I'm trying to push a Node.js application to Heroku. The app uses npm to fetch private github repositories, which are specified in package.json, like this...
"dependencies": {
"my-private-dep": "github:my-org/my-repo"
}
The build fails during the npm install phase because the github host keys are not in the containers known_hosts file.
remote: npm ERR! Host key verification failed.
This is expected behavior of SSH. Does Heroku provide a workaround for this? For example, dokku, which uses the same buildpack has a host keys plugin that will inject the host keys into the container before each build, which resolves this issue. Does Heroku have a similar solution?
It turns out that there is a buildpack that makes this relatively easy -
https://github.com/debitoor/ssh-private-key-buildpack
However, I found that, for whatever reason, setting the SSH_HOSTS environment variable was not working correctly for me - according to the docs, it is supposed to set Github by default, and then you can add others if you like... I am actually using Gitlab for this particular project, but found that when I set the config like so:
$ heroku config:set SSH_HOSTS="git@gitlab.com"
it was not being detected. I ended up forking the buildpack and changing bin/compile line 13 to
ssh_hosts=${SSH_HOSTS:-"git@gitlab.com"}
and just pushing it up to my own repo to use for this project. Worked like a charm.