1

package.json 中的依赖:

"dependencies": {
    "my-repo": "git+ssh://github.com/org-name/my-repo.git"
  },

GitHub 操作:

name: Test
on: [push, pull_request]
jobs:
  test:
    name: Test
    runs-on: ubuntu-18.04
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Setup Node.js
        uses: actions/setup-node@v2
        with:
          node-version: 12
          registry-url: 'https://npm.pkg.github.com'
          scope: '@org-name'
      - uses: webfactory/ssh-agent@v0.4.1
        with:
          ssh-private-key: ${{ secrets.DEPLOY_KEY }}
      - name: Install dependencies
        run: yarn
      - name: Test
        run: yarn test

GitHub Actions 机密中的 DEPLOY_KEY 是私钥,我已在依赖项 repo 中添加了相应的公钥作为部署密钥。

我生成了密钥ssh-keygen -m PEM -t rsa -b 4096 -C "ssh://github.com/org-name/my-repo.git" -f ./deploykey -q -N ""

这是我在 GitHub Actions 输出中看到的失败:

Exit code: 128
Command: git
Arguments: ls-remote --tags --heads ssh://github.com/org-name/my-repo.git
Directory: /home/runner/work/auth-package/auth-package
Output:
Warning: Permanently added the RSA host key for IP address '140.82.112.4' to the list of known hosts.
runner@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

真的对这个失去理智了!

4

1 回答 1

0

我不知道我是否做对了,但要访问不同的仓库,你需要一个访问令牌。因此,您需要一个带有私钥的 Github 应用程序。https://github.com/settings/apps

您的工作流程中需要这三个环境变量:

  - uses: actions/checkout@v2
  - name: get secrets
    env:
      PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
      APP_ID: ${{ secrets.APP_ID }}
      INSTALLATION_ID: ${{ secrets.INSTALLATION_ID }}

然后创建您的 JWT(在此处检查您的 JWT:https ://jwt.io/ )以通过 REST API 创建访问令牌

run: |
      PEM=$PRIVATE_KEY
      GITHUB_APP_ID=$APP_ID
      NOW=$( date +%s )
      IAT="${NOW}"
      EXP=$((${NOW} + 600))
      HEADER_RAW='{"alg":"RS256"}'
      HEADER=$( echo -n "${HEADER_RAW}" | openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n' )
      PAYLOAD_RAW='{"iat":'"${IAT}"',"exp":'"${EXP}"',"iss":'"${GITHUB_APP_ID}"'}'
      PAYLOAD=$( echo -n "${PAYLOAD_RAW}" | openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n' )
      HEADER_PAYLOAD="${HEADER}"."${PAYLOAD}"
      SIGNATURE=$( openssl dgst -sha256 -sign <(echo -n "${PEM}") <(echo -n "${HEADER_PAYLOAD}") | openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n' )
      JWT="${HEADER_PAYLOAD}"."${SIGNATURE}"

然后开始你的 API CALL:

ACCESS_TOKEN=$(curl -sS -X POST \
      -H "Authorization: Bearer "$JWT"" \
      -H "Accept: application/vnd.github.v3+json" \
      https://github.com/api/v3/app/installations/"$INSTALLATION_ID"/access_tokens | grep -o '"token": "[^"]*' | grep -o '[^"]*$')

然后从你的 Git Clone 命令开始:

git clone https://x-access-token:"$ACCESS_TOKEN"@github.com/../repo.git
      cd repo
      git config --global user.email "<email>"
      git config --global user.name "<name>"
      git branch upload
      git checkout upload
      git commit -m "update"
      git push --set-upstream origin upload

然后,例如,您可以克隆当前存储库中的其他存储库。请注意授予应用程序对存储库的访问权限。

于 2022-02-08T14:46:22.357 回答