-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inject Netrc and SSH keys to clone private repositories #1090
Comments
this is required in order to clone private repositories, including the ability to |
That's what I've thought, but it's not the way to rewrite it. There are options like ssh wrappers for example. Why not to let drone keep specific ssh files also in /var, same as with sources? |
Well I haven't seen this things documented( Or I might be just wrong, anyway it would be nice if it's described or better control has given to the user. Am I right these private keys correspond to those public in repo settings? If so it seems unhandy because user will have to publish these pubkeys into his vcs. But drone can do it automatically in case of github :) Wrapper is a cleaner approach anyway... It could be improvement then. |
Drone automatically uploads the key for GitHub, GitLab, Gogs, Bitbucket and Stash. This covers the most popular use cases.
My concern with |
It's an awesome feature indeed.
Yeap, I totally agree GIT_SSH approach doesn't scale with different tools (such as mentioned old versions of npm). I'm starting to think the drone's approach is the optimal so far. But again, I would suggest maybe to implement key selection, it would eliminate user's misunderstanding. For example there might be option such as:
In case key exists do not overwrite (same with config) when the first way is chosen but this should be logged into the build session. I don't know maybe I'm overcomplicating when I say that it would be a nice thing), because implementation of all these can be tricky... |
@dennybaa the good news is in 0.4 (upcoming release) we try to use This means we may be able to omit the |
@bradrydzewski, this is the great news.
If we omit injection of keys, it might be a bad practice. User might want tooling especially when it touches deployment (ex. capistrano). Nobody wants to keep secure keys inside repository :) and in this case manual injection makes real sense. |
+1 Would be very useful indeed to be able to inject an ssh key into the build. Much of our previous CI relies on modifying separate Git repositories after a successful build. |
It is true that providing ssh keys to plugins can solve the issue. Hope I'm not being too pushy, just giving some feedback :) |
@axel22 are your repos public or private? The ssh key is automatically injected into the repository if private |
@bradrydzewski Most of our repos are public. |
@bradrydzewski
... solves the problem |
Is there any necessity to do so?
I was struggling with this for half-of day :) And yeah I found it, but overwriting the user's data might seem to be not the best solution.
Btw what's the purpose id_rsa which can be found in runner container?
The text was updated successfully, but these errors were encountered: