Cloudbees & Github: Error: Key already in use - deployment

I would like to push back the results from a build to github and I therefore use the Git publisher plugin. However, when I try to add the SSH public key from Cloudbees as a Deploy Key on Github then Github tells me: 'Key already in use' since it is also part of another repository.
I would like to know why I cannot use the same public key for multiple independent repositories?
[update]
The answers so far indicate that the question is unclear. Cloudbees generates a key pair and uses this on github, I've not found a way to create an alternate pair, so I am stuck with one pair.
I've added the public key to repo A so Cloudbees can pull from repo A. However, I want to use the same build to push to repo B. So it seems logical to add the same (my personal Cloudbees key) to to repo B so cloudbees can push to repo B as well.
However, on Github only a single repo can be using the deploy key:
A deploy key is an SSH key that is stored on the server and grants access to a single repo on GitHub. This key is attached directly to the repo instead of to a user account.
So it is clear that the the public key cannot be attached to more than one repo. However, I can't think of a reason why this is the case?
Anybody?

You need to set your ssh key for user, not repository, so you can use it for multiple github repositories. github don't allow using same key on multiple locations

Because the key is used to identify the user. It's like you would only use a password to identify the user: if two users have the same password, how do you know which is which?
A key is supposed to be unique to a user.
You can, however, generate multiple keys on the same machine and configure git/ssh to use a specific key instead of the default ~/.ssh/id_rsa.pub (or other id_*.pub key).

Related

Automatic pushing to Dreamhost from Github via Workflows

Recently transitioned hosting my website to Dreamhost from Netlify in order to host a dynamic site. One thing I miss is the ability to automatically deploy from Github to the hosting service when changes are detected in my repo.
I've found tutorials for pushing to Github from my Dreamhost server, but not the other way around. I have multiple people working on this website, and my hope is to do this centrall via Github instead of manually pushing to both Github and the Dreamhost server thru the command line.
My assumption is that to ssh to Dreamhost I need a public key from my client to store on the Dreamhost server. I don't know if this is possible to generate a public key from Github (related to the workflow), but if it is how I would I do it? The other option is to store the ssh credentials with Github repo secrets to connect, but I feel this isn't best practice.
How would I go about pushing my Github repo to my Dreamhost server automatically after changes to main?
Two different gists suggest the same approach.
Create a bare repo on the DreamHost server
push to it
have a post-receive hook doing the git restore in the target folder (on the same server) where the actual site is deployed
See "How to Git Push to a Server Machine without having to ssh on to that machine every time?"
What remains for your GitHub Action is, as describe in Deploying to a server via SSH and Rsync in a Github Action, to use a dedicated SSH key, whose private key is registered in GitHub secrets.

How to use private packages in Azure Pipelines During CI/CD builds

I am using Azure CI/CD pipelines for Flutter build. In my Pubspec yaml file, I have dependencies that are private to my project and the code is hosted in same azure devops project but in different repository. During Build (i.e. Flutter Packages get) it gives me error saying Authentication failed?. I tried with PAT token where in prior to flutter build task i used git command to set that token, but it didn't solve the issue. Can anyone help me out?
I am open to being shown a better way but these are the steps I took to solve this issue a little while ago.
Assuming you are referencing the package in your pubspec.yaml using git over ssh on azure devops like:
repo_name:
git:
ref: 'tag or other identifier'
url: you#vs-ssh.visualstudio.com:v3/you/project/repo_name
Generate a new ssh key pair on your machine.
Upload the private key to the library secure files section on azure devops.
Add the install ssh key task to your azure pipelines build, using the key pair generated in the previous steps and referencing the private key uploaded to the secure files library. link
Upload the public key to your list of public keys. (This step I'm not 100% sure is necessary but I did it initially and things have worked so I haven't changed removed it)
So in my azure-pipelines.yaml the install ssh key step looks kinda like this where id_rsa is the name of the private key in my secure files.
- task: InstallSSHKey#0
inputs:
knownHostsEntry: 'vs-ssh.visualstudio.com, ...etc'
sshPublicKey: 'ssh-rsa ...etc'
sshKeySecureFile: id_rsa
A private feed is created with permissions such that only you have access.
The build agent run with user(build service account), give to this user permissions in the feed. From Feed settings->Permissions, assign your build service account owner permission.
Also verify the token is working, make sure you have selected sufficient scopes for this token to authorize for your specific tasks.
Besides try adding a variable system.debug with a value of true you’ll get more information in the failure. That might help pinpoint the problem.

unable to deploy from codeship to heroku

We had a consultant configure our CI, but since he left we get the following error whenever trying to deploy:
Warning: Permanently added 'heroku.com,40.19.75.141' (RSA) to the list of known hosts.
! Your account pedro#someemail.com does not have access to mysascards-staging.
!
! SSH Key Fingerprint: 41:fc:8a:39:fb:ed:eb:a6:69:a5:1b:ff:35:84:41:2f
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
If I add "pedro#someemail.com" to heroku, the deployment works fine.
How do I remove the dependency on this account from our codeship configuration?
In order for you to deploy your app using Codeship, you need to provide the Heroku API key from your Heroku account.
You can access your Heroku API key here -
https://dashboard.heroku.com/account.
Once you have your API key, you can change the deployment configuration with the following steps:
Navigate to your project
Click Project Settings
Click Deploy
Copy/Paste the API key to Heroku API Key
Make sure the Heroku user's API key has access to the application mysascards-staging
If the project has been transferred (as it appears yours has), the SSH Key that was assigned to the project most likely needs to be recreated.
You can recreate the SSH key by submitting a help ticket, and the add the key to both Heroku and the SCM.
Let me know if this helps!
To clarify the answer above - it was necessary to generate a new SSH key on codeship as the account had changed ownership.
This key then needed to be added to both the remote GIT repo (bitbucket in my case) and in Heroku. In both cases, this was possible directly on the site (no command line needed).

Appveyor clone a private repo

How to use Appveyor to clone a private repo?
For example, I am in the repo A, I need to clone Repo B.
I don't want to send my personal access token, instead I wanted to send secure token. I tried using appveyor encrypt data tool, and clone the repo. But no luck.
Can someone help me here?
Appveyor documentation can get you the key. I understand that the key is tied with your account. If you use your account to encrypt the key and run appveyor (using another account), then it will not work. So you have to use the same account for encryption and decryption.

github invite non-github users to private repo

I am setting up a private repository in GitHub and I want to invite people to my repo.
I found out that I can invite github users as my team members, but I want to know is it possible to invite non-github users to access my repo for checkin/checkout?
Thanks in advance.
You could add their ssh keys as Deployment Keys.
Deployment keys are ssh keys of users (usually, scripts) that are allowed to read the repository so they can build the code and deploy it somewhere.
This would allow your non-githubber coworkers to clone the repository.
Unfortunately, I don't think there's an equivalent system to allowing non-githubber to use the web interface.