发表新帖
发表新帖

How to push a commit to Github from a CircleCI build using a personal access token

后端 未结
关注
3 1439
旧巷少年郎
旧巷少年郎 2021-02-07 09:32

When executing a build for git repository giantswarm/docs-content in CircleCI, I\'d like to push a commit to another repository giantswarm/docs.

<
相关标签:
3条回答
  • 小鲜肉
    2021-02-07 10:13

    I've used 

    git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/<user>/<repo>.git master

    and it worked. Update it to be:

    # Push changes
git config credential.helper 'cache --timeout=120'
git config user.email "<email>"
git config user.name "<user-name>"
git add .
git commit -m "Update via CircleCI"
# Push quietly to prevent showing the token in log
git push -q https://${GITHUB_PERSONAL_TOKEN}@github.com/giantswarm/docs.git master
    0 讨论(0)
  • 野的像风
    2021-02-07 10:13

    Thanks to the hint by Ali Amin I now have this working solution:

    version: 2
jobs:
  build:
    machine: true
    steps:
      - run:
          name: Clone docs
          working_directory: ~/workdir
          command: |
            git clone --depth 1 https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git
      - deploy:
          name: Trigger docs deployment
          working_directory: ~/workdir/docs
          command: |
            git config credential.helper 'cache --timeout=120'
            git config user.email "<email>"
            git config user.name "Deployment Bot"
            git commit --allow-empty -m "Trigger deployment"
            # Push quietly to prevent showing the token in log
            git push -q https://${DOCS_GITHUB_TOKEN}@github.com/giantswarm/docs.git master

    Some notes:

    • The git clone is first.
    • All subsequent git commands have to be executed in the clone directory. working_directory simplifies this a great deal.
    • The token DOCS_GITHUB_TOKEN is a personal access token with repo scope for the target repository.
    0 讨论(0)
  • 后悔当初
    2021-02-07 10:16

    Although embedding the token into the command works for this case it might not work for all cases and doesn't answer the question.

    1. Other cases would include scripts that dont expose direct access to the git command. They rely on the GH_TOKEN variable being set and you wouldn't be able to inject it as in the example.

    2. It doesn't answer the question:

    Any idea why it doesn't on CircleCI?

    On CircleCI support forum there is an answer about this:

    https://support.circleci.com/hc/en-us/articles/360018860473-How-to-push-a-commit-back-to-the-same-repository-as-part-of-the-CircleCI-job

    Running git push results in "ERROR: The key you are authenticating with has been marked as read only."

    The deploy key that the project is configured with, by default when you add a project on CircleCI, only has read access, so a key with write permissions needs to be configured to be used, to avoid the above error message. Please ensure that a user key or a read-write deployment key has been configured for the project

    https://circleci.com/docs/2.0/gh-bb-integration/#creating-a-github-deploy-key

    After going through this process you should have a deploy key with write permissions that allows the push.

    0 讨论(0)
 看不清?
提交回复
热议问题