Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Private self hosted npm repository package on bitbucket using pipelines

Luis Sanchez
Luis Sanchez
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 13, 2021

I'm trying to use a self hosted (in bitbucket) npm package. I was able to use it locally without any issues, but when running the bitbucket pipeline I get an error. It fails on the npm install step.

This is what I have on the repo using the private npm package:

...
"dependencies": {
"shared-lib": "ssh://git@bitbucket.org/{org-name}/shared-lib.git"
...
}

Both repositories are under the same organization (private) in bitbucket.

On the library that is consuming the self hosted private npm package I created a key by going to: Settings > Pipelines > SSH Keys (self generated key on bitbucket)

On the shared-lib, I have added this SSH key by going to Settings > SSH Keys > Add key (self generated).

Also added bitbucket.org as known address.

The bitbucket-pipelines.yml at this moment does not have any special configuration, i'm only running npm install (where it fails) and npm run test.

This is the configuration I have, but still fails when running the pipeline.

This is the error when running the pipeline:

npm ERR! syscall spawn git
npm ERR! path git
npm ERR! errno ENOENT
npm ERR! enoent Error while executing:
npm ERR! enoent undefined ls-remote -h -t ssh://git@bitbucket.org/{org-name}/shared-lib.git
npm ERR! enoent 
npm ERR! enoent 
npm ERR! enoent spawn git ENOENT
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent```
Answer
Watch
Like Be the first to like this
7555 views

2 answers

0 votes
sarah_veysset
sarah_veysset
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 15, 2023

I have the same issue as Luis and git is well installed. The problem is that I have multiple private repositories in my dependencies (around thirty) and I have around 80 projects that use all these dependencies. It's impossible for me to set up so many keys (80 x 30). Is there another solution?

Kind regards,
Sarah

View More Comments
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 19, 2023

Hi Sarah,

If I understand correctly, you are running Bitbucket Pipelines builds in 80 different repositories, and each of them needs to clone 30 private repositories?

If so, what you could do instead is

  • generate an SSH key pair locally
  • use a workspace variable named e.g. MY_SSH_KEY where you store the private SSH key after you base-64 encode it

This variable can then be accessed by all 80 repos, assuming they all belong to the same workspace.

The public key can be added to Projects > Projects settings > Access keys of the project or projects to which the 30 repos belong.

You will still need to edit the bitbucket-pipelines.yml file of all 80 repos to create a ~/.ssh/known_hosts file and also create the private key from the variable MY_SSH_KEY.

There are more details about this solution here:

The benefit of this approach is that you have one SSH key and if you ever need to change it in the future, you change it in only one place (the workspace variable).

Please keep in mind that there are security risks associated with this approach, I am copying from the documentation:

There are security risks associated with passing private SSH keys as repository variables:

  • Repository variables get copied to child processes that your pipelines build may spawn.
  • Secured variables can be retrieved by all users with write access to a repository.

We recommend that you never pass your own personal SSH key as an repository variable, but instead generate a new SSH key-pair for Pipelines that easily be disabled if it is compromised. It may also be worth using deployment variables, which you can combine with deployment permissions to control access.

The documentation is referring to repository variables, but these apply to workspace variables as well.

Since a workspace variable can be retrieved by all users with write access to any of these 80 repos, this means that any of these users could retrieve the variable and clone any of the 30 repos that the public key gives access to.

Additionally, adding an SSH key to a project's Access keys will grant access to all repositories of that project.

You will need to weigh the risks and benefits to decide which approach would be best for you.

Kind regards,
Theodora

Like
Magdziarz, Slawomir
Magdziarz, Slawomir
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 13, 2025

For anyone coming across this answer from google search results (future myself included): my bitbucket pipeline was failing in the step when I ran "npm ci"; git was returning a "Permission denied (publickey)" error, even though I had followed the instructions from above and copied the ssh key from the MY_SSH_KEY variable (repository variable in my case) into ~/.ssh/id_ed25519.

When debugging, it turned out that git was actually using another ssh key (/opt/atlassian/pipelines/agent/ssh/id_rsa) which was defined in repository settings (in the "Pipelines > SSH Keys" section).

So I ended up using that key instead, and copied its public part to the other repository which was the npm dependency.

Like Valentin Sauer likes this
Reply
0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 18, 2021

Hi Luis and welcome to the community.

The most likely reason for this error is Git not being installed in the Docker image you are using in Pipelines. You can check if that's the case by adding the following command in your yml file (before the npm install command):

git --version

If Git is not installed, then:

- You can install Git during the build, before the npm install command
- Alternatively, you can use a different Docker image that already has Git pre-installed
- If you are using a custom Docker image that you own and maintain, you can add Git to this image

Please feel free to let me know how it goes and if you have any questions.

Kind regards,
Theodora

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security