I created a new ssh key in my local machine, added the public key to my account settings ssh keys, and the private key to the ci/cd settings of the project.
My .gitlab-ci.yml looks like the following:
build app:
stage: build
only:
- feature/ci-cd-pipeline-v1
before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $GIT_URL >> ~/.ssh/known_host
- git config user.email "ci@example.com"
- git config user.name "CI"
- git remote add acquia $GIT_URL
script:
- echo "Script will runb"
- git checkout -b feature/ci-cd-pipeline-v1
- git push acquia feature/ci-cd-pipeline-v1
The goal of this is to push the updated code to my Acquia repository(which also has the ssh public key), but I get the following error when the pipeline runs:
$ command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )
$ eval $(ssh-agent -s)
Agent pid 12
$ echo "$SSH_PRIVATE_KEY" | ssh-add -
Error loading key "(stdin)": invalid format
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
Maybe the CI/CD variable defined in the project settings misses a character which renders the input to ssh-add invalid. Or there is an empty line.
To test, print the value with echo, something like
- echo "$SSH_PRIVATE_KEY"
- echo "$SSH_PRIVATE_KEY" | ssh-add -
and manually verify the key add in a local shell.
Another thought after searching and landing on gitlab-ci SSH key invalid format - Stack Overflow - I see that the job runs only on a given branch.
only:
- feature/ci-cd-pipeline-v1
If the CI/CD variable SSH_PRIVATE_KEY is set to protected, it will only be available on protected branches (main) and tags, and thus could be empty when the feature branch job runs.
I just attached a screenshot of what I have in the variable. The variable is not set to protected.
Regarding the branch, yes, I set the pipeline to run on a specific branch only, which is working.
I had looked into the SO link you also ran into, and it mentions malformation of the private key which am not sure if I have anything wrong.
When I echo the key through the pipeline, it shows as intended:
-----BEGIN OPENSSH PRIVATE KEY-----the rest of the string=-----END OPENSSH PRIVATE KEY-----
I even tried putting a space at the end of the key string but it did not make a difference.
Iād suggest copying the SSH_PRIVATE_KEY value into a local file, say ssh.txt. Then read its value into a new shell variable, and try the ssh-add command locally.
file="ssh.txt"
ssh=$(cat "$file")
echo "$ssh" | ssh-add -
Maybe there is a better way to lint SSH key formats. 
(and not an online tool to paste a private key into). Found ssh - Check if private key is malformed - Ask Ubuntu but that needs the public key to verify too. Could be worth a shot though.
I think that the issue is with the command I used to copy the private key
Instead I used:
pbcopy < ~/.ssh/pipelines/id_rsa.pub
And the before script now passes.
However the error now moved to the script.
getaddrinfo acquiarepo@svn-23449.prod.hosting.acquia.com:acquiarepo.git: Name or service not known
1 Like
