Github git: Difference between revisions

From wikinotes
No edit summary
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Github push/pull with SSH key =
= SSH Keys =
<blockquote>
== Push/Pull with SSH key ==
<blockquote>
<blockquote>
You'll need to change the github URL you are using.
You'll need to change the github URL you are using.
Line 14: Line 16:
ssh git@github.com -i ~/.ssh/github
ssh git@github.com -i ~/.ssh/github
</source>
</source>
</blockquote><!-- github push/pull with ssh key -->
</blockquote><!-- Push/Pull with ssh key -->
 
== Deploy Keys ==
<blockquote>
you can generate keys to provide read-only, or read-write access to a repo.
 
<source lang="bash">
ssh-keygen -t ed25519  # a strong key
</source>
 
<source lang="yaml">
https://github.com/<you>/<repo>/settings/keys/new  # url to add new deploykey
</source>
 
next we'll create entries within our ssh config for the repo.
 
Create an `alias` for github.com, that will identify which deploykey you'll
be using here.
<source lang="ini">
Host <alias-for-your-repo>  github.com
    HostName github.com
    IdentityFile  /home/you/.ssh/deploykey
    User git
</source>
 
 
Finally, clone the git repository using your alias instead of github.com.
<source lang="bash">
git clone <alias-for-your-repo>:<you>/<repo>
</source>


= importing existing git repo =
{{ NOTE |
Your alias must be a word, not a full address. Some examples:
 
* git will not recognize <code>myrepo:/you/myrepo</code> as an alias
* your alias cannot resolve to your repo ex: <code>git clone {alias}</code> is not sufficient. You will need to use <code>git clone {alias}:you/repo</code>.
}}
</blockquote><!-- deploy keys -->
 
== Submodule Authentication ==
<blockquote>
<blockquote>
* SSH keys provide access to specific repositories
* PAT tokens should have expiry dates, which means manual intervention


The least friction way of doing this is to use [[github-cli]] auto-generated PAT token and <code>gh auth login</code>.
</blockquote><!-- Submodule Authentication -->
</blockquote><!-- SSH Keys -->
= Workflows =
<blockquote>
== Importing existing repo ==
<blockquote>
See [[git httpserver|hosting a git http server]] to share with github.
See [[git httpserver|hosting a git http server]] to share with github.


You can then use that to import your project.
You can then use that to import your project.
</blockquote><!-- importing an existing repo -->
== Download single file ==
<blockquote>
<source lang="bash">
curl -O wget https://raw.githubusercontent.com/user/project/branch/filename
</source>
</blockquote><!-- Download single file -->
== Find PR from commit ==
<blockquote>
<source lang="bash">
git log --merges --ancestry-path --oneline 9c34e5f6af..master \
    | grep 'pull request' \
    | tail -n1 \
    | awk '{print $5}' \
    | cut -c2- \
    | xargs gh pr view -w
</source>
alternatively
<source lang="bash">
git describe --all --contains <commit>  # returns branch name
</source>
</blockquote><!-- Find PR from commit -->
</blockquote><!-- Workflows -->
= Firewall =
<blockquote>
== Getting github.com ip-address ==
<blockquote>
github uses an unconventional setup for it's ip-addresses. Simply using a hostname resolves to just one of their
possible servers. If you are creating firewall rules, you'll need to create them for each address range. Here is
some code I've used to do this successfully in the past.
{{ expand
| python script to get github address ranges
|
<source lang="python">
import sys
import json
import os
if sys.version_info[0] < 3:
    from urllib2 import urlopen
else:
    from urllib.request import urlopen


</blockquote><!-- importing an existing repo -->
 
def get_github_urls():
    """
    Returns:
        list: ``[ '1.2.3.4/24', ... ]``
    """
    url = 'https://api.github.com/meta'
    reply = urlopen(url)
 
    if sys.version_info[0] < 3:
        status = reply.code
    else:
        status = reply.status
    if status != 200:
        raise RuntimeError('Unexpected reply: {}'.format(repr(reply)))
 
    # decode
    rawdata = reply.read().decode('utf-8')
    data = json.loads(rawdata)
 
    return data['git']
</source>
}}
 
See
{|
| stackoverflow question || https://superuser.com/questions/704230/what-ports-to-open-up-for-github-to-install-and-work
|-
| official docs on githug ip-addrs || https://help.github.com/en/articles/about-githubs-ip-addresses
|}
</blockquote><!-- Getting github.com ip-address -->
</blockquote><!-- firewall -->

Latest revision as of 15:15, 9 July 2022

SSH Keys

Push/Pull with SSH key

You'll need to change the github URL you are using. 

git clone https://github.com/<Username>/<Project>   # !!bad!!

git clone git@github.com:<Username>/<Project>       # good
git clone github.com:<username>/<project>           # also good (must specify user in ~/.ssh/config)

You can quickly test authentication 

ssh git@github.com -i ~/.ssh/github

Deploy Keys

you can generate keys to provide read-only, or read-write access to a repo. 

ssh-keygen -t ed25519   # a strong key

https://github.com/<you>/<repo>/settings/keys/new   # url to add new deploykey

next we'll create entries within our ssh config for the repo.

Create an `alias` for github.com, that will identify which deploykey you'll be using here. 

Host <alias-for-your-repo>  github.com
    HostName github.com
    IdentityFile  /home/you/.ssh/deploykey
    User git


Finally, clone the git repository using your alias instead of github.com. 

git clone <alias-for-your-repo>:<you>/<repo>

NOTE:

Your alias must be a word, not a full address. Some examples:

  • git will not recognize myrepo:/you/myrepo as an alias
  • your alias cannot resolve to your repo ex: git clone {alias} is not sufficient. You will need to use git clone {alias}:you/repo.

Submodule Authentication

  • SSH keys provide access to specific repositories
  • PAT tokens should have expiry dates, which means manual intervention

The least friction way of doing this is to use github-cli auto-generated PAT token and gh auth login.

Workflows

Importing existing repo

See hosting a git http server to share with github.

You can then use that to import your project.

Download single file

curl -O wget https://raw.githubusercontent.com/user/project/branch/filename

Find PR from commit

git log --merges --ancestry-path --oneline 9c34e5f6af..master \
    | grep 'pull request' \
    | tail -n1 \
    | awk '{print $5}' \
    | cut -c2- \
    | xargs gh pr view -w

alternatively 

git describe --all --contains <commit>  # returns branch name

Firewall

Getting github.com ip-address

github uses an unconventional setup for it's ip-addresses. Simply using a hostname resolves to just one of their possible servers. If you are creating firewall rules, you'll need to create them for each address range. Here is some code I've used to do this successfully in the past.

python script to get github address ranges 

import sys
import json
import os

if sys.version_info[0] < 3:
    from urllib2 import urlopen
else:
    from urllib.request import urlopen


def get_github_urls():
    """
    Returns:
        list: ``[ '1.2.3.4/24', ... ]``
    """
    url = 'https://api.github.com/meta'
    reply = urlopen(url)

    if sys.version_info[0] < 3:
        status = reply.code
    else:
        status = reply.status
    if status != 200:
        raise RuntimeError('Unexpected reply: {}'.format(repr(reply)))

    # decode
    rawdata = reply.read().decode('utf-8')
    data = json.loads(rawdata)

    return data['git']

See

stackoverflow question https://superuser.com/questions/704230/what-ports-to-open-up-for-github-to-install-and-work
official docs on githug ip-addrs https://help.github.com/en/articles/about-githubs-ip-addresses
Retrieved from "http://willpittman.net:8080/index.php?title=Github_git&oldid=31035"