Trouble with SSH and Bitbucket Pipelines

 

I am having difficulty trying to configure my pipeline with bitbucket repo using SSH. As per the documentation (https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html), I've generated a SSH key pair for the bitbucket repository in question.

The basic workflow via the yml is as follows:

- clone the bitbucket repo (this seems to happen by default in the "Build Setup" step and works fine)

- fetch and checkout master (this fails at the git fetch command with "permission denied (publickey)" message

- get config changes from salesforce org (this part works fine in isolation)

- commit changes to master branch (haven't been able to get here yet...)

Sample yml here:

 

pipelines:
  default:
    - step:
        script:

          # commit message
          - commitmsg="Latest PROD changes committed to master branch"
 
          # Set up repo and checkout master
          - git remote set-url origin git@bitbucket.org:$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_SLUG.git
          - git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/*
          - git fetch
          - git checkout master

          #- echo "getting latest changes from PROD..."
          - ant -buildfile build/build.xml getCode -Dsf.username=$SF_USERNAME -Dsf.password=$SF_PASSWORD -Dsf.serverurl=$SF_SERVERURL -Dbamboo.build.dir=$BUILD_DIR

          # Commit any changes to master
          - git add src/*
          - git config user.name "$GIT_USERNAME"
          - git config user.email "$GIT_EMAIL"
          - if [[ -n $(git status -s) ]] ; then filelist=`git status -s` ; git commit -a -m "$commitmsg" -m "$filelist" ; git push origin master:master ; else echo "No changes detected"; fi

 

 

My confusion comes with how to use the above-generated SSH key pair with this configuration - this method seems to be quite new and the documentation is lacking (I'm finding a lot of dead confluence links.....). 

There is a previous answered post that covers manually creating the SSH key pairs and using environment variables here - (https://community.atlassian.com/t5/Bitbucket-questions/How-do-I-set-up-ssh-public-key-authentication-so-that-I-can-use/qaq-p/171671) but is this still relevant now that the SSH keys are generated through the pipelines UI?

Any help here would be greatly appreciated!

1 answer

1 accepted

This widget could not be displayed.

 

Hi Ben,

The generated SSH keys for Pipelines are not automatically set up to be able to have access to your repository, which is why you are running into these issues. You will need to give the generated SSH key access to your repository, in a similar way to other SSH keys: https://confluence.atlassian.com/bitbucket/set-up-ssh-for-git-728138079.html

Now you should be able to access your Bitbucket repository from Pipelines.

May I also suggest some additional changes:

1. Since Bitbucket Pipeline automatically clones the repository, you don't need to do that yourself.

2. In your bitbucket-pipelines.yml, you can specify that your pipeline runs only when master branch changes (right now it will trigger for *any* commit pushed, regardless of the branch it is on). You can configure this with the branch feature: https://confluence.atlassian.com/bitbucket/branch-workflows-856697482.html

3. Add the string "[skip ci]" to your commit message in your pipeline, to prevent it from triggering another pipeline: https://confluence.atlassian.com/bitbucket/bitbucket-pipelines-faq-827104769.html#BitbucketPipelinesFAQ-CanIskipbuilds?

Thanks,

Phil

Thanks Phil, much appreciated.

We managed to come to the same conclusion - adding the Public SSH Key to the user settings under "Security > SSH Keys" has resolved the issue.

At this stage, the pipeline exists only to detect changes made directly into our production Salesforce org and commit these to the repo as an "audit trail" of sorts. As we expand the use to include migration of downstream changes to repo/sandbox, we will look at enhancing the pipeline workflow.

And thanks for the tip regarding [skip ci] - it works like a charm!

Regards,

Ben

Hi. I followed the instruction and generated ssh key in my repository and added public key to my username in settings menu.

 

Now in bitbucket yaml file, there is a maven plugin which is pointing to private key in:

/opt/atlassian/pipelines/agent/data/id_rsa

 I found this under ~/.ssh/config file.

 

The plugin is using GIT commands to push some changes. Now it seems the push were successful (I don't get any error whereas previously before setting path to private key I used to get Auth failed error) but strangely there is no commit anywhere in my branch? I don't know where it's been pushed the changes into?

 

Any idea? Have I missed anything?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 21, 2018 in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

1,323 views 8 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you