I am trying to release my maven project using standard maven release plugin and Bitbucket pipelines. I've created my own docker image with private key protected with passphrase. My Bitbucket account allows commits from this docker image and Bitbucket pipeline is able to inject private key passphrase via environment variable when building.
The problem is that maven release plugin ignores everything and asks for passphrase which is an unacceptable manual step.
My settings.xml in /root/.m2 looks like
<server>
<id>bitbucket.org</id>
<privateKey>/root/.ssh/id_rsa</privateKey>
<passphrase>${env.BB_PIPELINES_MAVEN_3_3_9_JDK_8_SSH_PASSPHRASE</passphrase>
</server>
I am using the latest release and scm plugins, respectively 2.5.3 and 1.9.5
In my pom.xml there is server property
<project.scm.id>bitbucket.org</project.scm.id>
and my scm url's are like
<scm>
<url>https://bitbucket.org/user/repo</url>
<developerConnection>scm:git:[email protected]:user/repo</developerConnection
<connection>scm:git:[email protected]:user/repo</connection>
</scm>
I was trying to use ssh-agent, and it seems to work, but looks like ssh-agent doesn't allows to pass passphrase in command line as well.
Any ideas how can it be solved?
I managed to do some workaround using expect and ssh-agent.
In my .bashrc I've put
eval `ssh-agent -s`
/root/load-private-key.sh $BITBUCKET_PIPELINES_MAVEN_3_3_9_JDK_8_SSH_PASSPHRASE
and my load-private-key.sh file looks like
#!/usr/bin/expect -f
set password [lindex $argv 0];
set timeout 10
spawn ssh-add /root/.ssh/id_rsa
expect "Enter passphrase for /root/.ssh/id_rsa: "
sleep 1
send $password\n
expect "Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)"
Now every build session starts with loading into memory private key which can be used by standard maven release plugin.