Created
September 26, 2016 18:06
-
-
Save yannhowe/5ab1501156bd84c8ac261e2c17b8e3e0 to your computer and use it in GitHub Desktop.
.gitlab.ci.yml for SSH with private key.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Image neeeds to have ssh-client | |
| image: docker:git | |
| services: | |
| - docker:dind | |
| stages: | |
| - staging | |
| before_script: | |
| - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY | |
| - mkdir -p ~/.ssh | |
| # Paste the PRIVATE key into a gitlab variable. Pay attention to the linebreak at the end when pasting | |
| - echo "$DEPLOY_SERVER_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa | |
| - chmod 600 ~/.ssh/id_rsa | |
| - eval "$(ssh-agent -s)" | |
| - ssh-add ~/.ssh/id_rsa | |
| - ssh-keyscan -H 'your.server.hostname' >> ~/.ssh/known_hosts | |
| staging: | |
| stage: staging | |
| tags: | |
| - docker | |
| only: | |
| - staging | |
| script: | |
| - docker build --pull -t $CI_REGISTRY_IMAGE:staging . | |
| - docker push $CI_REGISTRY_IMAGE:staging | |
| # your own server details here | |
| - ssh $SERVER_USER@$SERVER_HOSTNAME < deploy.sh |
Thanks @amatiash !
How to add multiple Private keys to known_host??
Hey all, just tackled this today. FYI, this is how you can do git operations (i.e. tagging) from within CI as of today (variable of type 'File'):
tagging_job: stage: release image: ubuntu before_script: - mkdir -p ~/.ssh # Settings > Repository > Deploy Keys > "DEPLOY_KEY_PUBLIC" is the public key of the utitlized SSH pair (choose `Write access allowed` on creation) # Settings > CI/CD > Variables > "DEPLOY_KEY_PRIVATE" is the private key of the utitlized SSH pair, type is 'File' and ends with empty line - mv "$DEPLOY_KEY_PRIVATE" ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )' - eval "$(ssh-agent -s)" - ssh-add ~/.ssh/id_rsa - ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts script: # try to connect to GitLab.com - ssh [email protected] # fresh clone - mkdir ~/source && cd $_ - git clone [email protected]:$CI_PROJECT_PATH.git - cd $CI_PROJECT_NAME # Version tag - git tag my-tag - git push --tags -o ci.skipThe
-o ci.skippart causes the generated pipeline to be skipped (not auto-ran). If you want to not generate a pipeline at all for your tag push, add this to the top of the.gitlab-ci.yml:workflow: rules: - if: $CI_COMMIT_TAG when: never - when: alwaysPeace
Thx, you made my day !
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
eval $(ssh-agent -s) echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null mkdir -p ~/.ssh chmod 700 ~/.ssh ssh-keyscan xxx.xxx.xxx.xxx >> ~/.ssh/known_hosts chmod 644 ~/.ssh/known_hostsis worked for me
( add a SSH_PRIVATE_KEY in var settings )