Cannot Auth with Github App

Question

Cannot Auth with Github App

grifonas opened this issue 3 years ago · 4 comments

Hi,
Thanks for maintaining this project.
I just tried installing the latest Helm chart and got the following error from the operator after applying a githubactionrunner:

2021-05-18T13:27:44.380Z	DEBUG	controller-runtime.manager.events	Warning	{"object": {"kind":"GithubActionRunner","namespace":"github","name":"company-generic","uid":"REDACTED","apiVersion":"garo.tietoevry.com/v1alpha1","resourceVersion":"5841920"}, "reason": "ProcessingError", "message": "could not parse private key: Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key"}

Here's the relevant bit from the definition:

        - name: runner
          env:
            - name: RUNNER_DEBUG
              value: "true"
            - name: DOCKER_TLS_CERTDIR
              value: /certs
            - name: DOCKER_HOST
              value: tcp://localhost:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/client
            - name: GH_ORG
              value: contiamo
          # if runner for repo:
          # - name: GH_REPO
          #   value: theRepoName
          envFrom:
            - secretRef:
                name: runner-pool-regtoken
            - secretRef:
                name: github-runner-app

The secret exists and its structure is as follows:

apiVersion: v1
data:
  GITHUB_APP_INTEGRATION_ID: [BASE64]
  GITHUB_APP_PRIVATE_KEY: [BASE64]
kind: Secret

the secret was created using the following command:

kubectl create secret generic github-runner-app --from-literal=GITHUB_APP_INTEGRATION_ID=115863 --from-file=GITHUB_APP_PRIVATE_KEY=private-key.pem

The key was downloaded right after creating the Github App from the Private Keys section of the new app.

Thank a lot in advance!

Answer 1 · 2021-05-18T13:43:08.000Z

The runner shouldn't reference the app secret, the app secret is used by the operator.

Answer 2 · 2021-05-19T13:21:05.000Z

Hi. Thanks. That sorted that particular issue.
However I am now getting this in the operator logs:

2021-05-19T13:16:44.354Z	INFO	controllers.GithubActionRunner	Pods and runner API not in sync, returning early	{"githubactionrunner": "github/runner-pool"}

Had a look at the runner pod runner logs and saw this:

Authentication

Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration'
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
Response status code does not indicate success: 404 (Not Found).

That looks like a lack of permissions. However the app is installed in the Github org and has the appropriate permissions (self-hosted runner read/write):

Permissions
 Read and write access to organization self hosted runners

Can you perhaps point me in the right direction for this?

Thank you!

Answer 3 · 2021-05-19T14:02:02.000Z

Double check your configuration values (by exec'ing into the controller and checking the environment).
I have these permissions on my app:

Read access to metadata
Read and write access to organization self hosted runners

and the app is installed at the organization level

Answer 4 · 2021-05-26T21:09:03.000Z

@grifonas did it work? Can we close the issue?