Skip to content

Latest commit

 

History

History
122 lines (97 loc) · 5.76 KB

README.md

File metadata and controls

122 lines (97 loc) · 5.76 KB

Using GitHub on HPC Systems

GitHub is a common tool for developers, but using it on the HPC can be tricky. This is because both GitHub and HPC place (very reasonable) constraints on behaviors for security. This page is intended to be a guide to using GitHub on HPC systems. NOTE: GitHub command line (gh) is NOT recommended! It stores your credentials in plain text. For most personal machines this is already not ideal, but on the HPC, it's a shared system where this is a particularly bad idea. Please use HTTPS or SSH instead.

Contents

This article covers the following:

Prerequisites

The following are prerequisites for using SSH/HTTPS:

  • Basic git knowledge (fetch/pull and push)
  • Basic GitHub knowledge (how to find a repository)
  • Any working git installation

SSH Keys

SSH keys have the strength that they are very secure, and the drawback that they require that you be logged into the head node as the SSH protocol is prohibited on other nodes. In order to use SSH keys, you will need to take the following steps:

Configuration for SSH depends on whether you are cloning a new repository or replacing an existing one. You may also configure git to always use SSH instead. In both cases, to get the SSH link:

  1. Navigate to the repository. show_repo
  2. Click "Code" with the down arrow. show_code_links
  3. Select "SSH" from the "Clone" menu. show_select_ssh
  4. Copy it into your clipboard with the button to the right of the link. show_button

New Repository

Do the following:

  1. Navigate to the place you would like to clone the repository to. Run the command
    git clone LINK
    
    with "LINK" the link you just copied.
  2. It is now set up with an SSH as the remote. You will need to set up any remote branches manually. The process will look like
    git push -u origin BRANCH
    
    with BRANCH the current branch name to be pushed to remote.

Old Repository

Navigate to the repository itself. For any remote you are changing, run

git remote set-url REMOTE LINK

with REMOTE the remote name and LINK the SSH link. If you do not know the name of your remote, it is most commonly going to be the default, "origin." To check, you can run

git remote -vv

to see all remotes.

Configure all repositories to use SSH

This is a relatively straightforward and fast fix, with the caveat that all GitHub links will resolve to SSH on your account. If you forget this, it can lead to trouble if you try to switch to HTTPS down the line! Be wary!

git config --global url.ssh://[email protected]/.insteadOf https://github.com/

For an explanation of how this works, see the git-config man page.

HTTPS

The key advantage of HTTPS is that it easy and works on all nodes. The key disadvantage of HTTPS is that it involves a bit more organization and typing. HTTPS used to allow people to supply their username and password. However, GitHub deprecated this feature in 2021. Now, you will need to use a Personal Access Token (PAT). It is essentially a generated string of characters that is only valid for you to access GitHub for a set timeframe. Additionally, unlike SSH keys, which come built with a software suite to decrypt them, these tokens must use a credential manager. It is not secure to store this credential in plain text on biowulf, so do not do that. Instead, use a password manager such as LastPass, Apple's Keychain, or similar.

The steps to use HTTPS authorization are as follows:

  1. Generate a Personal Access Token (valid for no more than 30 days), following instructions here.
  2. Copy this token into a password manager of some sort.
  3. Ensure your repositories or git configuration use HTTPS.

To ensure your repositories use HTTPS, follow the steps outlined in SSH but use "HTTPS" links instead. In order to ensure your configuration forces HTTPS, use this configuration command instead:

git config --global url.https://.insteadOf git://

with the same caveat as in SSH: that all links on this account will resolve to HTTPS (and therefore require your PAT). Note that without a password manager there are no effective ways of storing the PAT securely without doing some interesting tricks with gpg and pass, which are not recommended.