I have a rails application setup in AWS CodeBuild. The source repository for the app is in a private git repository in Github, and with the AWS Github connector, the build process for this app is able to successfully checkout the source for the app and start the build steps.
The build process fails, however, when bundle install is run within the repository - we have a number of private gems from our organization in the Gemfile, included with the gem "somegem", git: [email protected]:... pattern. CodeBuild should be able to pull down these repositories - they've all been enabled in the AWS Github connector, and the repository for the main app pulls down successfully. What we're seeing when the bundle install runs is:
[Container] 2021/02/25 18:08:42 Moving to directory /codebuild/output/src384/src/s3/00
[Container] 2021/02/25 18:08:42 Registering with agent
[Container] 2021/02/25 18:08:42 Phases found in YAML: 2
[Container] 2021/02/25 18:08:42 INSTALL: 3 commands
[Container] 2021/02/25 18:08:42 BUILD: 4 commands
[Container] 2021/02/25 18:08:42 Phase complete: DOWNLOAD_SOURCE State: SUCCEEDED
[Container] 2021/02/25 18:08:42 Phase context status code: Message:
[Container] 2021/02/25 18:08:42 Entering phase INSTALL
[Container] 2021/02/25 18:08:42 Running command bundle config set path vendor/bundle
[Container] 2021/02/25 18:08:44 Running command bundle config set clean 'true'
[Container] 2021/02/25 18:08:44 Running command bundle install
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
Fetching gem metadata from https://rubygems.org/.......
Fetching [email protected]:OrganizationName/ApplicationName.git
Warning: Permanently added the RSA host key for IP address '140.82.114.3' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Retrying `git clone '[email protected]:OrganizationName/ApplicationName.git' "/codebuild/output/src384/src/s3/00/vendor/bundle/ruby/2.7.0/cache/bundler/git/ApplicationName-8bd8465f89c17a9b95589e33678f605c1f1e45c5" --bare --no-hardlinks --quiet` due to error (2/4): Bundler::Source::Git::GitCommandError Git error: command `git clone '[email protected]:OrganizationName/ApplicationName.git' "/codebuild/output/src384/src/s3/00/vendor/bundle/ruby/2.7.0/cache/bundler/git/ApplicationName-8bd8465f89c17a9b95589e33678f605c1f1e45c5" --bare --no-hardlinks --quiet` in directory /codebuild/output/src384/src/s3/00 has failed.
Permission denied (publickey).
fatal: Could not read from remote repository.
At this point, the entire build step fails. Is there something else that needs to be done for the CodeBuild containers to be able to pull down a repository in a private repo? Does anyone have any examples of a rails app w/ gems referenced in private git repos working in AWS CodeBuild/Codepipeline?
Answering my own question in case someone else runs into this - the "[email protected]..." references in the Gemfile forces bundler to use a keypair to fetch the gem - since the CodeBuild doesn't have a valid key to use for these other repos, we get those "Permission denied" issues.
There are a couple of ways around this - first, is to just switch to using "https://..." references to the gem in the gemfile. If you don't want to do that, you can add something early on in your build pipeline like this:
git config --global url."https://github.com/".insteadOf "[email protected]:"