Pipeline not deploying to second repository

I created a new ssh key in my local machine, added the public key to my account settings ssh keys, and the private key to the ci/cd settings of the project.

My .gitlab-ci.yml looks like the following:

build app:
  stage: build
    - feature/ci-cd-pipeline-v1
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan $GIT_URL >> ~/.ssh/known_host
    - git config user.email "ci@example.com"
    - git config user.name "CI"
    - git remote add acquia $GIT_URL
    - echo "Script will runb"
    - git checkout -b feature/ci-cd-pipeline-v1
    - git push acquia feature/ci-cd-pipeline-v1

The goal of this is to push the updated code to my Acquia repository(which also has the ssh public key), but I get the following error when the pipeline runs:

$ command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )
$ eval $(ssh-agent -s)
Agent pid 12
$ echo "$SSH_PRIVATE_KEY" | ssh-add -
Error loading key "(stdin)": invalid format
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1

Maybe the CI/CD variable defined in the project settings misses a character which renders the input to ssh-add invalid. Or there is an empty line.

To test, print the value with echo, something like

    - echo "$SSH_PRIVATE_KEY" 
    - echo "$SSH_PRIVATE_KEY" | ssh-add -

and manually verify the key add in a local shell.

Another thought after searching and landing on gitlab-ci SSH key invalid format - Stack Overflow - I see that the job runs only on a given branch.

    - feature/ci-cd-pipeline-v1

If the CI/CD variable SSH_PRIVATE_KEY is set to protected, it will only be available on protected branches (main) and tags, and thus could be empty when the feature branch job runs.

I just attached a screenshot of what I have in the variable. The variable is not set to protected.

Regarding the branch, yes, I set the pipeline to run on a specific branch only, which is working.

I had looked into the SO link you also ran into, and it mentions malformation of the private key which am not sure if I have anything wrong.

When I echo the key through the pipeline, it shows as intended:

    -----BEGIN OPENSSH PRIVATE KEY-----the rest of the string=-----END OPENSSH PRIVATE KEY-----

I even tried putting a space at the end of the key string but it did not make a difference.

Iā€™d suggest copying the SSH_PRIVATE_KEY value into a local file, say ssh.txt. Then read its value into a new shell variable, and try the ssh-add command locally.


ssh=$(cat "$file")

echo "$ssh" | ssh-add - 

Maybe there is a better way to lint SSH key formats. :thinking: (and not an online tool to paste a private key into). Found ssh - Check if private key is malformed - Ask Ubuntu but that needs the public key to verify too. Could be worth a shot though.

I think that the issue is with the command I used to copy the private key

Instead I used:

pbcopy < ~/.ssh/pipelines/id_rsa.pub

And the before script now passes.

However the error now moved to the script.

getaddrinfo acquiarepo@svn-23449.prod.hosting.acquia.com:acquiarepo.git: Name or service not known
1 Like