GitHub authentication for private repos
Closed this issue · 2 comments
How would you recommend handling authentication for private GH repos during the clone operations for both the kochiku server and workers? The GitHub remote server model (https://github.com/square/kochiku/blob/bea210e11d350e3f01495996d71e14078e189a57/app/models/remote_server/github.rb) doesn't accommodate for a password file and auth methods like the stash version.
I have also found that SSH key-based authentication with GH doesn't work in the context of the resque workers.
Thanks in advance for your insight.
At Square we have created a fake user for CI purposes on our enterprise Github instance. That user is a member of a github team with a name along the lines of "CI Team" that is manually granted push and pull access to any repository that we wish to run through Kochiku.
This matches the "machine users" approach described on this Github help article.
The other approach in that help article that should work is "deploy keys". Github deploy keys have read only access though so you will not be able to use certain features like tag on green and merge on green.
Thanks so much Rob! I appreciate it.