Login/Register
How to pull from private repo in a bitbucket pipeline?
Asked Answered
Solved gitbitbucketbitbucket-pipelines
S

2

11

I have a bitbucket pipeline that works well but now on a project I need to pull from a private repository which contains a package that is required in my composer.json.

When I do a composer install in the pipeline, it stops with this error

Failed to execute git clone --no-checkout '[email protected]:company/package.git' [...]
  Cloning into '/opt/atlassian/pipelines/agent/build/vendor/company/package'...                                                                                                                                                                                                                                                                                 
  Permission denied (publickey).                                                                                                                                                                                                                                                                                                                                                
  fatal: Could not read from remote repository.                                                                                                                                                                                                                                                                                                                                 
  Please make sure you have the correct access rights                                                                                                                                                                                                                                                                                                                           
  and the repository exists.

The pipeline do not have any SSH key defined so it's not allowed to pull, but how could I define one since it's ephemeral?

Or maybe I should define the requirement otherwise?

Selfmastery answered 17/4, 2017 at 14:21 Comment(1)
docs: using-ssh-keys-in-bitbucket-pipelinesRecompense
S
11
  • Add a deployment key (public SSH key) to the private repository
  • Add that key’s corresponding private key (Base64-encoded) as environment variable in the repo that has the Pipeline. Ideally, this should be marked as protected, which will hide it.
  • Use the environment variable (Base64-decoded) in the Pipeline. Ususally, that means something like writing it to the user’s .ssh directory.

That should be enough to get it running.

Moreover, I’ve just seen that there is now (maybe this is new, but I’m not sure) a new page “Settings” > “Pipelines” > “SSH keys” for managing pipelines SSH keys. This way, you wouldn’t even need to add the private key to the docker image you are using. But I haven’t used that so far, so I can’t say anything about it.

Suffolk answered 18/4, 2017 at 7:22 Comment(1)
Thanks a lot, i was about to post this tuto that gives the same information :) community.atlassian.com/t5/Bitbucket-questions/…Selfmastery
R
3

As suggested at the end of @bluem's answer, this has become a bit simpler now:

Suppose repository foo needs to access private repository bar, both on bitbucket.org:

  1. goto foo Repository Settings -> Pipelines -> SSH Keys
  2. click "Generate keys" (or use your own)
  3. copy the public key
  4. goto bar Repository Settings -> Security -> Access keys
  5. click "Add key", fill out the form using the public key from foo
  6. done.

See docs for details.

Recompense answered 5/4 at 11:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.