使用SSH在Azure Pipeline中签出git子模块 [英] Checkout git submodule in Azure Pipeline with SSH

问题描述

我尝试在Azure DevOps管道中通过ssh而不是https(如果使用"Checkout子模块"，则默认为)检出git子模块.带有图片中的选项可以使用-但是对于开发人员来说，如果他们正在使用存储库，那么总是需要输入密码.

I try to checkout the git submodules via ssh instead of https (default if you use "Checkout submodules") in an Azure DevOps Pipeline. With the option in the picture it works - but for the developers it's annoying to enter the password all the time if they are working with the repository.

为此，我按照以下说明添加了 ssh键. 我创建了一个公共密钥和一个私有密钥，并复制了known_host条目.

For that I used the following instructions to add the ssh key. I created a public and a private key, and copied the known_host entry.

这是我的YAML文件片段:

That's my YAML file snippet:

stages:
- stage: DeployBackend
jobs:
  - job: SSH
    steps:
      - task: InstallSSHKey@0
        inputs:
          knownHostsEntry: $(known_host)
          sshPublicKey: $(public_key)
          sshKeySecureFile: 'private_key_file'
  - job: Deploy
    steps:
      - checkout: self
        submodules: true
      - script: |
          -- here I run all docker commands to build the container and push it to Azure --
        displayName: "Deploy"

如果我使用SSH密钥将存储库克隆到本地计算机，则没有任何问题.但是，如果我运行管道，它将在子模块结帐时崩溃:

If I use the SSH keys to clone the repository to my local computer I have no issues. But if I run the pipeline it will crash at the submodule checkout:

请确保您具有正确的访问权限和存储库 存在.致命:克隆 'git@ssh.dev.azure.com:v3/ repoLink ' 进入子模块路径'/home/vsts/work/1/s/app/submoduleFolder'失败 无法克隆"app/submoduleFolder".重试计划的克隆到 '/home/vsts/work/1/s/app/submoduleFolder'...主机密钥验证 失败的.致命的:无法从远程存储库读取.

Please make sure you have the correct access rights and the repository exists. fatal: clone of 'git@ssh.dev.azure.com:v3/repoLink' into submodule path '/home/vsts/work/1/s/app/submoduleFolder' failed Failed to clone 'app/submoduleFolder'. Retry scheduled Cloning into '/home/vsts/work/1/s/app/submoduleFolder'... Host key verification failed. fatal: Could not read from remote repository.

这是存储库中的.gitmodules文件-它可以在本地正常运行而没有任何问题:

That's the .gitmodules file in the repo - it works without any issues locally:

[submodule "app/subModuleName"]
    path = app/subModuleName
    url = git@ssh.dev.azure.com:v3/***/subModuleName
    branch = master

我甚至使用脚本将id_rsa，known_hosts和id_rsa.pub文件写入了.ssh，但似乎它们甚至没有用于ssh验证.

I even wrote the id_rsa, known_hosts and id_rsa.pub files into .ssh with a script, but it seems like they are not even used for ssh verification.

推荐答案

解决方案是同时完成所有任务.变量不能在不同的job实例之间共享.

The solution is to do all the tasks in one job. Variables are not shared between different job instances.

这有效:

jobs:
    - job: jobName
      steps:
        - task: AzureKeyVault@1
          inputs:
            azureSubscription: '***'
            KeyVaultName: '***'
          displayName: "Read Secrets from KeyVault"
        - task: InstallSSHKey@0
          inputs:
            knownHostsEntry: $(known_host)
            sshPublicKey: $(public_key)
            sshKeySecureFile: 'private_key_file'
          displayName: "Create SSH files"
        - script: |
            git clone --recurse-submodules git@ssh.dev.azure.com:v3/****
            git submodule update --init --recursive
            docker login -u $(userName) -p $(password) ***
            docker build ****
            docker push ****
          displayName: "Build and Push Docker Container"

这篇关于使用SSH在Azure Pipeline中签出git子模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！