我正在尝试使用个人访问令牌与GitHub进行身份验证。在GitHub的帮助文件中,它声明使用cURL方法进行身份验证(创建个人访问令牌)。我已经尝试过了,但是我仍然无法推送到GitHub。请注意,我正试图从未经验证的服务器(特拉维斯CI)推送。
cd $HOME
git config --global user.email "emailaddress@yahoo.com"
git config --global user.name "username"
curl -u "username:<MYTOKEN>" https://github.com/username/ol3-1.git
git clone --branch=gh-pages https://github.com/username/ol3-1.git gh-pages
cd gh-pages
mkdir buildtest
cd buildtest
touch asdf.asdf
git add -f .
git commit -m "Travis build $TRAVIS_BUILD_NUMBER pushed to gh-pages"
git push -fq origin gh-pages
这段代码会导致以下错误:
remote:匿名访问scuzzlebuzz /ol3-1。git否认。
致命:'https://github.com/scuzzlebuzzle/ol3-1.git/'认证失败"
为了避免交出“城堡的钥匙”……
注意,sigmavirus24的响应要求你给Travis一个具有相当广泛权限的令牌——因为GitHub只提供具有广泛作用域的令牌,如“写我所有的公共回购”或“写我所有的私人回购”。
如果你想要收紧访问(需要更多的工作!),你可以使用GitHub部署密钥结合Travis加密yaml字段。
以下是该技术如何工作的草图……
首先生成一个名为my_key的RSA部署密钥(通过ssh-keygen),并将其作为部署密钥添加到你的github repo设置中。
然后……
$ password=`openssl rand -hex 32`
$ cat my_key | openssl aes-256-cbc -k "$password" -a > my_key.enc
$ travis encrypt --add password=$password -r my-github-user/my-repo
然后使用$password文件在集成时解密你的部署密钥,通过添加到你的yaml文件:
before_script:
- openssl aes-256-cbc -k "$password" -d -a -in my_key.enc -out my_deploy_key
- echo -e "Host github.com\n IdentityFile /path/to/my_deploy_key" > ~/.ssh/config
- echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" > ~/.ssh/known_hosts
注意:最后一行预填充github的RSA密钥,这避免了在连接时手动接受的需要。
通过在应用GitHub令牌上挣扎了这么多小时,最终它的工作原理如下:
$ cf_export GITHUB_TOKEN=$(codefresh get context github——decryph -o .
Yaml | yq -y .spec.data.auth.password)
代码遵循Codefresh关于使用令牌克隆回购的指导(freestyle}
测试进行:sed %d%H%M匹配词'-123456-whatever'
推回回购(私人回购)
由DockerHub webhooks触发
以下是完整的代码:
version: '1.0'
steps:
get_git_token:
title: Reading Github token
image: codefresh/cli
commands:
- cf_export GITHUB_TOKEN=$(codefresh get context github --decrypt -o yaml | yq -y .spec.data.auth.password)
main_clone:
title: Updating the repo
image: alpine/git:latest
commands:
- git clone https://chetabahana:$GITHUB_TOKEN@github.com/chetabahana/compose.git
- cd compose && git remote rm origin
- git config --global user.name "chetabahana"
- git config --global user.email "chetabahana@gmail.com"
- git remote add origin https://chetabahana:$GITHUB_TOKEN@github.com/chetabahana/compose.git
- sed -i "s/-[0-9]\{1,\}-\([a-zA-Z0-9_]*\)'/-`date +%d%H%M`-whatever'/g" cloudbuild.yaml
- git status && git add . && git commit -m "fresh commit" && git push -u origin master
输出……
On branch master
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)
modified: cloudbuild.yaml
no changes added to commit (use "git add" and/or "git commit -a")
[master dbab20f] fresh commit
1 file changed, 1 insertion(+), 1 deletion(-)
Enumerating objects: 5, done.
Counting objects: 20% (1/5) ... Counting objects: 100% (5/5), done.
Delta compression using up to 4 threads
Compressing objects: 33% (1/3) ... Writing objects: 100% (3/3), 283 bytes | 283.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: Resolving deltas: 0% (0/2) ... (2/2), completed with 2 local objects.
To https://github.com/chetabahana/compose.git
bbb6d2f..dbab20f master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.
Reading environment variable exporting file contents.
Successfully ran freestyle step: Cloning the repo