Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Pulling private repositories inside pipelines

Ramkumar K R
Ramkumar K R June 7, 2016

Hi,

I'm evaluating the integration of Bitbucket pipelines to our git workflow for my organization. We have a private repository which is dependent on a couple of other private repositories to generate a build for deployment. We use SSH keys to access our repositories and I also have a pair of keys with read access ready for the pipeline. Can I get some guidance on how to integrate these keys within the pipeline so that I can have a build?

Watch
Like # people like this
19732 views

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

7 votes
Answer accepted
Jeroen De Raedt
Jeroen De Raedt
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 16, 2016

In order for the build agent to clone the submodules, you can give it SSH access to your Bitbucket account. 
Information on generating an SSH key can be found here: https://confluence.atlassian.com/display/BITBUCKET/Add+an+SSH+key+to+an+account

Set the following commands as the first ones in the step section of your bitbucket-pipelines.yml:

- mkdir ~/.ssh
- echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase
- base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- base64 ~/.ssh/id_rsa

Note in this example the SSH key is base64 encoded to preserve new line characters and stored in a secured Pipelines variable named "SSH_KEY".

View More Comments
Ramkumar K R
Ramkumar K R June 20, 2016

Thanks

Like
Nicolas Hauseux
Nicolas Hauseux November 30, 2016

what if I don't want to commit a ssh-key with write access in the repo ?

Answering my own question: you can setup a "deployment key" in Bitbucket which only has read-access to the repo

And you can setup ENV VAR via the Bitbucket interface no need to commit it smile

https://confluence.atlassian.com/display/BITBUCKET/Environment+variables+in+Bitbucket+Pipelines

Like
Reply
2 votes
Wolfgang Kölbl
Wolfgang Kölbl June 16, 2016

In addition to that I had to add the following line for SSH not to verify host keys

- 'echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config'

Strangely enough Pipeline does not  recognize bitbucket.org's SSH keys by default.

View More Comments
Ramkumar K R
Ramkumar K R June 20, 2016

I added Bitbucket as a known host as per a question in this FAQ instead of stopping StrictHostKeyChecking - https://confluence.atlassian.com/bitbucket/bitbucket-pipelines-faq-827104769.html

Code block I used

- echo "bitbucket.org,104.192.143.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> /root/.ssh/known_hosts
Like Jeroen De Raedt likes this
Reply
1 vote
Steven Vaccarella
Steven Vaccarella
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 12, 2016

See also:

https://answers.atlassian.com/questions/39243415 (specifically targeted at the issue of cloning private repositories)

and

https://answers.atlassian.com/questions/39429257 (more general info on setting up ssh public-key auth for use in Pipelines)

 

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events