required steps.
+    name: example
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Fetch Teleport binaries
+      uses: teleport-actions/setup@v1
+      with:
+        version: 16.4.6
+    - name: Fetch credentials using Machine ID
+      id: auth
+      uses: teleport-actions/auth@v2
+      with:
+        # Use the address of the auth/proxy server for your own cluster.
+        proxy: conductorone.teleport.sh:443
+        # Use the name of the join token resource you created in step 1.
+        token: example-token
+        # Specify the length of time that the generated credentials should be
+        # valid for. This is optional and defaults to "1h"
+        certificate-ttl: 1h
+        # Enable the submission of anonymous usage telemetry. This
+        # helps us shape the future development of `tbot`. You can disable this
+        # by omitting this.
+        anonymous-telemetry: 1
+    - name: List nodes (tsh)
+      # Enters a command from the cluster, in this case "tsh ls" using Machine
+      # ID credentials to list remote SSH nodes.
+      run: tsh ls
+    - name: List nodes (tctl)
+      run: tctl nodes ls
+    - name: Run hostname via SSH (tsh)
+      # Ensure that `root` matches the username of a remote SSH username, and
+      # that hostname matches an SSH host name that is a part of the Teleport
+      # cluster configured for access.
+      run: tsh ssh root@38362a9e9008 hostname
+    - name: Run hostname via SSH (OpenSSH)
+      run: ssh -F ${{ steps.auth.outputs.ssh-config }} [email protected] hostname

.github/workflows/tbot.yaml

@@ -0,0 +1,34 @@
+# This is a basic workflow to help you get started.
+# It will take the following action whenever a push is made to the "main" branch.
+on:
+  push:
+    branches:
+    - auth
+    - main
+jobs:
+  demo:
+    permissions:
+      # The "id-token: write" permission is required or Machine ID will not be
+      # able to authenticate with the cluster.
+      id-token: write
+      contents: read
+    # The name of the workflow, and the Linux distro to be used to perform the
+    # required steps.
+    name: tbot auth
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Fetch Teleport binaries
+      uses: teleport-actions/setup@v1
+      with:
+        version: 16.4.6
+
+    - name: Execute Machine ID
+      env:
+        # TELEPORT_ANONYMOUS_TELEMETRY enables the submission of anonymous
+        # usage telemetry. This helps us shape the future development of
+        # tbot. You can disable this by omitting this.
+        TELEPORT_ANONYMOUS_TELEMETRY: 1
+      run: tbot start -c ./tbot.yaml --oneshot

tbot.yaml

@@ -0,0 +1,10 @@
+version: v2
+proxy_server: conductorone.teleport.sh:443
+onboarding:
+  join_method: github
+  token: example-token
+oneshot: true
+storage:
+  type: memory
+# outputs will be filled in during the completion of an access guide.
+outputs: []