Enable Debug Mode Everywhere

Hello Travis-Ci

Right now we need to enable debug mode per repository basis, which means someone might enable but still not be careful on what’s he doing (I know it’s their fault, but let’s think idiot proofness).

However I want to update the way debug builds work, here’s what I’m thinking:

curl -s -X POST \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -H "Travis-API-Version: 3" \
  -H "Authorization: token <token>" \
  -d "{\"quiet\": true, \"sshSecret\": \"myrandomsecret\"}" \
  https://api.travis-ci.com/job/<job id>/debug

When this is run, sshSecret from body should be taken and set as the password for ssh connection.

Or better yet, travis-ci can generate a secret for that particular run, and output to response which might look something like:

{
  "@type": "pending",
  "job": {
    "@type": "job",
    "@href": "/job/<id>",
    "@representation": "minimal",
    "id": <id>,
    "sshSecret": "<random generated secret>"
  },
  "state_change": "created",
  "resource_type": "job"
}

Now when user tries to connect via ssh, he’s supposed to enter this generated secret.

Similarly on UI, if we go the previous workflow, we could just ask for a secret when user is asking to trigger debug mode, and use that as secret, or even better, go the second way and generate a secret on server side, when response comes back, simply copy that whole connection string to user’s clipboard, and also show optionally.

Let me know what you think.

Thanks

I earlier suggested using SSH keys to authenticate into a debug session:

Nice, I want something similar, but I don’t want to go through all the hassle of adding yet another public key (and for each team member)

Generated Passwords are I think quite nice and simple.

Imprint