How to push a commit to Github from a CircleCI bui

2020-06-08 14:01发布

站内问答 / 后端开发
514 3 4

When executing a build for git repository giantswarm/docs-content in CircleCI, I'd like to push a commit to another repository giantswarm/docs.

I have this in the deployment section of circle.yml:

git config credential.helper cache
git config user.email "<some verified email>"
git config user.name "Github Bot"
git clone --depth 1 https://${GITHUB_PERSONAL_TOKEN}:x-oauth-basic@github.com/giantswarm/docs.git
cd docs/
git commit --allow-empty -m "Trigger build and publishing via docs-content"
git push -u origin master

This fails in the very last command with this error message:

ERROR: The key you are authenticating with has been marked as read only.
fatal: Could not read from remote repository.

The GITHUB_PERSONAL_TOKEN environment variable is set to a user's personal access token, which has been created with repo scope to access the private repo giantswarm/docs. In addition, I added the user to a team that has admin permissions for that repo.

That series of commands works just fine when I execute it in a fresh Ubuntu VM. Any idea why it doesn't on CircleCI?

3条回答
Rolldiameter
2楼-- · 2020-06-08 14:07

Thanks to the hint by Ali Amin I now have this working solution:

version: 2
jobs:
  build:
    machine: true
    steps:
      - run:
          name: Clone docs
          working_directory: ~/workdir
          command: |
            git clone --depth 1 https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git
      - deploy:
          name: Trigger docs deployment
          working_directory: ~/workdir/docs
          command: |
            git config credential.helper 'cache --timeout=120'
            git config user.email "<email>"
            git config user.name "Deployment Bot"
            git commit --allow-empty -m "Trigger deployment"
            # Push quietly to prevent showing the token in log
            git push -q https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git master

Some notes:

  • The git clone is first.
  • All subsequent git commands have to be executed in the clone directory. working_directory simplifies this a great deal.
  • The token DOCS_GITHUB_TOKEN is a personal access token with repo scope for the target repository.
查看更多
0人赞 添加讨论(0) 举报
三岁会撩人
3楼-- · 2020-06-08 14:11

I've used 

git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/<user>/<repo>.git master

and it worked. Update it to be:

# Push changes
git config credential.helper 'cache --timeout=120'
git config user.email "<email>"
git config user.name "<user-name>"
git add .
git commit -m "Update via CircleCI"
# Push quietly to prevent showing the token in log
git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/giantswarm/docs.git master
查看更多
0人赞 添加讨论(0) 举报
干净又极端
4楼-- · 2020-06-08 14:11

Although embedding the token into the command works for this case it might not work for all cases and doesn't answer the question.

  1. Other cases would include scripts that dont expose direct access to the git command. They rely on the GH_TOKEN variable being set and you wouldn't be able to inject it as in the example.

  2. It doesn't answer the question:

Any idea why it doesn't on CircleCI?

On CircleCI support forum there is an answer about this:

https://support.circleci.com/hc/en-us/articles/360018860473-How-to-push-a-commit-back-to-the-same-repository-as-part-of-the-CircleCI-job

Running git push results in "ERROR: The key you are authenticating with has been marked as read only."

The deploy key that the project is configured with, by default when you add a project on CircleCI, only has read access, so a key with write permissions needs to be configured to be used, to avoid the above error message. Please ensure that a user key or a read-write deployment key has been configured for the project

https://circleci.com/docs/2.0/gh-bb-integration/#creating-a-github-deploy-key

After going through this process you should have a deploy key with write permissions that allows the push.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)