Webhooks: GCP and Github - github

Since Github changed their authentication methods to only accept Personal Access Tokens I've had some trouble with getting my GCP Build Trigger to run when I push to the main branch of my repo.
Does anyone know how I can re-authenticate, or change the password that's being used to connect GCP to Github?
On GCP I have tried reconnecting to the repo, 'forgetting' the repo and then reconnecting, I'm not incredibly clued up on this platform, I've only been using it for a few weeks.

"token" would be used for HTTPS URL.
The official GCP documentation uses SSH URLs, which does not need tokens (but SSH keys): that would be one alternative.

Related

Create GitHub PR Comment from Azure Pipeline

After a quick internet search I couldn't seem to find an easy way for my Azure Pipeline to write a custom comment back to the PR that triggered it. Is this possible? Does it require a PAT? I can't use any solution that requires exposing a PAT to a external PR, as they could then easily exfiltrate it.
Sure, you can add comments to the PR on GitHub from Azure pipelines. You can use the GitHub Comment task in your pipeline to easily write comments to the GitHub PR.
With this task, you also need to create a GitHub service connection, or a GitHub Enterprise Server service connection if your repository is hosted on GitHub Enterprise Server, for use on the task.
When creating the GitHub (or GitHub Enterprise Server) service connection, you can choose an authorization method from the optional.
GitHub service connection -- Grant authorization or Personal Access Token
GitHub Enterprise Server service connection -- Personal Access Token, Username and Password or OAuth2
So, a GitHub PAT is not required if the authorization method you choose is not Personal Access Token.
[UPDATE]
If you are worrying about that the service connection would be abused by someone to attack your source code repository, you can do the following things:
On GitHub, you can create a PAT, and limit the permission scopes of this PAT. More details, see "Creating a personal access token".
On Azure DevOps, you can choose Personal Access Token as the authorization method on the service connection, and fill with the PAT that you created in above step. Then you can limit which users, teams and groups, even which pipelines, can use the service connection in the project. More details, you can see "Secure a service connection".

SSH access to GitHub repository

I have followed the process described in Multiple GitHub Accounts & SSH Config (stefano's answer) and have set up SSH access to multiple repositories using deploy keys. I've tried that on repositories of a specific GitHub organization and it works fine - I can pull and push changes. I've also tried this on my user area and it still works great.
However, when trying this on repositories in another GitHub organization (e.g. when doing a git push) it fails with the following error
ERROR: Permission to XXXX/YYYY.git denied to deploy key
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
When checking SSH access through ssh -T I get
"Hi XXX/YYYY! You've successfully authenticated, but GitHub does not provide shell access."
which suggests that SSH should be working.
I have gone through the organization settings (main page for GitHub organization > Settings) and they have pretty much identical settings, except from what you would expect to be different e.g. contact email etc.
I was wondering if anyone has any ideas about what could be causing this. Are there any more organization settings somewhere by any chance?
ERROR: Permission to XXXX/YYYY.git denied to deploy key
This looks like you are trying to push using a deploy key. This key is used for deployment and therefore only to read-only access of your repository. Make sure you have the key which is enrolled in your github account, make sure it is used (IdentityFile in ~/.ssh/config) and get rid of the deploy key from the standard location which is picked by default (~/.ssh/id_{rsa,dsa,ecdsa,ed25519}). Note, that if there are more "valid" keys, only the firs succeeds.

Github with opswork auto deployment using webhook help needed

Again i got stuck to achive the target to trigger deployment once code is pushed to repo, I search the net but i found only old information github is updated and as per there instruction i setup all values but still not working so its look i am missing something I tried to follow the instruction but it seems old http://bytes.babbel.com/en/articles/2014-01-22-github-service-hook-for-aws-ops-works.html
The interface is confusing and i am confused because there is no connection between repo name and opswork service , so what value webhook should send to opswork service ?
Below is what i understood
Setup webhook and it will trigger and send pay load to CI or services as needed once code is pushed to repo (this part is working and send payload to some where) : But this is failing because its Payload URL should i give the opswork service url generated by git hub ?
Opswork services : This is not working ,
App
Given from AWS opswork's app : opswork ID
Stack
Given from AWS opswork's stack: opswork ID
Branch name
Here is the confussion again as per github help i need to give the SHA configured for that app in the AWS OpsWorks Console ? Why should i give SHA not the Master or the link of repo ?
GitHub api url
This is optional what should i give here ?
Aws access key
No issues
Aws secret access key
No issues
GitHub token
Optional : Created token as instructed , Both with token and without token not working.
So If you check opswork is not getting triggered , I thought when i push the changes it may work internally but not.
So its seems web hook and opswork service need to be interact at some level but unable to figure it out :(
I checked git hub help also found nothing for new interface
I checked google and stackoverflow too , but not found any thing
Kindly anyone please answer .
One alternative way would be to set up AWS CodePipeline (CodeDeploy??) to deploy to your AWS Opsworks stack.
CodePipeline is a Continuous Delivery solution from Amazon. Mid 2016 they announced that CodePipeline works with OpsWorks - see their blog announcement: AWS CodePipeline Adds Integration with AWS OpsWorks. There's some walkthroughs there too, depending on what version of OpsWorks your stack is set up for.
(It does feel a bit weird to use a deployment service to deploy to a service that has an existing deployment service... but eh, thought this might help)
The problem is with the process of Github and opswork , if there is any error then both do not report user with error.
I contacted to Github support and luckily they responded me back with error message "The security token included in the request is invalid."
Then i recopied the access key and secret key removed "GitHub api url" as blank and branch name to "master" (so it will always deploy the latest version aka head)
Also make sure you need to set permission again in opswork this is separate to IAM permission ,
Steps -> Goto your stack - Permission and edit -> add user github with permission "IAM Policies Only".
There is no interaction between web hooks and integrations . so you can make use of integration services without web hook :) .
Thanks to Stack overflow , Git-hub both :)

Github sign in before a push

When I try to push my project on Github, I have to sign in every time with my Github account before the push. And I don't understand why, on certain projects I don't need to do this, only on one project.
MacBook-Pro-Firstname:ProjectName firstname$ git push origin master
Username for 'https://github.com': email#gmail.com
Password for 'https://email#gmail.com#gmail.com#github.com': *******
How can I remove the sign in process?
GitHub offers two different authentication methods for read/write access. The first, which you appear to be using, is the HTTPS method and requires username/password authentication. The other way is via SSH which uses public/private key pairs to authenticate rather than a username/password combination.
To change the URL of the repository to the SSH version, you can use git config remote.origin.url git#github.com:username/repository.git
It sounds like you already have SSH keys generated and added to your account if you don't need to authenticate for some projects, but if you don't you can set it up via this link.
I am not entirely sure but I believe you will need to create an SSH key: https://help.github.com/articles/generating-ssh-keys
You need to set up a public SSH key with Github. See this article: https://help.github.com/articles/generating-ssh-keys

Why does github keep asking me for repo credentials?

We recently moved our github from one account owner to another, and now all of the sudden when I do a git pull or any git command on the remote repo, it asks me for github username and password.
My git-config says:
[github]
user = kamilski81
token = *********
Any idea how I can stop it asking me for credentials and remember everything, does the new owner have to setup my ssh keys or something of that sort?
Following this article sorted it out for me:
https://help.github.com/articles/why-is-git-always-asking-for-my-password
git remote set-url origin git#github.com:user/repo.git
The github username and token in the gitconfig is only used for interactions with the GitHub API (for instance the hub gem and the github tool).
If you are pushing and pulling from a GitHub repository over https, then you need to specify your credentials every time, or hook into a password manager to remember the credentials for you. How to do this depends on your platform.
The easiest thing to do is to go to your github account and submit your SSH public key to your account, and then switch your github remote to push/pull over ssh instead of https.
[edit] After re-reading the question I noticed that you mentioned it was previously a GitHub repo that was just moved from one owner to another. If that's the case, and you ARE able to push and pull by specifying your credentials, it sounds to me to be one of two scenarios:
The previous remote used ssh, and GitHub has your SSH key; but when the owner changed and you updated the remote, you updated it to go over https.
The previous remote used https, but you had a password manager setup correctly to deal with your credentials, which no longer works.
After doing "remote -v"....the issue was that my remote was using an "https" remote rather than "git" remote. Changing the remote to use git rather than https solved everything.
If you execute only once git pull and Git client still asking you the credential without do the git pull for you, the problem should be because your credential is incorrect or not setup yet.
but if you get the dialog ask for credential one for each operation, it mean that your credential isn't remembered. To do that, you may use Pageant to store your SSH private key, so, everytime you do something, it will retrieve your credential from Pageant instead to asking you.