I try to use Bitbucket pipelines beta.
To build my repository, I need to build another repository from bitbucket.
So I configure a SSH Key but when I make a git clone, He ask me a passphrase for the key and block the automatic process.
Is there a way to pass this step without passphrase or providing the passphrase in anyway ?
To illustrate, here is my bitbucket-pipelines.yml file:
# You can use a Docker image from Docker Hub or your own container # registry for your build environment. image: maven:3.3.3 pipelines: default: - step: script: # Modify the commands below to build your repository. - mkdir ~/.ssh - echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - base64 ~/.ssh/id_rsa - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config - mvn --version - mkdir temp - cd temp - git clone firstname.lastname@example.org:dingorock/dingorock-helpers.git - cd dingorock-helpers - mvn clean install - cd .. - cd .. - mvn clean install
Thanks in advance,
Thank you, it's working.
But eventually, I don't understand how to have my private key in $SSH_KEY.
and do the following in the bitbucket-pipelines.yml :
image: maven:3.3.3 pipelines: default: - step: script: # Modify the commands below to build your repository. - mkdir ~/.ssh - cp bitbucket_pipelines_rsa ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config - mvn --version - mkdir temp - cd temp - git clone email@example.com:dingorock/dingorock-helpers.git - cd dingorock-helpers - mvn clean install -DskipTests - cd .. - cd .. - mvn clean install
Thanks a lot for your answer.
I would highly advise against storing your private key as part of your repository, for security reasons.
I think I know what was going wrong for you (I also had to battle this for a while).
Firstly, delete the SSH key-pair you are using now. It's in your repos Git history and is no longer able to be considered secure.
The issue I think you were having initially was that the SSH_KEY environment variable cannot be the plain text version of your id_rsa file. You need to encode it first in base64.
$ base64 ~/.ssh/id_rsa
You can see a full step-by-step guide here: https://answers.atlassian.com/questions/39243415
Let me know if you get stuck, you shouldn't have to have your secrets stored in your Git repository.
Oh ! Thanks for that, I didn't understand how to setup an Environment Variable. This is why I put the SSH KEY in my repo. And I know, it's bad !
So, Now, I just figure out how I can add environment variable via the pipeline setting of my repo so I will be able to delete the key from it and use the base64 encoding.
Thanks a lot for your tips and provided links.
You can find information on environment variables here: https://confluence.atlassian.com/display/BITBUCKET/Environment+variables+in+Bitbucket+Pipelines
Specifically, you'll want to read the "User-defined repository variables" section. To quote the part you're probably looking for:
You can add, edit, and remove variables directly in the Bitbucket Pipelines settings which you can find in your repository under Settings > Bitbucket Pipelines > Environment variables.
Hope that helps.
Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs