使用 SSH 在 Azure Pipeline 中签出 git 子模块 [英] Checkout git submodule in Azure Pipeline with SSH

问题描述

我尝试在 Azure DevOps 管道中通过 ssh 而不是 https(如果您使用Checkout submodules"则为默认值)来检出 git 子模块.使用图片中的选项它可以工作 - 但对于开发人员来说，如果他们正在使用存储库，则一直输入密码很烦人.

I try to checkout the git submodules via ssh instead of https (default if you use "Checkout submodules") in an Azure DevOps Pipeline. With the option in the picture it works - but for the developers it's annoying to enter the password all the time if they are working with the repository.

为此，我使用以下说明添加了 ssh 密钥.我创建了一个公钥和一个私钥，并复制了 known_host 条目.

For that I used the following instructions to add the ssh key. I created a public and a private key, and copied the known_host entry.

这是我的 YAML 文件片段:

That's my YAML file snippet:

stages:
- stage: DeployBackend
jobs:
  - job: SSH
    steps:
      - task: InstallSSHKey@0
        inputs:
          knownHostsEntry: $(known_host)
          sshPublicKey: $(public_key)
          sshKeySecureFile: 'private_key_file'
  - job: Deploy
    steps:
      - checkout: self
        submodules: true
      - script: |
          -- here I run all docker commands to build the container and push it to Azure --
        displayName: "Deploy"

如果我使用 SSH 密钥将存储库克隆到我的本地计算机，我就没有问题.但是，如果我运行管道，它会在子模块结帐时崩溃:

If I use the SSH keys to clone the repository to my local computer I have no issues. But if I run the pipeline it will crash at the submodule checkout:

请确保您拥有正确的访问权限和存储库存在.致命的:克隆'git@ssh.dev.azure.com:v3/repoLink'进入子模块路径/home/vsts/work/1/s/app/submoduleFolder"失败无法克隆应用程序/子模块文件夹".重试预定的克隆到'/home/vsts/work/1/s/app/submoduleFolder'...主机密钥验证失败的.致命:无法从远程存储库读取.

Please make sure you have the correct access rights and the repository exists. fatal: clone of 'git@ssh.dev.azure.com:v3/repoLink' into submodule path '/home/vsts/work/1/s/app/submoduleFolder' failed Failed to clone 'app/submoduleFolder'. Retry scheduled Cloning into '/home/vsts/work/1/s/app/submoduleFolder'... Host key verification failed. fatal: Could not read from remote repository.

这是 repo 中的 .gitmodules 文件 - 它在本地没有任何问题:

That's the .gitmodules file in the repo - it works without any issues locally:

[submodule "app/subModuleName"]
    path = app/subModuleName
    url = git@ssh.dev.azure.com:v3/***/subModuleName
    branch = master

我什至用脚本将 id_rsa、known_hosts 和 id_rsa.pub 文件写入 .ssh，但似乎它们甚至不用于 ssh 验证.

I even wrote the id_rsa, known_hosts and id_rsa.pub files into .ssh with a script, but it seems like they are not even used for ssh verification.

推荐答案

解决方案是在一项工作中完成所有任务.变量不在不同的 job 实例之间共享.

The solution is to do all the tasks in one job. Variables are not shared between different job instances.

这有效:

jobs:
    - job: jobName
      steps:
        - task: AzureKeyVault@1
          inputs:
            azureSubscription: '***'
            KeyVaultName: '***'
          displayName: "Read Secrets from KeyVault"
        - task: InstallSSHKey@0
          inputs:
            knownHostsEntry: $(known_host)
            sshPublicKey: $(public_key)
            sshKeySecureFile: 'private_key_file'
          displayName: "Create SSH files"
        - script: |
            git clone --recurse-submodules git@ssh.dev.azure.com:v3/****
            git submodule update --init --recursive
            docker login -u $(userName) -p $(password) ***
            docker build ****
            docker push ****
          displayName: "Build and Push Docker Container"

这篇关于使用 SSH 在 Azure Pipeline 中签出 git 子模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！