I'm trying to create a GitHub Action that pushes any commits to an AWS CodeCommit repo. For this, I'm using a workflow with a single main.yml file using the composite run steps action method for creating a GitHub Action. This is what the Action looks like:
name: CI
on:
push:
branches: [ master ]
jobs:
codecommit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: pushes to codecommit
env:
CODECOMMIT_URL: ${{ secrets.CODECOMMIT_URL }}
HOST_KEY: ${{ secrets.HOST_KEY }}
SSH_CONFIG: ${{ secrets.SSH_CONFIG }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
shell: bash
run: |
mkdir .ssh && cd .ssh && echo "$SSH_PRIVATE_KEY" > id_rsa && chmod 600 id_rsa
echo "$SSH_CONFIG" > config && chmod 600 config
echo "$HOST_KEY" > known_hosts && chmod 600 known_hosts && cd ..
git remote add codecommit "$CODECOMMIT_URL"
git push codecommit master --force
Breaking this down:
on:
push:
branches: [ master ]
Whenever changes are pushed to the master branch...
jobs:
codecommit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
Run a single job called codecommit that first checks out the code in the repo and makes it available in the runner's file system.
- name: push to codecommit
env:
CODECOMMIT_URL: ${{ secrets.CODECOMMIT_URL }}
HOST_KEY: ${{ secrets.HOST_KEY }}
SSH_CONFIG: ${{ secrets.SSH_CONFIG }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
shell: bash
Run a single step called push to codecommit with some environment variables, CODECOMMIT_URL, HOST_KEY, SSH_CONFIG, and SSH_PRIVATE_KEY. These are:
CODECOMMIT_URL: the ssh url for the CodeCommit repo.
HOST_KEY: the result of running ssh-keyscan -t rsa github.com to get the host key for the GitHub repo.
SSH_CONFIG: This is the git config to be used for git:
Host git-codecommit.*.amazonaws.com
User {SSH Username here}
IdentityFile .ssh/id_rsa
StrictHostKeyChecking no
SSH_PRIVATE_KEY: the private key that goes inside id_rsa.
run: |
mkdir .ssh && cd .ssh && echo "$SSH_PRIVATE_KEY" > id_rsa && chmod 600 id_rsa
Run a series of commands, and start by making a directory called .ssh, entering this directory, and creating a file id_rsa that is accessible by the system. This file contains the private SSH key.
echo "$SSH_CONFIG" > config && chmod 600 config
Save the SSH config to a file called config and give the system access rights to this file.
echo "$HOST_KEY" > known_hosts && chmod 600 known_hosts && cd ..
Save the host key into a file called known_hosts, give the system access rights to this file, and then navigate back to the root directory for the repo.
git remote add codecommit "$CODECOMMIT_URL"
git push codecommit master --force
Add the CodeCommit URL as a remote for git, and attempt to push to this remote.
It looks like CodeCommit is still not recognizing GitHub as verified. I get this response from running this Action:
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Am I missing something in this configuration?
Thank you for your question, it helped a lot.
I had a Permission denied experience that I could not resolve. So basically I tried to run a docker and test it. And in my experience, I had to use Note 4 from https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html.
So I replaced
by