Comments (10)
In case anyone still has to figure out a way to make it work there is a heroku parameter to set the access token for private repos. Which you can find here in section "Private Git Repos" https://elements.heroku.com/buildpacks/heroku/heroku-buildpack-go
you basically have to set for your heroku repo the gitlab.com or github.com (whatever you use) domain + personal access token. In my case it was:
heroku config:set GO_GIT_CRED__HTTPS__GITLAB__COM=<personal access token>
my personal access token only had permissions "api read".
worked like a charme for me
from heroku-buildpack-go.
Figured I'd stop by and let you know how I ended up doing this.
I took a bit of @josharian's advice and forked heroku-buildpack-go
, making it private.
I then added a bit to bin/compile
, near the top before you do your go get
:
echo "-----> Adding custom SSH keys..."
mkdir -p ~/.ssh/
chmod 700 ~/.ssh/
cp $buildpack/vendor/key ~/.ssh/id_rsa
cp $buildpack/vendor/key.pub ~/.ssh/id_rsa.pub
chmod 400 ~/.ssh/id_rsa
This is where it gets nasty (if it isn't already). You need to add this git configuration rule to force use of git://
(SSH compatible) URL's:
# Force git to use git:// urls
git config --global url.ssh://[email protected]/.insteadOf https://github.com/
Again, this needs to happen before you run go get
. If you don't do that go get
will use https://
, and fail as it won't authenticate with that SSH key we installed.
Finally, to add the (private) buildpack to my app, I set the BUILDPACK_URL
like this:
heroku config:add BUILDPACK_URL=https://ACCESS_TOKEN:@github.com/pearkes/heroku-buildpack-go.git
I got my access token from the personal api token feature.
This isn't great for a lot of reasons (security being one), but it's nice to maintain the go workflow I'm used to.
from heroku-buildpack-go.
This suggests a couple of refinements:
-
Use the inline buildpack to make the app its own buildpack. This way the extra setup logic you posted above can live in
bin/compile
in the app if you prefer. Then dourl=https://raw.github.com/kr/heroku-buildpack-go/master/bin/compile curl -s -o /tmp/buildpack.sh $url source /tmp/buildpack.sh "$@"
after the setup above to run the go buildpack. See gobot bin/compile for an example.
-
Store the private key (ssh key) in a config var and use the user-env-compile labs feature to access it during the build. The setup code can write the ssh key from an env var rather than copying it from another file.
These things together mean you don't need an extra private repo and you don't have to commit any secrets to git or push them to github.
from heroku-buildpack-go.
Thinking out loud here -- could you add a deployment ssh key (like GH lets you have) to your repo, and add a step to the buildpack to copy that ssh key to ~/.ssh
, so that it would get used during cloning?
from heroku-buildpack-go.
Yea, I guess so. But I'm not fond of storing private keys on servers. But since deployment keys have only read-only access anyway, it's ok (bitbucket).
from heroku-buildpack-go.
Thinking of it, another problem arises if I do it that way. The buildpack itself must be a public repo - so the deployment key would get exposed.
from heroku-buildpack-go.
Unfortunately, there's no great solution to this.
One popular approach is to copy (βvendorβ) the
contents of the private repos into the repo you're
deploying. That introduces its own problems, but
it is simple, gets the job done, and doesn't
introduce any new security-sensitive mechanisms.
I'm closing this because there's basically no way
for the buildpack to fix this problem without some
new functionality from Heroku. Feel free to reopen
it if any new solutions come up, or just keep the
discussion going here.
from heroku-buildpack-go.
I also can't think of another way. Already changed all imports to their local counterparts.
from heroku-buildpack-go.
Awesome, that's a great suggestion to put the private key in the environment.
I think I'm going to personally have use the user-env-compile, along with my fork of the buildpack, as I want to use this for multiple applications. That way I don't have to duplicate bin/compile
logic.
Thanks for your help.
from heroku-buildpack-go.
Bringing up an old thread but what we've done at Timehop is to use add netrc buildpack via the multi buildpack and set a read-only github token in the env. That way you don't need to change any of this code or expose your private key (which is read/write) anywhere.
You'll need the user-env-compile
feature with this method too.
from heroku-buildpack-go.
Related Issues (20)
- Go 1.15
- Allow specifying the golangci-lint version
- Custom build tags HOT 1
- Builds failing on Go 1.16rc1 HOT 3
- Error decompressing go1.15.8.linux-amd64.tar.gz HOT 2
- Push rejected, failed to compile Go app. HOT 10
- Failed to compile Go app without vendor on Go 1.16 HOT 4
- Way to set GO111MODULE for 1.16?
- Custom Vendoring doesnt work!
- go: command not found HOT 4
- go_pre_compile does not work HOT 2
- Error decompressing go1.16.10.linux-amd64.tar.gz HOT 2
- Mulitple instances of app running HOT 2
- Requested file unknown to the buildpack HOT 5
- Add Go 1.18.6 and 1.19.1
- go cmd unavailable for go-pre-compile or go-post-compile HOT 1
- Add Go 1.20
- build fails on specific packages - go1.20
- Go 1.21.1 is released!
- Go 1.22 was released on 07.02.2024
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from heroku-buildpack-go.