Can't push commits to public repo (only private)

FuzzyMistborn · November 15, 2021, 5:29pm

I’ve searched and I’ve searched, and I’ve tried so many different permutations/options that my head is spinning and I just can’t get this to work. All I’m trying to do is push back changes to GitHub if

However, I keep getting fatal: could not read Username for 'https://github.com': terminal prompts disabled in my logs. I’ve read Fatal: could not read Username for and tried all the steps there but nothing. What’s weird is that it works completely fine on a private repo. It’s only public repos (which are mine) that it doesn’t work.

I’ve also tried turning on DRONE_GIT_ALWAYS_AUTH to true, but still nada.

EDIT: Nevermind, apparently I hadn’t actually set the always auth variable/not restarted.

bradrydzewski · November 15, 2021, 6:34pm

If you want to push to a repository, the recommended approach to providing credentials would be to use secrets to inject the credentials into your pipeline step (see an example here). We also provide a plugin that can be used to push code (see an example here).

I do not recommend using DRONE_GIT_ALWAYS_AUTH for this purpose. The DRONE_GIT_ALWAYS_AUTH flag is meant for teams that are using GitHub Enterprise behind the firewall with private mode enabled, which requires authentication to clone public repositories. If you enable this flag for GitHub cloud, a bad actor could send your public repository a pull request that intercepts your git credentials.

FuzzyMistborn · November 15, 2021, 7:26pm

Thank you.

I tried using the plugin. That does not work currently as I can’t set the repo with a :. See error: colon in url path · Issue #44 · appleboy/drone-git-push · GitHub. I tried the recommended tagged version and ran into more issues.

I tried the example of injecting my ssh key into the pipeline and i get this:

latest: Pulling from drone/git
Digest: sha256:091ecd02ee4ac5154fd76133c5055b2345a61cbc17182b00612df1fa7eef1510
Status: Image is up to date for drone/git:latest
+ mkdir $HOME/.ssh
+ echo "$SSH_KEY" > $HOME/.ssh/id_rsa
+ chmod 600 $HOME/.ssh/id_rsa
+ touch test
+ git add .
+ git commit -m "[CI] Test"
[main 8a431c2] [CI] Test
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 test
+ git push origin main
fatal: could not read Username for 'https://github.com': terminal prompts disabled

You can see the test repo here: publictest/.drone.yml at main · FuzzyMistborn/publictest · GitHub

It’s only with the always auth variable “true” that it works.

bradrydzewski · November 15, 2021, 7:31pm

I use that plugin without issue (this is our real-world pipeline configuration and this is a successful build) however, if you are having issues with the plugin you should consult the plugin author or consider sending a pull request to help them patch.

Please note that a plugin is not required here. There are some threads that describe how to inject an ssh key into your pipeline step from a secrret. See How can I set host ssh key? or Clone private submodule for public project.

Also keep in mind that Drone clones your repository using git+https. The reason you see an error (in the logs you posted above) is because the remote is git+https as opposed to git+ssh, and the ssh key cannot be used to authenticate a git+https remote. So if you want to push to your repository using an ssh key, you need to change the git remote to use the ssh repository url (e.g. git remote add upstream git@github.com:foo/bar.git; git push upstream master)

FuzzyMistborn · November 15, 2021, 7:59pm

What. The. Heck. It works now. I swear I had an identical drone file as yours but…somehow that didn’t work.

---
kind: pipeline
type: docker
name: Test

steps:
- name: touch
  image: alpine
  commands:
    - touch test

- name: push
  image: appleboy/drone-git-push
  pull: if-not-exists
  settings:
    branch: main
    remote: git@github.com:FuzzyMistborn/publictest.git
    commit: true
    commit_message: "[CI SKIP] Test"
    ssh_key:
      from_secret: gh_ssh_key

FuzzyMistborn · November 16, 2021, 5:07pm

Back again, sorry. Trying to create a tag on the public Github repo and getting the same fatal: could not read Username for 'https://github.com': terminal prompts disabled

Here’s the pipeline:

---
kind: pipeline
type: docker
name: Generate Tags

trigger:
  event:
  - custom

steps:
  - name: generate tag
    image: alpine/git
    environment:
      SSH_KEY:
        from_secret: ssh_key
    commands:
      - mkdir $HOME/.ssh
      - echo "$SSH_KEY" > $HOME/.ssh/id_rsa
      - chmod 600 $HOME/.ssh/id_rsa
      - dockerver=$( cat docker_ver )
      - git tag -a $dockerver -m "Nextcloud Release v. $dockerver"
      - git push origin main $dockerver

I might try the Github Releases plugin but I think i’d run into the issue where the tag isn’t there yet. Am I missing something obvious here?

bradrydzewski · November 16, 2021, 5:16pm

I think this comment still applies

FuzzyMistborn · November 16, 2021, 8:45pm

OK, i understand that now (never had dealt with HTTPS and git before). I see two options: 1) is it possible to push with something like an API key from Github? or 2) do something like this:

---
kind: pipeline
type: docker
name: Generate Tags

steps:
  - name: generate tag
    image: alpine/git
    environment:
      SSH_KEY:
        from_secret: special_ssh
    commands:      - mkdir $HOME/.ssh
      - echo -e "$SSH_KEY" > $HOME/.ssh/id_rsa
      - chmod 600 $HOME/.ssh/id_rsa
      - eval `ssh-agent -s`
      - ssh-add $HOME/.ssh/id_rsa
      - git config --global user.email "fuzzymistborn@protonmail.com"
      - git config --global user.name "FuzzyMistborn"
      - git remote add github git@github.com:FuzzyMistborn/dronetest.git
      - git tag -a 0.0.1 -m "Nextcloud Release v. 0.0.1"
      - git push -u github main 0.0.1

I was getting an invalid key format error which i’ve resolved by putting the SSH key in as a secret with \n for each line break and using echo -e. Now my issue is this:

Host key verification failed.

fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I’ve tested the key and it works/can authenticate against Github from another machine using the key.

In summary, there has to be an easier way to do this. Seems like a pretty basic thing to do.

bradrydzewski · November 16, 2021, 8:54pm

In summary, there has to be an easier way to do this. Seems like a pretty basic thing to do.

The easiest option is to use the git push plugin (which we are using here). I understand you are having issues with the plugin but this is not something I can help you troubleshoot further. I recommend reaching out to the author directory or inspecting the source code (in the spirit of open source) to see if you can help the author improve.

I was getting an invalid key format error which i’ve resolved […]

Here is an of a real-world example that I used to clone a private repository that you can use for reference: http://discuss.harness.io/t/clone-private-submodule-for-public-project/1453/2. I noticed you are using slightly different commands, so maybe it is best to copy the technique at this link since it is proven to work.

FuzzyMistborn · November 16, 2021, 9:06pm

Well the push plugin wouldn’t work with pushing a tag unless I’m missing something. It only can push commits. So it wouldn’t work for me as far as I can tell.

I managed to get this to work with HTTPS pushing using a Github API key.

  - name: generate tag
    image: alpine/git
    environment:
      GH_API_KEY:
        from_secret: push_api_key
    commands:
      - git remote add github https://fuzzymistborn:$GH_API_KEY@github.com/FuzzyMistborn/dronetest.git
      - git tag -a 0.0.1 -m "Release v. 0.0.1"
      - git push -u github main 0.0.1