I am trying to setup a simple CI that will deploy my code to my remote server when I push to my master branch on gitlab.
I have disabled password access in my remote host and only allow public key access.
I have the following .gitlab-ci.yml:
image: node:7.2.1
services:
- mongo:3.4.0
cache:
paths:
- node_modules/
stages:
- test
- build
- deploy
test:
stage: test
script: echo "Running tests"
build:
stage: build
script: echo "Building the app"
- npm install -g yarn
- yarn install
- node ./index.js
before_script:
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
- mkdir -p "${HOME}/.ssh"
- echo "${SSH_HOST_KEY}" > "${HOME}/.ssh/known_hosts"
- echo "${SSH_PUBLIC_KEY}" > "${HOME}/.ssh/id_rsa.pub"
# - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- apt-get update
- apt-get -y install rsync
deploy_production:
stage: deploy
script:
- echo "Deploy to production server"
- rsync -av --delete MYSITE/ jonfor@MYSITE.io:MYSITE
environment:
name: production
url: https://MYSITE.io
only:
- master
I get the following error:
Permission denied (publickey).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.1]
ERROR: Build failed: exit code 1
I have added the public key in SSH_PUBLIC_KEY to my remote server’s .ssh/authorized_keys file. I feel like I’m having a fundamental misunderstanding of how gitlab runners work. Is rsync being run by a user other than the one I created the .ssh/id_rsa.pub file for?