Home > database >  Terraform Git Clone does not seems to work with GITHUB_TOKEN but works when used a PAT
Terraform Git Clone does not seems to work with GITHUB_TOKEN but works when used a PAT

Time:09-14

I am adding a Github actions workflow to execute terraform commands as part of the pipeline.

The terraform code refers refer to terraform modules from another repo as follows.

module <moduleName> {
  source                   = "git::[email protected]:<orgName>/<moduleRepo>.git//<modulePath>?ref=<moduleTag>" 
  ...
}

This will lead to fetching the code from given tag during terraform init command execution.

To ensure that https url is used instead of SSH git url. I am overriding the git config url as follows.

git config --global url."https://oauth2:[email protected]/<orgName>/<moduleRepo>.git".insteadOf "ssh://[email protected]/<orgName>/<moduleRepo>.git"

But GITHUB_TOKEN does not allow git clone and this fails with the following error:

remote: Invalid username or password.
fatal: Authentication failed for
'https://github.com/<repoName>/<moduleRepo>.git/'

I also tried adding permission to the workflow for repositories as follows:

permissions:
  repository-projects: read

The repo setting for action is set to : Allow all actions and reusable workflows

If I change the GITHUB_TOKEN with my PAT with repo permissions, then the workflow works without any issues.

Please let me know how to configure GITHUT_TOKEN with required permissions. I want to make it work with GITHUB_TOKEN rather than PAT.

CodePudding user response:

Eventually I was able to figure out the issue. The GITHUB_TOKEN is made available to the Github Action workflow as a secret and not as an environment variable.

The issue was I was treating it as an environment variable and using it as such, which lead to the error.

I changed the workflow as follows to use it as a secret.

jobs:
  <jobName>:
      env:
        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

I updated the git config as follows to use the token properly:

git config --global url."https://oauth2:[email protected]/<orgName>/<moduleRepo>.git".insteadOf "ssh://[email protected]/<orgName>/<moduleRepo>.git"

The workflow now seems to work properly.

The usage is documented here: https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api#authentication-example-for-github-actions

Adding my answer here to help others facing similar issue.

Page link:https//www.codepudding.com/database/544131.html

Prev:How to get changes of one branch in another branch
Next:Native Child View does not occupy full height and width of FrameLayout
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding