Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,456,658
Community Members
 
Community Events
176
Community Groups

Bitbucket Pipeline deploy using SSH keys on private repo

Edited

Hi all, I'm building a docker pipeline for my project to be deployed on Google Clould Services based on this example. On my Dockerfile I have to build some gems which are hosted on my private repository on bitbucket. However, during the build step, the Docker container generated by the Pipeline can't see my SSH keys saved on my repository.

My question is how can I send the SSH keys configured on the pipeline to be used during by my container?

 

bitbucket-pipelines.yml:

At the #BUILD IMAGE comment I can get the private SSH correctly configured on my repo

 

options:
   docker: true

pipelines:
  default:
    - step:
      name: Deploy to Container Registry
      image: google/cloud-sdk:latest
      caches:
        - docker
      script:

         - export PRIVATE_KEY=`cat /opt/atlassian/pipelines/agent/data/id_rsa`
        - export IMAGE_NAME=gcr.io/$GOOGLE_PROJECT/$GCLOUD_REPO_SLUG:$BITBUCKET_COMMIT
        - export ENVIRONMENT=staging
        - echo $GOOGLE_CREDENTIALS | base64 -d > ~/.gcloud-api-key.json
        - gcloud auth activate-service-account --key-file ~/.gcloud-api-key.json
        - gcloud config set project $GOOGLE_PROJECT
        - gcloud container clusters get-credentials $GOOGLE_CLUSTER --region=$GOOGLE_REGION --project $GOOGLE_PROJECT
        - gcloud auth configure-docker --quiet
        # BUILD IMAGE
        - docker build -t $IMAGE_NAME --build-arg SSH_PRIVATE_KEY="$PRIVATE_KEY" .
        # PUBLISH IMAGE
        - docker push $IMAGE_NAME

 

 

Dockerfile:

FROM ruby:2.5.1-alpine3.7

ARG SSH_PRIVATE_KEY

RUN \
    echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
    && apk update && apk upgrade \
    && apk add bash build-base libxml2-dev libxslt-dev openssh-client git
    && apk upgrade --available \
    && rm -rf /var/cache/apk/* \
    && mkdir /usr/app \
    mkdir /root/.ssh/ \
    && echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa \
    && eval $(ssh-agent -s) \
    && chmod 600 /root/.ssh/id_rsa \
    && ssh-add ~/.ssh/id_rsa \
    && touch /root/.ssh/known_hosts \
    && ssh-keyscan bitbucket.org > /root/.ssh/known_hosts

# This line fails with

# RUN ssh-add /root/.ssh/id_rsa ---> Running in 9d6b522d6355Could

# not open a connection to your authentication agent.The command

# '/bin/sh -c ssh-add /root/.ssh/id_rsa' returned a non-zero

# code: 2

WORKDIR /usr/app

COPY Gemfile /usr/app/
COPY Gemfile.lock /usr/app/

RUN bundle config build.nokogiri --use-system-libraries \
&& bundle install

OBS: I can do an ugly alternative solution which is generating a new key and overwriting the new key with the value from the args (SSH_PRIVATE_KEY). But this also fails when it tries to run the bundle install.

 

I'd appreciate any help. Cheers.

1 answer

You can send it wih --build-args

docker build account/image_name:tag --build-arg SSH_PRIVATE_KEY="`cat /opt/atlassian/pipelines/agent/data/id_rsa`"

and the pass it into Dockerfile --> example:

FROM alpine:latest
ARG SSH_PRIVATE_KEY

RUN mkdir /root/.ssh/ && \
apk add --no-cache openssh-client git && \
echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa && \
chmod 600 /root/.ssh/id_rsa && \
cd /your_application_path_in_docker && \
eval "$(ssh-agent -s)" && \
ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts && \
ssh-add ~/.ssh/id_rsa && \
yarn install




 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events