markjgsmith

home > archives > everything > 2022 > 04

2022/04/21 #

  • Npm installing multiple private Github repos using ssh aliases

    When you are developing in NodeJS it’s often useful to be able to install private modules.

    The main ways to do that are:

    1. Github Packages using Personal Access Token (PAT)
    2. Private Github repo using Personal Access Token (PAT)
    3. Private Github repo using Deploy Keys

    Apparently (1) is the most popular among developers, however it requires setup and management of additional workflows to create the Github Package.

    (2) Only works for a maximum of 1 private repo.

    (3) Works for 1 private repo, and can be extended using ssh aliases to work with multiple private repos.

    Deploy keys are also more granular in terms of security than PAT.

    This article focuses on method (3).

    Github has an example repo that demonstrates how to install a private repo using deploy keys. It’s worth testing that out.

    If you try the same methodology for installing more than 1 private repo in the same workflow, you’ll run into an issue. The reason being that Github doesn’t allow you to re-use the same deploy key across repos, and by default npm will use the default ssh private key (~/.ssh/id_rsa), of which there is only one.

    However if you configure ssh to use aliases, you can specify a different private key for each alias, and then use those aliases in your package.json to specify the private module dependency.

    Read more details about how to do that in the Github docs.

    For example if you had 3 private repos:

    • username/repo1
    • username/repo2
    • username/repo3

    Where repo1 installs both repo2 and repo3, then add an ssh config ($HOME/.ssh/config) as follows:

    Host github.com-repo2 Hostname github.com IdentityFile=/home/user/.ssh/private_key_repo2 Host github.com-repo3 Hostname github.com IdentityFile=/home/user/.ssh/private_key_repo3

    Then specify the modules like so in repo1’s package.json:

    "dependencies": { … "repo2": "git+ssh://[email protected]:username/repo2", "repo3": "git+ssh://[email protected]:username/repo3", … }

    It’s important to specify the protocol correctly. Without ‘git+ssh://‘ the install completes but none of the files actually get installed. Instead some type of symlink gets created. At least that’s what happened in my tests.

    Store your private keys in Github secrets, and before your install step, create the private keys on the filesystem from those secrets:

    /home/user/.ssh/private_key_repo2

    and

    /home/user/.ssh/private_key_repo3

    Now in your repo1 workflow you should be able to install all repo1 dependencies using:

    npm install

    It’s worth having a verify step after install that lists the installed files using ls -l and/or tree.

Today’s links:

2022/04/15 #

  • My brain's favorite passtime

    My brain: Do this now or I will delete this…

    Me: Yes that does sound interesting, I’ll just finish what I was doing first, it will only take a few seconds

    My brain: Too late! this has been deleted, haha, that’ll learn you

    Me: Shit, what was I doing again? :(

    I think perhaps it happens more often when "the external world" is constantly butting in trying to prompt me todo things that I am already about to do. Eventually it devolves into some sort of race condition, and the only thing you can do is walk and move really really slowly like you are a grandad.

    Makes you wonder about alternative scenarios for where grandad’s actually come from, which doesn’t help the situation much either.

  • Infected leg wounds

    I’m still battling with infected leg wounds, but things are a bit better than earlier in the week. I can at least sort of walk now.

    What happened? I don’t fully know.

    A month ago, a stranger nonchalantly walked up to me in a park, touched my right knee, smiled and walked off. Very weird.

    A couple of days later that exact spot started feeling sore. I didn’t think much of it, but I ran out of disinfectant, and it rapidly turned into an abscess.

    I got bandages and disinfectant, but then ran out again. I had to use moving tape to secure my last 2 bandages. I was able to get to a pharmacy but the moving tape created more sores, and those turned into more abscesses.

    Somehow the abscesses jumped across to my other knee. The whole knee ballooned with one absolutely giant abscess. Over the past few days that has turned into a strip of abscesses that looks oddly like an upside down exclamation point. What are the chances?

    Earlier in the week I was worried it might permanently affect my mobility, I could barely walk. I’m now worried about scaring. An improvement but not much better.

    Dressing and cleaning these sores has been close to some of the most intense pain I’ve ever experienced. Having to spend literally hours at a time squeezing out puss, with the same intensity and force as an arm wrestle.

    Something similar happened to me in India a few years ago, I’ve got a small scar from that experience. Looks like I’ll have a bigger scar this time.

    There’s been a lot of unpleasant reactions from people, from mild racism to people finding it hilarious seeing a foreigner in pain.

    I know these are a small group overall, but as with trolls in online comments, they can make it seem like the whole world is against you. I’m both mentally and physically bruised at the minute.

    You might be wondering: Are you ok?

    My response: No not really.

Today’s links:

2022/04/02 #

Today’s links:

  • 🚀 New Portfolio Minimal: action-jobs-in-series - Minimal Github Actions workflow demonstrating using artefacts to pass data between jobs in seriesblog.markjgsmith.com #

  • 🚀 New Post: Saturday 2nd April, 2022 - Hypothermia then sunshine, and then starvation & thirstmarkjgsmith.substack.com #

For enquiries about my consulting, development, training and writing services, aswell as sponsorship opportunities contact me directly via email. More details about me here.