小贝子编程

如何将heroku ssh密钥添加到known_hosts(以前使用过)



我有一个CI管道,我在那里部署到Heroku(在gitlab上(。我不想使用我的个人api密钥,因为这是一个共享存储库。所以直到几周前,我才有了这个CI配置:

deploy-heroku:
variables:
GIT_DEPTH: 200
stage: deploy
only:
- master
except:
- schedules
script:
- apk update && apk upgrade && apk add curl bash git openssh-client
- curl https://cli-assets.heroku.com/install.sh | sh
- heroku git:remote -a $HEROKU_APP_NAME --ssh-git
- mkdir -p ~/.ssh
- echo "$SSH_PRIVATE_KEY" | tr -d 'r' > ~/.ssh/id_ed25519
- chmod 700 ~/.ssh/id_ed25519
- eval "$(ssh-agent -s)"
- ssh-add ~/.ssh/id_ed25519
- ssh-keyscan -H 'heroku.com' >> ~/.ssh/known_hosts
- git push -f heroku HEAD:master --no-verify

这完美地工作了,在日志中:

$ ssh-keyscan -H 'heroku.com' >> ~/.ssh/known_hosts
# heroku.com:22 SSH-2.0-endosome
# heroku.com:22 SSH-2.0-endosome
# heroku.com:22 SSH-2.0-endosome
# heroku.com:22 SSH-2.0-endosome
# heroku.com:22 SSH-2.0-endosome

然而,几周后,这在ssh-keyscan:上失败了

$ ssh-keyscan -H 'heroku.com' >> ~/.ssh/known_hosts
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

所以ssh密钥扫描似乎不再工作了。当运行ssh-keyscan -H 'heroku.com'时,它不再给出任何结果(它曾经给出一些结果(。

如何使钥匙能够工作(或者如何确保正确的钥匙在known_hosts中(?

或者,更一般地说:如何在不使用个人API密钥的情况下使heroku部署工作?

git-over-ssh已被弃用,并已从Heroku中删除。

这个脚本确实有效:

- apk update && apk upgrade && apk add curl bash git openssh-client
- curl https://cli-assets.heroku.com/install.sh | sh
- git push  --no-verify https://heroku:$HEROKU_API_KEY@git.heroku.com/$HEROKU_APP_NAME.git HEAD:master

在这种情况下,--no-verify是必需的,因为git在其中一个钩子中查找git-lfs。使用--no-verify标志时,将跳过此挂钩。

当您登录heroku并生成长寿命密钥时,HEROKU_API_KEY可以在本地生成:

$ heroku login
heroku: Press any key to open up the browser to login or q to exit:
Opening browser to https://cli-auth.heroku.com/auth/cli/browser/89f5...?requestor=SFMyN...
Logging in... done
Logged in as ...
$ heroku authorizations:create
Creating OAuth Authorization... done
Client:      <none>
ID:          ...
Description: Long-lived user authorization
Scope:       global
Token:       <HEROKU_API_KEY>
Updated at:  Tue Apr 12 2022 17:34:15 GMT+0200 (Central European Summer Time) (less than a minute ago)

从token字段中获取api密钥。(您可以使用heroku authorizations按ID检查所有令牌/密钥(

HEROKU_API_KEYHEROKU_APP_NAME添加为存储库中的受保护变量。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium