Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,462,167
Community Members
 
Community Events
176
Community Groups

Trouble with SSH and Bitbucket Pipelines

Deleted user Jul 03, 2017

 

I am having difficulty trying to configure my pipeline with bitbucket repo using SSH. As per the documentation (https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html), I've generated a SSH key pair for the bitbucket repository in question.

The basic workflow via the yml is as follows:

- clone the bitbucket repo (this seems to happen by default in the "Build Setup" step and works fine)

- fetch and checkout master (this fails at the git fetch command with "permission denied (publickey)" message

- get config changes from salesforce org (this part works fine in isolation)

- commit changes to master branch (haven't been able to get here yet...)

Sample yml here:

 

pipelines:
  default:
    - step:
        script:

          # commit message
          - commitmsg="Latest PROD changes committed to master branch"
 
          # Set up repo and checkout master
          - git remote set-url origin git@bitbucket.org:$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_SLUG.git
          - git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/*
          - git fetch
          - git checkout master

          #- echo "getting latest changes from PROD..."
          - ant -buildfile build/build.xml getCode -Dsf.username=$SF_USERNAME -Dsf.password=$SF_PASSWORD -Dsf.serverurl=$SF_SERVERURL -Dbamboo.build.dir=$BUILD_DIR

          # Commit any changes to master
          - git add src/*
          - git config user.name "$GIT_USERNAME"
          - git config user.email "$GIT_EMAIL"
          - if [[ -n $(git status -s) ]] ; then filelist=`git status -s` ; git commit -a -m "$commitmsg" -m "$filelist" ; git push origin master:master ; else echo "No changes detected"; fi

 

 

My confusion comes with how to use the above-generated SSH key pair with this configuration - this method seems to be quite new and the documentation is lacking (I'm finding a lot of dead confluence links.....). 

There is a previous answered post that covers manually creating the SSH key pairs and using environment variables here - (https://community.atlassian.com/t5/Bitbucket-questions/How-do-I-set-up-ssh-public-key-authentication-so-that-I-can-use/qaq-p/171671) but is this still relevant now that the SSH keys are generated through the pipelines UI?

Any help here would be greatly appreciated!

3 answers

1 accepted

5 votes
Answer accepted

 

Hi Ben,

The generated SSH keys for Pipelines are not automatically set up to be able to have access to your repository, which is why you are running into these issues. You will need to give the generated SSH key access to your repository, in a similar way to other SSH keys: https://confluence.atlassian.com/bitbucket/set-up-ssh-for-git-728138079.html

Now you should be able to access your Bitbucket repository from Pipelines.

May I also suggest some additional changes:

1. Since Bitbucket Pipeline automatically clones the repository, you don't need to do that yourself.

2. In your bitbucket-pipelines.yml, you can specify that your pipeline runs only when master branch changes (right now it will trigger for *any* commit pushed, regardless of the branch it is on). You can configure this with the branch feature: https://confluence.atlassian.com/bitbucket/branch-workflows-856697482.html

3. Add the string "[skip ci]" to your commit message in your pipeline, to prevent it from triggering another pipeline: https://confluence.atlassian.com/bitbucket/bitbucket-pipelines-faq-827104769.html#BitbucketPipelinesFAQ-CanIskipbuilds?

Thanks,

Phil

Deleted user Jul 10, 2017

Thanks Phil, much appreciated.

We managed to come to the same conclusion - adding the Public SSH Key to the user settings under "Security > SSH Keys" has resolved the issue.

At this stage, the pipeline exists only to detect changes made directly into our production Salesforce org and commit these to the repo as an "audit trail" of sorts. As we expand the use to include migration of downstream changes to repo/sandbox, we will look at enhancing the pipeline workflow.

And thanks for the tip regarding [skip ci] - it works like a charm!

Regards,

Ben

Deleted user Apr 29, 2018

Hi. I followed the instruction and generated ssh key in my repository and added public key to my username in settings menu.

 

Now in bitbucket yaml file, there is a maven plugin which is pointing to private key in:

/opt/atlassian/pipelines/agent/data/id_rsa

 I found this under ~/.ssh/config file.

 

The plugin is using GIT commands to push some changes. Now it seems the push were successful (I don't get any error whereas previously before setting path to private key I used to get Auth failed error) but strangely there is no commit anywhere in my branch? I don't know where it's been pushed the changes into?

 

Any idea? Have I missed anything?

What worked for me was a partially documented https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/ and an extra step that I had to reverse engineer from the example repo they linked in the article. 


- git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN} - echo $PRIVATE_KEY > ~/.ssh/id_rsa.tmp - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa
- rm ~/.ssh/config # Somehow this prevents git from using the BB pipelines user in opt/atlassian/pipelines/agent/data/id_rsa
- git config user.email "the-user-whose-keys-we-added@example.dev"
- git config user.name "the-user-whose-keys-we-added"

Hi @Philip Hodder 

I kept bamboo spec in bitbucket repository and bamboo detects it and create plan in bamboo server. But when I want to create plan with plan repository but it asked for ssh keys and i provided ssh clone url, but not getting from where to take ssh private key and ssh public key. As of now, I use to publish plan from local then bamboo internally create ssh keys then i copied it and pasted it in bamboo spec then it works. But this is not correct way, so from where to get ssh keys. Other user will also use same bamboo spec stored in repository

Hi Hema,

This question refers to SSH in Bitbucket Pipelines, not in Bamboo. I don't have much Bamboo exposure, so unfortunately I cannot provide much advice.

Try looking for discussions in the Bamboo section of Community. If you can't find anything, try open a new question with details.

Thanks,

Phil

Thanks, Phil

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events