CircleCI failing to access private repository

Asked 1/2, 2022 at 22:28 Answered 20/7, 2022 at 20:51

Solved flutter bitbucket ssh-keys circleci

We have a Flutter app which uses a private repository as a dependency.

The SSH key has been added to CircleCI, and the remote access to the repository works just fine locally using this same key.

The config has been added to the .circleci/config.yml:

- add_ssh_keys:
  fingerprints:
    - "84:1a:so:me:ke:y:14:31:0f"

But CircleCI keeps failing to access the private dependency repo , giving the following error:

" Running "flutter pub get" in project... Git error. Command: git clone --mirror [email protected]:our_account/priv_repo.git /home/circleci/development/flutter/.pub-cache/git/cache/priv_repo-3456accd54b38ec5b3820944f77e90ce2ddc9887 stdout: stderr: Cloning into bare repository '/home/circleci/development/flutter/.pub-cache/git/cache/priv_repo-3456accd54b38ec5b3820944f77e90ce2ddc9887'... Warning: Permanently added the RSA host key for IP address '18.205.93.1' to the list of known hosts. Unauthorized fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists. exit code: 128 "

Has anyone successfully created a CircleCI deployment which includes a private repo dependency?
What might possibly be missing to cause this issue?

Airstrip answered 1/2, 2022 at 22:28 Comment(1)

I used the following documentation for adding my SSH key, and updating the circle ci config : circleci.com/docs/2.0/add-ssh-key circleci.com/docs/2.0/gh-bb-integration/… – Airstrip 1/2, 2022 at 22:43

OK - there were a couple of things I had wrong,

The main one was that I had the add_ssh_keys line in the wrong place.
It really needs to be the first step, or at least be before the flutter/install_sdk_and_pub step.

eg. This works (but if the add_ssh_keys step was at the bottom of the list of 4 steps here then it fails):

    steps:

      - add_ssh_keys:
          fingerprints:
            - "84:1a:so:me:ke:y:14:31:0f"

      - checkout
      - aws-cli/setup:
          profile-name: example
      - flutter/install_sdk_and_pub:
          flutter_version: 2.5.3

In addition to that it is worth noting that I added my SSH key as an "Additional SSH Keys" type key (adding a "User Key" broke the deploy) (that is under Project Settings > SSH Keys),
and I set the Hostname for the key to "bitbucket.org".

So CircleCI is now successfully pulling in my private repo dependency.
It is failing on versioning mismatch stuff, but that is another issue, and shall be solved at another time.

Airstrip answered 2/2, 2022 at 23:39 Comment(0)

I want to clarify some things first.

The main one was that I had the add_ssh_keys line in the wrong place. It really needs to be the first step, or at least be before the flutter/install_sdk_and_pub step.

Yes, it's because each step runs in a different session, so they don't share the configs from each other. Your ssh-key only works because the environment variables defined on the Project Settings, are used across all the steps.

eg. This works (but if the add_ssh_keys step was at the bottom of the list of 4 steps here then it fails):

Yes, and if you want to use this fingerprint in another step, you need to paste it there too.

There are some things that you can do to fix your problem, you can leave the main ssh-key on the Project Settings and you can create an environment variable with the public key content (from another ssh-key).

After that, before using that second key, you need to run some commands like:

  - run:
      name: Step I'm using the second key
      command: |
        echo -e $MY_ENV_VAR | base64 -d > key
        chmod 400 key
        eval $(ssh-agent -s)
        ssh-add key
        git clone...
        docker build...

Doing that, you will be able to clone the second repo.

Overact answered 9/2, 2022 at 5:56 Comment(0)

Two things that worked for me:

Adding checkout step before updating the submodules
Adding the User public key(from CircleCI) to Bitbucket both repositories,the submodule repository and the parent repository that uses the submodule.

Checkout

As mentioned here https://circleci.com/docs/configuration-reference#checkout:

Note: CircleCI does not check out submodules. If your project requires submodules, add run steps with appropriate commands as shown in the following example:

- checkout
- run: git submodule sync
- run: git submodule update --init

User Key

The "User Key" public key is not added automatically to Bitbucket. Here is an explanation on how to add it https://circleci.com/docs/bitbucket-integration#create-a-bitbucket-user-key.

After you copy the key from the "Developer Tools" you need to add it to "Access keys" in Bitbucket.

Bullivant answered 20/7, 2022 at 20:51 Comment(0)

Recommended topics

Hot tags