It seems like something most people would want to do. You have something in your pipeline changing the project and then you want to push. However whenever I attempt to do a git push from my gitlab runner I get a 403 permission denied. Most things I find on the internet say it is because of it attempting to use the CI token. I have the SSH keys on the machine the runner is running on.
We did this by adding a before_script task where we install SSH & Git and set the Git credentials.
The var SSH_PRIVATE_KEY_TOOLKIT in the example below is a Deploy Key generated in Gitlab by going to Settings > Repository > Deploy Keys, Make sure to enable write access by editing the deploy key after enabling it.
I have a question about the deploy key, and your solution is the nearest to mine. As I understand correctly, you use the variable SSH_PRIVATE_KEY_TOOLKIT as the private key to connect to the repository? From reading the manuals from gitlab I was thinking the deploy key needs to be the public key and I put the private key as variable inside my repo CI Variables.
So if I am wrong an the deploy key needs to be the private key, where do I save the public key? Do I need a additional Gitlab-Runner-User who has saved his public key in his settings?
Nope simply create a SSH Key pair, you can do this on your computer ( by using Putty for example ).
Then define the public key in the deploy key section within a project by visiting Settings > Repository > Deploy Keys, Make sure you hit “Write access allowed”.
Then define your Private key in the variable SSH_PRIVATE_KEY_TOOLKIT.
Note: Best would be to add this variable on group level so that you won’t need to redefine it for new projects you create. ( Only if this applies to you workflow, for us this made sense since we want to pull the repo to each repo in our project group )
Then make sure this deploy key is enabled in both the repositories and has “Write access allowed” for the repo where the files should be pushed to. “Note when enabling the deploy key in a new repo the Write access is unchecked by default, so enable it and then edit and allow write access”.
Hopefully this clear things up for you, if there is still anything unclear let me know maybe I can help out.
Thats makes everything a bit more clear. So regarding to you post I used it in our CI. My problem is, that my scripts runs fine until I hit the point, where I want to push something back to the repo.
I have an opend stackoverflow question with all the additional Informations. I tested it with a windows gitlab-runner and a linux gitlab-runner, both struggeling to push, based on restrictions. If you want to see the linux code feel free to ask.
I took a quick look at your stackoverflow question and was wondering if you created a SSH Key without a password ? Since the error thrown is also the error that will be thrown when your SSH Key is password protected but no password was supplied.
We’ve actually ran into this issue as well and fixed it by creating a new key that was not password protected.
I finally could figure out, that atleast some part for ssh and gitlab is working. I figured out that I have some problem to use my WSL to git clone (or something else git-server related) with just my openssh config. But at least the core.sshCommand get me working. Sadly the GIT_SSH_COMMAND env variable doesn’t do the job for the git-runner. At a last glimps from my side, could it be that the gitlabrunner-user isn’t allowed to access the repository because it is private?
Hi @jrwang ,
I’m a bit of a newbie so apologize if the questions a basic.
I’m trying to apply your solution but running into some syntax errors.
Initially I got these errors:
At C:\Windows\TEMP\build_script039793081\script.ps1:285 char:17
+ which ssh-agent || ( apt-get update -qy && apt-get install openssh-cl ...
The token '||' is not a valid statement separator in this version.
I figured it’s bc I’m using powershell so I should use -or and -and instead of || and && (is that correct?).
Now I’m getting error about the last line in the before_script, but I’m not sure how to adjust that line to powershell (I don’t really understand that line )
At C:\Windows\TEMP\build_script991080655\script.ps1:309 char:2
+ [[ -f /.dockerenv ]] -and echo -e "Host *\n\tStrictHostKeyChecking no ...
Missing type name after '['.
+ CategoryInfo : ParserError: (:) , ParseException
+ FullyQualifiedErrorId : MissingTypename