I read in the Github docs that I can call a Github API Endpoint to create Deployment Keys for a project.
Everytime I run my playbook, it re-creates the ssh-key-pair and thus if I want to clone a git repo with SSH, I have to create the key manually.
I’m looking to automate the following procedure using the documentation above, but for some reason (maybe the wrong permissions on my github access token) I end up with a 401 when I try to call it from curl.
I have some ansible code that is supposed to do the same thing, but if I can’t get cURL to do it, then how will I be able to get Ansible to do it?
#ssh-keygen -t ed25519
#*Enter file in which to save the key: ./keys/id_ed25519_github_clone_ssh_test
#vi ~/.ssh/config
...
- name: Add SSH public key to GitHub account
tags: github
uri:
url: https://api.github.com/leeand00/somerepo/keys
validate_certs: no
method: POST
return_content: true
body:
title: "{{ KEY_TITLE }}"
key: "{{ key_content.stdout }}"
body_format: json
headers:
Content-Type: "application/vnd.github+json"
Authorization: "Bearer {{ GITHUB_ACCESS_TOKEN }}"
X-GitHub-Api-Version: 2022-11-28
register: huh
failed_when: huh.find('key is already in use') == 0
...
Does anyone know if it is a problem with the permissions on my GITHUB_ACCESS_TOKEN has something to do with the problem, and what those settings might be?
Also, if I were to run vagrant destroy would there be something that could also delete the key then?
It seems like the issue you’re facing is related to the permissions on your GitHub access token. When you’re getting a 401 Bad Credentials error, it’s most likely because the access token does not have the necessary permissions to create a deploy key for your repository.
To resolve this, ensure your GitHub token has the repo and write:public_key permissions. These permissions are required to add deploy keys. You can check the permissions of your token and update them accordingly in your GitHub account settings.
Regarding your Ansible script, ensure that your token has the correct scope and you’re using the correct URL format. It may also help to double-check your GITHUB_ACCESS_TOKEN permissions.
As for your question about vagrant destroy—it won’t delete the deploy key automatically. You’ll need to explicitly remove it from your GitHub repository using the API or manually if needed.
Good luck, and feel free to share any further details if the issue persists!
After talking to some more people I found out that my endpoint URL was wrong and it was missing the /repos/ part of the URL.
I also ditched the fancy yaml for generating the call for the deployment key and opted for just using a shell: and curl inside it instead; it wasn’t too bad, but I needed to make sure that the variable that stored the content of the key had .stdout appended to the end of it since otherwise it would print the contents of the dict.