How to log in inside a Gitlab CI container?

P

Pavel Vasilinenko2021-10-22 16:38:28

Composer

Pavel Vasilinenko, 2021-10-22 16:38:28

I need to install a private package from a corporate namespace in Gitlab CI via composer.

Dependency in composer.json.

"repositories": [
        {
            "type": "git",
            "url": "[email protected]:namespace/package.git"
        }
    ],
    "require": {
        "namespace/package": "dev-master",
     }

in .gitlab.ci.yml

image: registry.gitlab.com/namespace/project:1.0.0

stages:
    - deploy

.setup_ssh: &setup_ssh
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client zip unzip -y )'
    - eval $(ssh-agent -s)
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
    - echo "$SSH_PRIVATE_KEY" | base64 -d > ~/.ssh/id_rsa
    - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
    - ssh-keyscan $DEV_HOST >> ~/.ssh/known_hosts
    - chmod 600 ~/.ssh/id_rsa
    - chmod 600 ~/.ssh/id_rsa.pub
    - chmod 644 ~/.ssh/known_hosts
    - ssh-add ~/.ssh/id_rsa

.setup_composer: &setup_composer
    - composer i -n

deploy to dev:
    stage: deploy
    script:
        - *setup_ssh
        - *setup_composer

When installing composer i -n crashes with an error on a private package.

Cloning into bare repository '/root/.composer/cache/vcs/git-gitlab.com-namespace-package.git'...
remote:
remote: ================ ================================================= ======
remote:
remote: The project you were looking for could not be found or you don't have permission to view it.
remote:
remote: ============================================= =========================
remote:
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I tried running the container locally and installing the composer dependencies inside the container interactively.

- Syncing namespace/package (dev-master fa27046) into cache
Cloning failed, enter your GitLab credentials to access private repos
A token will be created and stored in "/root/.composer/auth.json", your password will never be stored
To revoke access to this token you can visit https://gitlab.com/-/profile/personal_access_tokens

I have 2FA set up. For the test, I created a token and tried to log in.

composer config --global gitlab-token.gitlab.com [token]

After that everything worked. But the problem is that this is my personal token.

How to log in inside a Gitlab CI container?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

Pavel Vasilinenko, 2021-10-25
@Paul_Vasko

Found the solution and it's very simple!
To deproy the main project to the server, I added the Deploy keys public key in the settings.
So, it was necessary to enable this key in the settings of EVERY private repository that is in composer.json dependencies.
Private repo > Settings > Repository > Deploy keys > Privately accessible deploy keys > Enable (key from main project)

https://docs.gitlab.com/ee/user/project/deploy_key...

A

Alexander Karabanov, 2021-10-22
@karabanov

Pass the token to the container via a variable.