1

I'm trying to automatically deploy my app to digital ocean through bitbucket pipelines. Here are the steps my deployment is following:

  • connect to the remote digital ocean droplet using ssh
  • clone my repository by running a git clone with ssh
  • launch my application with docker-compose

I have successfully setup ssh access to my remote. I have also configured ssh access to my repository and can successfully execute git clone from my remote server. However, in the pipeline, while connection to the remote server is successfull, the git clone command fails with the following error.

git@bitbucket.org: Permission denied (publickey). fatal: Could not read from remote repository.

Anybody has an idea of what is going on here?

Here is my bitbucket-pipelines.yml

image: atlassian/default-image:latest
pipelines:
  default:
    - step:
      deployment: production
      script:
        - cat deploy.sh | ssh $USER_NAME@$HOST
        - echo "Deploy step finished"

And the deployment script deploy.sh

#!/usr/bin/env sh
git clone git@bitbucket.org:<username>/<my_repo>.git
cd my_repo
docker-compose up -d

Logs for the git clone ssh commands within the droplet and from the pipeline

Hippolyte Fayol
  • 526
  • 1
  • 5
  • 14
  • How does `git` on the droplet have access to the SSH key? Try adding verbose logging to the ssh used for the `git clone` by doing something like `GIT_SSH_COMMAND='ssh -vvv' git clone ...` or if that doesn't work (git too old) trying one of the other suggestions [here](https://stackoverflow.com/questions/7772190/passing-ssh-options-to-git-clone) with the option `LogLevel DEBUG3`. Once you have the output you can put it on pastebin and provide a link here. – Chris Hunt Jan 13 '19 at 01:53

1 Answers1

0

Git uses the default ssh key by default.

You can overwrite the SSH command used by git, by setting the GIT_SSH_COMMAND environment variable. You can add the -i argument to use a different SSH key.

export GIT_SSH_COMMAND="ssh -i ~/.ssh/<key>"
git clone git@bitbucket.org:<username>/<my_repo>.git

From the git documentation:

GIT_SSH

GIT_SSH_COMMAND

If either of these environment variables is set then git fetch and git push will use the specified command instead of ssh when they need to connect to a remote system. The command-line parameters passed to the configured command are determined by the ssh variant. See ssh.variant option in git-config[1] for details.

$GIT_SSH_COMMAND takes precedence over $GIT_SSH, and is interpreted by the shell, which allows additional arguments to be included. $GIT_SSH on the other hand must be just the path to a program (which can be a wrapper shell script, if additional arguments are needed).

Usually it is easier to configure any desired options through your personal .ssh/config file. Please consult your ssh documentation for further details.

Community
  • 1
  • 1
Robbe
  • 2,610
  • 1
  • 20
  • 31