Atlantis: authenticating for a module with a private github.com repo source

Created on 17 Sep 2018  路  10Comments  路  Source: runatlantis/atlantis

Hello,

I'm trying to use a module sourced from a private github repo:

module "module-name" {
  source = "git::https://github.com/<org>/<repo>.git?ref=0.0.2"
}

but I get the following when Atlantis tries to run a plan:

- module.module-name
  Getting source "github.com/<org>/<repo>.git?ref=0.0.2"
Error downloading modules: Error loading modules: error downloading 'https://github.com/<org>/<repo>.git?ref=0.0.2': /usr/bin/git exited with 128: Cloning into '.terraform/modules/c8c0fdcb0c5f003da8e6dd67d5520576'...
fatal: could not read Username for 'https://github.com': No such device or address

I thought Atlantis would be able to use the same username and personal access token that it used to read the original github private repo.

Thanks in advance for the help!

picture kevinwsin

Most helpful comment

I just ran into this, another possible way is to configure the git credentials.helper inside the environment / container

cat <<EOF > /credentials.sh
    #!/bin/bash
    echo username=\$ATLANTIS_GH_USER
    echo password=\$ATLANTIS_GH_TOKEN
EOF

git config --global credential.helper "/credentials.sh"

picture stephencoe on 18 Sep 2018
👍5

All 10 comments

Hi Kevin,

I don't think Atlantis can use those secrets in this case because I don't know how to pass them to Terraform.
The solutions I know of:

  1. Use a .gitconfig file in the /home/atlantis/.gitconfig that redirects the https urls, something like:
    [url "https://[email protected]"] insteadOf = https://github.com
  1. Switch to ssh urls ex. [email protected]:hashicorp/example.git and ensure that the ssh config on the Atlantis server has the right keys.
lkysow picture lkysow on 17 Sep 2018
👍4

I just ran into this, another possible way is to configure the git credentials.helper inside the environment / container

cat <<EOF > /credentials.sh
    #!/bin/bash
    echo username=\$ATLANTIS_GH_USER
    echo password=\$ATLANTIS_GH_TOKEN
EOF

git config --global credential.helper "/credentials.sh"

stephencoe picture stephencoe on 18 Sep 2018
👍5

Got it, thanks for the help everybody. Decided to add a SSH key for the atlantis github user.

kevinwsin picture kevinwsin on 19 Sep 2018

I hit this today. Luckily we pass the git credentials to Atlantis using environment variables, so I enabled git-credential-store helper and generated the /home/atlantis/.git-credentials credentials file on /usr/local/bin/docker-entrypoint.sh. But... This solution doesn't work if credentials are passed as arguments.

nikovirtala picture nikovirtala on 11 Jan 2019

Related issue: #176

sryabkov picture sryabkov on 8 Mar 2019

Possible implementation of passing the SSH key for a GitHub service account: https://gist.github.com/sryabkov/39f20f263c5edfa650522c6a2e9484b6

sryabkov picture sryabkov on 25 Apr 2019

How are you supposed to do this with the Fargate Deployment?

djaboxx picture djaboxx on 10 Jul 2019

How are you supposed to do this with the Fargate Deployment?

You need to build a custom image where you configure the git client and credentials helper in a way that you're able to access your private repositories. For example, the solution @stephencoe presented above works perfectly fine also on Fargate. My solution too; I am running Atlantis on Fargate.

nikovirtala picture nikovirtala on 10 Jul 2019

Seems like this is built in natively now based on #711 - just FYI.

chaseconey picture chaseconey on 29 Aug 2019
👍1

As far as I can tell, #711 only supports HTTPS authentication via a GitHub token.

sryabkov picture sryabkov on 17 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

natalysheinin picture natalysheinin  路  3Comments
alistar79 picture alistar79  路  5Comments
kipkoan picture kipkoan  路  3Comments
lkysow picture lkysow  路  4Comments
ojacobson picture ojacobson  路  5Comments