Recommended auth mechanism for fetching gruntwork modules on CI

modules
circleci

#1

What is the recommended way to authenticate with Github when fetching gruntwork modules such as: ssh://git@github.com/gruntwork-io/module-ecs.git from CircleCI?

From the terraform doco it looks like I need to set GIT_SSH_COMMAND or hardcode the username and password in the connection string.

infrastructure-modules-acme isn’t using the latter so I guess that’s not recommended.
Is there any documentation on doing the former (such as adding an SSH key to CircleCI and then setting GIT_SSH_COMMAND to something like: ssh -i ${HOME}/.ssh/id_rsa -F /dev/null ?

or is there some terragrunt magic to help here, e.g. I found a reference to:

ssh -T -oStrictHostKeyChecking=no git@github.com || true

in the infrastructure-modules-acme but including this on CI does not seem to help.

Background:

I’ve forked sample-app-frontend-acme, infrastructure-live-acme and infrastructure-modules-acme, but I’d like to pull the actual gruntwork terraform modules from, well, gruntwork. On CircleCI, I’m using a machine user with a Github PAT to fetch my forked repos.


#2

Use SSH keys! These are natively supported by Git (and by extension, Terraform, since it uses Git under the hood). Configure an SSH key for a machine user and add it to your CircleCI build.


#3

See this thread for instructions: CircleCI unable to checkout infrastructure settings repo (sample-app-frontend-acme)


#4

@jim Just looked through the members of gruntwork org and there are a few machine users in there.

So the machine user on CircleCI that already has a user key configured just needs adding to the gruntwork org to get read access to the module repos? If so, how should I go about requesting the user be added to the gruntwork org?


#5

If you want a human or machine user to have access to the gruntwork-io GitHub repos, just email their GitHub ID to support@gruntwork.io. Thx!