Open longtt2705 opened 1 year ago
Make sure you didn't switch the private and public keys!
Make sure you didn't switch the private and public keys!
We had the same issue, and it was not because of accidentally switching keys.
It was related to webfactory/ssh-agent
not doing post-action cleanup, which affected subsequent runs (of a different workflow from another repo in our case).
The following was our fix:
- run: rm $HOME/.gitconfig $HOME/.ssh/key-* || true
- name: Add SSH private keys for submodules
uses: webfactory/ssh-agent@v0.8.0
Possibly related to: https://github.com/webfactory/ssh-agent/issues/178 https://github.com/webfactory/ssh-agent/issues/184
Make sure you didn't switch the private and public keys!
We had the same issue, and it was not because of accidentally switching keys.
It was related to
webfactory/ssh-agent
not doing post-action cleanup, which affected subsequent runs (of a different workflow from another repo in our case).The following was our fix:
- run: rm $HOME/.gitconfig $HOME/.ssh/key-* || true - name: Add SSH private keys for submodules uses: webfactory/ssh-agent@v0.8.0
Possibly related to: #178 #184
Tried this without luck :-(
@mpdude It seems that the public key is saved here (output of ssh-add -L gives the public keys) ?: https://github.com/webfactory/ssh-agent/blob/fd34b8dee206fe74b288a5e61bc95fba2f1911eb/index.js#L69
Should that have been the private key? as its set to permission 600, which is that for the private key part?
At least I get the same: error in libcrypto, when trying to use the key-file saved using this agent.
If I cat the Secret input(ie. private key) directly to a file and copy that to the docker, I can get ssh / git working.
I'm no way a linux ssh key guru, so I might have misunderstood things.
Lastly, shouldn't
with:
ssh: |
default=${{ env.SSH_AUTH_SOCK }}
allow the docker instances to use ssh which the ssh-agent from the github action runner?
I realized that this makes the private key end up in the built docker images, which it shouldn't.
An alternative is that you should mount a folder with the private key in.
But actually I wanted to use the the "host" ssh agent, so I looked at some more examples how to get that to work and figured that I need to add:
--mount=type=ssh
in front of the git clone commands.
Now it seems to work with the ssh-agent being passed to the docker build, thanks for sharing this tool.
@longtt2705 did you find any resolution to this issue? I'm currently facing the same.
I've the same issue. I've validated that I can clone the repo using the keys without issues but it fails inside the docker build process. In my case I'm using poetry to fetch the internal dependencies via ssh.
I am trying to install a private repository in Dockerfile via ssh. But when the runner trying to install the package, I got the error
Load key "/root/.ssh/key-801a24afcf65bdde333b552f2805263d9fe735a5977559ff47216d0f58d02aa5": error in libcrypto
.Here are what I have done:
Gen the key pairs
Add content of the public key as Deploy key to the
git@github.com:xxx/repo.git
. Then add the private key's content to secrets SSH_PRIVATE_KEY of the project which wants to install repo.git.Here is my package json, build.yml and Dockerfile
// package.json
// build.yml
// Dockerfile:
Whenever the workflow ran into
RUN yarn install --no-cache
and tried to install thegit@github.com:xxx/repo.git
via SSH, I got the error:Load key "/root/.ssh/key-801a24afcf65bdde333b552f2805263d9fe735a5977559ff47216d0f58d02aa5
. Can you tell me where I did wrong or what I am missing?