(note I already looked here and here and did not see a resolution)
I am creating some proprietary workflows and actions along with some colleagues and we’re storing them in our organization’s GitHub in separate repos.
In order to use the st2 pack install ssh://[email protected]:_GHUSER_/_REPO_
convention, for a
Private repository, it requires a valid SSH key pair with access to the repo stored in the
root
user’s SSH config.
This works great for a single repo using a Deploy Key. Or for multiple repos using an actual GH user account with an SSH key that you also install on the ST2 server instance.
In cases where you don’t want to use a personal SSH key on a shared server running the ST2 instance, it
appears there is no way to support multiple Private repo’s using Deploy Keys without needing to comment
out all other Deploy keys in the ~/.ssh/config
file before running the st2 pack
install
command.
The problem is that SSH will offer up all the keys it knows about, and github.com will happily accept the very first key that works, and thus will only be able to install from a private repo that uses that specific key. And for the record, you can only use a Deploy key on one specific repo in all of github land.
I was hoping to find a way to pass an IdentityFIle parameter to the packs.download
action
step of the packs.install
workflow, but no dice.
Anyone have thoughts on this? I’m going to look at using SSL tokens instead, but that’s a bit less secure since it will show up in logs since it becomes part of the URL.