2

So I have a post-receive script inside a remote repository in a private server. What I want is to perform a push to github every time the remote repo receive a push. I do this so that it can first go through some security checks, like making sure they don't change stuff in master branch, etc.

This is the script:

#!/bin/sh
git --work-tree=/var/www/html/beta --git-dir=/var/repo/beta.git checkout -f
current_branch=$(git symbolic-ref HEAD | sed -e 's,.*/\(.*\),\1,')
git push git@github.com:kevuno/mycoolrepo.git $current_branch

Where my coolrepo is a private repo inside GitHub.

I can perform manual pushes inside the repo located on the remote server because I have already added the SSH keys so ssh authentication works all fine. However, if I try to push from the post-receive hook it suddenly just doesn't work. This is the error I get

remote: Host key verification failed.
remote: fatal: Could not read from remote repository.
remote: 
remote: Please make sure you have the correct access rights
remote: and the repository exists.

Any help would be appreciated.

Kevuno
  • 203
  • 3
  • 7

2 Answers2

1

if I try to run the command as sudo it shows an error

That means root does not have the same ~user/.ssh/id_rsa(.pub) private/public key that allow the user to access GitHub with the proper authentication.

But if that script is meant to be run as root, that means you can run that particular command as the user

sudo -S -u otheruser ....

As the OP comments:

However, I need to change sudoers file so I allow that user to perform sudo commands without typing their password.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Or with the other user environment, but you should not need it: https://unix.stackexchange.com/q/176997/7490 – VonC Jul 19 '17 at 05:01
  • That works, however, I need to change sudoers file so I allow that user to perform sudo commands without typing their password. – Kevuno Jul 19 '17 at 17:48
  • @user3667660 Good point. I have included your comment in the answer for more visibility. – VonC Jul 19 '17 at 18:32
0

I know you have your answer, but still after reading what you are trying to do, I would suggest to you to use a gateway check-in system.
Instead of doing a post action - which means that the code is already on the remote or another remote for that fact. you can still use your same repo and use a pre-received hook for deflecting your code and run your test, only if the tests pass, then the process will continue automatically to your protected branch.
There are a few options available. my favorite is Verigrren - a gateway check-in system that deflect your push to a temporary branch, Jenkins pulling it, run test, and only if it is ok, Verigreen is pushing the code for you to the protected branch.
You can read more about it here

soninob
  • 428
  • 11
  • 22