Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Pulling private repositories inside pipelines

Ramkumar K R June 7, 2016

Hi,

I'm evaluating the integration of Bitbucket pipelines to our git workflow for my organization. We have a private repository which is dependent on a couple of other private repositories to generate a build for deployment. We use SSH keys to access our repositories and I also have a pair of keys with read access ready for the pipeline. Can I get some guidance on how to integrate these keys within the pipeline so that I can have a build?

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

7 votes
Answer accepted
Jeroen De Raedt
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 16, 2016

In order for the build agent to clone the submodules, you can give it SSH access to your Bitbucket account. 
Information on generating an SSH key can be found here: https://confluence.atlassian.com/display/BITBUCKET/Add+an+SSH+key+to+an+account

Set the following commands as the first ones in the step section of your bitbucket-pipelines.yml:

- mkdir ~/.ssh
- echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase
- base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- base64 ~/.ssh/id_rsa

Note in this example the SSH key is base64 encoded to preserve new line characters and stored in a secured Pipelines variable named "SSH_KEY".

Ramkumar K R June 20, 2016

Thanks

Nicolas Hauseux
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 30, 2016

what if I don't want to commit a ssh-key with write access in the repo ?

Answering my own question: you can setup a "deployment key" in Bitbucket which only has read-access to the repo

And you can setup ENV VAR via the Bitbucket interface no need to commit it smile

https://confluence.atlassian.com/display/BITBUCKET/Environment+variables+in+Bitbucket+Pipelines

2 votes
Wolfgang Kölbl
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 16, 2016

In addition to that I had to add the following line for SSH not to verify host keys

- 'echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config'

Strangely enough Pipeline does not  recognize bitbucket.org's SSH keys by default.

Ramkumar K R June 20, 2016

I added Bitbucket as a known host as per a question in this FAQ instead of stopping StrictHostKeyChecking - https://confluence.atlassian.com/bitbucket/bitbucket-pipelines-faq-827104769.html

Code block I used

- echo "bitbucket.org,104.192.143.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> /root/.ssh/known_hosts
Like Jeroen De Raedt likes this
1 vote
Steven Vaccarella
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 12, 2016

See also:

https://answers.atlassian.com/questions/39243415 (specifically targeted at the issue of cloning private repositories)

and

https://answers.atlassian.com/questions/39429257 (more general info on setting up ssh public-key auth for use in Pipelines)

 

TAGS
AUG Leaders

Atlassian Community Events