Deployment Keys Support
Since it's closed. :P
Reading this question:
https://help.appveyor.com/discussions/questions/374-deployment-keys-support#comment_38553692
States "You can see public key on General tab of project settings."
And:
"Just open main repo's "Deployment keys" settings on GitHub, remove project public key from there, grab public key on General tab of project settings"
I looked in the General tab of our project, and I do not see anything under there that states "key"... has this changed to another location? I do not see anything obvious.
Thank you for any assistance!
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Feodor Fitsner on 18 Nov, 2019 11:53 PM
Hi Mike,
What kind of project (GitHub, GitLab, generic git, etc.) is that?
2 Posted by Mike-E on 19 Nov, 2019 06:24 AM
Ah, details! Using the GitHub app via AppVeyor here. From what I understand, it sounds like the public key should be on the General settings tab in AppVeyor, but I do not see it.
3 Posted by Mike-E on 19 Nov, 2019 10:11 AM
Are Deployment Keys a supported scenario?
I have configured a deployment key in the target repository, and have configured the appveyor.yml file with the necessary scripting. However, on push I am getting a hang as discussed in this article:
https://help.appveyor.com/discussions/problems/14881-build-hanging-in-on_success-during-git-push
So it would seem that the username prompt is being displayed as referenced in this article:
https://help.appveyor.com/discussions/problems/123-pushing-local-git-tag-to-remote-sever
I am aware of personal access token, but am trying to keep this from getting personal. xD
Bad joke, but consider that with a personal access token, the repo permission is for ALL repositories that the account (mine, in this case) has access to -- read AND write. That seems like a gigantic security risk. It seems wrong to give access to one application/service that can have access to everything that I own. That's basically admin privileges.
I hope I am misunderstanding something, but I am failing to see why PATs are prevalent and recommended throughout the documentation and Deployment Keys are not.
Support Staff 4 Posted by Feodor Fitsner on 19 Nov, 2019 07:07 PM
AppVeyor GitHub App is used to give AppVeyor access to specific repositories only: https://www.appveyor.com/blog/2018/10/02/github-apps-integration/
5 Posted by Mike-E on 19 Nov, 2019 08:26 PM
Correct... for receiving webhook/messages for starting new builds. I dig that but unfortunately that is not what I am talking about.
In this case, we are taking the results of a successful build and sending them to another repo with its Deployment Keys configured. This repo is not in our list of accepted repositories configured with the AppVeyor GitHub application, and is currently using a PAT, which verifies this service now has full read/write access to any repository which I am an owner.
As mentioned, this is obviously and terribly excessive. That means any compromise of this account on the server can essentially act as me on any repository of which I am a member.
FWIW here is our script:
https://github.com/ExtendedXmlSerializer/ExtendedXmlSerializer/blob/master/.build/Success.ps1#L15-L32
You can see the attempt at using Deployment Keys is commented out (as I couldn't make it work) and is using the far more vulnerable and exposed PAT ATM. Any troubleshooting efforts you can provide to assist us in getting on Deployment Keys would be much preferred and greatly appreciated.
Support Staff 6 Posted by Feodor Fitsner on 20 Nov, 2019 12:20 AM
You still can use Deployment Keys - but the their management is on you. Look at this article: https://www.appveyor.com/docs/how-to/private-git-sub-modules/#gener...
7 Posted by Mike-E on 20 Nov, 2019 07:07 AM
Yes indeed! That is the resource that I used as the guidance for the RSA key code in the above file that is currently commented out as it doesn't work.
Which is why I asked: is this an actually supported scenario? When git push is performed the build locks, with what I am assuming is a user prompt based on the articles above.
8 Posted by Mike-E on 20 Nov, 2019 08:17 AM
OK! Found the issue. :)
An important detail:
https://gist.github.com/zhujunsan/a0becf82ade50ed06115
```
Attention: make sure your repo url use git protocl not http, which means use
git@github.com:{user}/{repo}.git
not
https://github.com/{user}/{repo}.git
```
BOOM. Fixed and deployed SO AMAZINGYAYAYAYA :) :) :)
On that note, so much serious respect and recognition on your RDP access, and really the quality of this service all around -- it's a joy to work with!
Support Staff 9 Posted by Feodor Fitsner on 20 Nov, 2019 10:06 PM
Thank you!
Mike-E closed this discussion on 20 Nov, 2019 10:23 PM.