I'm trying to set up continuous integration with Bamboo. I want to configure a task that ssh's into our stage server, cd's into the proper directory and performs a git pull.
I've been able to set up the ssh task, but doing the git pull has been difficult.
Steps I've taken:
Configured an ssh task to cd into the project directory and run the following script:
#!/bin/bash
echo "pulling from master"
git pull origin master
The script runs, but the logs show a Permission denied (publickey). error after it tries to pull.
I switched my remote-url from HTTPS to ssh and created a publickey. Now when I try to do a manual pull it asks for the key's passphrase.
Used ssh-agent to cache the passphrase for a session.
Realized that this cache only persists until I close my session so I followed the steps from this article (https://confluence.atlassian.com/display/BITBUCKET/Set+up+SSH+for+Git) to start ssh-agent with every new session. Namely I added this script to my .bashrc:
SSH_ENV=$HOME/.ssh/environment
# start the ssh-agent
function start_agent {
echo "Initializing new SSH agent..."
# spawn ssh-agent
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
echo succeeded
chmod 600 "${SSH_ENV}"
. "${SSH_ENV}" > /dev/null
/usr/bin/ssh-add
}
if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi
and added this to the .ssh/config file:
Host myStashInstance.org
IdentityFile ~/.ssh/id_rsa
I would like to know what the next steps would be to getting ssh-agent to start when I start a new session so I can continue figuring out how to finish configuring this job. (Also open to suggestions for other avenues to pursue if I'm completely on the wrong path.)
To summarize, you're running into the following issue:
git pull there.ssh-agent).There are several ways this could be solved:
To simplify this environment, install the Bamboo Agent on your Staging Server. Enter the Git URL and credentials in the Bamboo build plan and let Bamboo take care of the work.
Bamboo will pull the Git repo, you can then run whatever steps you want and deploy to your staging server process.
Instead of doing the Git operation on your staging server, do it on server A. Enter the Git URL and credentials in the Bamboo build plan and let Bamboo take care of the work.
Once your project is checked out on server A, run whatever build steps you want to do there, then package (zip/tar/jar/...) the build results and copy them over to the Staging Server. Maybe you don't need to use Git on the Staging Server at all.
This is the least secure of the options. Switch back your remote URL to HTTPS, then create a ~/.netrc file on the staging server and add an entry for your Git server in there, providing username and password, as described here: https://confluence.atlassian.com/display/STASH/Permanently+authenticating+with+Git+repositories#PermanentlyauthenticatingwithGitrepositories-Usingthe.netrcfile
Example:
machine mygitserver
login mario
password SECRET
Caution, this requires you to store your password in plain text in the .netrc file. Only use this method if you can live with this risk. If the password used for this account changes, you will have to change it in this file as well. You probably want to use a technical/service account for this, not a real user account. Lock down this account as much as possible.
One of these three options should help you to solve your problem.