Home / server / Questions / 1042061
Accepted
Syn Romana
Asked: 2020-11-11 08:58:59 +0800 CST

Ansible: clone repo or install helm chart from private github

  • 772

Any idea how to install Helm chart (tgz) from private Github repo using Ansible? Is it possible at all to do this using Github token only and not ssh key or maybe it is easier to clone private git repo first with Ansible and then install it?

ansible github token helm

1 Answers

  1. Best Answer

    Personal access tokens can only be used for HTTPS Git operations.

    GitHub documentation: using-a-token-on-the-command-line

    The token can be used as a password when using https. So it might be necessary switch the remote from git to https when a token should be used as a password.

    In general the token is mainly meant as a secyre authentication mechanism against the REST API:

    As previously announced, beginning November 13th, 2020, we will no longer accept account passwords when authenticating with the REST API and will require the use of token-based authentication (e.g., a personal access, OAuth, or GitHub App installation token) for all authenticated API operations on GitHub.com. GitHub announcement

    The token could be used to manage the access to GitHub repos like so:

    - name: Read SSH public key to authorize
  ansible.builtin.shell: cat /home/foo/.ssh/id_rsa.pub
  register: ssh_pub_key

- name: Authorize key with GitHub
  local_action:
    module: github_key
    name: Access Key for Some Machine
    token: '{{ github_access_token }}'
    pubkey: '{{ ssh_pub_key.stdout }}'

    Ansible github_key_module

    But in my reading of the announcement it is not meant to replace ssh public key authentication for normal Git operations. So it should be possible to continue to clone repos from GitHub authenticating with ssh keys or with a token when using https protocol for the remote.

    • 1