I am already bumping my head against the SSH wall for two days, trying to push bag a version bump in the Gitlab CI pipeline back to the original repository on gitlab.com.
I’ve used a ED25519 SSH key pair, like described in the SSH documentation. I used the private key as a pipeline Variable (defined under the project > settings > CI / CD > Variables) and the public key as a Deploy Key (defined under project > settings > repository > Deploy Keys) with write access.
I am trying to generate a new git tag representing the version of the application. It fails with the last command in the script, when trying to push the generated GIT tag back to the original repository.
My .gitlab-ci.yml step looks like this:
version: stage: version only: - master except: - tags - schedules script: ## Install ssh-agent if not already installed, it is required by Docker. ## (change apt-get to yum if you use an RPM-based image) - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )' ## Run ssh-agent (inside the build environment) - eval $(ssh-agent -s) ## Create the SSH directory and give it the right permissions - mkdir -p ~/.ssh - chmod 700 ~/.ssh ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store ## We're using tr to fix line endings which makes ed25519 keys work - echo "$CI_SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com ## with your own domain name. You can copy and repeat that command if you have ## more than one server to connect to. - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' ## ## Optionally, if you will be using any Git commands, set the user name and ## email. ## - git config --global user.email "firstname.lastname@example.org" - git config --global user.name "Dario Soller" - export CI_SSH_REPO_URLemail@example.com:ds_rfrnz/automatic-versioning.git - git tag $NEW_VERSION - git remote add original-origin $CI_SSH_REPO_URL - git remote - git push original-origin $NEW_VERSION tags: - docker - gce
The pipeline console output for the last steps looks like this:
$ git tag $NEW_VERSION $ git remote add original-origin $CI_SSH_REPO_URL $ git remote origin original-origin $ git push original-origin $NEW_VERSION Warning: Permanently added the ECDSA host key for IP address '18.104.22.168' to the list of known hosts. Load key "/root/.ssh/id_ed25519": invalid format firstname.lastname@example.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
Can someone please point me in the right direction. What I am I doing wrong, or what I am I missing?