Trouble with SSH and Bitbucket Pipelines

Deleted user July 3, 2017

 

I am having difficulty trying to configure my pipeline with bitbucket repo using SSH. As per the documentation (https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html), I've generated a SSH key pair for the bitbucket repository in question.

The basic workflow via the yml is as follows:

- clone the bitbucket repo (this seems to happen by default in the "Build Setup" step and works fine)

- fetch and checkout master (this fails at the git fetch command with "permission denied (publickey)" message

- get config changes from salesforce org (this part works fine in isolation)

- commit changes to master branch (haven't been able to get here yet...)

Sample yml here:

 

pipelines:
  default:
    - step:
        script:

          # commit message
          - commitmsg="Latest PROD changes committed to master branch"
 
          # Set up repo and checkout master
          - git remote set-url origin git@bitbucket.org:$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_SLUG.git
          - git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/*
          - git fetch
          - git checkout master

          #- echo "getting latest changes from PROD..."
          - ant -buildfile build/build.xml getCode -Dsf.username=$SF_USERNAME -Dsf.password=$SF_PASSWORD -Dsf.serverurl=$SF_SERVERURL -Dbamboo.build.dir=$BUILD_DIR

          # Commit any changes to master
          - git add src/*
          - git config user.name "$GIT_USERNAME"
          - git config user.email "$GIT_EMAIL"
          - if [[ -n $(git status -s) ]] ; then filelist=`git status -s` ; git commit -a -m "$commitmsg" -m "$filelist" ; git push origin master:master ; else echo "No changes detected"; fi

 

 

My confusion comes with how to use the above-generated SSH key pair with this configuration - this method seems to be quite new and the documentation is lacking (I'm finding a lot of dead confluence links.....). 

There is a previous answered post that covers manually creating the SSH key pairs and using environment variables here - (https://community.atlassian.com/t5/Bitbucket-questions/How-do-I-set-up-ssh-public-key-authentication-so-that-I-can-use/qaq-p/171671) but is this still relevant now that the SSH keys are generated through the pipelines UI?

Any help here would be greatly appreciated!

3 answers

1 accepted

5 votes
Answer accepted
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 9, 2017

 

Hi Ben,

The generated SSH keys for Pipelines are not automatically set up to be able to have access to your repository, which is why you are running into these issues. You will need to give the generated SSH key access to your repository, in a similar way to other SSH keys: https://confluence.atlassian.com/bitbucket/set-up-ssh-for-git-728138079.html

Now you should be able to access your Bitbucket repository from Pipelines.

May I also suggest some additional changes:

1. Since Bitbucket Pipeline automatically clones the repository, you don't need to do that yourself.

2. In your bitbucket-pipelines.yml, you can specify that your pipeline runs only when master branch changes (right now it will trigger for *any* commit pushed, regardless of the branch it is on). You can configure this with the branch feature: https://confluence.atlassian.com/bitbucket/branch-workflows-856697482.html

3. Add the string "[skip ci]" to your commit message in your pipeline, to prevent it from triggering another pipeline: https://confluence.atlassian.com/bitbucket/bitbucket-pipelines-faq-827104769.html#BitbucketPipelinesFAQ-CanIskipbuilds?

Thanks,

Phil

Deleted user July 10, 2017

Thanks Phil, much appreciated.

We managed to come to the same conclusion - adding the Public SSH Key to the user settings under "Security > SSH Keys" has resolved the issue.

At this stage, the pipeline exists only to detect changes made directly into our production Salesforce org and commit these to the repo as an "audit trail" of sorts. As we expand the use to include migration of downstream changes to repo/sandbox, we will look at enhancing the pipeline workflow.

And thanks for the tip regarding [skip ci] - it works like a charm!

Regards,

Ben

Deleted user April 29, 2018

Hi. I followed the instruction and generated ssh key in my repository and added public key to my username in settings menu.

 

Now in bitbucket yaml file, there is a maven plugin which is pointing to private key in:

/opt/atlassian/pipelines/agent/data/id_rsa

 I found this under ~/.ssh/config file.

 

The plugin is using GIT commands to push some changes. Now it seems the push were successful (I don't get any error whereas previously before setting path to private key I used to get Auth failed error) but strangely there is no commit anywhere in my branch? I don't know where it's been pushed the changes into?

 

Any idea? Have I missed anything?

0 votes
Nikola Nedoklanov September 9, 2022
What worked for me was a partially documented https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/ and an extra step that I had to reverse engineer from the example repo they linked in the article. 


- git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN} - echo $PRIVATE_KEY > ~/.ssh/id_rsa.tmp - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa
- rm ~/.ssh/config # Somehow this prevents git from using the BB pipelines user in opt/atlassian/pipelines/agent/data/id_rsa
- git config user.email "the-user-whose-keys-we-added@example.dev"
- git config user.name "the-user-whose-keys-we-added"
0 votes
Hema June 6, 2019

Hi @Philip Hodder 

I kept bamboo spec in bitbucket repository and bamboo detects it and create plan in bamboo server. But when I want to create plan with plan repository but it asked for ssh keys and i provided ssh clone url, but not getting from where to take ssh private key and ssh public key. As of now, I use to publish plan from local then bamboo internally create ssh keys then i copied it and pasted it in bamboo spec then it works. But this is not correct way, so from where to get ssh keys. Other user will also use same bamboo spec stored in repository

Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 10, 2019

Hi Hema,

This question refers to SSH in Bitbucket Pipelines, not in Bamboo. I don't have much Bamboo exposure, so unfortunately I cannot provide much advice.

Try looking for discussions in the Bamboo section of Community. If you can't find anything, try open a new question with details.

Thanks,

Phil

Hema June 11, 2019

Thanks, Phil

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events