Closed redeexpressos closed 2 months ago
Hi, for this use-case, you basically have three options:
SSH_PRIVATE_KEY_FILE
. By that, you can still clone via SSH (and independent of the access rights of the user that triggers the CI).GITCONFIG_FILE
to your file. Currently we only auto-use that file in the Github CI (1f6197b3c2ef6687b645178bfdb6b1f9f36f4e03). You might need to set the credential helper env vars as well. Please see Environment variablesKAS_PREMIRRORS
to modify the urls on the fly.In the manual, we have a dedicated credential handling section, but if things are still not clear we are happy to add further pointers / examples.
update: As we already have support for the CI_JOB_TOKEN
via .netrc
, it might be easier to just configure the re-writes via KAS_PREMIRRORS
, or via the GITCONFIG_FILE
(without injecting the credentials). For that, please see CI_JOB_TOKEN
in the Environment variables.
Is there any available example using the kas's option CI_JOB_TOKEN
? I am not sure how to use these options..
Is there any available example using the kas's option
CI_JOB_TOKEN
? I am not sure how to use these options..
Unfortunately not, but you're right, we should add one.
The probably easiest solution is to do the following:
variables:
# adjust according to your needs
KAS_PREMIRRORS: "git@code.siemens.com: https://code.siemens.com/"
Then, make sure that the CI_JOB_TOKEN
has the necessary access rights on the "other" project. For that, navigate to the other project in Gitlab -> CI/CD -> Token Access. There, tick "Limit access to this project" and add the name of the project that executes the ci (group/name). Done.
Thanks, that did the trick :) And yes, I do agree there should be more examples with the various environment variables.
I just sent a documentation patch to the kas ML: https://groups.google.com/g/kas-devel/c/ilW8NOQfZV0
Hello. I'm trying to do a simple CI/CD that runs kas docker image and builds my image (which depends on private repositories) This is what I've tried:
However, when
kas
tries to clone, it still tries thessh
way. Any suggestion how I can do this?