Push to the repository from CI

Question

I am fairly new to CI and just wanted to start with an automated changelog system. I had for some time a really good progress, until the point I wanted to push the changes back to the repository.

I tried to get various examples like most of this but still struggle to get it right.

This is my yaml-file which I used last time (I replaced our URL etc with <OUR_URL> etc):

stages:
  - test

test_a:
  stage: test
  before_script:
    ##
    # Set ssh-agent to start manual
    ##
    - Get-Service -Name ssh-agent | Set-Service -StartupType Manual
    
    ##
    # Start SSH-Agent and check if it is running
    ##
    - Start-Service ssh-agent
    - Get-Service ssh-agent
    ##
    ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    ## We're using Replace to fix line endings which makes ed25519 keys work
    ## without extra base64 encoding.
    ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
    ##
    - echo $SSH_KEY_RUNNER.Replace(';',"`r`n") | ssh-add -

    ##
    ## Create the SSH directory and give it the right permissions
    ##
    - if(!(Test-Path -path ~/.ssh)){ mkdir -p ~/.ssh} else {echo ".ssh directory is not created!"}
    
    ##
    ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
    ## with your own domain name. You can copy and repeat that command if you have
    ## more than one server to connect to.
    ##
    # - Add-Content ~/.ssh/known_hosts (ssh-keyscan gitlab.com) 

    ##
    ## Alternatively, assuming you created the SSH_SERVER_HOSTKEYS variable
    ## previously, uncomment the following two lines instead.
    ##
    - ((Remove-Item ~/.ssh/known_hosts) -and (echo "File known_hosts was removed!")) -or (echo "File known_hosts does not exist!")
    - Add-Content ~/.ssh/known_hosts "$SSH_SERVER_HOSTKEYS"

    ##
    ## Optionally, if you will be using any Git commands, set the user name and
    ## and email.
    ##
    - git config --global user.email "<OUR_GIT_MAIL>"
    - git config --global user.name "Gitlab.Runner"

  script:
    ##
    ## Message for the actual Script
    ##
    - echo "This Job runs if any file is changed, except CHANGELOG.md"

    ##
    ## run the run_update_changelog_script.ps1
    ##
    - powershell.exe -File ".\.gitlab-ci-scripte\run_update_changelog_script.ps1" -SHA $CI_COMMIT_SHA -SHORT_SHA $CI_COMMIT_SHORT_SHA -TITLE $CI_COMMIT_TITLE -URL $CI_PROJECT_URL -DESCRIPTION $CI_COMMIT_DESCRIPTION -USER_ID $GITLAB_USER_ID -USER_NAME $GITLAB_USER_LOGIN
    
    ##
    ## show changes in the changelog
    ##
    - Get-Content CHANGELOG.md
    
    ##
    ## do the git stuff
    ##
    - git status
    - git add CHANGELOG.md
    - (git commit -m "Update CHANGELOG.md") -or (echo "No changes, nothing to commit!")
    - git status
    - git remote show origin
    - git remote set-url --push origin git@<OUR_URL>:$CI_PROJECT_PATH.git
    - git remote show origin
    - git push --follow-tags origin HEAD:$CI_COMMIT_REF_NAME
  tags:
    - windows
  except:
    changes:
      - "CHANGELOG.md"

I am not completely sure what caused the following error. But for complete information I placed the private Key as variable inside the REPO settings named SSH_KEY_RUNNER and the public key as deploy key:

$ git push --follow-tags origin HEAD:$CI_COMMIT_REF_NAME
Warning: Permanently added the ECDSA host key for IP address 'X.X.X.X' to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
git@<OUR_URL>: Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.

I know that my and-or-command is not working as intended, but they are not that important at the moment.

One final piece of information: the gitlab-runner runs on a Powershell, as you might acknowledge already. The deploy key is set to write access.

Additonal Tests

I switched to a Linux runner instead of a windows runner to test if I got more promissing results. The yaml file is almost the same and I just switched to the linux commands instead of the powershell. It was mostly copy&paste from the gitlab website with a few smaller changes (different var names etc)

the result was differnt but almost the same:

$ git push --follow-tags origin HEAD:$CI_COMMIT_REF_NAME
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure that you have the correct access rights
and the repository exists.