I am unable to do git clone successfully in a Gitlab runner running on Windows, while I am able to do this in a gitlab runner running on Ubuntu.
I set the .ssh keys for my user(user1) and setup the same in Gitlab, but I am not sure of which user is used by CI CD job and how to set the SSH Keys for the same, please help.
Code snippet of CI CD Job:
demo_job_0_1:
tags:
- Lp25Maytag
script:
- echo Hello World Windows
- ls
- pwd
- whoami
- git clone git@gitlab.test1.com:user1/testrepo.git
Output of the CI CD job:
git-lfs/2.13.3 (GitHub; windows amd64; go 1.16.2; git a5e65851)
Skipping Git submodules setup
Executing âstep_scriptâ stage of the job script
00:03
$ echo Hello World Windows
Hello
World
Windows
$ ls
Directory: C:\GitLab-Runner\builds\m91h5sF7\0\user1\testrepo
Mode LastWriteTime Length Name
-a---- 25-05-2021 23:40 1008 .gitlab-ci.yml
-a---- 25-05-2021 23:12 105 README.md
$ pwd
Drive : C
Provider : Microsoft.PowerShell.Core\FileSystem
ProviderPath : C:\GitLab-Runner\builds\m91h5sF7\0\user1\testrepo
Path : C:\GitLab-Runner\builds\m91h5sF7\0\user1\testrepo
$ whoami
nt authority\system
$ git clone git@gitlab.test1.com:user1/testrepo.git
Cloning into âtestrepoââŚ
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
ERROR: Job failed: exit status 1
Hi @Developer_2000
you need to configure several things if you want to use SSH with Git for Windows.
I think there are already enough information on the internet if you search for âgit for windows sshâ
Hi @balonik ,
I already know how to configure SSH key for my user, I have configured this successfully and I am able to do a git clone of a project repository. The problem is only when I try to do a git clone from a CI CD job. In this case, I need to configure the SSH Key for the CI/CD user or the Gitlab runner user, this part is what I am not aware of how to do, please help.
You have typo in the path, but in case such folder does not exist you also need to create it.
optionally output the key to different path and use ssh-add to load it to ssh-agent.
I donât know why you want to use SSH key. I would use HTTP for git clone and use the Job token for authentication. Its easier and it doesnât store SSH key on local filesystem in case your runner is used by others.
Hi @balonik ,
Thanks for your response. I tried using ssh-add but got issues ( I will describe it later in this mail).
For creating a Job token, the user needs maintainer access, right? The user I have only has developer access, and in Linux, I was able to use the same and do git clone using SSH Keys. Please suggest a way without maintainer access if known.
Issue while using ssh-add:
$ ssh-agent -s
$ ssh-add âC:\Users\user1.sshâ
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for âC:\Users\user1\.sshâ are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
ERROR: Job failed: exit status 1
I tried removing access to private key, but it still didnât work
Thanks in advance!
I assume the repository you are trying to clone is in the same GitLab instance. If not, what I mention below does not apply.
I am talking about $CI_JOB_TOKEN, not Deploy Token. CI_JOB_TOKEN is a token generated for each Job, which is actually used to fetch/clone the repository and other things for that job.
However, CI_JOB_TOKEN inherits all permissions of the user under which the pipeline is running, so if your user has access to gitlab.test1.com/user1/testrepo.git the Job token has it as well. You can use it to clone other private repositories as you need like this git clone https://gitlab-ci-token:$CI_JOB_TOKEN@$CI_SERVER_HOST/user1/testrepo.git
Thanks a lot, @balonik ! This really worked for me. After weeks of searching in Google and Youtube, I could finally get this resolved by your constant feedback.
I used http instead of https - git clone http://gitlab-ci-token:$CI_JOB_TOKEN@$CI_SERVER_HOST/user1/testrepo.git.