How to clone multiple private repositories using GitHub Actions? - bash

I have been searching a lot online for how to clone multiple private repositories while running a GitHub action script. Moreover, since the repositories I wish to clone are written in a text file within the repo itself, it complicates things a bit more for me.
I mean, GitHub explains how to do this here: https://github.com/actions/checkout#checkout-multiple-repos-private but it assumes you know what you want to clone so you can list all the repos in the yml file. Also, they assume you have just one or two repos. What if you have 100 repos... I would rather use a script for that... So how to do that? Any Idea?

Summary:
So you need to find a way to authenticate with github when you do the cloning. Then you do the cloning from a bash script that you can call from your yml file via github actions.
Part1: Authentication:
You can find in this link (https://dev.to/dtinth/authenticating-as-a-github-app-in-a-github-actions-workflow-27co) FOUR ways to authenticate and the pros and cons of each. Here is a summary of the methods:
Method 1: Using the built-in GITHUB_TOKEN secret
Method 2: Using your personal access token --> This is what I used with a small twist.
Method 3: Creating a bot account and using its personal access token
Method 4: Creating a GitHub App and generating tokens from it
So the solution I used is Method 2 above in which I basically used my own PAT (Personal Access Token) to send to the bash script I wrote that does all the cloning for me. The nice thing about this is that I used the PAT as a secret and this way it is not exposed to anyone.
Part2: Here is the part of the yml file that I used in github actions to do the cloning:
- name: Run multi repo cloning script
env:
PA_TOKEN: ${{ secrets.PAT_SECRET }} # `PAT_SECRET` is a secret that contains your PAT (Personal access token)
run: ".github/clone_repos.sh"
shell: bash
Moreover, GitHub has a mechanism to detect GitHub tokens in the run logs when GitHub Actions run and if their mechanism detects a token it hides it with "***". So that is why there is very little risk for your token to be exposed by someone reviewing the GitHub Action output.
Part3: in the bash script itself, I simply used the following command to clone all the repos I needed:
#clone subrepo
git clone "https://"$PA_TOKEN"#github.com/<remote_name>/"$SUBREPO_NAME".git"

Related

Passing code from CodePipeline to PythonFunction

I'm trying to create a CDK app that will deploy a pipeline-stack and a lambda-stack. Similar to the tutorial here. I'm trying to implement a basic CI/CD application that is triggered with every push to a Github Enterprise Repo.
I chose to use PythonFunction from (#aws-cdk/aws-lambda-python) instead of function from #aws-cdk/aws-lambda because PythonFunction builds the dependencies from requirements.txt. I have various lambdas that use different packages (like awswrangler, pandas, requests, etc.).
But, PythonFunction does not support CfnParametersCode (Where the code is passed through CDK instead of being read from an asset).
What other option do I have to pass my code from GithubEnterprise to
the PythonFunction?
If function from #aws-cdk/aws-lambda is the only option I have, how
can I include the packages from requirements.txt
This does seem like an option for #aws-cdl/aws-lambda, but how would I pass my code from Github? This example relates to building from asset code.
I apologize if I'm missing something obvious, I just started working with AWS CDK last week.
First of all I would recommend to take a look at pipelines.CdkPipeline which is able to deal with Assets. That means you can directly use lambda.Code.from_asset instead of overriding CfnParametersCode in the Pipeline.
Regarding your other question, you can deal with the requirements by installing them into your lambda folder during the build step with: pip install -r requirements.txt -t .
CfnParametersCode gives you the ability to upload your code from an S3 file.
You can do the same via lambda.Code.fromBucket.
Taking your link from the third point (https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-lambda#bundling-asset-code) You just need to use lambda.Code.fromBucket instead of code: lambda.Code.fromAsset. Docs can be found here: https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-lambda

Is there a way to get the Github Pull Request number during a build of Google Cloud Build?

During a Google Cloud Build, is there a way to get information regarding the fact that the build is associated with a Pull Request like the Pull Request number/id for example?
It seems that no such substitution variable is available for the moment ref: https://cloud.google.com/cloud-build/docs/configuring-builds/substitute-variable-values
In GitHub, a single branch can be associated with multiple Pull Requests.
You can look up all PRs associated with a given branch ref using the GitHub API: https://developer.github.com/v3/pulls/
Cloud Build does not currently provide the Pull Request information, but if it did this would probably come from something like the Check Suite data, which also treats PRs as a list.
Not from Github API, but you can get the PR# from command line:
$ hub pr list -f "%I%n" -h "$(git rev-parse --abbrev-ref HEAD)"
12345
Source: This blog post.
Now they are available as CloudBuild environment variables. From the official document:
Cloud Build provides the following GitHub-specific default
substitutions available for pull request triggers:
$_HEAD_BRANCH : head branch of the pull request
$_BASE_BRANCH : base branch of the pull request
$_HEAD_REPO_URL : url of the head repo of the pull request
$_PR_NUMBER : number of the pull request

Go Get for Google's Cloud Source Repository

Making two different go modules
source.cloud.google.com/me/a
source.cloud.google.com/me/b
With source.cloud.google.com/me/common as a common lib dependency (to share a model)
I'm trying to go get source.cloud.google.com/me/common (even manually wrote it in the go.mod file) but I keep receiving the following error:
package source.cloud.google.com/me/common:
unrecognized import path "source.cloud.google.com/me/common"
(parse https://source.cloud.google.com/me/common?go-get=1: no go-import meta tags ())
I have gcloud set up to be able to use app deploy and create new source repositories. I've tried setting up ssh for google cloud and attempted to use manual credentials. This neither works locally or in the google cloud build service.
I want to do two things:
Be able to go get this dependencsource.cloud.google.com/me/common
Be able to integrate this go get into my App Engine automated build pipeline.
Any help would be appreciated.
Configure repo on https://source.cloud.google.com/
Authorize manual git access https://source.developers.google.com/p/YOUR_PROJECT_ID/r/YOUR_REPO
In this example: https://source.developers.google.com/p/m/r/common
Your common module should go like source.developers.google.com/p/m/r/common.git
Run: go get source.developers.google.com/p/m/r/common.git on the other module
I would try the following steps:
Make sure it has manual git access - You can try a git clone from folder "a" to check if correct git access is in place. Delete it after it gets cloned.
Make sure that you are using HTTPs - looks like you are good in that regards - go1.14 made HTTPs as default for go get's.
Now, coming to the actual problem - looks like your private version control systems isn't sending the required "go-import" meta tag.
For example - refer any github go module, you can see the "go-import" meta tag:
In order to fix it, the VCS server needs to respond with this tag when go get tries to download "common" module
<meta name="go-import" content="source.cloud.google.com/me/common git https:source.cloud.google.com/me/common">
This works:
got get source.developers.google.com/p/YOUR_PROJECT_ID/r/YOUR_REPO.git

Add github public repository on odoo app store

I have my public repository on git-hub, and i want to add this repository on Odoo app store, There is any way to do this .??
I search on Google but didn't found any way to do this.
There are some article which are shown that the repository should be private.
If anyone has any solution please shared..
Your repository does not have to be private in order to submit it to the Odoo App store, however it would make sense to use a private repository for proprietary (paid) addons.
To upload your app or theme to the Odoo app store you need to register/login on Odoo.com and go to the App Upload page. There you need to specify the URL of your Git repository in the following format:
git#github.com:<username>/<repo>.git#<branch>
Please ensure that:
There is one folder per App/Theme at the root of the repository.
You specify the branch name of your Git repository by adding #branch_name at the end of the repo URL.
The branch name exactly matches the series name for which your modules are meant, so #8.0 for version 8.0.
Once you add the repository you can scan it for Odoo addons/themes.
If your repository is private (eg. for proprietary addons), there is a section on that in the FAQ:
To publish your modules on our platform, we need to be allowed to read
from your repository. If you are on Github, you can simply authorize
our online-odoo user on your repository. If you are on Bitbucket, you
can authorize our OdooApps user. If you use another service, you will
need to authorize our public SSH key instead. Don't forget to use the
SSH url of your repository when registering it to allow us to identify
using ssh. For example for GitHub, it would be something like
git#github.com:odoo/odoo#9.0.

GitHub API: Tag a commit belongs to ( parallel for git describe --tag <sha> )

I am experimenting with GitHub API using octokit ruby gem. My goal is to be able to extract the 'tag' that a commit SHA belongs to.
Now I can easily do this on command line using
> git describe 688ae0b --tags
and get output
> 3.0.1-122-g688ae0b
which tells me Tag, commits since tags, and last commit hash.
How do I get same info from GitHub API?
Answers using GitHub API or Octokit client would both do, as I can translate from one other just fine.
I have looked at a bunch of things like, releases, tags, commits etc.. but none of them give me this information that I can get in one line from command line.
I am not looking for 'how to use github api'. I am looking for specific request or set of requests that will let me derive this information.
Since there is no easy way to run a query like git describe with the GitHub API, that leaves you with an iterative process involving:
listing all tags
trying to diff a tag against your specific commit, with the compare 2 commits API
GET /repos/:owner/:repo/compare/:base...:head
(with base being the commit, and head being the tag)
If there are any result, the commit is accessible from the tag.
(I use a similar approach in "Github API: Finding untagged commits")

Resources