Using deploy keys with write access

I am currently running CE version 8.17.4 and I am attempting to setup a deploy key with write access (as of 8.16) so that my runner instance may commit build artifacts back to the repository. I took the following steps to set this up:

  • On the runner instance, I generated the ssh keypair with the command:
sudo ssh-keygen -t rsa -C "label" -b 4096
  • The generated keypair was saved to /home/gitlab-runner/.ssh/id_rsa and password protected.
  • Within Gitlab, I created a public deploy key from the admin console and pasted the contents of id_rsa.pub into the appropriate field and verified that the key fingerprints matched. I checked the “Write access allowed” box.
  • In the project that I wished to enable repository access from the runner, I enabled the newly created public deploy key.
  • This is a LaTeX document respository, so in the .gitlab-ci.yml file, I issue the following script after building the pdf:
after_script:
  - "git commit -am 'autobuild PDF'"
  - "git push origin master"

When the changes were committed, the build ran successfully on the runner up until the git push origin master command, whereby this error was thrown:

fatal: Authentication failed for 'http://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@host/project.git/'

Ok. A couple questions:

  1. If the deploy key is just an SSH key, shouldn’t it be connecting on the secure port or does this matter? I haven’t found much documentation on using this new write-permission deploy key feature, so what am I missing in the steps I took above?
  2. Do I need to include [ci skip] in the commit message to avoid looping CI builds? I saw this concern come up in the original issue tickets for this feature, but did not see whether this step was required or not.

Thanks for any help!