Deploy Private Repo on Amplitude

Summary

Using AWS Amplify to deploy a multi-repo dendron wiki (what you are currently reading) with a mix of public and private repositories.

Context

You can configure Amplify for one repo. If you wish to programatically pull in additional private git repositories, you'll need a custom setup.

Solution

  1. Create a custom deploy key for the private repo in github

    • generate the key
    ssh-keygen -f deploy_key -N ""
    
  2. Encode the deploy key as a base64 encoded env variable for amplitude

    cat deploy_key | base64 | tr -d \\n 
    
  3. Modify the amplify.yml file to make use of the deploy key

    • there's 2 key steps
      • adding deploy key to ssh-agent
        • WARNING: this implementation will print the $DEPLOY_KEY to stdout
      • disabling StrictHostKeyChecking
        • NOTE: amplify does not have a $HOME/.ssh folder by default so you'll need to create one as part of the deployment process
    • relevant excerpt below
    - ...
    - eval "$(ssh-agent -s)"
    - ssh-add <(echo "$DEPLOY_KEY" | base64 -d)
    
    - echo "disable strict host key check"
    - mkdir ~/.ssh
    - touch ~/.ssh/config
    
    - 'echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    - ...
    
    • full build file here

Now you should be able to use git to clone the private repo.

Gotchas

  • strict host key checking will cause amplitude to fail when pulling from amplitude
  • $HOME/.ssh folder does not exit in regular amplify container
  • gitlab doesn't support ed25519 encryption gitlab
  • when trying to repro on mac, the following will fail because the piped file descriptor is deemed to have insufficient permissions...
    ssh-add <(echo "$DEPLOY_KEY" | base64 -d)
    # results in
    ssh-agent + Permissions 0660 for '/dev/fd/11' are too open
    
    • workaround is to use echo "${SSH_PRIVATE_KEY}" | ssh-add - gitlab

Troubleshooting

Permission Denied

git@github.com: Permission denied (publickey).\r
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

In my case, this was because no valid deploy key was there

Host key verification failed

Host key verification failed.\r
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

In my case, this was because of StrictHostKeyChecking

Alternatives

Not Tried

Lookup

Internet

Dendron


Tags

  1. kind.issue

Footnotes

  1. Gitlab issue ˄