How to pull bitbucket from private repo into pipeline?

I have a bitbucket pipeline that works well, but now in a project, I need to pull from a private repository that contains the package that is required in my composer.json.

When I install composer in the pipeline it stops with this error

Failed to execute git clone --no-checkout 'git@bitbucket.org:company/package.git' [...]
  Cloning into '/opt/atlassian/pipelines/agent/build/vendor/company/package'...                                                                                                                                                                                                                                                                                 
  Permission denied (publickey).                                                                                                                                                                                                                                                                                                                                                
  fatal: Could not read from remote repository.                                                                                                                                                                                                                                                                                                                                 
  Please make sure you have the correct access rights                                                                                                                                                                                                                                                                                                                           
  and the repository exists. 

      

There is no SSH key in the pipeline so it is not allowed to pull, but how can I determine it from the moment it is ephemeral?

Or maybe I should define this requirement differently?

+3


source to share


1 answer


  • Add deployment key (public SSH key) to private repository
  • Add these keys corresponding to the private key (Base64-encoded) as an environment variable in the repo that has a pipeline. Ideally, this should be marked as protected, which will hide it.
  • Use an environment variable (Base64-decoded) in the pipeline. Smartly, it means something like writing it in the users directory .ssh

    .

That should be enough to get it going.



Also, I've just seen that there is (maybe this is new, but I'm not sure) a new Settings> Piping> SSH Keys page for managing SSH pipelines keys. This way you won't even need to add the private key to the docker image you are using. But I haven't used this until now, so I can't say anything about it.

+1


source







All Articles