fix(e2e): wait for SSH key and config in git auth test

[vdemeester]

Changes

This PR fixes an intermittent flake in the authenticating-git-commands e2e test that occurs with Kubernetes native sidecar support.

Problem

The test was experiencing intermittent "Permission denied (publickey)" failures when attempting git clone operations. Analysis of the failure logs revealed:

• SSH client attempted password authentication (not publickey)
• Server logs showed "Failed password" errors
• This indicated SSH wasn't finding/using the expected private key

Root Cause

The entrypoint's CopyCredsToHome() function recursively copies credentials from /tekton/creds/.ssh/ to $HOME/.ssh/ file-by-file:

1. id_ssh-key-for-git (private key)
2. config (SSH config pointing to the key)
3. known_hosts (if present in secret)

The race condition: The script started executing while the file-by-file copy was still in progress. When the script ran git clone, SSH couldn't find the config file that tells it to use the non-standard key name id_ssh-key-for-git. Without this config, SSH tried default key names, found nothing, and fell back to password authentication, which failed.

Solution

Add a wait loop that explicitly checks for both required files (id_ssh-key-for-git AND config) before proceeding with git operations:

while [ ! -f /root/.ssh/id_ssh-key-for-git ] || [ ! -f /root/.ssh/config ]; do
  # wait up to 30 seconds with diagnostic output on timeout
done

This ensures SSH has everything it needs for authentication before attempting git clone.

Testing

• The fix applies to both v1 and beta versions of the test for consistency
• Added detailed error messages showing expected files and directory contents if timeout occurs
• 30-second timeout is generous for normal operation (credentials copy in < 1 second) while catching genuine issues

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

• Has Docs if any changes are user facing, including updates to minimum requirements e.g. Kubernetes version bumps
  • N/A - internal test fix only
• Has Tests included if any functionality added or changed
  • N/A - this IS the test fix
• pre-commit Passed
• Follows the commit message standard
• Meets the Tekton contributor standards (including functionality, content, code)
• Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
  • Will add /kind flake after creation
• Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings). See some examples of good release notes.
• Release notes contains the string "action required" if the change requires additional action from users switching to the new release
  • N/A - no user-facing changes

Release Notes

NONE

[vdemeester]

/kind flake

[vdemeester]

Thanks for catching that @waveywaves! You're absolutely right - the timeout calculation was off.

Fixed in the latest commit by changing sleep 0.1 to sleep 1 to match the increment. Now it correctly waits up to 30 seconds (not 3 seconds) for the SSH credentials to be copied.

[waveywaves]

cc @twoGiants @afrittoli

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: waveywaves

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [waveywaves]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment