Templates that utilize Github External Auth can automatically ensure that the Coder public key is uploaded to Github so that users can clone repositories without needing to upload the public key themselves.
1module "github-upload-public-key" { 2 source = "registry.coder.com/modules/github-upload-public-key/coder" 3 version = "1.0.15" 4 agent_id = coder_agent.example.id 5}
This module requires curl
and jq
to be installed inside your workspace.
Github External Auth must be enabled in the workspace for this module to work. The Github app that is configured for external auth must have both read and write permissions to "Git SSH keys" in order to upload the public key. Additionally, a Coder admin must also have the admin:public_key
scope added to the external auth configuration of the Coder deployment. For example:
CODER_EXTERNAL_AUTH_0_ID="USER_DEFINED_ID"
CODER_EXTERNAL_AUTH_0_TYPE=github
CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
CODER_EXTERNAL_AUTH_0_SCOPES="repo,workflow,admin:public_key"
Note that the default scopes if not provided are repo,workflow
. If the module is failing to complete after updating the external auth configuration, instruct users of the module to "Unlink" and "Link" their Github account in the External Auth user settings page to get the new scopes.
Using a coder github external auth with a non-default id: (default is github
)
1data "coder_external_auth" "github" { 2 id = "myauthid" 3} 4 5module "github-upload-public-key" { 6 source = "registry.coder.com/modules/github-upload-public-key/coder" 7 version = "1.0.15" 8 agent_id = coder_agent.example.id 9 external_auth_id = data.coder_external_auth.github.id 10}