search

qcastel / github-actions-maven-release

Release your Java application and publish artifacts
129 stars 38 forks source link

git@github.com: Permission denied (publickey). #51

Open Miniontoby opened 1 year ago

Miniontoby commented 1 year ago

What am I doing wrong? Or better, where to make an ssh key from? Cause I don't think I should let it try to use my own laptop's ssh key!

Error: 4,739 [ERROR] Provider message:
Error: 4,739 [ERROR] The git-push command failed.
Error: 4,740 [ERROR] Command output:
Error: 4,740 [ERROR] Load key "/root/.ssh/id_rsa": error in libcrypto
Error: 4,740 [ERROR] git@github.com: Permission denied (publickey).
Error: 4,740 [ERROR] fatal: Could not read from remote repository.
Error: 4,740 [ERROR] 
Error: 4,741 [ERROR] Please make sure you have the correct access rights
Error: 4,741 [ERROR] and the repository exists.
Error: 4,741 [ERROR] -> [Help 1]
qcastel commented 1 year ago

Hello @Miniontoby ,

You may be interested to this part of the doc: https://github.com/qcastel/github-actions-maven-release#setup-with-ssh

This will show you how to setup a dedicated SSH key for your github action.

Indeed, I would not use my personal SSH key. I always use a dedicated key, which specific repo permissions

Miniontoby commented 1 year ago

I have made the ssh key on my vps, but I don't understand why github would need/want to use that...

I did set it up on my repo and then I ran the action

qcastel commented 1 year ago

Try to set it up the way it's describe in the doc, as it's on the same image used in the github action. That would eliminate the compatiblity issue that may occured between a SSH key created in your server and the container.

Miniontoby commented 1 year ago

I don't have access to docker!

But still: I have set up one on my vps (and on laptop) and followed the rest, but idk why this would work

qcastel commented 1 year ago

You can do that from your laptop, which I assume has docker installed.

You create the SSH key in a temporary container, it's fine

Miniontoby commented 1 year ago

There is no docker on my windows laptop and i don't have unlimited space (left)

qcastel commented 1 year ago

I am afraid I haven't other options to offer you. I guess you got a way to spin up a container somewhere, in your vps or in a temporary instance in the cloud.

The idea really would be to generate an SSH key on the same image.

Miniontoby commented 1 year ago

I generated an SSH key and then I used a website to base64 it, cause the base64 command doesn't exist on my box.

I have copied the pub key into the Deploy keys and pasted the private one into the SSH_PRIVATE_KEY secret, but it didn't work

What did I do wrong?

qcastel commented 1 year ago

it's the format of your key most likely.

You got this error: Load key "/root/.ssh/id_rsa": error in libcrypto

Thats ssh in the container not able to read your key. Hence me suggesting to generate the key in a container to avoid any weird format from your OS when generating the SSH key.

You can still try to make your SSH key works with the version of SSH from the container. Seems to me you are htting this issue of SSH.

Try the workaround they suggest first: https://github.com/openssl/openssl/issues/13443#issuecomment-788894209

For troubleshooting, you can try with a different key: https://cryptotools.net/rsagen but I would nto advise using a generate key from an online website, just for testing.

Miniontoby commented 1 year ago

Do I really need to encode the private key? Or does it not have to, cause the id_rsa file is just already encoded (cause thats default).

Also at that website, the pub key is not how I see one... mine is like ssh-rsa (...) miniontoby@MYHOST.org

qcastel commented 1 year ago

Do I really need to encode the private key

yes, it needs to be base64 encoded to avoid any formatting issue.

Try another website, like: https://8gwifi.org/sshfunctions.jsp

Miniontoby commented 1 year ago

Do I really need to encode the private key

yes, it needs to be base64 encoded to avoid any formatting issue.

Try another website, like: https://8gwifi.org/sshfunctions.jsp

So the start of the private key should NOT be like -----BEGIN RSA PRIVATE KEY----- but like LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ== or something

qcastel commented 1 year ago

The workaround refers to changing the private key before you encode it.

Basically your private key should look like this before you encode it:

-----BEGIN OPENSSH PRIVATE KEY-----
MIIEpQIBAAKCAQEAmnEUqJ8l+cw2zGZI61TT6b1rP0Qkdpw+WsfJVSHxhPYDdeCG
NDREoMvgJ5w/Z83YErx1Pad1igI/278ajz7yU5kN1f6LHa7NNX0TCrOrVfFoAYd3
DIrnPFD42I+ka+pQkNIoqt0w3CmQrjpeN5VbwSDbMw49XUuHsTUAJbK8Y8gRXG9m
D93tg9Wc5ktXH62+8mAzJZG9Q3KQzgf1cPVmHEIPryWU6vV1XQQUNTn+AP3iEa1Q
qgPtJW1Gh2aLnIZGiusS1UgR3IJye52xyzcBcIdbJ/63e6DVIZOp9ASqhFs4/8J3
HgVtSR0c8xGgYO2aX/OSz1GYgqraWDuEX1QpIQIDAQABAoIBAQCVqjwQ5JmSp7n6
/qxvkfcCrpN97fVAFE3A/5c2Lvy0kwvrcbfcY0KWaLxC5oHzgGGCVqtvIhcftOpZ
c6qzYpbHOK1V0aTTERDAYwLO/ipt0NGvma1etEU+CGH+y8TU529HyMGsQ0oUMRuK
G/ot90nBsKt7oLMK9CT9L5WC8uDp9++wv9NiZIpCaYEWNKUENYPxFkBkMhUKseBe
tlP/sAPxT+Rx1w1TL3A5bjZt7nk5VH/URWTfIaJ7wMjS4vmb9pi0CYDWESj2pyob
IwXXhgUlaKBr4tkpP+DaN0gaRZOzcR+3d1LDhdKZSjiANBFEj0z+YjhLj9SvzOIR
2LaJ5LYBAoGBAPacq+8Ksnk42kOL/0rmF9I8mN238N4PNCsQ4/gpazTYKifE7IaH
MiK0mRRFKbgUbYW8e6HbBgzEVmL1bszHR5ATdE9wuQqXcqi1SRI4szJit75dEO9Y
Njl8sMuRTac+c6VwaEXbt3mjqkkmk2o31IWatkopNejdj3m01GzkFf5RAoGBAKBS
LKdbfraOcXq+3C2pWemeuKnZSnH7EPkvc/eD5+tl0wT8kLkF7fSlicWcUJOsECyz
doJctvmlrGY6VF9lADMQ6wBwGmUymY1JUikaZVERUZmx5m7vW5KM0kjReeewlxE/
dupYPPL28PIeAsfZdkS07PZMmzzY9jB1YAtSZ7nRAoGBAIPuu1jOGz8Y+EPMwM5c
HIBf5NQxFM5nydwEVEGuPultf9f41ST/bQX+Iisi+Te+zf0PIgEsQKdR3nlgnl81
eYaNsdrSDlypOzEgkzAJX2zkPTK9bVLumUvV9mthl+6STaJDabV930FXGsG5voHD
zpGPfFhehbXH2nsdD8wVleKRAoGAUFrfpsJlMHsUxcED+p73QfEb/YW7moWMbFks
dtLWW1Yd/lHY9+PQ8N5Hv5QpjtqfAMiyjYSK8XXogxSZVXb6Mp44K3AEytQhwn8N
fyyLu6ZCkBZquQ+fhkSu4XCc+VO5ZBu7LporclvzSGdiXWjRrn5AhvK+nDDitEcg
bIxREQECgYEAitG1NfgfAbbjcVkjlDMp7raum4woqazkRJPOER92MrbxVodoqFLf
cBSLvvvjvtUWMXZ6ymLa5M4XCw5drEqz4NFYQDuzfTFSBGFUnFJ9aMEpUvCG6ovb
U/CwQY2CzuHwI+lfRh5si8MliPGYXrqxlLw0hTPWw+hZfKtPS2dOHIU=
-----END OPENSSH PRIVATE KEY-----
Miniontoby commented 1 year ago

But my generated one on my vps is already starting with -----BEGIN OPENSSH PRIVATE KEY-----

Then I copied it and went to https://base64encode.org and pasted it in. Then I pasted it into my SECRET and my ssh-rsa ... into the deploy keys

Miniontoby commented 1 year ago

But my generated one on my vps is already starting with -----BEGIN OPENSSH PRIVATE KEY-----

Then I copied it and went to https://base64encode.org and pasted it in. Then I pasted it into my SECRET and my ssh-rsa ... into the deploy keys

And it didn't work when I did that

Miniontoby commented 1 year ago

Oke the key now works, but:

Error: 3,300 [INFO] 11:47:43,298 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.7.1:deploy (default-deploy) on project modupdater: Unsupported protocol: 'scm' for site deployment to distributionManagement.site.url=scm:git:git@github.com:Miniontoby/myrepo.git. -> [Help 1]
Error: 3,300 [INFO] 11:47:43,298 [ERROR] 
Error: 3,300 [INFO] 11:47:43,298 [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
Error: 3,300 [INFO] 11:47:43,299 [ERROR] Re-run Maven using the -X switch to enable full debug logging.
Error: 3,300 [INFO] 11:47:43,299 [ERROR] 
Error: 3,300 [INFO] 11:47:43,299 [ERROR] For more information about the errors and possible solutions, please read the following articles:
Error: 3,300 [INFO] 11:47:43,299 [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Edit: I think I can fix that myself

Update: Or not, it just works by my local one

qcastel commented 1 year ago

I believe you are moving forward in your repo setup.

Now, I would suggest to compare your scm config with the sample repo: https://github.com/gh-a-sample/github-actions-maven-release-sample/blob/master/pom.xml#L23

Let me know if you can't spot the difference. If so, I would need to see your section

Miniontoby commented 1 year ago

Yeah, Cannot spot a difference!

It still fails on site deploy, even though I didn't tell him to: Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.7.1:deploy (default-deploy) on project myrepo: Unsupported protocol: 'scm' for site deployment to distributionManagement.site.url=scm:git:git@github.com:Miniontoby/myrepo.git. -> [Help 1]

the maven-args even say so: maven-args: "-Dmaven.javadoc.skip=true -DskipTests -DskipITs -Dmaven.deploy.skip=true"

Miniontoby commented 1 year ago

My code is at https://github.com/Miniontoby/ModUpdater. Maybe you can help me then?

pavlo-gl commented 1 year ago

Oke the key now works, but:

Error: 3,300 [INFO] 11:47:43,298 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.7.1:deploy (default-deploy) on project modupdater: Unsupported protocol: 'scm' for site deployment to distributionManagement.site.url=scm:git:git@github.com:Miniontoby/myrepo.git. -> [Help 1]
Error: 3,300 [INFO] 11:47:43,298 [ERROR] 
Error: 3,300 [INFO] 11:47:43,298 [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
Error: 3,300 [INFO] 11:47:43,299 [ERROR] Re-run Maven using the -X switch to enable full debug logging.
Error: 3,300 [INFO] 11:47:43,299 [ERROR] 
Error: 3,300 [INFO] 11:47:43,299 [ERROR] For more information about the errors and possible solutions, please read the following articles:
Error: 3,300 [INFO] 11:47:43,299 [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Edit: I think I can fix that myself

Update: Or not, it just works by my local one

How did you make to get the key into working state? What did you changed?

Miniontoby commented 1 year ago

How did you make to get the key into working state? What did you changed?

I haven't changed anything afaik.

I don't know what you mean with 'get the key into working state'... Or do you mean the fact that the key works: that was because @qcastel send me an email with a key thingy. (I still don't know how he got my email...)

But yeah I still don't understand why this (the action) doesn't work

qcastel commented 1 year ago

@pavlo-gl have you tried to generate the SSH key via the docker image, like suggested in the doc? It works fine that way.

The issue is in the format of the key most likely. Depending of the operating system, you may have different SSH version installed. Therefore generating it through the docker container is a safe way to make sure it would work on the CI.

My bet is that some keys are generated in SSH v2 and some not, if you want to dig more on this, you can read this article https://madhead.me/posts/private-key-newline-fuckup/

Miniontoby commented 1 year ago

But MY question now is still: Why doesn't the action work!

My code is at https://github.com/Miniontoby/ModUpdater. Maybe you can help me then?

qcastel commented 1 year ago

@Miniontoby At this point, it's more a maven release config issue than related to this github action.

Looking at the logs from maven release in your repo, it looks like it's actually the distribution management part that is not correctly setup:

https://github.com/Miniontoby/ModUpdater/blob/main/pom.xml#L31

I personally haven't setup the distributionManagement on the sample repo, perhaps you could try without it and see if that fits your need.

If you really need to use the distributionManagement, then you need to change the protocole apparently:

 Unsupported protocol: 'scm' for site deployment to distributionManagement.site.url=scm:git:git@github.com:Miniontoby/ModUpdater.git.
18:21:33,365 [INFO] Currently supported protocols are: file, http, https.
Miniontoby commented 1 year ago

@Miniontoby At this point, it's more a maven release config issue than related to this github action.

Looking at the logs from maven release in your repo, it looks like it's actually the distribution management part that is not correctly setup:

https://github.com/Miniontoby/ModUpdater/blob/main/pom.xml#L31

I personally haven't setup the distributionManagement on the sample repo, perhaps you could try without it and see if that fits your need.

If you really need to use the distributionManagement, then you need to change the protocole apparently:

 Unsupported protocol: 'scm' for site deployment to distributionManagement.site.url=scm:git:git@github.com:Miniontoby/ModUpdater.git.
18:21:33,365 [INFO] Currently supported protocols are: file, http, https.

Hmmm at my development setup it works.

But yeah I just removed it and now testings

Miniontoby commented 1 year ago

Hmm the build worked, but it didn't really release at all

pavlo-gl commented 1 year ago

@pavlo-gl have you tried to generate the SSH key via the docker image, like suggested in the doc? It works fine that way.

The issue is in the format of the key most likely. Depending of the operating system, you may have different SSH version installed. Therefore generating it through the docker container is a safe way to make sure it would work on the CI.

My bet is that some keys are generated in SSH v2 and some not, if you want to dig more on this, you can read this article https://madhead.me/posts/private-key-newline-fuckup/

Yeah, that was exactly the issue. Thank you, that helped.

Miniontoby commented 1 year ago

Looking at the logs from maven release in your repo, it looks like it's actually the distribution management part that is not correctly setup:

https://github.com/Miniontoby/ModUpdater/blob/main/pom.xml#L31

I personally haven't setup the distributionManagement on the sample repo, perhaps you could try without it and see if that fits your need.

If you really need to use the distributionManagement, then you need to change the protocole apparently:

I use it for the deploy command which generates and uploads the site and package to github packages!

And the protocol works fine on my end!

Miniontoby commented 1 year ago

I think I 'fixed' it by adding '-Dmaven.site.skip=true' to the args, but it doesn't yet create a release...