Bring all of the power and flexibility of the GitHub CLI to your CI/CD pipeline.
Home Page: https://circleci.com/developer/orbs/orb/circleci/github-cli
License: MIT License
Recently GitHub included the SSH host keys in the meta API request. The orb should use it to fetch the rsa key instead of hardcoding it.
GitHub:
curl \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/meta
GitHub Enterprise:
curl \
-H "Accept: application/vnd.github.v3+json" \
http(s)://{hostname}/api/v3/meta
https://github.blog/changelog/2022-01-18-githubs-ssh-host-keys-are-now-published-in-the-api/
https://docs.github.com/en/rest/reference/meta#get-github-meta-information
https://api.github.com/meta
https://docs.github.com/en/[email protected]/rest/reference/meta
2.3.0
The release job will time out waiting for an interactive prompt.
gh config set prompt disabled
should be called before.
Call the setup command before using the cli.
Clone of: https://discuss.circleci.com/t/github-cli-does-not-support-apple-silicon/48359
Trying to use circleci/[email protected] on macos.m1.large.gen1.
Anyone aware of a workaround for this?
We get this error…#!/bin/bash --login -eo pipefail #!/bin/bash # set smart sudo if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi# Define current platform if [[ "$(uname -s)" == "Darwin" && "$(uname -m)" == "x86_64" ]]; then export SYS_ENV_PLATFORM=macos elif [[ "$(uname -s)" == "Linux" && "$(uname -m)" == "x86_64" ]]; then export SYS_ENV_PLATFORM=linux_x86 elif [[ "$(uname -s)" == "Linux" && "$(uname -m)" == "aarch64" ]]; then export SYS_ENV_PLATFORM=linux_arm else echo "This platform appears to be unsupported." uname -a exit 1 fi
1.0.3
I'm trying to combine the github-cli and terraform orbs to publish the terraform plan to the GitHub PR. I'm using gh/setup with the default GITHUB_TOKEN set, but the job fails with the error:
sh: 0: unknown operand
/bin/sh: syntax error: bad substitution
CircleCI config looks like this:
version: '2.1'
orbs:
terraform: circleci/[email protected]
gh: circleci/[email protected]
jobs:
plan:
executor: terraform/default
working_directory: terraform
steps:
- checkout
- gh/setup
- terraform/install
- terraform/init
- terraform/fmt:
recursive: true
- terraform/validate
- run: terraform plan -out plan.tfplan
- run: terraform show plan.tfplan | gh pr comment --body-file -
workflows:
version: 2
plan:
jobs:
- plangh/setup should succeed, installing the gh cli OR an actionable error message is reported (e.g. bash is not installed).
I wonder if there is a mismatch with bash/sh in the terraform executor (or bash might not be available).
I was able to work-around this by using a different image:
jobs:
plan:
docker:
- image: cimg/base:stableBump up the orb used for deployment to the latest orb-tools-orb version.
N/A
https://github.com/CircleCI-Public/orb-tools-orb/blob/master/MIGRATION.md
GH CLI 2.40.1 is 6 month old and missing some interesting features.
We should update it to the latest.
The version 2.2.0 circleci github cli orb defaults to gh cli version 2.3.0
The latest version of gh cli is 2.30.0. The default version should be a much newer version than 2.3.0 as I was trying to create a release using gh release create ... but half the flags documented https://cli.github.com/manual/gh_release_create were not available on version 2.3.0
I would like to use the flag --generate-notes to automatically generate title and notes for the release, its available on the original CLI but not for this orb.
I am creating a new Github token but I could not find what permissions level the token must has.
I suggest to add a list of permissions in each case as: for clone, install and setup commands.
admin:org
2.1.0
If you use a checkout step in your job, for example:
steps:
- checkout
- gh/setup
- run: gh repo clone MyOrg/MyRepo
It will fail with the following error if the repository requires the auth from the token configured in gh/setup:
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
exit status 128
Omitting the checkout step fixes the issue.
Investigation into the issue reveals that the checkout step creates a ~/.gitconfig that breaks usage of gh repo clone by redirecting all https://github.com git usage to ssh://[email protected]. Here is the contents as created as a side-effect of checkout:
[url "ssh://[email protected]"]
insteadOf = https://github.com
[gc]
auto = 0
Since the gh CLI tool configures a git credential helper for https://github.com, the redirect configured by the checkout step renders it useless as everything is redirected to SSH thus ends up using the repository specific SSH key configured by CircleCI.
Usage of checkout command should not affect usage of the github-cli orb.
I would argue checkout should not make any modification to global git configuration.
If there is no way around modification of the global git configuration, it should at least be specific to the repository that checkout will operate on instead of redirecting every github.com URL.
Other workarounds include doing your gh repo commands before the checkout step or adding a rm ~/.gitconfig immediately after the checkout step.
2.1.0
When using the setup command with a token that does not have the read:org scope, the setup fails needlessly.
Setup should succeed with any token.
This is caused by the gh auth status command and I will submit a PR in a few minutes.
1.0.5
I am running a fork of a repository and I have permission to write to origin and fork. When I am running gh release create v1.2.3 I am asked Which should be the base repository (used for e.g. querying issues) for this directory?. When running the orb in the CI it chooses one by default and it is the one that I don't want to have a release for.
It should create a release on the repo on which I am running the pipeline from not the one I forked from.
https://github.com/TimoKramer/datahike/tree/switch-to-tools-build
We would like to use this orb with our GitHub Enterprise instance. Seems like all that needs to be added is a param for
--hostname and update the script file.
I'm gonna try to get a PR in for this. 🤞
- gh/setup:
context:
- GITHUB_CREDS
hostname: enterprisehostname
GitHub cli docs for login https://cli.github.com/manual/gh_auth_login
2.1.0
setup is missing, therefore release "hangs"
The gh/release job should not hang and create the release
As stated here:
If user were relying on release to call setup this would break for them
This is indeed a problem @motionsuggests.
Since gh/release is a job but gh/setup is a command it can't just be inserted before the gh/release job.
How would one call gh/release now so that it would actually work? The documentation hasn't been updated regarding this.
I lost quite some time poking around with this 😬 , until I realised it was not my fault but rather the fault of this (imo) breaking change.
That having said, thanks for the orb in the first place :)
When trying to use this orb with our GitHub Enterprise instance and only running gh/release it errors out calling
gh auth setup-git --hostname "$PARAM_GH_HOSTNAME".
I get the following error:
Authenticating GH CLI
You are not logged into the GitHub host "**REDACTED**"
Exited with code exit status 1 - gh/release:
context:
- GITHUB_CREDS
hostname: ***********
filters:
branches:
only:
- main
notes-file: CHANGELOG.md
requires:
- prep_vars
tag: ${VERSION}
title: ${VERSION}I think just running gh/release should only run install not setup.
Related Issue #9
2.3.0
Failed to install github-cli because of missing additional/required dependencies
Downloading the GitHub CLI from "https://github.com/cli/cli/releases/download/v2.40.1/gh_2.40.1_linux_amd64.deb"...
Installing the GitHub CLI...
+ apt install ./gh-cli.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'gh' instead of './gh-cli.deb'
The following additional packages will be installed:
git git-man less libcbor0 liberror-perl libfido2-1 openssh-client patch
Suggested packages:
gettext-base git-daemon-run | git-daemon-sysvinit git-doc git-el git-email
git-gui gitk gitweb git-cvs git-mediawiki git-svn keychain libpam-ssh
monkeysphere ssh-askpass ed diffutils-doc
The following NEW packages will be installed:
gh git git-man less libcbor0 liberror-perl libfido2-1 openssh-client patch
0 upgraded, 9 newly installed, 0 to remove and 25 not upgraded.
Need to get 8653 kB/20.0 MB of archives.
After this operation, 86.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] Abort.
+ set +x
Something went wrong installing the GH CLI. Please try again or open an issue.
Exited with code exit status 1
config.yml to reproduce the issueversion: 2.1
orbs:
github-cli: circleci/[email protected]
jobs:
cypress:
docker:
- image: cypress/browsers:node16.14.0-chrome99-ff97
steps:
- checkout
- github-cli/setup
workflows:
samplei:
jobs:
- cypress
setup command should install all the additional/required dependencies
Just by adding --yes flag at below line:
github-cli-orb/src/scripts/install.sh
Line 55 in e89b4c5
apt will automatically install all the dependenciesstep: - github-cli/setup
GH CLI installed
/usr/bin/gh
Authenticating GH CLI
github.com
X github.com: the token in GITHUB_TOKEN is missing required scopes 'repo', 'read:org'
Exited with code exit status 1
CircleCI received exit code 1
It should be possible to install the github-cli with this orb, without having specific scopes. We only use the github cli to create and report github Deployments. Per the principle of least privelege, we only provide repo_deployment scope to our circle contexts. This scope is sufficient to create Deployment records and to set their status accordingly. Unfortunately, this scope is not sufficient for gh auth status and so the setup command fails.
It is admirable that this orb's setup command reports auth status and does some default configuration. However, it should be possible for users to only install the cli, if they so choose. Installation itself does not require any scopes. Our usage is known to work with the repo_deployment scope, we just need to install the cli.
This link leads to a 404.
Trying to use the clone command:
- gh/setup
- gh/clone:
dir: deployment-repo/
repo: org/project
#!/bin/bash -eo pipefail
# Ensure known hosts are entered. Required for Docker.
mkdir -p ~/.ssh
echo 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' >> ~/.ssh/known_hosts
PARAM_GITHUB_REPO_EXPANDED="$(eval echo "$PARAM_GH_REPO")"
gh repo clone "$PARAM_GITHUB_REPO_EXPANDED" "$PARAM_GH_DIR"
Cloning into 'deployment-repo'...
git: 'credential-!/usr/bin/gh' is not a git command. See 'git --help'.
Username for 'https://github.com': fatal: could not read Username for 'https://github.com': Success
exit status 128
Exited with code exit status 1
CircleCI received exit code 1
The credential helper should work
I reproduced this locally using cimg/base:2021.05 - the config generated is:
[credential "https://github.com"]
helper =
helper = \\!/usr/bin/gh auth git-credential
If I remove the \\, it works
While configuring the workflow. I notice no matter what I do or inject in files I have always the message : stat /tmp/workspace/artifacts/dist.zip: no such file or director
Here is the extraction of my config.yml
jobs:
- app_build:
filters:
branches:
only:
- master
- github-cli/release:
pre-steps:
- *attach_workspace
- run:
command: |
ls -la /tmp/workspace/artifacts
context:
- GITHUB_CREDS
tag: << pipeline.git.branch >>-<< pipeline.number >>-dev
title: << pipeline.git.branch >>-<< pipeline.number >>-dev
prerelease: true
files: /tmp/workspace/artifacts/dist.zip # <-- This doesn't work
requires:
- app_build
filters:
branches:
only:
- master
/tmp/workspace/ come from my workspace attachment. with the folder artifacts created by app_build
files should be able to find a file from anywhere
If the ls in pre-step can see the file, so should the release task.
output of ls
#!/bin/bash -eo pipefail
ls -la /tmp/workspace/artifacts
total 62900
drwxr-xr-x 2 circleci circleci 22 Dec 29 20:06 .
drwx------ 3 circleci circleci 23 Dec 29 20:06 ..
-rw-r--r-- 1 circleci circleci 64409035 Dec 29 20:06 dist.zip
CircleCI received exit code 0
From my code, you can see I have a workspace between both jobs
I found the workaround by doing the post-steps and uploading the artifact after the release is created
jobs:
- app_build:
filters:
branches:
only:
- master
- github-cli/release:
pre-steps:
- *attach_workspace
- run:
command: |
ls -la /tmp/workspace/artifacts
context:
- GITHUB_CREDS
tag: << pipeline.git.branch >>-<< pipeline.number >>-dev
title: << pipeline.git.branch >>-<< pipeline.number >>-dev
prerelease: true
post-steps:
- run:
command: |
gh release upload << pipeline.git.branch >>-<< pipeline.number >>-dev /tmp/workspace/artifacts/dist.zip
requires:
- app_build
filters:
branches:
only:
- master
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.