Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to clone repositories with GitHub App authentication - repeated authentication failures #350

Open
danielboothcloud opened this issue Jan 6, 2025 · 2 comments
Open

Unable to clone repositories with GitHub App authentication - repeated authentication failures #350

danielboothcloud opened this issue Jan 6, 2025 · 2 comments
Labels
bug Something isn't working

Comments

@danielboothcloud
Copy link

Issue Description

When using GitHub App authentication, kubechecks fails to clone repositories with the following error:

7:54PM INF handling Github event from PR action=opened
7:54PM INF cloning repo branchName=main event_id=106 repo=[REPO]
7:54PM INF cloning git repo branch=main clone-url=https://git@github.com/[ORG]/[REPO] temp-dir=/tmp/kubechecks-repo-3683186921
7:54PM DBG building command args=["clone","https://git@github.com/[ORG]/[REPO]","/tmp/kubechecks-repo-3683186921","--branch","main"]
7:54PM ERR unable to clone repository, Cloning into '/tmp/kubechecks-repo-3683186921'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/[ORG]/[REPO]/'
error="exit status 128"
7:54PM ERR failed to process the request error="failed to clone repo: failed to clone repo: failed to clone repository: exit status 128"

Configuration

I have configured all the required GitHub App credentials:

KUBECHECKS_GITHUB_APP_ID
KUBECHECKS_GITHUB_INSTALLATION_ID
KUBECHECKS_GITHUB_PRIVATE_KEY

The GitHub App has the correct permissions:

Contents: Read & write
Metadata: Read-only
Pull requests: Read & write
Commit statuses: Read & write

Expected Behavior

kubechecks should be able to authenticate and clone repositories using the GitHub App credentials.

Actual Behavior

Despite having valid GitHub App credentials and permissions, kubechecks fails to authenticate when attempting to clone repositories using HTTPS.

Attempted Solutions

Verified GitHub App permissions
Added KUBECHECKS_VCS_BASE_URL and KUBECHECKS_VCS_UPLOAD_URL
Added KUBECHECKS_VCS_USERNAME
Confirmed installation ID is correct

I would appreciate any guidance on how to resolve this authentication issue or if there's a recommended authentication method for repository cloning when using GitHub Apps.
@KyriosGN0
Copy link
Contributor

@danielboothcloud is the repo you are trying to clone private ?

@djeebus
Copy link
Collaborator

djeebus commented Jan 9, 2025

It looks like this might not be implemented. It was added here, but seems either it broke or simply never worked. Or accidentally worked? Looks like we use the github app auth to communicate with github's APIs, but we still use the VCS_TOKEN to clone the repo, which I'm guessing isn't correct.

We'll need to get that fixed; until we do, you can swap to an API token that has the following permissions:

  • Read access to code and metadata
  • Read and Write access to commit statuses, issues, pull requests, and repository hooks

@djeebus djeebus added the bug Something isn't working label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@djeebus @KyriosGN0 @danielboothcloud