Using Flyctl from GitHub Actions

limbic-derek · January 27, 2022, 1:47am

I’m trying to do something really basic here and must be missing something.

I’m using GitHub actions w/ a custom docker container that has flyctl setup. I read that if I set FLY_ACCESS_TOKEN it’d just work, so I tossed an access token in as an encrypted org secret, and setup this action:

  - name: Push Container to Fly.io
    env:
      FLY_ACCESS_TOKEN: ${{ secrets.FLY_ACCESS_TOKEN }}
    run: flyctl deploy --app $APP_NAME --image $CONTAINER_NAME

This seems like the perfect solution (kudos developers), but sadly I get this error:

==> Verifying app config
Error failed fetching existing app config: Post "https://api.fly.io/graphql": net/http: invalid header field value "***" for key Authorization

Any ideas?

charsleysa · January 27, 2022, 1:54am

Hi @limbic-derek

Does the same key and command work if you run it on your local machine?

Also, you mentioned that you added the token as an encrypted org secret, have you checked that your repo can access the secret? (it’s part of the config for the secrets done at the org level but not at the repo level).

limbic-derek · January 27, 2022, 5:42am

I checked and it can access it just fine. This command works locally as well…This has to do with some kind of filtration on git GitHub Actions side I think but I can’t figure out how to make it know this is OK to do.

FrequentFlyer · January 27, 2022, 7:45am

Can you check if you need to add anything to your Dockerfile or setup otherwise, with this as reference - GitHub - superfly/flyctl-actions: :octocat: GitHub Action that wraps the flyctl

EDIT: It seems to be something dumb… a newline character at the end of the secret.
Found plenty of hits suggesting the same for net/http: invalid header field value

github.com/stashed/stash

Minio backup fails: 'net/http: invalid header field value "..." for key Authorization'

opened 08:34AM - 08 Aug 18 UTC

closed 10:20AM - 08 Aug 18 UTC

bartelsielski

Backing up data to Minio does not seem to work (see error below). This is the sa…me error as in issue #478. ``` E0808 08:04:43.537411 1 restic.go:204] Error running command '/bin/restic [snapshots --json --cache-dir /tmp/restic-cache --cacert /tmp/cacerts/ca.crt]' output: [golang-sh]$ /bin/restic snapshots --json --cache-dir /tmp/restic-cache --cacert /tmp/cacerts/ca.crt Fatal: unable to open config file: Stat: Get https://minio.example.com/stash-qa/?location=: net/http: invalid header field value "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE\n/20180808/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=74fe603e8f353df20d2d87fdd9761ff17e9193e04b9e2b65035e7e3c3d527297" for key Authorization Is there a repository at the following location? s3:https://minio.example.com/stash-qa/demo/deployment/stash-demo E0808 08:04:43.550668 1 restic.go:204] Error running command '/bin/restic [init --cache-dir /tmp/restic-cache --cacert /tmp/cacerts/ca.crt]' output: [golang-sh]$ /bin/restic init --cache-dir /tmp/restic-cache --cacert /tmp/cacerts/ca.crt Fatal: create repository at s3:https://minio.example.com/stash-qa/demo/deployment/stash-demo failed: client.BucketExists: Get https://minio.example.com/stash-qa/?location=: net/http: invalid header field value "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE\n/20180808/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=74fe603e8f353df20d2d87fdd9761ff17e9193e04b9e2b65035e7e3c3d527297" for key Authorization I0808 08:04:43.568078 1 recorder.go:81] [Event created: minio-restic.1548da1b378f8814] ``` We tried using stash `0.7.0` installed via helm using the following configuration: ``` apiserver: ca: | <REDACTED> enableMutatingWebhook: true enableValidatingWebhook: true ``` Running the restic commands manually from the stash container works without any problems. We also tried to use version `0.7.0-13-g97e97d1f` because this contained the #508 merge request but to no avail. --- We use Kubernetes version 1.10 on bare-metal servers (installed using Juju). Minio was also installed using helm. It uses a NFS backend and a TLS certificate issued using cert-manager (we also tried using plain HTTP but this still produced the same error). Below is the restic yaml for the demo deployment: ``` apiVersion: stash.appscode.com/v1alpha1 kind: Restic metadata: name: minio-restic namespace: default spec: selector: matchLabels: app: stash-demo fileGroups: - path: /source/data retentionPolicyName: 'keep-last-5' backend: s3: endpoint: 'https://minio.example.com' # Use your own Minio server address. bucket: stash-qa # Give a name of the bucket where you want to backup. prefix: demo storageSecretName: minio-restic-secret schedule: '@every 1m' volumeMounts: - mountPath: /source/data name: source-data retentionPolicies: - name: 'keep-last-5' keepLast: 5 prune: true ``` Below is the restic secret for the minio backend: ``` apiVersion: v1 kind: Secret metadata: name: minio-restic-secret type: Opaque data: AWS_ACCESS_KEY_ID: QUtJQUlPU0ZPRE5ON0VYQU1QTEUK # AKIAIOSFODNN7EXAMPLE (default set by minio chart) AWS_SECRET_ACCESS_KEY: d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo= # wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY (default set by minio chart) CA_CERT_DATA: | <REDACTED> # cert-manager CA certificate RESTIC_PASSWORD: cGFzc3dvcmQK # password = password (highly secure) ```

Topic		Replies	Views
Automatic deploys to GitHub Questions / Help	3	437	September 12, 2022
Deploying remix/run blues-stack app, docker/login-action@ fails: Error response from daemon: login attempt to https://registry.fly.io/v2/ failed with status: 401 Unauthorized Build debugging	2	541	March 15, 2023
fly github action not working, but locally is fine	5	370	August 23, 2023
Using the GraphQL API to do idempotent deploys	0	390	March 10, 2022
How on earth do you generate a Fly.io auth token with current flyctl??? Questions / Help docs , flyctl	5	49	October 11, 2024

Using Flyctl from GitHub Actions

Related Topics