Closed MichaelRumpler closed 3 years ago
MichaelRumpler
commented
3 years ago I found this blog post and issues #319 and #332.
So it appears that v3 was never fixed to work with a githubToken. Thus I changed my API endpoint to v2. Be sure to remove the "github" part from the endpoint when changing from v3 to v2. This seems to work.
I leave this issue open because
VincentTam
commented
3 years ago Essentially a dupe of eduardoboucas/staticman.net#15. The response to my linked issue says that a PR for backward compatibility with GitHub bot in v3 is pending.
MichaelRumpler
commented
3 years ago Not quite. eduardoboucas/staticman.net#15 is about the connect route. This is about entry.
I accepted the invitation via the GitHub web page. So I didn't run into the problem you mentioned.
But thanks for pointing out that repo for the docs. I didn't see that earlier.
VincentTam
commented
3 years ago Not quite. eduardoboucas/staticman.net#15 is about the
connectroute. This is aboutentry.
Oops my bad, but from the linked issue, we see that there's a PR #405 that's suppose to support the legacy authorization method, even though a GitHub App is preferred.
MichaelRumpler
commented
3 years ago I tried again to use v3.
I created a GitHub App and then added the vars GITHUB_APP_ID (a 6 digit number) and GITHUB_PRIVATE_KEY to the Config Vars in Heroku (and removed GITHUB_TOKEN).
But it still doesn't work and I get this error in the Heroku log:
2021-03-03T17:15:41.005688+00:00 app[web.1]: node:internal/crypto/sig:124
2021-03-03T17:15:41.005702+00:00 app[web.1]: const ret = this[kHandle].sign(data, format, type, passphrase, rsaPadding,
2021-03-03T17:15:41.005702+00:00 app[web.1]: ^
2021-03-03T17:15:41.005703+00:00 app[web.1]:
2021-03-03T17:15:41.005704+00:00 app[web.1]: Error: error:0909006C:PEM routines:get_name:no start line
2021-03-03T17:15:41.005704+00:00 app[web.1]: at Sign.sign (node:internal/crypto/sig:124:29)
2021-03-03T17:15:41.005704+00:00 app[web.1]: at Object.sign (/app/node_modules/jwa/index.js:152:45)
2021-03-03T17:15:41.005705+00:00 app[web.1]: at Object.jwsSign [as sign] (/app/node_modules/jws/lib/sign-stream.js:32:24)
2021-03-03T17:15:41.005705+00:00 app[web.1]: at Object.module.exports [as sign] (/app/node_modules/jsonwebtoken/sign.js:204:16)
2021-03-03T17:15:41.005706+00:00 app[web.1]: at getSignedJsonWebToken (/app/node_modules/@octokit/app/dist-node/index.js:31:30)
2021-03-03T17:15:41.005706+00:00 app[web.1]: at GitHub._authenticate (/app/lib/GitHub.js:58:21)
2021-03-03T17:15:41.005707+00:00 app[web.1]: at /app/lib/GitHub.js:31:32
2021-03-03T17:15:41.005707+00:00 app[web.1]: at new GitHub (/app/lib/GitHub.js:46:7)
2021-03-03T17:15:41.005708+00:00 app[web.1]: at Object.module.exports.create (/app/lib/GitServiceFactory.js:11:14)
2021-03-03T17:15:41.005708+00:00 app[web.1]: at /app/lib/Staticman.js:32:35
2021-03-03T17:15:41.005709+00:00 app[web.1]: at new Staticman (/app/lib/Staticman.js:46:7)
2021-03-03T17:15:41.005709+00:00 app[web.1]: at module.exports (/app/controllers/process.js:126:27)
2021-03-03T17:15:41.005710+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
2021-03-03T17:15:41.005710+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13)
2021-03-03T17:15:41.005710+00:00 app[web.1]: at /app/server.js:169:14
2021-03-03T17:15:41.005711+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
2021-03-03T17:15:41.005711+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13)
2021-03-03T17:15:41.005712+00:00 app[web.1]: at /app/server.js:129:14
2021-03-03T17:15:41.005712+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
2021-03-03T17:15:41.005712+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13)
2021-03-03T17:15:41.005713+00:00 app[web.1]: at module.exports.<anonymous> (/app/node_modules/express-brute/index.js:142:36)
2021-03-03T17:15:41.005713+00:00 app[web.1]: at module.exports.MemoryStore.set (/app/node_modules/express-brute/lib/MemoryStore.js:28:35) {
2021-03-03T17:15:41.005714+00:00 app[web.1]: library: 'PEM routines',
2021-03-03T17:15:41.005714+00:00 app[web.1]: function: 'get_name',
2021-03-03T17:15:41.005714+00:00 app[web.1]: reason: 'no start line',
2021-03-03T17:15:41.005715+00:00 app[web.1]: code: 'ERR_OSSL_PEM_NO_START_LINE'
2021-03-03T17:15:41.005715+00:00 app[web.1]: }
2021-03-03T17:15:41.011535+00:00 heroku[router]: at=error code=H13 desc="Connection closed without response" method=POST path="/v2/entry/MichaelRumpler/MichaelRumpler.github.io/master/comments" host=staticman-mr.herokuapp.com request_id=942f9973-31e4-4a27-afab-37bd846dbaab fwd="77.116.29.22" dyno=web.1 connect=0ms service=42ms status=503 bytes=0 protocol=httpsThis is exactly the error @hajekj mentioned in his blog. He wrote that you have to add \n before and after the key. I didn't do that in the RSA_PRIVATE_KEY and that one seems to work, but I tried here and still get the same error.
I copied both the RSA_PRIVATE_KEY and the GITHUB_PRIVATE_KEY to a text file and when I had them side by side, I saw that the length of the keys differ. Is that normal? I created the RSA key on Windows with ssh-keygen and the GitHub key was downloaded as .pem file when I created it on the GitHub App page.
GITHUB_PRIVATE_KEY -----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCA.....WEVEFw==-----END RSA PRIVATE KEY-----
RSA_PRIVATE_KEY -----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCA.....lW30-----END RSA PRIVATE KEY-----This is exactly the error @hajekj mentioned in his blog. He wrote that you have to add
\nbefore and after the key. I didn't do that in theRSA_PRIVATE_KEYand that one seems to work, but I tried here and still get the same error
I tried his advice too, but with no success. Finally I didn't escape the newline, as illustrated in my post in the discussion, and everything works fine. GITHUB_PRIVATE_KEY is for GitHub App; GITHUB_TOKEN is for the bot. You only need to choose one of them. I've switched to the former for a month.
MichaelRumpler
commented
3 years ago I tried that too.
When I specify the key in multiple lines (copied the .pem file as is), then I got
2021-03-03T15:35:00.270122+00:00 app[web.1]: /app/node_modules/@octokit/request/dist-node/index.js:66
2021-03-03T15:35:00.270180+00:00 app[web.1]: const error = new requestError.RequestError(message, status, {
2021-03-03T15:35:00.270182+00:00 app[web.1]: ^
2021-03-03T15:35:00.270182+00:00 app[web.1]:
2021-03-03T15:35:00.270183+00:00 app[web.1]: RequestError [HttpError]: Not Found
2021-03-03T15:35:00.270183+00:00 app[web.1]: at /app/node_modules/@octokit/request/dist-node/index.js:66:23
2021-03-03T15:35:00.270184+00:00 app[web.1]: at processTicksAndRejections (node:internal/process/task_queues:94:5)
2021-03-03T15:35:00.270185+00:00 app[web.1]: at async GitHub._authenticate (/app/lib/GitHub.js:60:20)
2021-03-03T15:35:00.270185+00:00 app[web.1]: at async /app/lib/GitHub.js:31:21
2021-03-03T15:35:00.270185+00:00 app[web.1]: at async /app/lib/Staticman.js:32:18
2021-03-03T15:35:00.270186+00:00 app[web.1]: at async module.exports (/app/controllers/process.js:126:21) {
2021-03-03T15:35:00.270186+00:00 app[web.1]: status: 404,
2021-03-03T15:35:00.270187+00:00 app[web.1]: headers: {
2021-03-03T15:35:00.270187+00:00 app[web.1]: 'access-control-allow-origin': '*',
2021-03-03T15:35:00.270188+00:00 app[web.1]: 'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset',
2021-03-03T15:35:00.270189+00:00 app[web.1]: connection: 'close',
2021-03-03T15:35:00.270189+00:00 app[web.1]: 'content-encoding': 'gzip',
2021-03-03T15:35:00.270189+00:00 app[web.1]: 'content-security-policy': "default-src 'none'",
2021-03-03T15:35:00.270190+00:00 app[web.1]: 'content-type': 'application/json; charset=utf-8',
2021-03-03T15:35:00.270191+00:00 app[web.1]: date: 'Wed, 03 Mar 2021 15:35:00 GMT',
2021-03-03T15:35:00.270191+00:00 app[web.1]: 'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
2021-03-03T15:35:00.270192+00:00 app[web.1]: server: 'GitHub.com',
2021-03-03T15:35:00.270192+00:00 app[web.1]: 'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
2021-03-03T15:35:00.270193+00:00 app[web.1]: 'transfer-encoding': 'chunked',
2021-03-03T15:35:00.270193+00:00 app[web.1]: vary: 'Accept-Encoding, Accept, X-Requested-With',
2021-03-03T15:35:00.270194+00:00 app[web.1]: 'x-content-type-options': 'nosniff',
2021-03-03T15:35:00.270194+00:00 app[web.1]: 'x-frame-options': 'deny',
2021-03-03T15:35:00.270194+00:00 app[web.1]: 'x-github-media-type': 'github.v3; param=machine-man-preview; format=json',
2021-03-03T15:35:00.270195+00:00 app[web.1]: 'x-github-request-id': '960E:FF96:29CEF1:2C1610:603FACA4',
2021-03-03T15:35:00.270195+00:00 app[web.1]: 'x-xss-protection': '1; mode=block'
2021-03-03T15:35:00.270195+00:00 app[web.1]: },
2021-03-03T15:35:00.270196+00:00 app[web.1]: request: {
2021-03-03T15:35:00.270196+00:00 app[web.1]: method: 'GET',
2021-03-03T15:35:00.270196+00:00 app[web.1]: url: 'https://api.github.com/repos/MichaelRumpler/MichaelRumpler.github.io/installation',
2021-03-03T15:35:00.270197+00:00 app[web.1]: headers: {
2021-03-03T15:35:00.270197+00:00 app[web.1]: accept: 'application/vnd.github.machine-man-preview+json',
2021-03-03T15:35:00.270198+00:00 app[web.1]: 'user-agent': 'octokit-request.js/5.3.1 Node.js/15.10.0 (Linux 4.4; x64)',
2021-03-03T15:35:00.270198+00:00 app[web.1]: authorization: 'Bearer [REDACTED]'
2021-03-03T15:35:00.270198+00:00 app[web.1]: }
2021-03-03T15:35:00.270199+00:00 app[web.1]: },
2021-03-03T15:35:00.270199+00:00 app[web.1]: documentation_url: 'https://docs.github.com/rest/reference/apps#get-a-repository-installation-for-the-authenticated-app'
2021-03-03T15:35:00.270199+00:00 app[web.1]: }@MichaelRumpler Note that the error ERR_OSSL_PEM_NO_START_LINE is gone, and you're no longer getting Connection closed without response. You're getting status: 404, which is the server's response. That indicates that you're correctly set up the *_KEY.
If you follow the documentation_url, the code 404 is related to Resource not found. You're using the app at the latest commit? You've installed your app to the GitHub repo for your site? It seems to be a permissions error:
hashicorp/terraform-provider-tfe#164
MichaelRumpler
commented
3 years ago I finally figured it out! I created the app, but forgot to install it.
That must be done after the GitHub app was created in the menu Install App. The permissions should already be set before when you created it. You should then be able to see the app in your repositories settings in Integrations.
And Yes, the GITHUB_PRIVATE_KEY must have newlines in Heroku. @hajekj deployed it to Azure, probably this recognizes \n and replaces it with newlines.
I'll close this issue and probably add a PR for the docs at staticman.net.
Thanks for all your help @VincentTam !!
VincentTam
commented
3 years ago I'll close this issue and probably add a PR for the docs at staticman.net.
That's already in step 1 option 1 #3 in the quick start guide:
Install the app on your GitHub account. You can limit its access to only the repo from which you host your static site
RyanTG
commented
3 years ago I had been hitting the same errors, so his was helpful. Thanks. To potentially add/clarify:
When using the v3 + Github App + heroku method, I only got it to work when:
Strange that it is inconsistent. But, I tried every combo, and this is the only one that works.
I think the official quick start guide is great, but I think this one line could be fleshed out: If you need the newline literals (for example when using JSON configs since multiline strings are not permitted). I genuinely didn't know if I needed newline literals. And the ultimate answer was that I didn't, but at the same time I needed new lines on one of the keys.
kylxbn
commented
2 years ago @RyanTG Thank you very much for your reply. This is the only thing that worked for me! Now I gotta fix my template.
I tried to set up a staticman instance on Heroku, but I'm missing something.
The Heroku instance runs at https://staticman-mr.herokuapp.com/. When I open that url, it says "Hello from Staticman version 3.0.0!".
But when I try to submit a comment from my blog, then I get this in the Heroku log:
2021-03-01T17:34:37.714485+00:00 app[web.1]: /app/lib/GitHub.js:33 2021-03-01T17:34:37.714497+00:00 app[web.1]: throw new Error('Require an (/app/node_modules/express-brute/index.js:142:36)
2021-03-01T17:34:37.714508+00:00 app[web.1]: at module.exports.MemoryStore.set (/app/node_modules/express-brute/lib/MemoryStore.js:28:35)
2021-03-01T17:34:37.714508+00:00 app[web.1]: at module.exports. (/app/node_modules/express-brute/index.js:127:17)
2021-03-01T17:34:37.714508+00:00 app[web.1]: at module.exports.MemoryStore.get (/app/node_modules/express-brute/lib/MemoryStore.js:38:35)
2021-03-01T17:34:37.714509+00:00 app[web.1]: at module.exports. (/app/node_modules/express-brute/index.js:82:15)
2021-03-01T17:34:37.732294+00:00 app[web.1]: npm ERR! code 1
2021-03-01T17:34:37.732902+00:00 app[web.1]: npm ERR! path /app
2021-03-01T17:34:37.739796+00:00 app[web.1]: npm ERR! command failed
2021-03-01T17:34:37.740081+00:00 app[web.1]: npm ERR! command sh -c node index.js
2021-03-01T17:34:37.754082+00:00 app[web.1]:
2021-03-01T17:34:37.754401+00:00 app[web.1]: npm ERR! A complete log of this run can be found in:
2021-03-01T17:34:37.754634+00:00 app[web.1]: npm ERR! /app/.npm/_logs/2021-03-01T17_34_37_741Z-debug.log
2021-03-01T17:34:37.722918+00:00 heroku[router]: at=error code=H13 desc="Connection closed without response" method=POST path="/v3/entry/github/MichaelRumpler/MichaelRumpler.github.io/master/comments" host=staticman-mr.herokuapp.com request_id=bc3aad82-ac22-434d-90f6-83a855d3fa4c fwd="77.116.29.22" dyno=web.1 connect=0ms service=45ms status=503 bytes=0 protocol=https
2021-03-01T17:34:37.822591+00:00 heroku[web.1]: Process exited with status 1
2021-03-01T17:34:37.910338+00:00 heroku[web.1]: State changed from up to crashed
oauthTokenortokenoption') 2021-03-01T17:34:37.714498+00:00 app[web.1]: ^ 2021-03-01T17:34:37.714499+00:00 app[web.1]: 2021-03-01T17:34:37.714499+00:00 app[web.1]: Error: Require anoauthTokenortokenoption 2021-03-01T17:34:37.714500+00:00 app[web.1]: at /app/lib/GitHub.js:33:15 2021-03-01T17:34:37.714500+00:00 app[web.1]: at new GitHub (/app/lib/GitHub.js:46:7) 2021-03-01T17:34:37.714501+00:00 app[web.1]: at Object.module.exports.create (/app/lib/GitServiceFactory.js:11:14) 2021-03-01T17:34:37.714501+00:00 app[web.1]: at /app/lib/Staticman.js:32:35 2021-03-01T17:34:37.714501+00:00 app[web.1]: at new Staticman (/app/lib/Staticman.js:46:7) 2021-03-01T17:34:37.714502+00:00 app[web.1]: at module.exports (/app/controllers/process.js:126:27) 2021-03-01T17:34:37.714503+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5) 2021-03-01T17:34:37.714503+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13) 2021-03-01T17:34:37.714504+00:00 app[web.1]: at /app/server.js:169:14 2021-03-01T17:34:37.714504+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5) 2021-03-01T17:34:37.714504+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13) 2021-03-01T17:34:37.714505+00:00 app[web.1]: at /app/server.js:144:14 2021-03-01T17:34:37.714505+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5) 2021-03-01T17:34:37.714506+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13) 2021-03-01T17:34:37.714506+00:00 app[web.1]: at /app/server.js:129:14 2021-03-01T17:34:37.714506+00:00 app[web.1]: at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5) 2021-03-01T17:34:37.714507+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:137:13) 2021-03-01T17:34:37.714507+00:00 app[web.1]: at module.exports.I did set the Heroku config variables GITHUB_TOKEN and RSA_PRIVATE_KEY. From the error message I assume that it doesn't find the GITHUB_TOKEN.
When I go to github.com/settings/tokens of my Staticman App user, I see that the Personal Access Token was never used.