I am currently running CE version 8.17.4 and I am attempting to setup a deploy key with write access (as of 8.16) so that my runner instance may commit build artifacts back to the repository. I took the following steps to set this up:
- On the runner instance, I generated the ssh keypair with the command:
sudo ssh-keygen -t rsa -C "label" -b 4096
- The generated keypair was saved to /home/gitlab-runner/.ssh/id_rsa and password protected.
- Within Gitlab, I created a public deploy key from the admin console and pasted the contents of id_rsa.pub into the appropriate field and verified that the key fingerprints matched. I checked the “Write access allowed” box.
- In the project that I wished to enable repository access from the runner, I enabled the newly created public deploy key.
- This is a LaTeX document respository, so in the .gitlab-ci.yml file, I issue the following script after building the pdf:
after_script: - "git commit -am 'autobuild PDF'" - "git push origin master"
When the changes were committed, the build ran successfully on the runner up until the git push origin master command, whereby this error was thrown:
fatal: Authentication failed for 'http://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@host/project.git/'
Ok. A couple questions:
- If the deploy key is just an SSH key, shouldn’t it be connecting on the secure port or does this matter? I haven’t found much documentation on using this new write-permission deploy key feature, so what am I missing in the steps I took above?
- Do I need to include [ci skip] in the commit message to avoid looping CI builds? I saw this concern come up in the original issue tickets for this feature, but did not see whether this step was required or not.
Thanks for any help!