Automate Git clone from Private repo using SSH - bash

I have been writing bash script to clone private Github repo using SSH.
Steps need to be followed -
Generate SSH key using ssh-keygen -t rsa -b 4096 -C "your email".
Copy the output of cat ~/.ssh/id_rsa.pub
Store it within - https://github.com/settings/keys
How do I automate step 3 in bash script.
Any help would be appreciated.

You would need to use the GitHub API POST /user/keys to add a public SSH key to the authenticated user's GitHub account.
It requires that you are authenticated via Basic Auth, or OAuth with at least write:public_key scope.
So your script must take as parameter.
Result: example
# Add a SSH-Key (type "user:passwd ^D"), output: JSON object, or JSON error
curl -X POST -u <user[:passwd]> https://api.github.com/user/keys \
--data "{\"title\": \"<title>\", \"key\": \"$(cat $HOME/.ssh/id_rsa.pub)\"}"
(other example here)

Related

How to fill a prompt asking for input with a secret in Github Actions?

Doing the following step inside a job:
name: Add Secret Key
run: ssh-add - <<< "${{ secrets.SECRET_KEY }}"
I get prompted to fill in the passphrase.
How do I use another secret, such as "${{ secrets.PASSPHRASE }}" to fill the prompt?
Currently I get this error:
Because "Enter passphrase for (stdin):" step is skipped
You should not be prompted for a passphrase unless the private key was originally created with a passphrase.
For example, consider an action like actions/webfactory-ssh-agent, which comes from the study done in "Using a SSH deploy key in GitHub Actions to access private repositories" done by Matthias Pigulla
GitHub Actions only have access to the repository they run for. So, in order to access additional private repositories, create an SSH key with sufficient access privileges.
Then, use this action to make the key available with ssh-agent on the Action worker node. Once this has been set up, git clone commands using ssh URLs will just work.
# .github/workflows/my-workflow.yml
jobs:
my_job:
...
steps:
- actions/checkout#v1
# Make sure the #v0.4.1 matches the current version of the
# action
- uses: webfactory/ssh-agent#v0.4.1
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- ... other steps
Its README does include:
Creating SSH keys
In order to create a new SSH key, run ssh-keygen -t ed25519 -a 100 -f path/to/keyfile, as suggested in this blog post.
If you need to work with some older server software and need RSA keys, try ssh-keygen -t rsa -b 4096 -o -f path/to/keyfile instead.
Both commands will prompt you for a key passphrase and save the key in path/to/keyfile.
In general, having a passphrase is a good thing, since it will keep the key encrypted on your disk.
When using the key with this action, however, you need to make sure you don't specify a passphrase: The key must be usable without reading the passphrase from input. Since the key itself is stored using GitHub's "Secret" feature, it should be fairly safe anyway.

connect to gitlab project using ssh key

Please i added an ssh key on gitlab (public_rsa).
My problem is that I am still asked for my gitlab password and passphrase when i tried to push a branch on repository. My understanding was that after I set up this SSH key, I would no longer have to do that.
ssh-keygen -t rsa -b 4096 -C "gregory#gmail.com" -f $HOME/.ssh/id_rsa_specific
If someone can help to give an explanation i would appreciate it.
Tell me if im not clear .
Thank you.
I see you listed the command that generates the rsa key. You didn't mention if you placed that key in Gitlab or where.
I would first double check that you have copied and pasted the contents of $HOME/.ssh/id_rsa_specific into your Gitlab accounts settings >> ssh keys.
https://docs.gitlab.com/ee/ssh/#adding-an-ssh-key-to-your-gitlab-account
Then I would try checking the ssh key by running the following command in a terminal:
ssh -T git#gitlab.com
https://docs.gitlab.com/ee/ssh/#testing-that-everything-is-set-up-correctly

Verify User Has Added SSH Key To Git Profil Before Commiting/Pushing Projects In Bash

I'm wanting to write a bash script that verifies a user has created their SSH key on a gitlab server before the user clones or pushes any projects. Is there a git command that returns a true/false (0 or 1) that says "This person has their keys"?
I've tried a simple ssh gitlab.server.url and that seems to work, but I'm not sure if this is the best solution as I'm not wanting to verify they can ssh to the server, but rather their gitlab account has their SSH key(s) created to have the ability to clone/push projects. I was wondering if there was a specific git command.
You can make a cURL request to GitLab Users API and get the info on SSH keys for any user, given that you know their userId
curl --header "Private-Token: <your_PAT_here>" -X GET <your_GitLab_URL>/api/v4/users/<userId>/keys
In theory it works also with username, instead of userId, but I couldn't make it work. In order to get userId, I made an additional API call
curl --header "Private-Token: <your_PAT_here>" -X GET <your_GitLab_URL>/api/v4/users?username=<username_here>

cURL to call REST Api

So I want to call a REST API from Bamboo after a deployment has completed.
This API needs a username and password but it can't be stored in Bamboo as it seems it can be viewed in the Bash History of the Build agent.
I intended to use a script task and execute something like
curl -f -v -k --user "${bamboo.user}":"${bamboo.password}" -X POST https://bamboo.url/builds/rest/api/latest/queue/project_name"/
This would make the REST call. But the username and password is a problem.
I do have the option, however of using a PEM file. It can be provided so does anyone know if this can be used in conjunction with the cURL?
--OR--
One other thought- could I encrypt a password within a file in my source control, and somehow decrypt it on the build agent, and then have curl use the file instead of reading the password from the command line? How would this look in cURL?
Any ideas how this could be achieved?
Your command seems to have an extra quote at the end of your command
Using a pem file to authenticate with curl:
curl -E /path/to/user-cert.pem -X POST https://bamboo.url/builds/rest/api/latest/queue/project_name
The file should have both private key and public key inside.

Create github repo bash file, NOT be prompted for password

I need to be able to create github repositories via bash scripts that run from a php page, so I need to be able to pass the password in the curl command or the API Key.
However I can not seem to find the API key as I believe this may be redundant now with V3 of the github API
I followed Is it possible to create a remote repo on GitHub from the CLI without opening browser? and it got me as far as being prompted for the password
Bash file looks like this:
#! /bin/bash
a=$1
curl="-u 'USERNAME' -p 'PASSWORD' https://api.github.com/user/repos -d '{\"name\":\""$a"\"}'"
curl $curl
This does not work as it is not liking the -p parameter it seems, tried -u 'USERNAME:PASSWORD' and it did not like that either and I can not seem to find the answer on github pages. Ideally I would use the API key as this would not leave my repo password exposed in my bash file correct?
Many thanks
curl -u 'dmalikov:my_password' https://api.github.com/user/repos -d '{"name":"HI"}' works fine for me, now I have this HI repo.

Resources