From 7079d2ff0d4c429809523f9ea27528685b1f8d82 Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Mon, 4 May 2026 17:19:00 +0000
Subject: [PATCH] debug(e2e): add verbose kubectl output to diagnose RBAC apply
 failure

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 .github/workflows/e2e.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 2f6df17..e8864f2 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -47,11 +47,15 @@ jobs:
 
       - name: Apply RBAC for E2E pipeline
         run: |
-          kubectl apply -f deployment/e2e-ci-runner-rbac.yaml
+          set -x
+          kubectl apply -f deployment/e2e-ci-runner-rbac.yaml --dry-run=server 2>&1 || true
+          kubectl apply -f deployment/e2e-ci-runner-rbac.yaml 2>&1
+          echo "exit code: $?"
           echo "Waiting for RBAC propagation (Kubernetes subject access review caching)..."
           sleep 5
           echo "Verifying CI runner permissions..."
-          kubectl auth can-i create roles -n headlamp-dev --as="system:serviceaccount:arc-runners:runners-privilegedescalation-gha-rs-no-permission" || { echo "::error::CI runner still lacks roles permission after propagation wait"; exit 1; }
+          kubectl auth can-i create roles -n headlamp-dev --as="system:serviceaccount:arc-runners:runners-privilegedescalation-gha-rs-no-permission" 2>&1 || { echo "::error::CI runner still lacks roles permission after propagation wait"; exit 1; }
+          set +x
 
       - name: Apply Polaris dashboard RBAC
         run: kubectl apply -f deployment/polaris-rbac.yaml