如何使用个人访问令牌从 CircleCI 构建中推送对 Github 的提交
How to push a commit to Github from a CircleCI build using a personal access token
在 CircleCI 中为 git 存储库 giantswarm/docs-content 执行构建时,我想将提交推送到另一个存储库 giantswarm/docs。
我在 circle.yml 的 deployment 部分有这个:
git config credential.helper cache
git config user.email "<some verified email>"
git config user.name "Github Bot"
git clone --depth 1 https://${GITHUB_PERSONAL_TOKEN}:x-oauth-basic@github.com/giantswarm/docs.git
cd docs/
git commit --allow-empty -m "Trigger build and publishing via docs-content"
git push -u origin master
此 fails 在最后一条命令中出现此错误消息:
ERROR: The key you are authenticating with has been marked as read only.
fatal: Could not read from remote repository.
GITHUB_PERSONAL_TOKEN 环境变量设置为用户的个人访问令牌,该令牌是在 repo 范围内创建的,用于访问私有存储库 giantswarm/docs。此外,我将该用户添加到对该存储库具有管理员权限的团队。
当我在一个新的 Ubuntu VM 中执行这一系列命令时,它工作得很好。知道为什么它不在 CircleCI 上吗?
我用过
git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/<user>/<repo>.git master
它奏效了。
更新为:
# Push changes
git config credential.helper 'cache --timeout=120'
git config user.email "<email>"
git config user.name "<user-name>"
git add .
git commit -m "Update via CircleCI"
# Push quietly to prevent showing the token in log
git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/giantswarm/docs.git master
感谢 的提示,我现在有了这个可行的解决方案:
version: 2
jobs:
build:
machine: true
steps:
- run:
name: Clone docs
working_directory: ~/workdir
command: |
git clone --depth 1 https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git
- deploy:
name: Trigger docs deployment
working_directory: ~/workdir/docs
command: |
git config credential.helper 'cache --timeout=120'
git config user.email "<email>"
git config user.name "Deployment Bot"
git commit --allow-empty -m "Trigger deployment"
# Push quietly to prevent showing the token in log
git push -q https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git master
一些注意事项:
- 第一个是
git clone
- 所有后续的
git命令都必须在克隆目录中执行。 working_directory 大大简化了这一过程。
- 令牌
DOCS_GITHUB_TOKEN 是一个 personal access token,目标存储库具有 repo 范围。
虽然将令牌嵌入到命令中适用于这种情况,但它可能不适用于所有情况并且无法回答问题。
其他情况包括不公开直接访问 git 命令的脚本。它们依赖于设置的 GH_TOKEN 变量,您将无法像示例中那样注入它。
没有回答问题:
Any idea why it doesn't on CircleCI?
在 CircleCI 支持论坛上有一个关于这个的回答:
Running git push results in "ERROR: The key you are authenticating with has been marked as read only."
The deploy key that the project is configured with, by default when you add a project on CircleCI, only has read access, so a key with write permissions needs to be configured to be used, to avoid the above error message. Please ensure that a user key or a read-write deployment key has been configured for the project
https://circleci.com/docs/2.0/gh-bb-integration/#creating-a-github-deploy-key
完成此过程后,您应该拥有一个具有允许推送的写入权限的部署密钥。
在 CircleCI 中为 git 存储库 giantswarm/docs-content 执行构建时,我想将提交推送到另一个存储库 giantswarm/docs。
我在 circle.yml 的 deployment 部分有这个:
git config credential.helper cache
git config user.email "<some verified email>"
git config user.name "Github Bot"
git clone --depth 1 https://${GITHUB_PERSONAL_TOKEN}:x-oauth-basic@github.com/giantswarm/docs.git
cd docs/
git commit --allow-empty -m "Trigger build and publishing via docs-content"
git push -u origin master
此 fails 在最后一条命令中出现此错误消息:
ERROR: The key you are authenticating with has been marked as read only.
fatal: Could not read from remote repository.
GITHUB_PERSONAL_TOKEN 环境变量设置为用户的个人访问令牌,该令牌是在 repo 范围内创建的,用于访问私有存储库 giantswarm/docs。此外,我将该用户添加到对该存储库具有管理员权限的团队。
当我在一个新的 Ubuntu VM 中执行这一系列命令时,它工作得很好。知道为什么它不在 CircleCI 上吗?
我用过
git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/<user>/<repo>.git master
它奏效了。 更新为:
# Push changes
git config credential.helper 'cache --timeout=120'
git config user.email "<email>"
git config user.name "<user-name>"
git add .
git commit -m "Update via CircleCI"
# Push quietly to prevent showing the token in log
git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/giantswarm/docs.git master
感谢
version: 2
jobs:
build:
machine: true
steps:
- run:
name: Clone docs
working_directory: ~/workdir
command: |
git clone --depth 1 https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git
- deploy:
name: Trigger docs deployment
working_directory: ~/workdir/docs
command: |
git config credential.helper 'cache --timeout=120'
git config user.email "<email>"
git config user.name "Deployment Bot"
git commit --allow-empty -m "Trigger deployment"
# Push quietly to prevent showing the token in log
git push -q https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git master
一些注意事项:
- 第一个是
git clone - 所有后续的
git命令都必须在克隆目录中执行。working_directory大大简化了这一过程。 - 令牌
DOCS_GITHUB_TOKEN是一个 personal access token,目标存储库具有repo范围。
虽然将令牌嵌入到命令中适用于这种情况,但它可能不适用于所有情况并且无法回答问题。
其他情况包括不公开直接访问
git命令的脚本。它们依赖于设置的GH_TOKEN变量,您将无法像示例中那样注入它。没有回答问题:
Any idea why it doesn't on CircleCI?
在 CircleCI 支持论坛上有一个关于这个的回答:
Running git push results in "ERROR: The key you are authenticating with has been marked as read only."
The deploy key that the project is configured with, by default when you add a project on CircleCI, only has read access, so a key with write permissions needs to be configured to be used, to avoid the above error message. Please ensure that a user key or a read-write deployment key has been configured for the project
https://circleci.com/docs/2.0/gh-bb-integration/#creating-a-github-deploy-key
完成此过程后,您应该拥有一个具有允许推送的写入权限的部署密钥。