Deployment Keys support

slav's Avatar

slav

26 Jun, 2014 03:13 PM

Is there a built in support for deployment keys to be able to checkout submodules and such from different repos (https://confluence.atlassian.com/display/BITBUCKET/Use+deployment+keys)?

Or do I need to use the script to work with deployment key?

  1. Support Staff 1 Posted by Feodor Fitsner on 27 Jun, 2014 09:49 AM

    Feodor Fitsner's Avatar

    Fetching private repositories as sub-modules by SSH works for GitHub and it was successfully implemented by another customer. I believe the same approach could be applied to BitBucket too.

    First of all, you need to generate SSH key pair manually or in code.
    Then on "install" phase of the build, after the main git repo is fetch you can change the contents of SSH private key for appveyor user while preserving Unix-style new lines. The key is stored in c:\users\appveyor\.ssh\id_rsa.

    The following code can be used in YML to update SSH private key for fetching sub-module repositories:

    install: 
      - ps: $key = $env:gitkey #just the key contents, copied from notepad, into the environment variable on the UI 
      - ps: $fileContent = "-----BEGIN RSA PRIVATE KEY-----" + "`n" 
      - ps: for ($i = 0; $i -lt $key.Length / 64; $i++) { $min = [math]::min(64, $key.Length - ($i * 64)); $fileContent += $key.substring($i*64, $min) + "`n"; } 
      - ps: $fileContent += "-----END RSA PRIVATE KEY-----" + "`n" 
      - ps: Set-Content c:\users\appveyor\.ssh\id_rsa $fileContent
    

    The private key contents must be encrypted on AppVeyor UI and passed as an environment variable:

    environment: 
      gitkey: 
        secure: eYKZKFkkEvFYWX…
    

    Please let me know if you have any questions.

  2. 2 Posted by Drew Wells on 25 Nov, 2015 03:58 PM

    Drew Wells's Avatar

    CircleCI takes care of this for you by always adding a deployment key. If AppVeyor used deployment keys for public repos, we shouldn't have to do anymore configuration.

    Please add this feature

  3. Support Staff 3 Posted by Feodor Fitsner on 25 Nov, 2015 04:31 PM

    Feodor Fitsner's Avatar

    You can just move project's public key to the account level.

    - Feodor

  4. 4 Posted by Drew Wells on 25 Nov, 2015 05:25 PM

    Drew Wells's Avatar

    Feodor, I don't understand your comment. At the account level, there is
    only the option to authorize AppVeyor as a Github app. It doesn't have
    anywhere to add deployment SSH keys.

    The above steps list how to replace a SSH key used by appveyor with an
    appropriate one for the repository. CircleCI adds a deployment key to your
    repository and uses it on builds.

  5. Support Staff 5 Posted by Feodor Fitsner on 25 Nov, 2015 05:56 PM

    Feodor Fitsner's Avatar

    For private repositories AppVeyor does the same. It adds public key to "Deployment Keys" of repository and writes private key to a build worker during the build. You can see public key on General tab of project settings.

    You can use the same SSH key to fetch the main repo and all its sub-modules. Just open main repo's "Deployment keys" settings on GitHub, remove project public key from there, grab public key on General tab of project settings and then add it to SSH Keys under account on GitHub.

  6. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:02 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac