Open avsaase opened 3 weeks ago
The error is not very helpful, but it usually means that the private key is somehow not formatted correctly or invalid.
What is the correct format? I tried both with and without the -----BEGIN RSA PRIVATE KEY-----
and -----END RSA PRIVATE KEY-----
lines but with no success,
I just tried it again with those line removed and then the output becomes:
Failed to create token for "fusion-imu" (attempt 2): Invalid keyData
Failed to create token for "fusion-imu" (attempt 3): Invalid keyData
Failed to create token for "fusion-imu" (attempt 4): Invalid keyData
DOMException [DataError]: Invalid keyData
at Object.rsaImportKey (node:internal/crypto/rsa:235:15)
at SubtleCrypto.importKey (node:internal/crypto/webcrypto:615:10)
... 6 lines matching cause stack trace ...
at /home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39717:71
Error: Invalid keyData
at RetryOperation._fn (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39645:30) {
attemptNumber: 4,
retriesLeft: 0,
[cause]: Error: error:0680007B:asn1 encoding routines::header too long
at createPrivateKey (node:internal/crypto/keys:632:12)
at Object.rsaImportKey (node:internal/crypto/rsa:229:21)
at SubtleCrypto.importKey (node:internal/crypto/webcrypto:615:10)
at getToken (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37839:56)
at githubAppJwt (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37872:23)
at getAppAuthentication (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39166:37)
at hook4 (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39450:37)
at newApi (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37130:36)
at getTokenFromRepository (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39768:26)
at /home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39717:71 {
library: 'asn1 encoding routines',
reason: 'header too long',
code: 'ERR_OSSL_ASN1_HEADER_TOO_LONG'
}
}
Can you please try to convert PKCS#1 (the current format that GitHub exports) to PKCS#8 and see if that helps? I documented 3 options to do that here: https://github.com/gr2m/universal-github-app-jwt/?tab=readme-ov-file#converting-pkcs1-to-pkcs8
The PKCS8 key start with -----BEGIN PRIVATE KEY-----
. Make sure to leave that line as well as the ending line in when setting it as a repository secret
I needed a quick fix so I switched to another action to generate a token. I haven't tried converting the private key yet but I'll give it a try this week. You are of course welcome to try it yourself.
Can you please try to convert PKCS#1 (the current format that GitHub exports) to PKCS#8 and see if that helps? I documented 3 options to do that here: https://github.com/gr2m/universal-github-app-jwt/?tab=readme-ov-file#converting-pkcs1-to-pkcs8
The PKCS8 key start with
-----BEGIN PRIVATE KEY-----
. Make sure to leave that line as well as the ending line in when setting it as a repository secret
This does not work for me :-(
The conversion didn't work for me either. Upon initial conversion, it was unhappy with line break characters, trying to strip them results in an invalid keyData error.
Clarifying my last response now. Using the OpenSSL method of converting the key, it is now being accepted by this action.
However, this feels like a bit of a poor user experience to issue the key(s) one way but have your own vendor provided action expect them in a different format.
We have tried to reproduce this error and have not been able to so far. Can somebody experiencing this please invalidate the private key that is not working for you and then provide it to us for closer inspection?
Hi, I get this error when running the action:
In my workflow file I have
(full workflow file)
The corresponding app id and private key are set as secrets in my repository. The private key is copy-pasted directly from the
.pem
file that downloads when creating a private key.The app is installed
Did I do something wrong or is this a bug? Thanks.