Linking heroku app to a private(organization) github repo - heroku

Working on local, pushing changes to Heroku works and the app works as expected. However I am having trouble linking heroku app to a private repo on Github.
Current configuration looks something like this
git#github.com:{Organization}/{project}.git
Where should I configure username/password for the private repo?
I tried (even though this is not the preferred way)
username:password#github.com/{organization}/{project}.git
would appreciate any pointers regarding this.
EDIT:
I failed to mention that I am setting it under app settings in Heroku.

git#github.com:{Organization}/{project}.git
This is an ssh address, with the authentication managed by public/private key: make sure your public key is published among the collaborators' keys for that Organization.
No "username" or "password" here.
username:password#github.com/{organization}/{project}.git
That could be correct if you use that remote address as an HTTPS address.
Note that Honza Javorek mentions in "How do I access a private github repo from heroku?" in Nov. 2020:
Heroku only supports HTTP(S) Basic authentication with Git out of the box.
That's unfortunate as it means you'd need to add your credentials as part of the installation URL and commit that as plain text in your list of dependencies.
He suggests to create a new GitHub SSH key and follow the heroku-buildpack-ssh-key process:
heroku buildpacks:add https://github.com/heroku/heroku-buildpack-ssh-key.git -i 1
heroku config:set BUILDPACK_SSH_KEY=$(cat ~/.ssh/id_rsa_heroku)

If you want to use a private repo, heroku needs to send github some sort of token as you know. If you create a deploy key on that private repo, you can use https://github.com/siassaj/heroku-buildpack-git-deploy-keys

Related

Why can't I connect my GitHub repo to Heroku?

We are unable to access this connected repository on GitHub
The authorization key is not valid, or the account used to connect to GitHub doesn't have access to the repository. Try disconnecting the repository above and then reconnect. That is the error I got when trying to connect my private GitHub repo to Heroku.
I've tried doing everything like making it public, or making a new repository, but it just won't work.
I don't have any code to show, since this is a Heroku problem, not a problem with the code.
I don't know what to do.
As on date 15 April 2022, there is security issue reported on github.
In action of the same, Heroku will not be reconnecting to GitHub till uncertain duration.
Action over the incident is reported on Heroku.
Courtesy: stackoverflow and salesforce stack-exchange
I have just had and fixed this issue hopefully I can help.
Are you setting up a new repository by any chance? What worked for me was to actually add some files the to the repository and push to GitHub, then Heroku was able to read from the repo then.
Hope this helps.

Connecting Heroku app to private GitHub repository for deploying on Heroku

I have an organization's private GitHub repository that I am trying to connect a Heroku app to, using the Heroku Dashboard from a browser. In the settings of my GitHub account (that is linked to Heroku), under OAuth Applications, I can see Heroku Dashboard, and under Permissions, it says Full control of private repositories.
However, when I navigate to the Heroku app page and select this GitHub repo from the select-list and click Connect, I get the message:
Item could not be modified:
Admin access to repository required
On GitHub, my account has Write access for the repo. Moreover, as mentioned above, Heroku Dashboard has Full control of private repositories. Can anybody help me figure out what access needs to be granted where? I would really appreciate that.
Never mind. That private GitHub repo had been created by someone else who had since left the company. I had Write access but that is not enough. When I created a new GitHub repo and an app on Heroku myself, I could connect them without any issues.
We had the same problem when someone without admin access to the github repo requested the github access in Heroku. He had to revoke his access in github before we could log back into Heroku with an account that had admin access in github and properly connect the accounts.

Heroku -> GitHub SSH key issue

I am writing an app hosted on Heroku which performs read/write operations on private GitHub hosted repositories.
I have done the following
Generated an SSH key, using the same email as my GitHub account
Added the SSH public key to my GitHub account which has admin privileges to the repository
Added the SSH public key to Heroku using heroku:keys add
When trying to perform any git operation on a GitHub hosted repository (that I have total access to), I get "Host key verification failed"
I'm not sure what I'm doing wrong.. as far as I can tell, the Heroku app should be able to read and push to the repo on GitHub just fine.
If I run the same script locally, everything works like a charm.
Hoping someone can help me out.
After hearing back from Heroku support, they mentioned something along the lines of what VonC said. The key wasn't available in Heroku so it was failing.
Although what VonC said would work I imagine, I resolved to using an OAuth Token for my git operations instead of sharing private and public keys away.
As per this article, you can use a GitHub OAuth token in place of a username and all works fine. Setting it as a Heroku config var also means that it never has to appear in your code.
https://help.github.com/articles/git-automation-with-oauth-tokens
If I run the same script locally, everything works like a charm.
That is because locally, in your $HOME/.ssh, you have both the private and public key.
You need both to access a repo hosting server (like GitHub or Heroku).
That means: if Heroku needs to access directly GitHub, it also needs the public and private ssh key.
You need (as in this article) to reference your private key as config vars
heroku config:add PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
MMMMMMMMaaaaaammmmammamamammamaasdhkghkdahgj8234joihsdfJHHKJGHGG
...
-----END RSA PRIVATE KEY-----"
make sure you pass the config var when you load the key.
key = OpenSSL::PKey::RSA.new ENV["PRIVATE_KEY"], 'notasecret'
And your Heroku App will be able to use that private key when contacting GitHub.
Note that sharing private keys is frowned upon, so generating a new public/private key dedicated for Heroku accessing GitHub (and adding the new public key to the GitHub repo) is preferable.
You will find similar approach (for an Heroku app to access a private ssh key) in:
"bwhmather/heroku-buildpack-ssh"
issue 17

Host key verification failed Xcode with Mavericks Server

I'm trying to get a CI setup going and have got Mavericks server downloaded and linked with Xcode all on one machine.
Here's the set up:
Two git repos, hosted on OS X server, named CI and CISubmodule.
CISubmodule added as a submodule to CI
Every time I add bot I get a Host key verification failed error on integration. It's clear from the logs that the server is unable to clone CISubmodule due to an authentication error (I've tried SSH, HTTP, HTTPS) but I don't know why it's failing authentication.
I've set up the server so that logged in users can read and write.
I've tried everything mentioned here.
I'm guessing it's because the server is running as teamsserver and the repo is probably under my username, but I can't figure out how to give it permission to clone. Could it be that the SSH key requires a password? If so, how do I set it up so that it doesn't need a password any more?
Any guidance would be greatly appreciated.
Thanks,
Simon
I had the same case and I am not sure what happend exactly, I think the reason was I had more remote repository accesses and ssh keys pointing git-server side pointing to the same repository.
Deleting the remote repository accesses and cleaning up authorized_keys file helped.
I can confirm the CI server works with submodules, but make sure the .gitmodules file and xccheckout file point to the same repos
you may need to use passphrase-LESS keys for os x server to properly connect to 3rd party hosted git repos. it cannot connect with there is a passphrase needed.
ssh-keygen -p
it worked for us
One thing that helped me was to change my submodule URLs to use HTTPS instead of SSH.
When doing this, make sure that Xcode is actually using the new URLs. Even though I made the changes and pushed them, Xcode was caching the SSH URLs and using them. Remove all your SSH URLS from your server, then also remove them from your client under Preferences->Accounts. Then restart the server and restart Xcode, confirming that the new HTTPS URLs are being used when you create your bot.

HowTo: Teamcity + GitHub

Has anybody successfully configured Teamcity to monitor, extract, and build from GitHub?
I can't seem to figure how where and how to configure the SSH keys for Teamcity. I have Teamcity running as a system service, under a system account. So where does Teamcity stash its SSH configuration?
EDIT
To get this to work, I needed to stop the agent from running under a system account.
Ok... I got this to start working on my Windows server. Here are the steps I took to configure TeamCity 4.5 Professional:
Downloaded the JetBrains Git VCS Plugin
Copied the downloaded zip file to .BuildServer\plugins
In the Administration > Edit Build Configuration > Edit VCS Root configuration screen, I selected "Git (JetBrains)"
Entered my Clone Url from the GitHub project page
Set for authentication method "Default Private Key" -- this is IMPORTANT
The TeamCity BuildAgent should be running as a standard user, with the SSH installation configured properly for that user.
Follow the GitHub SSH directions for SSH configuration
Leave the username blank. This should already be provided for in your GitHub clone URL
I got "Default Private Key" to work with agents running as the SYSTEM user on Windows. For me, the answer was having the identity file at
C:\Windows\SysWOW64\config\systemprofile\.ssh\id_rsa
instead of at
C:\Windows\System32\config\systemprofile\.ssh\id_rsa
Your question is specific to SSH, but it is certainly easier and quicker to use HTTP over TLS, as GitHub and TeamCity both now support HTTP authentication. Furthermore, GitHub also supports personal api tokens with limited permissions, that you may configure to your liking, or create a new user if you prefer.
See image below of our TeamCity settings.
Since TeamCity 8.1, there is an official support for SSH key management, please read this docs: https://confluence.jetbrains.com/display/TCD9/SSH+Keys+Management
for private key, username must be blank.
(This is a up to date answer to an old question)
I got ssh based builds working with github/gitlab and teamcity 7 like this:
Log onto the teamcity machine and use puttygen/ssh-keygen to generate a rsa key pair and save the openssh key somewhere sensible.
(Gotcha - Using puttygen? Make sure the private key is in openssh format - puttygen > conversions > export openssh key)
I suggest you save the private key in
C:\.ssh\id_rsa
Now setup "default private key" in teamcity - create a file
C:\.ssh\config
And in it place this:
Host * IdentityFile c:\.ssh\id_rsa
Login to your gitlab/guthub account and paste in the openssh public key for your teamcity private key.
You should now be able to create a git vcs root in teamcity that can use the default private key to pull your source.
You may need a third party plugin like this
I don't know why but choosing Default Private Key failed to me.
Then I choose to Custom Private Key as screen shot below:
The Username field has to be empty.
The Passphrase field is the password of the your private key
(Assume you have added the public key of this private key in git already.)
Hope no one got stuck like me !

Resources