PHP + composer + RSA key + Docker + Bitbucket Pipeline

I am trying the sample Pipeline build configuration  on our PHP project repo:

 

# This is a sample build configuration for PHP.
# Check our guides at https://confluence.atlassian.com/x/VYk8Lw for more examples.
# Only use spaces to indent your .yml configuration.
# -----
# You can specify a custom docker image from Docker Hub as your build environment.
image: phpunit/phpunit:5.0.3

pipelines:
  default:
    - step:
        script: # Modify the commands below to build your repository.
          - composer install

 

But when the pipeline build runs, I am experiencing this problem:

You are running composer with xdebug enabled. This has a major impact on runtime performance. See https://getcomposer.org/xdebug
Warning: This development build of composer is over 60 days old. It is recommended to update it by running "/usr/local/bin/composer self-update" to get the latest version.
Loading composer repositories with package information
The authenticity of host 'bitbucket.org (104.192.143.3)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?

[Symfony\Component\Process\Exception\ProcessTimedOutException]
 The process "git clone --mirror 'git@bitbucket.org:xxxxxx/xxxxx.git' '/root/composer/cache/vcs/git-bitbucket.org-xxxxxxxxxx-xxxxxx.git/'" exceeded the timeout of 300 seconds.

 

What is the possible fix to this?

TIA

3 answers

This widget could not be displayed.
I have figured out the fix, so I am sharing this to the community.
...snip...
script:
  - mkdir -p ~/.ssh; touch ~/.ssh/id_rsa.tmp ~/.ssh/known_hosts
  - echo $DEVOPS_PRIVATE_KEY > ~/.ssh/id_rsa.tmp
  - ssh-keyscan -t rsa bitbucket.org > ~/.ssh/known_hosts
  - touch ~/.ssh/id_rsa
  - base64 -d ~/.ssh/id_rsa.tmp -i > ~/.ssh/id_rsa
  - chmod 600 ~/.ssh/id_rsa
...snip...

I'm glad you got it working but please note that using ssh-keyscan within the script is not ideal because it's effectively bypassing host key verification. It's better to do the keyscan once locally and include the full host key in the script (as described here) or add a known_hosts file to your repo (as described here). That way if the host ever provides the wrong key your configuration will detect that fact and refuse to communicate with the server (as it should).

This widget could not be displayed.

I'm not very familiar with PHP or composer but it looks like you're trying to clone additional git repositories over ssh and failing because ssh is not configured. Have a look at these guides for configuring ssh in your pipeline:

https://answers.atlassian.com/questions/39429257

https://answers.atlassian.com/questions/39243415

 

This widget could not be displayed.

Hi Steven, thank you for answering my question. I have tried doing the fix to my problem using the links you sent but I am experiencing a problem with my environment variable. I saved the encoded copy of my SSH private key to a Bitbucket Environment Variable but when I called it inside my Pipeline script, the variable is empty.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 21, 2018 in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

1,345 views 8 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you