使用SSH在Azure Pipeline中签出git子模块 [英] Checkout git submodule in Azure Pipeline with SSH
问题描述
我尝试在Azure DevOps管道中通过ssh而不是https(如果使用"Checkout子模块",则默认为)检出git子模块.带有图片中的选项可以使用-但是对于开发人员来说,如果他们正在使用存储库,那么总是需要输入密码.
I try to checkout the git submodules via ssh instead of https (default if you use "Checkout submodules") in an Azure DevOps Pipeline. With the option in the picture it works - but for the developers it's annoying to enter the password all the time if they are working with the repository.
为此,我按照以下说明添加了 ssh键. 我创建了一个公共密钥和一个私有密钥,并复制了known_host条目.
For that I used the following instructions to add the ssh key. I created a public and a private key, and copied the known_host entry.
这是我的YAML文件片段:
That's my YAML file snippet:
stages:
- stage: DeployBackend
jobs:
- job: SSH
steps:
- task: InstallSSHKey@0
inputs:
knownHostsEntry: $(known_host)
sshPublicKey: $(public_key)
sshKeySecureFile: 'private_key_file'
- job: Deploy
steps:
- checkout: self
submodules: true
- script: |
-- here I run all docker commands to build the container and push it to Azure --
displayName: "Deploy"
如果我使用SSH密钥将存储库克隆到本地计算机,则没有任何问题.但是,如果我运行管道,它将在子模块结帐时崩溃:
If I use the SSH keys to clone the repository to my local computer I have no issues. But if I run the pipeline it will crash at the submodule checkout:
请确保您具有正确的访问权限和存储库 存在.致命:克隆 'git@ssh.dev.azure.com:v3/ repoLink ' 进入子模块路径'/home/vsts/work/1/s/app/submoduleFolder'失败 无法克隆"app/submoduleFolder".重试计划的克隆到 '/home/vsts/work/1/s/app/submoduleFolder'...主机密钥验证 失败的.致命的:无法从远程存储库读取.
Please make sure you have the correct access rights and the repository exists. fatal: clone of 'git@ssh.dev.azure.com:v3/repoLink' into submodule path '/home/vsts/work/1/s/app/submoduleFolder' failed Failed to clone 'app/submoduleFolder'. Retry scheduled Cloning into '/home/vsts/work/1/s/app/submoduleFolder'... Host key verification failed. fatal: Could not read from remote repository.
这是存储库中的.gitmodules
文件-它可以在本地正常运行而没有任何问题:
That's the .gitmodules
file in the repo - it works without any issues locally:
[submodule "app/subModuleName"]
path = app/subModuleName
url = git@ssh.dev.azure.com:v3/***/subModuleName
branch = master
我甚至使用脚本将id_rsa
,known_hosts
和id_rsa.pub
文件写入了.ssh
,但似乎它们甚至没有用于ssh验证.
I even wrote the id_rsa
, known_hosts
and id_rsa.pub
files into .ssh
with a script, but it seems like they are not even used for ssh verification.
推荐答案
解决方案是同时完成所有任务.变量不能在不同的job
实例之间共享.
The solution is to do all the tasks in one job. Variables are not shared between different job
instances.
这有效:
jobs:
- job: jobName
steps:
- task: AzureKeyVault@1
inputs:
azureSubscription: '***'
KeyVaultName: '***'
displayName: "Read Secrets from KeyVault"
- task: InstallSSHKey@0
inputs:
knownHostsEntry: $(known_host)
sshPublicKey: $(public_key)
sshKeySecureFile: 'private_key_file'
displayName: "Create SSH files"
- script: |
git clone --recurse-submodules git@ssh.dev.azure.com:v3/****
git submodule update --init --recursive
docker login -u $(userName) -p $(password) ***
docker build ****
docker push ****
displayName: "Build and Push Docker Container"
这篇关于使用SSH在Azure Pipeline中签出git子模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!