NPM private git module on Heroku

Question

I am trying to deploy my app to Heroku however I rely on using some private git repos as modules. I do this for code reuse between projects, e.g. I have a custom logger I us

Answer 1

In short it is not possible. The best solution to this problem I came up with is to use the new git subtree's. At the time of writing they are not in the official git source and so needs to be installed manual but they will be included in v1.7.11. At the moment it is available on homebrew and apt-get. it is then a case of doing

git subtree add -P /node_modules/someprivatemodue git@github.......someprivatemodule {master|tag|commit}

this bulks out the repo size but an update is easy by doing the command above with gitsubtree pull.

Answer 2

I created a custom nodeJS buildpack that will allow you to specify an SSH key that is registered with ssh-agent and used by npm when dynos are first setup. It seamlessly allows you to specify your module as an ssh url in your package.json like shown:

"private_module": "git+ssh://git@github.com:me/my_module.git"

To setup your app to use your private key:

• Generate a key: ssh-keygen -t rsa -C "your_email@example.com" (Enter no passphrase. The buildpack does not support keys with passphrases)
• Add the public key to github: pbcopy < ~/.ssh/id_rsa.pub (in OS X) and paste the results into the github admin
• Add the private key to your heroku app's config: cat id_rsa | base64 | pbcopy, then heroku config:set GIT_SSH_KEY=<paste_here> --app your-app-name
• Setup your app to use the buildpack as described in the heroku nodeJS buildpack README included in the project. In summary the simplest way is to set a special config value with heroku config:set to the github url of the repository containing the desired buildpack. I'd recommend forking my version and linking to your own github fork, as I'm not promising to not change my buildpack.

My custom buildpack can be found here: https://github.com/thirdiron/heroku-buildpack-nodejs and it works for my system. Comments and pull requests are more than welcome.

Answer 3

It's a REALLY bad idea to have plain text passwords in your git repo, using an access token is better, but you will still want to be super careful.

"my_module": "git+https://ACCESS_TOKEN:x-oauth-basic@github.com/me/my_module.git"

Answer 4

I was able to setup resolving of Github private repositories in Heroku build via Personal access tokens.

• Generate Github access token here: https://github.com/settings/tokens
• Set access token as Heroku config var: heroku config:set GITHUB_TOKEN=<paste_here> --app your-app-name or via Heroku Dashboard

• Add heroku-prebuild.sh script:

  #!/bin/bash
  if [ "$GITHUB_TOKEN" != "" ]; then
      echo "Detected GITHUB_TOKEN. Setting git config to use the security token" >&1
      git config --global url."https://${GITHUB_TOKEN}@github.com/".insteadOf git@github.com:
  fi
  

• add the prebuild script to package.json:

  "scripts": {
      "heroku-prebuild": "bash heroku-prebuild.sh"
  }
  

For local environment we can also use git config ... or we can add the access token to ~/.netrc file:

machine github.com
  login PASTE_GITHUB_USERNAME_HERE
  password PASTE_GITHUB_TOKEN_HERE

and installing private github repos should work.

npm install OWNER/REPO --save will appear in package.json as: "REPO": "github:OWNER/REPO"

and resolving private repos in Heroku build should also work. optionally you can setup a postbuild script to unset the GITHUB_TOKEN.

Answer 5

This answer is good https://stackoverflow.com/a/29677091/6135922, but I changed a little bit preinstall script. Hope this will help someone.

#!/bin/bash
# Generates an SSH config file for connections if a config var exists.

echo "Preinstall"

if [ "$GIT_SSH_KEY" != "" ]; then
  echo "Detected SSH key for git. Adding SSH config" >&1
  echo "" >&1

  # Ensure we have an ssh folder
  if [ ! -d ~/.ssh ]; then
    mkdir -p ~/.ssh
    chmod 700 ~/.ssh
  fi

  # Load the private key into a file.
  echo $GIT_SSH_KEY | base64 --decode > ~/.ssh/deploy_key

  # Change the permissions on the file to
  # be read-only for this user.
  chmod o-w ~/
  chmod 700 ~/.ssh
  chmod 600 ~/.ssh/deploy_key

  # Setup the ssh config file.
  echo -e "Host bitbucket.org\n"\
          " IdentityFile ~/.ssh/deploy_key\n"\
          " HostName bitbucket.org\n" \
          " IdentitiesOnly yes\n"\
          " UserKnownHostsFile=/dev/null\n"\
          " StrictHostKeyChecking no"\
          > ~/.ssh/config

  echo "eval `ssh-agent -s`"
  eval `ssh-agent -s`

  echo "ssh-add -l"
  ssh-add -l

  echo "ssh-add ~/.ssh/deploy_key"
  ssh-add ~/.ssh/deploy_key

  # uncomment to check that everything works just fine
  # ssh -v git@bitbucket.org
fi

Answer 6

I have done this before with modules from github. Npm currently accepts the name of the package or a link to a tar.gz file which contains the package.

For example if you want to use express.js directly from Github (grab the link via the download section) you could do:

"dependencies" : {
  "express"   :  "https://github.com/visionmedia/express/tarball/2.5.9"
}

So you need to find a way to access you repository as a tar.gz file via http(s).