You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
While implementing and testing the solution on issue #2947, I ran into Host Key Verification Errors when terraform was trying to download custom terraform modules hosted on our Github Enterprise (GHE) server.
2024-12-02T19:01:43.653Z error downloader/getter.go:105 failed to download "git::ssh://[email protected]/MyOrg/tf_aurora_cluster.git?ref=v2.1.0". error: 'error downloading 'ssh://[email protected]/MyOrg/tf_aurora_cluster.git?ref=v2.1.0': /usr/bin/git exited with 128: Cloning into '/tmp/odgne5'... Host key verification failed. fatal: Could not read from remote repository.
To Reproduce
Steps to reproduce the behavior:
Create a repository on Github Enterprise server that requires authentication for all repositories
setup a terraform project that pulls the remote code from the repository created on the Github Enterprise server using SSH instead of https. git::ssh://[email protected]/MyOrg/tf_manheim_tags.git?ref=v2.2.0 for example
Execute Mega Linter tflint and terrascan linters using the default oxsecurity/megalinter@v8 action with the unsecured variables in issue #2947 to provide dual authentication for both Github.com and Github Enterprise.
See error
Expected behavior
Expecting Host Keys from both Github.com and GHE to be combined in the SSH known_host file to allow pulling things from either environment.
Screenshots
Skipped setting git safe.directory DEFAULT_WORKSPACE: ...
Setting git safe.directory GITHUB_WORKSPACE: /github/workspace ...
Setting git safe.directory to /tmp/lint ...
[MegaLinter init] ONE-SHOT RUN
[config] /github/workspace/.mega-linter.yml + Environment variables
.:oool' ,looo; .xNXNXl .dXNNXo. lXXXX0c. 'oKXXN0;
.oKNXNX0kxdddddddoc,. .;lodddddddxk0XXXX0c
.:kKXXXXXXXXXXXXNXX0dllx0XXXXXXXXXXXXXXXKd,
.,cdkOOOOOOOO0KXXXXXXXXXXK0OOOOOOOkxo:''ckKXNNNXkc'':::::;. .c0XX0l. .;::::;.'xXXXXXx' :kx: ;OXXXXKd.
.dKNNXXO; .. :0XXXXKl.
.lKXXXX0: .lKXXXX0:
:0XXXXKl. .dXXXXXk,
;kXXXXKd:cxXXXXXx''xXNXXXXXXXXXKo.
.oKXXXXNXXX0l.
.lKNNXNNXO:
,looool'======================================================================= MegaLinter, by OX.security ====================== https://ox.security?ref=megalinter =====================================================================---------------------------------------------------------------------------------------------------------------------------------------- MegaLinter, by OX Security ---------------------------------------------------------------------------------------------------------------------------------------- - Image Creation Date: 2024-11-23T10:46:00Z - Image Revision: 1fc052d03c7a43c78fe0fee19c9d648b749e0c01 - Image Version: v8.3.0----------------------------------------------------------------------------------------------------The MegaLinter documentation can be found at: - https://megalinter.io/8.3.0----------------------------------------------------------------------------------------------------MegaLinter initialization (expand for details)MegaLinter now collects the files to analyse (expand for details)Processing linters on [8] parallel cores… (can be decreased with variable PARALLEL_PROCESS_NUMBER in case of performance issues)✅ Linted [BASH] files with [bash-exec] successfully - (0.0s) (expand for details)✅ Linted [ACTION] files with [actionlint]: Found 4 non blocking error(s) - (0.02s) (expand for details)✅ Linted [BASH] files with [shellcheck]: Found 3 non blocking error(s) - (0.02s) (expand for details)✅ Linted [BASH] files with [shfmt] successfully - (0.02s) (expand for details)✅ Linted [JSON] files with [jsonlint] successfully - (0.18s) (expand for details) - Using [jsonlint v16.0.0] https://megalinter.io/8.3.0/descriptors/json_jsonlint - MegaLinter key: [JSON_JSONLINT] - Rules config: identified by [jsonlint] - Number of files analyzed: [1] - Command: [jsonlint --quiet environments-to-provision.json]✅ Linted [MARKDOWN] files with [markdownlint]: Found 3 non blocking error(s) - (0.36s) (expand for details) - Using [markdownlint v0.43.0] https://megalinter.io/8.3.0/descriptors/markdown_markdownlint - MegaLinter key: [MARKDOWN_MARKDOWNLINT] - Rules config: [.markdownlint.json] - Number of files analyzed: [2] - Command: [markdownlint --fix -c /action/lib/.automation/.markdownlint.json .github/pull_request_template.md README.md] --Error detail: .github/pull_request_template.md:1 MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## Description"] .github/pull_request_template.md:7:48 MD042/no-empty-links No empty links [Context: "[This Job]()"] README.md:12:401 MD013/line-length Line length [Expected: 400; Actual: 417]✅ Linted [YAML] files with [prettier] successfully - (0.5s) (expand for details)✅ Linted [YAML] files with [yamllint] successfully - (0.36s) (expand for details)✅ Linted [MARKDOWN] files with [markdown-link-check]: Found 13 non blocking error(s) - (1.13s) (expand for details)✅ Linted [JSON] files with [v8r] successfully - (1.47s) (expand for details) - Using [v8r v4.2.0] https://megalinter.io/8.3.0/descriptors/json_v8r - MegaLinter key: [JSON_V8R] - Rules config: identified by [v8r] - Number of files analyzed: [1] - Command: [v8r --ignore-errors environments-to-provision.json]✅ Linted [MARKDOWN] files with [markdown-table-formatter] successfully - (0.24s) (expand for details)✅ Linted [JSON] files with [prettier] successfully - (0.31s) (expand for details)✅ Linted [TERRAFORM] files with [tflint]: Found 1 non blocking error(s) - (3.35s) (expand for details) - Using [tflint v0.54.0] https://megalinter.io/8.3.0/descriptors/terraform_tflint - MegaLinter key: [TERRAFORM_TFLINT] - Rules config: [.tflint.hcl] - Command: [tflint -c /action/lib/.automation/.tflint.hcl --recursive] [Pre][TERRAFORM_TFLINT] run: [tflint --init --config /action/lib/.automation/.tflint.hcl] in cwd [/github/workspace] [Pre][TERRAFORM_TFLINT] result: Installing "azurerm" plugin... Installed "azurerm" (source: github.com/terraform-linters/tflint-ruleset-azurerm, version: 0.27.0) Installing "aws" plugin... Installed "aws" (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.35.0) Installing "google" plugin... Installed "google" (source: github.com/terraform-linters/tflint-ruleset-google, version: 0.30.0) --Error detail: 4 issue(s) found: Warning: [Fixable] data "aws_caller_identity" "current" is declared but not used (terraform_unused_declarations) on data.tf line 1: 1: data "aws_caller_identity" "current" {} Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.10.0/docs/rules/terraform_unused_declarations.md Warning: [Fixable] data "aws_region" "current" is declared but not used (terraform_unused_declarations) on data.tf line 5: 5: data "aws_region" "current" {} Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.10.0/docs/rules/terraform_unused_declarations.md Warning: [Fixable] data "aws_vpc" "aws_account" is declared but not used (terraform_unused_declarations) on data.tf line 21: 21: data "aws_vpc" "aws_account" { Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.10.0/docs/rules/terraform_unused_declarations.md Warning: [Fixable] data "aws_ssm_parameter" "SSMParameter" is declared but not used (terraform_unused_declarations) on data.tf line 36: 36: data "aws_ssm_parameter" "SSMParameter" { Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.10.0/docs/rules/terraform_unused_declarations.md✅ Linted [YAML] files with [v8r] successfully - (5.15s) (expand for details)✅ Linted [TERRAFORM] files with [terrascan]: Found 1 non blocking error(s) - (4.59s) (expand for details) - Using [terrascan v1.19.9] https://megalinter.io/8.3.0/descriptors/terraform_terrascan - MegaLinter key: [TERRAFORM_TERRASCAN] - Rules config: identified by [terrascan] - Command: [terrascan scan --iac-type terraform --verbose] --Error detail: 2024-12-02T19:01:43.653Z error downloader/getter.go:105 failed to download "git::ssh://[email protected]/MyOrg/tf_aurora_cluster.git?ref=v2.1.0". error: 'error downloading 'ssh://[email protected]/MyOrg/tf_aurora_cluster.git?ref=v2.1.0': /usr/bin/git exited with 128: Cloning into '/tmp/odgne5'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
' 2024-12-02T19:01:43.653Z error commons/load-dir.go:421 failed to download remote module "git::ssh://[email protected]/MyOrg/tf_aurora_cluster.git?ref=v2.1.0". error: 'error downloading 'ssh://[email protected]/MyOrg/tf_aurora_cluster.git?ref=v2.1.0': /usr/bin/git exited with 128: Cloning into '/tmp/odgne5'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
' 2024-12-02T19:01:43.653Z error utils/dir.go:64 directory does not exist. 2024-12-02T19:01:43.684Z error downloader/getter.go:105 failed to download "git::ssh://[email protected]/MyOrg/tf_manheim_tags.git?ref=v2.2.0". error: 'error downloading 'ssh://[email protected]/MyOrg/tf_manheim_tags.git?ref=v2.2.0': /usr/bin/git exited with 128: Cloning into '/tmp/hnemlg'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
' 2024-12-02T19:01:43.684Z error commons/load-dir.go:421 failed to download remote module "git::ssh://[email protected]/MyOrg/tf_manheim_tags.git?ref=v2.2.0". error: 'error downloading 'ssh://[email protected]/MyOrg/tf_manheim_tags.git?ref=v2.2.0': /usr/bin/git exited with 128: Cloning into '/tmp/hnemlg'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
' 2024-12-02T19:01:43.684Z error utils/dir.go:64 directory does not exist. 2024-12-02T19:01:43.725Z error downloader/getter.go:105 failed to download "git::ssh://[email protected]/MAN-VehicleInformationRTC/tf_rds?ref=v2.6.0". error: 'error downloading 'ssh://[email protected]/MAN-VehicleInformationRTC/tf_rds?ref=v2.6.0': /usr/bin/git exited with 128: Cloning into '/tmp/jrdnv7'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
' 2024-12-02T19:01:43.725Z error commons/load-dir.go:421 failed to download remote module "git::ssh://[email protected]/MAN-VehicleInformationRTC/tf_rds//modules/vanity_url?ref=v2.6.0". error: 'error downloading 'ssh://[email protected]/MAN-VehicleInformationRTC/tf_rds?ref=v2.6.0': /usr/bin/git exited with 128: Cloning into '/tmp/jrdnv7'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
' 2024-12-02T19:01:43.725Z error utils/dir.go:64 directory does not exist. 2024-12-02T19:01:43.725Z warn commons/load-dir.go:170 failed to build unified config. errors: <nil>: Failed to read module directory; Module directory does not exist or cannot be read. <nil>: Failed to read module directory; Module directory does not exist or cannot be read. <nil>: Failed to read module directory; Module directory does not exist or cannot be read. 2024/12/02 19:01:43 [DEBUG] GET https://registry.terraform.io/v1/providers/hashicorp/random/versions Scan Errors - IaC Type : terraform Directory : /github/workspace/megalinter-reports Error Message : directory '/github/workspace/megalinter-reports' has no terraform config files ----------------------------------------------------------------------- IaC Type : terraform Directory : /github/workspace/megalinter-reports/linters_logs Error Message : directory '/github/workspace/megalinter-reports/linters_logs' has no terraform config files ----------------------------------------------------------------------- IaC Type : terraform Directory : /github/workspace Error Message : failed to build unified config. errors: <nil>: Failed to read module directory; Module directory does not exist or cannot be read. <nil>: Failed to read module directory; Module directory does not exist or cannot be read. <nil>: Failed to read module directory; Module directory does not exist or cannot be read. ----------------------------------------------------------------------- Scan Summary - File/Folder : /github/workspace IaC Type : terraform Scanned At : 2024-12-02 19:01:44.982818321 +0000 UTC Policies Validated : 137 Violated Policies : 0 Low : 0 Medium : 0 High : 0
Additional context
N/A
The text was updated successfully, but these errors were encountered:
I'm not a SSH expert, but basically you would need ssh keys to be locally defined within MegaLinter container, from environment variables, so the git clone can work ?
Describe the bug
While implementing and testing the solution on issue #2947, I ran into Host Key Verification Errors when terraform was trying to download custom terraform modules hosted on our Github Enterprise (GHE) server.
To Reproduce
Steps to reproduce the behavior:
git::ssh://[email protected]/MyOrg/tf_manheim_tags.git?ref=v2.2.0
for exampleoxsecurity/megalinter@v8
action with the unsecured variables in issue #2947 to provide dual authentication for both Github.com and Github Enterprise.Expected behavior
Expecting Host Keys from both Github.com and GHE to be combined in the SSH known_host file to allow pulling things from either environment.
Screenshots
Additional context
N/A
The text was updated successfully, but these errors were encountered: