Cloning Private Github Repository With Automation

20 Jul 2024 - rich

Starting with a RANT, ending in something working, but not quite there yet. Why is this so convoluted?

I know that I ‘can make this work’ with a pipeline as in Jenkins because I can create credentials and keep them safely stored on the Jenkins server.

But, for this basic config I am not using (yet) CICD tools… I am not sure if I need them for this, and the simple solution for me to just get Jekyll working was to stand up a quick and dirty EC2 instance and run what I need in cloud-init user-date just to make it work… see more of the history later…

What I am Trying to do

Background

I just want to run Jekyll! At least for the short term, in order to keep my blogs current and growing until I move on to the next, better way.

Jekyll is okay, but I think it rquires too much configuration, setup, and dependencies to make this really wortwhile to maintain in the long run (I may change my opinion, but for now…) Jekyll requies Ruby and a build and development environment. It wants to use Capistrano. There are numerous gems that are needed and versions change and maybe disappear. Every computer I have tried running this on, I have managed to mess up something - ruby, ruby versions (rbenv, etc), dependencies, gems, versions of gems, compatibility with older projects… and it runs on most of my computers but getting it installed and running is a challenge… from the different linuxes to my bsd machines (freebsd and openbsd)

So, What Have I Tried?

I have attempted to dedicate a computer or two to being able to maintain my blogs and my other sites. I have done this natively on older machines and laptops. But, as mentioned previously, I manage to break something. I know, I have just described a good use case for Docker and containers, right?

Well, I’ve tried but I’ve managed to ‘cook’ my environments and then a combination of lazy or just not enough time, I get to good enough and stop. My issues, I know… but in order not to worry about backing up data locally, having everying accessible to me no matter what device I am on, I am using my storage array for home directories and for application data space.

Yes, this works for the most part, but I am not differentiating between versions of linux or bsd I am running, I do have windows boxes, and I have just data space for files and documents. Startup and config files start getting a little crazy with some things running on one but not the other… I’ll deal with all of that eventually.

Anyway, this is my way of saying that docker containers on my devices (VMs, old harware, PCs, etc) isn’t working. Also there are disk resouce issues and permissions. I think with Ruby and Rails I run into more issues with configurations. So, docker is out… it isn’t elegant, it is convenient but it requies management and care something I don’t always do.

I can run it on my home kubernetes clusters, but same problems - I’m cheap, I have low resources, I don’t spend enough time maintaining it, and if I try to do something new it tends to break what I alread have.

So What am I doing Now That is Working?

For Jekyll and for Ruby and for Rails, I think the best solution for me is to just run it when I need it in AWS. I don’t need big VMs and I don’t need lots of disk space.
I could and may try again to run it in ECS, it has worked okay in the past.
But, just spinning up a VM, installing Ruby, gems, other dependencies, and Jekyll is good… so I don’t require any state on the servers… I am cheap and my requirement is to have it when i need it but look for ways to insure that everything is powered down and unallocated when I don’t need it…so no persistence of storage on my servers.

Setting Things Up

$ gpg --import name_of_pub_key_file

Public Key Servers

Two popular public key servers are:

  1. pgp.mit.edu
  2. keys.openpgp.org

These sites will allow you to add your pgp key and verify that it has been added.

You can also look up the public key of others by name or email or whatever…

To search for someone using one of these public key servers, just enter a command similar to:

$ gpg --keyserver pgp.mit.edu --search-keys <search parameters>
$ gpg --keyserver keys.openpgp.org --search-keys rich@terrorgrump.com

gpg: data source: http://keys.openpgp.org:11371
(1)	Rich Goldstein <rich@terrorgrump.com>
	  4096 bit RSA key C6D6D917A8D0CB4E, created: 2023-10-26
Keys 1-1 of 1 for "rich@terrorgrump.com".  Enter number(s), N)ext, or Q)uit >

$ gpg --keyserver pgp.mit.edu --search-keys rich@terrorgrump.com

gpg: data source: http://pgp.mit.edu:11371
(1)	Rich Goldstein <rich@terrorgrump.com>
	  4096 bit RSA key C6D6D917A8D0CB4E, created: 2023-10-26, expires: 2024-10-25
Keys 1-1 of 1 for "rich@terrorgrump.com".  Enter number(s), N)ext, or Q)uit > 1

How to Verify and Sign Keys

While you can freely distribute your generated public key file and people can use this to contact you in a secure way, it is important to be able to trust that the key belongs to who you think it does during the initial public key transmission.

Verify the Other Person’s Identity

How do you know that the person giving you the public key is who they say they are? In some cases, this may be simple. You may be sitting right next to the person with your laptops both open and exchanging keys. This should be a pretty secure way of identifying that you are receiving the correct, legitimate key.

But there are many other circumstances where such personal contact is not possible. You may not know the other party personally, or you may be separated by physical distance. If you never want to communicate over insecure channels, verification of the public key could be problematic.

Luckily, instead of verifying the entire public keys of both parties, you can simply compare the “fingerprint” derived from these keys. This will give you a reasonable assurance that you both are using the same public key information.

Get Fingerprint of a public key