To add on to Sriram's comments, the use of the github-oauth-authorization-plugin doesn't have any relationship with access to repository content on GitHub - it simply allows people to log onto GoCD using their Github identity, and optionally to have access to GoCD pipeline groups mapped to GitHub roles.
This is because materials/repositories need to be accessed in an identity known to the GoCD server/agents, not necessarily the individual user who happens to be logged in to GoCD. So even if you use that authorization plugin, you still need to decide how to provide GoCD itself access to repositories on Github. You can use an SSH key linked to a GitHub user <https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account> if you wish to use SSH access - no restrictions for private repos unless your GitHub org blocks use of SSH keys. If you instead wish to use HTTPS access to repositories you have to fill in a username/"password" for each material you configure. That "password" would be a personal access token <https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens> with at least read-only access to the 1 or more repositories you want to use. If you want to share one personal access token across many materials (perhaps a single token has read-only access to many repositories), the easiest way is to use a GoCD Secrets Management plugin and refer to them in the username/"password" fields of each material using the special secrets interpolation syntax: https://docs.gocd.org/current/configuration/secrets_management.html This will work with either manually defined pipelines/materials, or those defined externally in source control. -Chad On Thu, Oct 26, 2023 at 3:01 PM Sriram Narayanan <sriram...@gmail.com> wrote: > Please see: > > https://docs.github.com/en/authentication/connecting-to-github-with-ssh > > The gocd server runs as a particular user account. That user account needs > access to the ssh private keys used to authenticate with GitHub. > > The go agent too needs the same access. > > Assuming you are on Linux and installer gocd via rpm, then you would set > this key in the home directory ( > /var/lib/go-server/.ssh/myprivatekey.id_rsa) > > Permissions for .ssh would be 600, and for the key would be 400, with the > gocd process user owning the directory and The identity file. > > — Sriram > > > On Thu, 26 Oct 2023 at 12:00 PM, vv-fork <vakhlovs...@gmail.com> wrote: > >> Hello colleagues! >> >> What is the best way to connect on-prem goCD with GitHub private repo in >> cloud? I was smoking docs and manuals for quite a while, but what people >> say it’s to install ssh keys to both GitHub and goCD, which won’t work, >> since I am using github.com, so i suppose i can’t install ssh key there. >> >> I’ve installed github-oauth-authorization-plugin and set it as described >> (connection ok in authorisation configuration step), and restarted the >> server, however it’s still throwing that standard error “fatal: could not >> read Username for ‘https://github.com’ meaning that the access is still >> closed. >> >> What else can be done as you think? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "go-cd" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to go-cd+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/go-cd/ed3022b6-e1ec-4c3b-8ca3-3c5e6b7d72f4n%40googlegroups.com >> <https://groups.google.com/d/msgid/go-cd/ed3022b6-e1ec-4c3b-8ca3-3c5e6b7d72f4n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/CANiY96azM2%3DaFO351d4PpExOatRCO%2BoaQju3Juvm2yAbQR2d5A%40mail.gmail.com > <https://groups.google.com/d/msgid/go-cd/CANiY96azM2%3DaFO351d4PpExOatRCO%2BoaQju3Juvm2yAbQR2d5A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAA1RwH-R9v39GDB_Rs98pXnh0x7xyMZKwanye7Mcq%3D7hSdA1tQ%40mail.gmail.com.
