Access Organization repo on Github using Personal Access Token inside Bash script - bash

I'm trying to clone a repo using the following syntax inside a bash script
git clone "https://oauth2:[TOKEN]#github.com/[organization]/$reponame.git $REPOPATH/$reponame"
and I get the following error:
Cloning into 'protos-cusum_hmm-python'...
fatal: unable to access 'https://github.com/[organization]/protos-cusum_hmm-python.git /opt/protolangs/protos-cusum_hmm-python/': The requested URL returned error: 400
when I clone directly from command line git clone https://github.com/[organizaiton]/protos-cusum_hmm-python.git it works fine (presumable because it's using my cached credentials)
Any suggestions?
Edit:
Removed quotations around url (git clone https://oauth2:[TOKEN]#github.com/[organization]/$reponame.git $REPOPATH/$reponame) and now getting
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/fluxusinc/protos-cusum_hmm-python.git/'
EDIT2:
When hardcoded with token:
git clone "https://ghp_...O17xckH#github.com/[organization]/"$reponame".git" $REPOPATH/$reponame
it works, so seems like it's a problem with the YAML
- name: Run proto builder and deploy to repos
env:
P_TOKEN: ${{ secrets.REPO_TOKEN }}
run: |
chmod +x "${GITHUB_WORKSPACE}/build.sh"
"$GITHUB_WORKSPACE/build.sh"
shell: bash

much thanks to #torek....
turns out for whatever reason I had to put the secret in the repo rather than the organization and it worked... not sure why that was the case because github is showing it overriding
MORE INFO:
was able to figure out by setting the secret ACTIONS_STEP_DEBUG to true from here.
yielded
##[debug]Evaluating: secrets.REPO_TOKEN_GRPC
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'REPO_TOKEN_GRPC'
##[debug]=> null
##[debug]Result: null
showing that the token was empty for whatever reason

Related

Using a private go module on Gitlab as import : "Unknown revision"

I cannot get this to work, even after checking other topics on stackoverflow. My project on gitlab.com/my_company/backend needs a module, found at gitlab.com/my_company/pkg/auth.
Locally, I've setup GOPRIVATE / git's configuration to make it work (and it works), though in Gitlab's CI Pipelines on a merge request, this fails.
Pipeline log / go.mod
I've added some debugging logs just to make sure everything was setup like I thought. Here's a failing pipeline's log :
$ git config --global url."ssh://git#gitlab.com/my_company/".insteadOf "https://gitlab.com/my_company/"
$ git config --global url."git#gitlab.com:".insteadOf "https://gitlab.com/"
$ git config -l | grep instead
url.ssh://git#gitlab.com/my_company/.insteadof=https://gitlab.com/my_company/
url.git#gitlab.com:.insteadof=https://gitlab.com/
$ env | grep GOPRIVATE
GOPRIVATE=gitlab.com/my_company
$ go mod download
go: gitlab.com/my_company/pkg/auth#v1.1.0: reading gitlab.com/my_company/pkg/auth/auth/go.mod at revision auth/v1.1.0: unknown revision auth/v1.1.0
One weird part of this log I've found is :
reading gitlab.com/my_company/pkg/auth/auth/go.mod - why is it repeating auth/auth? It actually happened once before locally, but it was because I wrote "github" instead of "gitlab" :)
The relevant go.mod line just in case :
require (
gitlab.com/my_company/pkg/auth v1.1.0 // indirect
)
Repository tags
Here are the tags setup on the repository gitlab.com/my_company/pkg :
$ git tag -l
auth/v1.0.0
auth/v1.1.0
cache/v1.0.0
cache/v1.0.1
$ git ls-remote --tags
From git#gitlab.my_company/pkg.git
9efcb02d5489adaac9d525dcb496d868d65e856a refs/tags/auth/v1.0.0
13730d4f61df978c6d690fd2678e2ed924808e0c refs/tags/auth/v1.1.0
2b8dff0ec1b737d975290720933180a9b591a1db refs/tags/cache/v1.0.0
9a3e598bbf83bea57b29d8a908b514861ae37b12 refs/tags/cache/v1.0.1
I'm not that familiar with Gitlab CI so I'm out of things to try. Any ideas?
Thank you!
Update: I finally got gitlab-runner installed so I could try running the yml directly, no luck. It still works locally (not a big surprise).
In you project should be file .gitlab-ci.yml and you can add GOPRIVATE variable to your CI and runner will use it for you project.
More details how to add env vars:
https://docs.gitlab.com/ee/ci/variables/#create-a-custom-cicd-variable-in-the-gitlab-ciyml-file

Hugo not using local git config

I'm trying to use a private theme/module with a personal access token. I can get this working by adding the following to my global git config.
git config --global url."https://{USER}:{TOKEN}#github.com".insteadOf "https://github.com"
Then running hugo mod get -u it will pull changes as expected.
I don't want this set in my global config and if I set it locally I get an error, because Go doesn't seem to be using the local config.
Set my configurations locally within the root of the site/repository:
git config --local url."https://{USER}:{TOKEN}#github.com".insteadOf "https://github.com"
Then running hugo mod get -u I get the following error:
go get: module github.com/USER/REPOSITORY: git ls-remote -q origin in /var/folders/26/gqnv01_55p964v8yz39d51fw0000gn/T/hugo_cache/modules/filecache/modules/pkg/mod/cache/vcs/b410fc7b91fbc1121b5f6ec2bb2711c27cd172b4084c213e1430a33cde552597: exit status 128:
remote: Repository not found.
fatal: repository 'https://github.com/USER/REPOSITORY/' not found
How can I get Go/Hugo to use my local git config rather than the global?
From the hugo mod source code, hugo will look for a go.mod in your project:
filepath.Walk(dirname, func(path string, info os.FileInfo, err error) error {
if info.IsDir() {
return nil
}
if info.Name() == "go.mod" {
// Found a module.
dir := filepath.Dir(path)
fmt.Println("Update module in", dir)
Check where your go.mod is, and do (in that go.mod parent folder):
git config -l --show-origin --show-scope
That will tell you if your expected local config is actually there or not.
Look for any .git folder which would indicate a nested git repository/submodule, which would ignore your initial git config --local command
An issue like 34513 seems to suggests though that go mod won't take into account the local repository:
The git configuration only affects operations on the underlying git repo.
The error that you're seeing is coming from before that, when the go command is attempting to resolve the repo for the requested package path.
The official documentation only references the global config .gitconfig.
I solved this by adding a directory replacement mapping to the site’s config, instead of modifying the git url. This points to my locally cloned theme and updates the served site whenever I modify the theme.
module:
imports:
path: 'github.com/[USER]/[REPO-NAME]'
replacements: 'github.com/[USER]/[REPO-NAME] -> ../../[REPO-NAME]/'

go build with private repositories

I am trying to build a go application that makes use of git repositories that are private. I have an ssh key for my github account and have the following in my .gitconfig file:
[url "https://username:token#github.com"]
insteadOf = https://github.com
[url "ssh://git#github.com/"]
insteadOf = https://github.com/
when I execute go test or go build I am asked for the passphrase. I then get a response:
go: found github.com/x/businesses in github.com/x/businesses v0.0.0-yy
go: cmd/main/cmd imports
github.com/x/businesses: github.com/x/businesses#v0.0.0-yy/go.mod:
verifying module: github.com/x/businesses#v0.0.0-yy/go.mod:
reading https://sum.golang.org/lookup/github.com/xx/businesses#v0.0.0-yy: 410 Gone
server response:
not found: github.com/x/businesses#v0.0.0-yy:
invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/*
in tmp/gopath/pkg/mod/cache/vcs/zz:
exit status 128:
fatal: could not read Username for 'https://github.com': terminal prompts disabled
I tried removing the top insteadOf in the .gitconfig for no reason other then to try something.
Your git config should look something like
[url "git#github.com:"] insteadOf = https://github.com/
or similar to what you have.
Then you can go get your pacakge by telling Go that your using a private repo like this:
GOPRIVATE="github.com/your_username_or_org" go get github.com/name_or_org/repo_name
Also, I usually dont put a passprahse on my SSH keys since is kinda annoying to type it in each time but of course is more secure by adding it like someone pointed out in the comments.

Run a command on CircleCI only once for a branch

I'm configuring my Circleci config right now to try to deploy a staging build for every new branch and then sends a message to my slack team with the link to the staging demo.
I've done the sending message to slack part, but now CircleCI sends a message to slack every time I push. I would like to limit that to happen only once for a specific branch. I know there's CIRCLE_BRANCH env that I can use to identify the current branch, but how do I save that variable in some kind of cache so I can run a conditional check on that variable to avoid running the same command twice?
I've checked the CircleCI docs and they offered cache on files but didn't mention anything about saving a variable as cache.
My config.yml file for CircleCI looks like this:
slackMessage:
docker:
- image: circleci/node
working_directory: ~/client
steps:
- attach_workspace:
at: ~/client
# - run: echo "$CIRCLE_BRANCH" > _branch_check
# - restore_cache:
# keys:
# - pr-{{ checksum "_branch_check" }}
- run:
command: |
PR_NUMBER=${CIRCLE_PULL_REQUEST##*/}
# yolo=pr-`echo -n $CIRCLE_PULL_REQUEST | md5sum`
# if [ -f "$yolo" ]; then
# touch $yolo
curl -X POST <Slack API webhook curl url>
# fi
# - save_cache:
# key: pr-{{ checksum "_branch_check" }}
# paths:
# - pr-{{ checksum "_branch_check" }}
The lines that are commented are the saving to cache part. With these lines commented CircleCI would send a message to Slack on every push. Without the comment the expected behavior is for CircleCI to send the slack message only once for each branch name.
Very cool question. I'll share some ideas that might work.
So, is the staging site URL created based on the branch name? Would it always be generated the same way?
If so, on CircleCI I would check for the existence of the staging URL first. If it's there, it was already created, which means this branch has already posted to Slack, and the execution can end right there.
Another idea would be to touch .staging-created a file into the FS, and save it into CircleCI cache using the branch name ({{ .Branch }}) as part of the key. Then, before sending the message to Slack, check for that file after cache has been restored.

jspm Unauthorized response for GitHub API

I think the below should work based on what I've read but I get an error. I'm surely not expected hard code my password in .netrc. I've ran heroku:set JSPM_GITHUB_AUTH_TOKEN obvs! I've not base64 encoded the token, maybe thats the problem
heroku run jspm config registries.github.auth $JSPM_GITHUB_AUTH_TOKEN
$ heroku run jspm init
Running jspm init on test... up, run.7011
ok Verified package.json at package.json
Verified config file at frontend/system.config.js
Looking up loader files...
warn Error on download for github:systemjs/systemjs
Unauthorized response for GitHub API.
Use jspm registry config github to reconfigure the credentials, or update them in your ~/.netrc file.
err TypeError: Cannot read property 'toString' of undefined
at Object.exports.log (/app/node_modules/jspm/lib/ui.js:99:27)
at /app/node_modules/jspm/lib/core.js:361:8
at process._tickCallback (node.js:377:9)

Resources