OppOops
commented
5 months ago Here is the suggestion to use normal git commands like this, which will need to change the ssh-key file permission and add the known_hosts in to list.
Below we suppose the git host is github.com :
skip_clone: true
steps:
- name: clone
image: alpine/git
commands:
#if the content is base64, just decode it with base64 -d ... > pull_key
- echo "$CLONE_SSH_KEY_CONTENT" > pull_key
- chmod 600 pull_key
- mkdir -p /root/.ssh
- ssh-keyscan github.com >> /root/.ssh/known_hosts
# below commands simiulate the woodpeckerci/pulgin-git
- git init
- git remote add origin $CI_REPO_CLONE_SSH_URL
- git config core.sshCommand 'ssh -i pull_key'
- git fetch && git checkout $CI_COMMIT_BRANCH
secrets: [ CLONE_SSH_KEY_CONTENT ]pull_key will leave in the default workspace. If we use woodpeckerci/plugin-git to fetch the repo, the ~/.ssh/known_hosts needs to be add further. Now I use the clone like the following:
skip_clone: true
steps:
- name: copy-key
image: alpine/git
commands:
#if the content is base64, just decode it with base64 -d ... > pull_key
- echo "$CLONE_SSH_KEY_CONTENT" > pull_key
- chmod 600 pull_key
- mkdir -p /root/.ssh
- ssh-keyscan github.com >> /root/.ssh/known_hosts
secrets: [ CLONE_SSH_KEY_CONTENT ]
- name: clone
image: woodpeckerci/plugin-git
settings:
- use-ssh : true
- ssh-key : pull_key
Please add properties
ssh-key-rawto provide Base64 string of SSH key (not path to file) andcustom-cert-rawto provide Base64 string of custom server certificate.I tried to use this plugin in a Woodpecker with a Kubernetes backend. I can't add Docker volume to clone step, and I can't execute any command (for example to create a file). So I can not create any file and only set values to properties. I think it will be great if a user can provide a secret's values directly to properties.