Use a private GitHub repository using deploy keys

In this guide, we’ll link a private GitHub repository to a Valohai project using a read-only SSH deploy key.

You can also use GitHub App integration to link private repositories, and you can find that setting on the Valohai project repository settings page.

1. Requirements

For this tutorial you will need:

  • a private GitHub repository with Valohai YAML defined
  • a Valohai project which to link the repository
  • a tool that can generate SSH keys, this guide uses ssh-keygen commonly found on computers

Tip

You can also link private GitHub repositories through GitHub Apps authorization if you don’t wish to manage the secrets yourself.

GitHub Apps integration button

You will find this in the project repository settings.

2. Generate an SSH key pair

$ ssh-keygen -t rsa -b 4096 -N '' -f my-project-deploy-key

The ssh-keygen above generates two files:

  • my-project-deploy-key.pub is the public key you add to GitHub.
  • my-project-deploy-key is the private key you add to Valohai.

You should not include these keys in the version control. Anybody that gains access to the my-project-deploy-key file contents will have read access to your repository so use appropriate caution.

3. Add the public key to GitHib

Find the my-project-deploy-key.pub file we generated in the last section, and it should contain one line that starts with ssh-rsa AAAA.... This line is the public key that we’ll be adding to GitHub.

3.1 Go to deploy key settings

GitHub - route to the deploy key creation page

Navigate to the add deploy key page in your repository through Settings > Deploy keys > Add deploy key.

3.2 Add new deploy key

GitHub - deploy public key setup example

Copy and paste the contents of my-project-deploy-key.pub into the Key field.

Give the deploy key an identifying Title such as Valohai.

Valohai doesn’t require write access, make sure that is off.

3.3 Inspect the new deploy key

GitHub - created deploy key example

After adding the deploy key, it should look something like the this.

4. Add the private key to Valohai

Find the my-project-deploy-key file (without the .pub extension) we generated before. It should contain multiple lines starting with -----BEGIN RSA PRIVATE KEY-----. The contents of this file are the private key we’ll be adding to Valohai.

4.1 Go to repository settings

Valohai - route to repository settings

Navigate to the repository settings in your Valohai Project through Settings > Repository.

4.2 Copy the repository SSH URL

GitHub - where to find repository SSH URL

To make sure you get the correct repository URL, open GitHub in another tab. On Github, navigate to Code page and press Clone or download.

Make sure you have Clone with SSH active on the popup window. If it reads Clone with HTTPS, click the Use SSH button next to the text.

Then copy the text field with git@github.com:<owner>/<repository>.git

4.3 Configure repository settings

Valohai - repository configuration example

Paste the SSH URL (git@github.com:<owner>/<repository>.git) into the URL field.

Change Fetch reference if applicable to your use-case. It’s essentially the branch Valohai uses. master is the most commonly used fetch reference.

Copy and paste the contents of my-project-deploy-key file (without the .pub extension) into the SSH private key field.

4.4 Save the repository settings

Valohai - screen after saving repository settings

After you click Save, Valohai links the GitHub repository to the project and automatically fetches your code.

On errors, double check the fields or contact support through Intercom.

4.5 Update project as necessary

Valohai - highlighted Fetch repository button

After you add new commits to your GitHub repository, remember to press the Fetch repository to update the code in Valohai.

5. Results

We linked a private GitHub repository to a Valohai project using GitHub deploy keys.