Menu
I have GitLab & GitLab CI set up to host and test some of my private repos. For my composer modules under this system, I have Satis set up to resolve my private packages.
Obviously these private packages require an ssh key to clone them, and I have this working in the terminal - I can run composer install and get these packages, so long as I have the key added with ssh-add in the shell.
However, when running my tests in GitLab CI, if a project has any of these dependencies the tests will not complete as my GitLab instance needs authentication to get the deps (obviously), and the test fails saying Host key verification failed.
My question is how do I set this up so that when the runner runs the test it can authenticate to gitlab without a password? I have tried putting a password-less ssh-key in my runners ~/.ssh folder, however the build wont even add the key, "eval ssh-agent -s" followed by ssh-add seems to fail saying the agent isn't running...
579
Any GitHub user who has two-factor authentication enabled must use a personal access token to clone a private GitHub repository.
See also other solutions:
Here a full howto with SSH keys:
Generate a pair of public and private SSH keys without passphrase:
ssh-keygen -b 4096 -C "<name of your project>" -N "" -f /tmp/name_of_your_project.key You need to add the key as a secure environment variable to your project as following:
https://<gitlab_host>/<group>/<project_name>/variables Key with SSH_PRIVATE_KEY Value with the private SSH key itselfIn order to make your private key available to your test scripts you need to add the following to your .gitlab-ci.yml file:
before_script: # install ssh-agent - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )' # run ssh-agent - eval $(ssh-agent -s) # add ssh key stored in SSH_PRIVATE_KEY variable to the agent store - ssh-add <(echo "$SSH_PRIVATE_KEY") # disable host key checking (NOTE: makes you susceptible to man-in-the-middle attacks) # WARNING: use only in docker container, if you use it with shell you will overwrite your user's ssh config - mkdir -p ~/.ssh - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config Code Snippet comes from GitLab documentation
You need to register the public SSH key as deploy key to all your private dependencies as following:
https://<gitlab_host>/<group>/<dependency_name>/deploy_keys Title with the name of your projectKey with the public SSH key itself
164
If you don't want to fiddle around with ssh keys or submodules, you can override the repo in git's configuration to authenticate with the job token instead (in gitlab-ci.yml):
before_script: - git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.example.com/group/repo.git".insteadOf [email protected]:group/repo.git If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
