PEM format doesn't play nicely with now.sh secrets/env vars

[rtsao]

Currently, there's an ugly workaround required to provide the private key on CI deployments to now.sh.

The root cause is vercel/vercel#749, but I wonder if it would be worthwhile for probot to accept a base64 encoded private key via a PRIVATE_KEY_BASE64 env variable, so decoding it manually is not required.

This is arguably feature bloat, but would definitely reduce the friction of a common use case.

[bkeepers]

With Heroku, you're able to set the key by surrounding it in quotes. Does something like this not work on Now?

$ heroku config:set PRIVATE_KEY="$(cat private-key.pem)"

There's also code already that will replace literal \n with newline, so you could put your private key all on one line with literal \n characters.

https://github.com/probot/probot/blob/master/lib/private-key.js#L18-L20

[rtsao]

Unfortunately not. Both of the following don't work correctly:

now -e PRIVATE_KEY="$(cat private-key.pem)"

now secret add private-key "$(cat private-key.pem)"
now -e PRIVATE_KEY=@private-key

Like I said, the root problem is with now.sh, but it's definitely a source of friction in any case.

[hakusaro]

I know that jumping in with "me too!" responses is not tactful and all, but I think that if nothing is going to be done to fix this, the documentation for deploying with now needs to be changed to reflect a workaround or removed entirely. Not a great first experience with probot with continually crashing into private key problems for an issue in an issue in an issue.

Specifically:

• Better error messaging for missing PEM && env vars #7 could have told me that something was wrong with the private key (I had to figure that out).
• Improve missing PEM and env vars error messages probot#290 (references the above issue) didn't get worked, which contributed to this.
• Finding this repo led me to this issue, which actually helped figure out what the root cause was (and now I have no idea how to fix it (maybe concatenating the entire private key with newlines?)).

[JasonEtco]

@hakusaro sorry that this is still happening 🙁 When you first came to it, did you see the deployment docs? If you did and those are wrong, good to know and we should update them. If you did not see those, then maybe we need to surface the docs a little bit better.

Did you see this issue? If this actually works (I haven't tried it myself) we should add that to the deployment docs.

documentation for deploying with now needs to be changed to reflect a workaround or removed entirely.

100% agreed. You're welcome to make a PR, or we'll hopefully get a chance to do it soon!

[hakusaro]

@JasonEtco I didn't see that issue. The solution I went with was adding \n to each line and the concatenating the entire private key onto one line. I'd love to pull request that (and probably will) but I have no idea how to do that with pure unix tools (boo).

[stale]

Is this still causing friction? If so, please comment with any updates or addition details.

[hakusaro]

Is this still causing friction? If so, please comment with any updates or addition details.

I'm guessing it is given #25 but I'm not sure, personally.

[platan]

A workaround was documented few days ago https://github.com/probot/probot/blob/master/docs/deployment.md#now thanks to probot/probot#548 But it's not available at https://probot.github.io/docs/deployment/#now

GitHub

probot/probot

probot - 🤖 A framework for building GitHub Apps to automate and improve your workflow

Probot

Deployment

GitHub Apps to automate and improve your workflow