How to link the deployment script / repo to the application repository on the Gitlab CD?
Let's say you have:
-
Repo A
with a common application. -
Repo B
with deploying Ansible script.
Inside the RepoA CI / CD player, I want to run an Ansible script from Repo B. What's the best / easiest way to do this?
I am trying to create an additional ssh key only for RepoB and pass it to the runner via secret variables . Unfortunately, I would have to create a dummy user who only has access to RepoB for this.
Are there any other ways to do this? It sounds like it should be a fairly common workflow for deployment.
source to share
You are correct, this is a fairly common use case. Gitlab uses what it calls Deploy Keys
to achieve this (more details here ).
I answered a similar question here .
Below is a response option customized to your specific needs.
First, create an SSH key pair. You can use ssh-keygen -t rsa
for this.
Then go to the gitlab repo B page and find the option Deploy Keys
. There, you must insert the public key you just created.
Then go to Repo A find the page Variables
. Create a new private variable named SSH_PRIVATE_KEY
for example and paste the private key you created there.
Finally, in your file, .gitlab-ci.yml
add the following to make your private key available to your CI environment:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
Your repo. The CI environment should now be set up so that Repo B can be pulled into it.
source to share