Geek asks and answers

Setting ssh private keys for deployment on Heroku

I am creating a node.js application that serves as a web hook for Github that will automatically deploy a specific private repo when the changes are applied. To make the webhook application as efficient as possible, I want to clone and pull the private repo to a temporary directory in my Heroku web hosting instance when it is deployed, so when the webhook fires, I only need to “git pull” to get latest updates and their deployment. It's easy enough to run the shell script when the webhook application is deployed (using package.json or Procfile), but before I run the git commands, I need to set the deployment private key. The private and public key are currently in my webhook registry (I know, I know, as soon as I earn it,I will do better), so I tried installing it by adding it to my shell script (which was suggestedhere )

mkdir /app/.ssh
cp config/ssh/* /app/.ssh/
mkdir /tmp/repos
git clone --bare ssh://github.com/<username>/<repo>.git /tmp/repos/<repo>

but I get:

Initialized empty git repository at / tmp / repos / assets / Error checking host key. fatal: the far end unexpectedly hung up

The public key was added as a deployment key in the repo that I am pulling, so my questions are:

  • Am I installing the private key in the correct directory?
  • Should a private key file have a specific name?
  • Is this approach even possible / recommended?
  • If not the best alternative?

Thank!

+3
source share
2 answers

If you want to access private repositories during build, this buildpack is the best option:

https://github.com/timshadel/heroku-buildpack-github-netrc

Github Access. .netrc , .

, . - git, URI , :

https://your_user:your_token@github.com/ABASystems/abas-engineering.git

git, .

+2

"pre-compile hook", $HOME/.ssh/id_rsa, Heroku buildapack .

ssh , . - . .ssh/config :

StrictHostKeyChecking no

buildpacks " ", / . Heroku, . "" : https://deis.com/docs/workflow/applications/using-buildpacks/#compile-hooks. , Python NodeJS buildpacks .

bin/pre_compile, :

#!/usr/bin/env bash
set -eo pipefail

# The pre_compile hook is run by heroku-buildpack-python
echo "-----> I'm pre-compile hook"

# Work around Heroku bug whereby pylibmc isn't availbale during
# compile phase. See: https://github.com/heroku/heroku-buildpack-python/issues/57
export MEMCACHE_SERVERS='' MEMCACHIER_SERVERS=''

if [ -f bin/set_ssh_key ]; then
    echo "-----> Running set_ssh_key"
    chmod +x bin/set_ssh_key
    bin/set_ssh_key
fi

echo "-----> Pre-compile done"

a bin/set_ssh_key:

#!/usr/bin/env bash
set -eo pipefail

if [ -d "$BUILD_DIR/.ssh" ]; then
    echo "-----> Copying $BUILD_DIR/.ssh over $HOME/.ssh..."

    if [ ! -d "$HOME/.ssh" ]; then
        mkdir $HOME/.ssh
    fi

    cp -rv $BUILD_DIR/.ssh/* $HOME/.ssh/
    echo "       done."
fi
0

More articles:


All Articles