4.7 Accessing code

Here we can talk about how to use the servers with GitHub code management. Essentially, you can work with projects and GitHub repositories on RStudio Server exactly like you can on your personal machine. One major difference is how to set up GitHub authentication, which is a little different on the servers than it would be on your personal machine. So we can provide explicit instructions on doing that.

Please refer to this section of the emLab SOP for directions on how to set up and manage git and GitHub for your new server workspace. One important difference between your personal laptop and using a server is that file permissions may be such that other users can see and sometimes read or write files in your directories. Ideally, any confidential information such as your git credentials should be secured differently from your personal computer. Step 6 of the Git and Github section of the emLab manual is therefore not recommended in a multi-user server environment because your token may end up viewable to other users as plain text. 

Instead of storing your Personal Authentication Token (PAT) as plain text, it is recommended to use one of the following options. Using either of these two approaches will also mean that credentials are stored between sessions, which should make the user experience a bit easier. The first approach, using an SSH key, is recommended

  1. Use an SSH key instead of a PAT

    1. Set up your SSH key on the GRIT server.

      1. If you are not using R Studio Server, or prefer to use the terminal, follow these instructions: 

        1. You can generate a new SSH key with the terminal command

          1. ssh-keygen -t ed25519 -C “email@example.com”
        2. You are prompted to select a location (hit enter for the default location)

        3. You are prompted to set a password (hit enter to not require one)

        4. Start your SSH agent in the background with 

          1. eval “$(ssh-agent -s)”
        5. Add your private key to the SSH agent with

          1. ssh-add ~/.ssh/id_ed25519
        6. Copy your public key with 

          1. cat ~/.ssh/id_rsa.pub | xclip -selection clipboard
      2. If you are using R Studio Server and you prefer to not use the terminal approach, the instructions are a bit more streamlined. Follow the instructions in this link.  

        1. If after going through these instructions you prefer to not use a password, you can remove it using the instructions provided in this link.
    2. Add your public key to your GitHub account

      1. GitHub > Settings > SSH and GPG keys > New SSH key

      2. Paste in your key (either from Step 6 in the terminal option above, or copied from R Studio Server in the R Studio option above)

    3. Now you can clone your repository onto the GRIT server. This means that you need to either: 1) when cloning the repository for the first time you need to use the SSH url rather than the HTTPS url; or 2) if you’ve already clone the repository, set your repository URL to the SSH version

      1. If cloning a repo for the first time using R Studio Server, you can simply click “File > New Project > Version Control > Git”, and then enter your repo’s SSH link

        1. git@github.com:username/example_repo.git (for example, this might look like git@github.com:emlab-ucsb/ocean-ghg.git)
      2. Alternatively, in the terminal You can manually set specific repo URLs to SSH with: 

        1. git remote set-url origin git@github.com:username/example_repo.git (for example, this might look like git@github.com:emlab-ucsb/ocean-ghg.git)
  2. Caching your PAT temporarily 

    1. Create a PAT on GitHub

    2. Add credential cache timeout instructions to your git config file

      1. git config –global credential.helper ‘cache –timeout=3600’

      2. Adjust the timeout length (in seconds) as needed 

    3. Push changes to GitHub

      1. When prompted enter your username 

      2. For the password enter your PAT

        1. Future pushes will not not require you to enter credentials within the timeout window
    4. This is not a good long term solution because you will need to re-enter your credentials anytime the server restarts or when your cache timeout ends