Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Pipeline deploy using SSH keys on private repo

Tiago Menegaz
Tiago Menegaz
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 10, 2018 edited

Hi all, I'm building a docker pipeline for my project to be deployed on Google Clould Services based on this example. On my Dockerfile I have to build some gems which are hosted on my private repository on bitbucket. However, during the build step, the Docker container generated by the Pipeline can't see my SSH keys saved on my repository.

My question is how can I send the SSH keys configured on the pipeline to be used during by my container?

 

bitbucket-pipelines.yml:

At the #BUILD IMAGE comment I can get the private SSH correctly configured on my repo

 

options:
   docker: true

pipelines:
  default:
    - step:
      name: Deploy to Container Registry
      image: google/cloud-sdk:latest
      caches:
        - docker
      script:

         - export PRIVATE_KEY=`cat /opt/atlassian/pipelines/agent/data/id_rsa`
        - export IMAGE_NAME=gcr.io/$GOOGLE_PROJECT/$GCLOUD_REPO_SLUG:$BITBUCKET_COMMIT
        - export ENVIRONMENT=staging
        - echo $GOOGLE_CREDENTIALS | base64 -d > ~/.gcloud-api-key.json
        - gcloud auth activate-service-account --key-file ~/.gcloud-api-key.json
        - gcloud config set project $GOOGLE_PROJECT
        - gcloud container clusters get-credentials $GOOGLE_CLUSTER --region=$GOOGLE_REGION --project $GOOGLE_PROJECT
        - gcloud auth configure-docker --quiet
        # BUILD IMAGE
        - docker build -t $IMAGE_NAME --build-arg SSH_PRIVATE_KEY="$PRIVATE_KEY" .
        # PUBLISH IMAGE
        - docker push $IMAGE_NAME

 

 

Dockerfile:

FROM ruby:2.5.1-alpine3.7

ARG SSH_PRIVATE_KEY

RUN \
    echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
    && apk update && apk upgrade \
    && apk add bash build-base libxml2-dev libxslt-dev openssh-client git
    && apk upgrade --available \
    && rm -rf /var/cache/apk/* \
    && mkdir /usr/app \
    mkdir /root/.ssh/ \
    && echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa \
    && eval $(ssh-agent -s) \
    && chmod 600 /root/.ssh/id_rsa \
    && ssh-add ~/.ssh/id_rsa \
    && touch /root/.ssh/known_hosts \
    && ssh-keyscan bitbucket.org > /root/.ssh/known_hosts

# This line fails with

# RUN ssh-add /root/.ssh/id_rsa ---> Running in 9d6b522d6355Could 

# not open a connection to your authentication agent.The command 

# '/bin/sh -c ssh-add /root/.ssh/id_rsa' returned a non-zero

# code: 2

WORKDIR /usr/app

COPY Gemfile /usr/app/
COPY Gemfile.lock /usr/app/

RUN bundle config build.nokogiri --use-system-libraries \
&& bundle install

OBS: I can do an ugly alternative solution which is generating a new key and overwriting the new key with the value from the args (SSH_PRIVATE_KEY). But this also fails when it tries to run the bundle install.

 

I'd appreciate any help. Cheers.

Answer
Watch
Like # people like this
3706 views

1 answer

2 votes
Raimundas Rimkus
Raimundas Rimkus
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 26, 2022 edited

You can send it wih --build-args

docker build account/image_name:tag --build-arg SSH_PRIVATE_KEY="`cat /opt/atlassian/pipelines/agent/data/id_rsa`"

and the pass it into Dockerfile --> example:

FROM alpine:latest
ARG SSH_PRIVATE_KEY

RUN mkdir /root/.ssh/ && \
    apk add --no-cache openssh-client git && \
    echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa && \
    chmod 600 /root/.ssh/id_rsa && \
    cd /your_application_path_in_docker && \
    eval "$(ssh-agent -s)" && \
    ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts && \
    ssh-add  ~/.ssh/id_rsa && \
    yarn install




 

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.