在私有组织内克隆 Terraform GitHub 模块 – 权限被拒绝

huangapple go评论57阅读模式
英文:

Cloning Terraform GitHub module inside private org - permission denied

问题

我有以下模块,我们正在尝试通过SSH进行克隆(注意:我们更喜欢不使用https)在Terraform中:

module "example-module" {
  source = "git@github.com:private-org/example-module.git?ref=v1.0.0"
}

然而,当尝试在此模块上执行 terraform init 时,我们的GitHub actions runner 失败:

Permission denied (publickey). Could not read Password for
'https://***@github.com': No such device or address

因此,为了授予此权限,我们尝试添加到.gitconfig 中:

insteadOf = "ssh://git@github.com"

在GitHub actions 中,我们尝试用实际值替换 GITHUB_TOKEN

- name: Configure SSH
  run: |
    sed -i 's/{GITHUB_TOKEN}/${{ secrets.GITHUB_TOKEN }}/g' .gitconfig
    cat .gitconfig >> ~/.gitconfig    

但我们仍然收到相同的错误。有什么方法可以用SSH身份验证访问我们GitHub组织内的私有模块并成功克隆?

英文:

I have the following module that we are trying to clone via SSH (NOTE: we prefer to not use https) in Terraform:

module "example-module" {
  source = "git@github.com:private-org/example-module.git?ref=v1.0.0"
}

However, we have a GitHub actions runner that fails when trying to do a terraform init on this module:

> Permission denied (publickey). Could not read Password for
> 'https://***@github.com': No such device or address

So to give this permission, we are trying to add inside .gitconfig:

insteadOf = "ssh://git@github.com"

And inside the GitHub actions we are trying to replace GITHUB_TOKEN with the actual value:

- name: Configure SSH
  run: |
    sed -i 's/{GITHUB_TOKEN}/${{ secrets.GITHUB_TOKEN }}/g' .gitconfig
    cat .gitconfig >> ~/.gitconfig

But we are still getting the same error. Any ideas for how we can authenticate to a private module inside our GitHub org and successfully clone via SSH?

答案1

得分: 1

找到答案。默认的GITHUB_TOKEN没有正确的访问权限,也不被视为"个人访问令牌"。这似乎在GitHub的部分有点令人困惑,导致出现错误"无法读取密码"。

你需要在GitHub中生成一个新的个人访问令牌,并将其添加为GitHub Actions的秘密,命名为NEW_GITHUB_TOKEN。添加读取:repo和写入:repo作为访问权限,并设置令牌永不过期。

你的.gitconfig应该如下所示:

insteadOf = "ssh://git@github.com"

在你的GitHub Actions中使用你的新个人访问令牌的步骤:

- name: 配置SSH
  run: |
    sed -i 's/{GITHUB_TOKEN}/${{ secrets.NEW_GITHUB_TOKEN }}/g' .gitconfig
    cat .gitconfig >> ~/.gitconfig
英文:

Figured out the answer. The default GITHUB_TOKEN did not have have the right access rights and was not deemed a "Personal Access Token". This seems a little confusing on GitHub's part and the reason it was getting the error Could not read Password

You will need to generate a new personal access token in GitHub, and add that as a GitHub Actions secret called NEW_GITHUB_TOKEN. Add read:repo and write:repo as access rights and set the token to never expire.

Your .gitconfig should look like:

insteadOf = "ssh://git@github.com"

And a step in your GitHub Actions that uses your new personal access token:

- name: Configure SSH
  run: |
    sed -i 's/{GITHUB_TOKEN}/${{ secrets.NEW_GITHUB_TOKEN }}/g' .gitconfig
    cat .gitconfig >> ~/.gitconfig

huangapple
  • 本文由 发表于 2023年2月14日 01:21:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/75439212.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定