I installed an Xcode Bot for a project that is hosted on github. I followed the steps and setup bot to use my existing SSH key. The verification succeeds and the project will checkout and build.

I then added a shell script in the pre-trigger action that increments the version in the plist, tags it, and commits that change back to github.

However when I try to do a git push from the shell script I get this:

-- Pushing to [email protected]:spex-app/spex-ios.git Permission denied (publickey).

fatal: Could not read from remote repository.

Why would the server successfully checkout my project but not be able to push changes. I notice the user is _xcsbuildd. I tried copying the .ssh keys into that /var/_xcsbuildd/.ssh and that also does not work.

I figured it out. You need to create new keys for the _xcsbuildd user. Then add them to github. Bottom of this thread: https://devforums.apple.com/message/1054122#1054122

sudo -u _xcsbuildd /bin/bash
ssh-keygen -t rsa -C "[email protected]"
ssh -T [email protected]

Taking in a lot of the other answers I found throughout the web (and on this question), I have the steps to make this work in Xcode 6. First, do the stuff above what dmclean stated (with a couple changes) on your build server:

sudo -u _xcsbuildd /bin/bash
ssh-keygen -t rsa -b 4096 -C "[email protected]" (when asked for a keyphrase, just hit return)
ssh -vT [email protected] (this will show you debugging output - you should not have to enter a keyphrase and it should successfully get to git)

Now, you need to set this new public key in your git account. Follow these steps: (Step 4) https://help.github.com/articles/generating-ssh-keys/

I am assuming you have a build script for your project. Our project has a Share Extension and a Watch Extension. I wanted the build numbers to increment across each (and be the same across each). Our build Numbers are in the format A.B.C.D (Major.Minor.Patch.build). This "Run Script" is in the "Build Phases" of the main project. Here is our script:

#!/bin/sh
# Auto Increment Version Script
# set CFBundleVersion to 1.0.0.1 first!!!
# the perl regex splits out the last part of a build number (ie: 1.1.1.1) and increments it by one
# if you have a build number that is more than 4 components, add a '\d+\.' into the first part of the regex. If you have less remove one
buildPlist=${INFOPLIST_FILE}
newVersion=`/usr/libexec/PlistBuddy -c "Print CFBundleVersion" "$buildPlist" | /usr/bin/perl -pe 's/(\d+\.\d+\.\d+\.)(\d+)/$1.($2+1)/eg'`
echo $newVersion;
/usr/libexec/PListBuddy -c "Set :CFBundleVersion $newVersion" "$buildPlist"
/usr/libexec/PListBuddy -c "Set :CFBundleVersion $newVersion" "$SRCROOT/${PRODUCT_NAME} Extension/Info.plist"
/usr/libexec/PlistBuddy -c "Set :CFBundleVersion $newVersion" "$SRCROOT/${PRODUCT_NAME} WatchKit Extension/Info.plist"
/usr/libexec/PlistBuddy -c "Set :CFBundleVersion $newVersion" "$SRCROOT/${PRODUCT_NAME} WatchKit App/Info.plist"
echo "Trying Git Config"
git config user.email "[email protected]"
git config user.name "XCode Build Server"
echo "Trying Git Commit"
git commit -a -m "Updated Build Numbers"
echo "Trying Git Push"
git push

If it doesn't work, take a look at the output in the Build Log (under the integration).

Some of the problems I encountered:

Since _xcsbuildd doesn't really have a $HOME I had to do the git configs, otherwise I was getting errors where git didn't know who I was (identity errors). If I put a keyphrase in the RSA key, then it gave me public key errors when trying to push (took me a bit to figure out to take out the keyphrase to make it work).

I hope this helps someone.