AWS ECS中的Git克隆私有存储库

时间:2018-07-18 16:49:59

标签: python git amazon-web-services docker aws-fargate

我正在尝试下载组织中的所有私人仓库。 我有一个脚本,希望每天使用Fargate运行一次。 我在运行时遇到的问题如下:

Warning: Permanently added the RSA host key for IP address '192.30.253.113' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

我了解该错误,并在我的dockerfile中向该图像添加了一个ssh密钥:

FROM python:3.6
RUN mkdir /backup
WORKDIR /backup
ADD . /backup/
RUN mkdir /root/.ssh/
ADD id_rsa /root/.ssh/id_rsa
RUN chmod 400 /root/.ssh/id_rsa
RUN python3 -m pip install -r requirements.txt

这是我尝试下载所有存储库并将其上传到S3存储桶的脚本:

TOKEN = os.environ['TOKEN']
DATE = str(date.today())


def archive(zipname, directory):
    return shutil.make_archive(zipname, 'zip', root_dir=directory,
                               base_dir=None)


def assume_role(role_to_assume, duration=900):
    sts_client = boto3.client('sts')

    assumed_role = sts_client.assume_role(
        RoleArn=role_to_assume,
        RoleSessionName='session',
        DurationSeconds=duration
    )
    credentials = assumed_role['Credentials']
    return (credentials['AccessKeyId'], credentials['SecretAccessKey'],
            credentials['SessionToken'])


def upload_to_s3(key, file_name, access_role):
    access_key, secret_key, session_token = assume_role(access_role)
    s3 = boto3.resource(
        's3',
        aws_access_key_id=access_key,
        aws_secret_access_key=secret_key,
        aws_session_token=session_token
    )
    s3.Bucket('zego-github-backup').put_object(
        Key=key,
        Body=file_name
    )
    print('Uploaded')


def login_github():
    g = Github(TOKEN)
    org = g.get_organization("Organisation").get_repos()
    role = "arn:aws:iam::7893729191287:role/Github_backup"
    for repo in org:
        repo_name = repo.name
        key = f"{repo_name} {DATE}.zip"
        ssh_url = repo.ssh_url
        os.system(f"GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no\" git clone --depth 1 {ssh_url}")
        archive(f"{repo_name} {DATE}", repo_name)
        archived_file = open(key, 'rb')
        upload_to_s3(key, archived_file, role)
        shutil.rmtree(repo_name)
        os.remove(f"{repo_name} {DATE}.zip")
    print("Done")


login_github()

我在做什么错?还是我错过了一些步骤?

1 个答案:

答案 0 :(得分:0)

不确定我是否从脚本中丢失了任何内容,但没有看到你在任何地方启动ssh-agent,然后向其添加密钥。

GitHub's guide

$ eval "$(ssh-agent -s)"
$ ssh-add /root/.ssh/id_rsa

希望有帮助!

相关问题
最新问题