Github git

From wikinotes

SSH Keys

Push/Pull with SSH key

You'll need to change the github URL you are using.

git clone https://github.com/<Username>/<Project>   # !!bad!!

git clone git@github.com:<Username>/<Project>       # good
git clone github.com:<username>/<project>           # also good (must specify user in ~/.ssh/config)

You can quickly test authentication

ssh git@github.com -i ~/.ssh/github

Deploy Keys

you can generate keys to provide read-only, or read-write access to a repo.

ssh-keygen -t ed25519   # a strong key
https://github.com/<you>/<repo>/settings/keys/new   # url to add new deploykey

next we'll create entries within our ssh config for the repo.

Create an `alias` for github.com, that will identify which deploykey you'll be using here.

Host <alias-for-your-repo>  github.com
    HostName github.com
    IdentityFile  /home/you/.ssh/deploykey
    User git


Finally, clone the git repository using your alias instead of github.com.

git clone <alias-for-your-repo>:<you>/<repo>

NOTE:

Your alias must be a word, not a full address. Some examples:

  • git will not recognize myrepo:/you/myrepo as an alias
  • your alias cannot resolve to your repo ex: git clone {alias} is not sufficient. You will need to use git clone {alias}:you/repo.

Submodule Authentication

  • SSH keys provide access to specific repositories
  • PAT tokens should have expiry dates, which means manual intervention

The least friction way of doing this is to use github-cli auto-generated PAT token and gh auth login.

Workflows

Importing existing repo

See hosting a git http server to share with github.

You can then use that to import your project.

Download single file

curl -O wget https://raw.githubusercontent.com/user/project/branch/filename

Find PR from commit

git log --merges --ancestry-path --oneline 9c34e5f6af..master \
    | grep 'pull request' \
    | tail -n1 \
    | awk '{print $5}' \
    | cut -c2- \
    | xargs gh pr view -w

alternatively

git describe --all --contains <commit>  # returns branch name

Firewall

Getting github.com ip-address

github uses an unconventional setup for it's ip-addresses. Simply using a hostname resolves to just one of their possible servers. If you are creating firewall rules, you'll need to create them for each address range. Here is some code I've used to do this successfully in the past.

python script to get github address ranges

import sys
import json
import os

if sys.version_info[0] < 3:
    from urllib2 import urlopen
else:
    from urllib.request import urlopen


def get_github_urls():
    """
    Returns:
        list: ``[ '1.2.3.4/24', ... ]``
    """
    url = 'https://api.github.com/meta'
    reply = urlopen(url)

    if sys.version_info[0] < 3:
        status = reply.code
    else:
        status = reply.status
    if status != 200:
        raise RuntimeError('Unexpected reply: {}'.format(repr(reply)))

    # decode
    rawdata = reply.read().decode('utf-8')
    data = json.loads(rawdata)

    return data['git']

See

stackoverflow question https://superuser.com/questions/704230/what-ports-to-open-up-for-github-to-install-and-work
official docs on githug ip-addrs https://help.github.com/en/articles/about-githubs-ip-addresses