Reputation: 4096
Configure ssh keys for github actions?
I'm using a custom pre-commit hook that's in a private repo.
- repo: [email protected]:username/precommit-hooks.git
rev: v0.0.1
hooks:
- id: check-security
I run it in a github action
- name: Run pre-commit on changed files
run: |
pip install pre-commit
pre-commit run --from-ref origin/HEAD --to-ref HEAD
But it errors for credential failure, but shouldn't checkout persist-credentials?
The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set persist-credentials: false to opt-out.
[INFO] Initializing environment for [email protected]:homer/precommit-hooks.git.
An unexpected error has occurred: CalledProcessError: command: ('/usr/bin/git', 'fetch', 'origin', '--tags')
return code: 128
stdout: (none)
stderr:
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
What's a good way to configure SSH creds?
Upvotes: 2
Views: 2586
Answers (1)
Reputation: 69894
if you're cloning over ssh you will need to have an ssh key
the persist-credentials are for the repository under test (and are a short-lived github app token not an ssh token) -- the very same that's present in ${{ github.token }} or ${{ secrets.GITHUB_TOKEN }}
if you need an ssh key, you'll need to set one up and add it, probably through a github actions secret
here's an (untested) idea -- (I adapted this from a gpg-based secret) -- I don't think you need the public key but if you do you could utilize the same approach:
install --directory ~/.ssh --mode 700
base64 -d <<< '${{ secrets.SSH_PRIVATE }}' > ~/.ssh/id_rsa
chmod 600 ~/.ssh/*
then store the secret as a base64'd secret
another approach would be to utilize insteadOf to rewrite ssh urls to https urls the proper credentials attached -- though I haven't done that so you'd have to figure that out
disclaimer: I wrote pre-commit, though in fairness this problem has nothing to do with pre-commit
Upvotes: 2
Related Questions
- Access Spreadsheet Cell values from library script
- Finding a way to get the Library Version used?
- Calling a Google App Script library from a Google spreadsheet cell
- How do I grab values from cells in a spreadsheet from a different docs
- Variable scope between spreadsheet script and script library
- Google App Script - how to call a function from a library
- Access local variables while using Google Apps Script Libraries
- Accessing stored values in Google Scripts from Google Spreadsheet
- Get the file ID of a Library
- Share a library by using google apps script