如何设置Heroku以使用SSH密钥读取与我的服务器应用程序链接的私有存储库?

huangapple go评论59阅读模式
英文:

How to setup Heroku to read a private repository linked to my server app using a SSH key?

问题

Heroku在部署我的Vapor应用程序时找不到正确的SSH密钥,并立即失败。尝试部署服务器到Heroku时,由于我向我的应用程序添加了一个私有存储库,我遇到了以下错误。

(在添加此私有存储库之前,部署没有任何问题)

私有存储库在我的Vapor应用程序的Package.swift文件中设置如下。

dependencies: [
  .package(url: "git@github.com:MyName/MyRepository.git", branch: "develop")
]

在部署Vapor应用程序时,Heroku会查找app/.ssh/id_rsa密钥,但这不是我设置要使用的密钥。我在我的Mac上创建了一个名为~/ssh/id_heroku的密钥,我已经在GitHub和Heroku上设置了它,没有任何问题。

我在Heroku上使用了构建包https://github.com/heroku/heroku-buildpack-ssh-key.git,我在Heroku应用程序设置中在Vapor构建包之前添加了它。

我Mac上的.ssh/config文件设置如下:

Host heroku
  HostName heroku.com
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_heroku
英文:

Heroku does not find the right SSH key when deploying my Vapor application, and fails immediately.
When trying to deploy my server on Heroku, I get this error as I added a private repository to my application.

(Before having added this private repository, the deployment worked with no issue)

Fetching git@github.com:MyName/MyRepository.git
warning: 'myrepository.git': skipping cache due to an error: Failed to clone repository git@github.com:MyName/MyRepository.git:
    Cloning into bare repository '/app/.cache/org.swift.swiftpm/repositories/MyRepository-65a67a5f'...
    Load key "/app/.ssh/id_rsa": error in libcrypto
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
    Please make sure you have the correct access rights
    and the repository exists.
error: Failed to clone repository git@github.com:MyName/MyRepository.git:
    Cloning into bare repository '/tmp/build_e6a4655b/.build/repositories/MyRepository-65a67a5f'...
    Load key "/app/.ssh/id_rsa": error in libcrypto
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
    Please make sure you have the correct access rights
    and the repository exists.
 !     Push rejected, failed to compile Swift app.
 !     Push failed

The private repository is set this way on my Vapor application's Package.swift file.

dependencies: [
  .package(url: "git@github.com:MyName/MyRepository.git", branch: "develop")
]

When deploying the Vapor app, Heroku looks for the app/.ssh/id_rsa key, but this is not the one I setup to use. I created a key named ~/ssh/id_heroku on my Mac, which I have setup on GitHub and Heroku with no issue.

I have used the buildpack https://github.com/heroku/heroku-buildpack-ssh-key.git on Heroku, which I added before the Vapor one on the Heroku application settings.

The .ssh/config file setup on my Mac looks this way:

Host heroku
  HostName heroku.com
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_heroku

答案1

得分: 1

Credits goes to @vzsg, from the Vapor Discord Channel.

Heroku上的私有Github仓库(2023年)

  1. 无需添加额外的构建包,因为https://github.com/vapor-community/heroku-buildpack会完成这项工作。
  2. 在服务器应用的根目录创建一个名为bin/pre_compile的文件,并包含以下内容:
#!/bin/bash

if [ ! -f Package.swift ]; then
    echo "文件 Package.swift 不存在。"
    exit 1
fi

if [ -f "$ENV_DIR/GITHUB_USER" ]; then
  GITHUB_USER=`cat "$ENV_DIR/GITHUB_USER"`
fi

if [ -f "$ENV_DIR/GITHUB_AUTH_TOKEN" ]; then
  GITHUB_AUTH_TOKEN=`cat "$ENV_DIR/GITHUB_AUTH_TOKEN"`
fi

if [ -z "$GITHUB_USER" ]; then
    echo "GITHUB_USER 未设置。"
    exit 1
fi

if [ -z "$GITHUB_AUTH_TOKEN" ]; then
    echo "GITHUB_AUTH_TOKEN 未设置。"
    exit 1
fi

sed -i "s#git@github\.com:#https://$GITHUB_USER:$GITHUB_AUTH_TOKEN@github.com/#g" Package.swift
  1. 使文件可执行并将其提交到git:
chmod +x bin/pre_compile
git add bin/pre_compile
git commit -m "为私有git仓库添加pre_compile钩子"
  1. 创建一个具有仓库权限的个人访问令牌:

GitHub文档

  1. 设置两个配置变量:GITHUB_USER 使用您的GitHub用户名(为其创建了令牌并且可以访问私有仓库),GITHUB_AUTH_TOKEN 使用新创建的令牌值:
heroku config:set GITHUB_USER=<YOUR_GITHUB_USERNAME> GITHUB_AUTH_TOKEN=<YOUR_GITHUB_TOKEN>
  1. 从终端或Heroku网站上部署数据库。

请注意,私有仓库的名称必须以git@github.com:开头,而不是https://github.com

英文:

Credits goes to @vzsg, from the Vapor Discord Channel.

Private Github repos on Heroku (2023)

  1. No need to add an additional buildpack, as the https://github.com/vapor-community/heroku-buildpack does the work.
  2. Create a file called bin/pre_compile, in the root of the server app, with the following content:
#!/bin/bash

if [ ! -f Package.swift ]; then
    echo &quot;File Package.swift does not exist.&quot;
    exit 1
fi

if [ -f &quot;$ENV_DIR/GITHUB_USER&quot; ]; then
  GITHUB_USER=`cat &quot;$ENV_DIR/GITHUB_USER&quot;`
fi

if [ -f &quot;$ENV_DIR/GITHUB_AUTH_TOKEN&quot; ]; then
  GITHUB_AUTH_TOKEN=`cat &quot;$ENV_DIR/GITHUB_AUTH_TOKEN&quot;`
fi

if [ -z &quot;$GITHUB_USER&quot; ]; then
    echo &quot;GITHUB_USER is not set.&quot;
    exit 1
fi

if [ -z &quot;$GITHUB_AUTH_TOKEN&quot; ]; then
    echo &quot;GITHUB_AUTH_TOKEN is not set.&quot;
    exit 1
fi

sed -i &quot;s#git@github\.com:#https://$GITHUB_USER:$GITHUB_AUTH_TOKEN@github.com/#g&quot; Package.swift
  1. Make the file executable and commit it to git:
chmod +x bin/pre_compile
git add bin/pre_compile
git commit -m &quot;Add pre_compile hook for private git repos&quot;
  1. Create a personal access token with repo permissions:

GitHub documentation

  1. Set two configuration variables: GITHUB_USER with your GitHub username (for which you created the token for and have access to the private repository), and GITHUB_AUTH_TOKEN with the newly creating token value:
heroku config:set GITHUB_USER=&lt;YOUR_GITHUB_USERNAME&gt; GITHUB_AUTH_TOKEN=&lt;YOUR_GITHUB_TOKEN&gt;
  1. Deploy the database from Terminal or from the Heroku website.

Note that the private repository, must be named starting with git@github.com:, and not https://github.com.

huangapple
  • 本文由 发表于 2023年5月24日 22:59:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/76324906.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定