Cannot Auth with Github App
grifonas opened this issue · 4 comments
Hi,
Thanks for maintaining this project.
I just tried installing the latest Helm chart and got the following error from the operator after applying a githubactionrunner
:
2021-05-18T13:27:44.380Z DEBUG controller-runtime.manager.events Warning {"object": {"kind":"GithubActionRunner","namespace":"github","name":"company-generic","uid":"REDACTED","apiVersion":"garo.tietoevry.com/v1alpha1","resourceVersion":"5841920"}, "reason": "ProcessingError", "message": "could not parse private key: Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key"}
Here's the relevant bit from the definition:
- name: runner
env:
- name: RUNNER_DEBUG
value: "true"
- name: DOCKER_TLS_CERTDIR
value: /certs
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_CERT_PATH
value: /certs/client
- name: GH_ORG
value: contiamo
# if runner for repo:
# - name: GH_REPO
# value: theRepoName
envFrom:
- secretRef:
name: runner-pool-regtoken
- secretRef:
name: github-runner-app
The secret exists and its structure is as follows:
apiVersion: v1
data:
GITHUB_APP_INTEGRATION_ID: [BASE64]
GITHUB_APP_PRIVATE_KEY: [BASE64]
kind: Secret
the secret was created using the following command:
kubectl create secret generic github-runner-app --from-literal=GITHUB_APP_INTEGRATION_ID=115863 --from-file=GITHUB_APP_PRIVATE_KEY=private-key.pem
The key was downloaded right after creating the Github App from the Private Keys
section of the new app.
Thank a lot in advance!
The runner shouldn't reference the app secret, the app secret is used by the operator.
Hi. Thanks. That sorted that particular issue.
However I am now getting this in the operator logs:
2021-05-19T13:16:44.354Z INFO controllers.GithubActionRunner Pods and runner API not in sync, returning early {"githubactionrunner": "github/runner-pool"}
Had a look at the runner pod runner logs and saw this:
Authentication
Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration'
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
Response status code does not indicate success: 404 (Not Found).
That looks like a lack of permissions. However the app is installed in the Github org and has the appropriate permissions (self-hosted runner read/write):
Permissions
Read and write access to organization self hosted runners
Can you perhaps point me in the right direction for this?
Thank you!
Double check your configuration values (by exec'ing into the controller and checking the environment).
I have these permissions on my app:
- Read access to metadata
- Read and write access to organization self hosted runners
and the app is installed at the organization level
@grifonas did it work? Can we close the issue?