act-mreeves
commented
2 weeks ago @isinghdm - This is not what you are asking for but bitbucket provides an easy read only method to access one or more repos with SSH.
create key:
ssh-keygen -t ed25519 -b 4096 -C "bitbucket_cml" -f ~/.ssh/id_rsa_bitbucket_cml;then in git actions save the secret and then use add it to the agent:
- name: Setup SSH Agent
uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.ID_RSA_BITBUCKET_CML }}Per https://dvc.org/doc/user-guide/data-management/remote-storage/ssh#more-configuration-parameters allow_agent is set to true by default.
Just go to 1 or more BB repos in your org and add the public key to this page: https://bitbucket.org/$your_org/$your_repo/admin/access-keys/. This assume you are referring to the "ssh" URI type of git repos and not "https".
Summary / Background
Right now, CML only supports basic auth based on usernames and passwords which have a very wider access scope and are not recommended security wise if we want to just post comments using cml. It would be good to use bitbucket access token that can be generated on the fly using bitbucket API and use it in the CML pipelines.
Scope
Allow the use of bitbucket access tokens while using cml commands. Right now it returns unauthorised.