I have the following module that we are trying to clone via SSH (NOTE: we prefer to not use https) in Terraform:
module "example-module" {
source = "[email protected]:private-org/example-module.git?ref=v1.0.0"
}
However, we have a GitHub actions runner that fails when trying to do a terraform init
on this module:
Permission denied (publickey). Could not read Password for 'https://***@github.com': No such device or address
So to give this permission, we are trying to add inside .gitconfig
:
[url "https://{GITHUB_TOKEN}@github.com"]
insteadOf = "ssh://[email protected]"
And inside the GitHub actions we are trying to replace GITHUB_TOKEN
with the actual value:
- name: Configure SSH
run: |
sed -i 's/{GITHUB_TOKEN}/${{ secrets.GITHUB_TOKEN }}/g' .gitconfig
cat .gitconfig >> ~/.gitconfig
But we are still getting the same error. Any ideas for how we can authenticate to a private module inside our GitHub org and successfully clone via SSH?
Figured out the answer. The default GITHUB_TOKEN
did not have have the right access rights and was not deemed a "Personal Access Token". This seems a little confusing on GitHub's part and the reason it was getting the error Could not read Password
You will need to generate a new personal access token in GitHub, and add that as a GitHub Actions secret called NEW_GITHUB_TOKEN
. Add read:repo and write:repo as access rights and set the token to never expire.
Your .gitconfig
should look like:
[url "https://{GITHUB_TOKEN}@github.com"]
insteadOf = "ssh://[email protected]"
And a step in your GitHub Actions that uses your new personal access token:
- name: Configure SSH
run: |
sed -i 's/{GITHUB_TOKEN}/${{ secrets.NEW_GITHUB_TOKEN }}/g' .gitconfig
cat .gitconfig >> ~/.gitconfig