Can not run git commands in custom steps in digitalocean

azuruce · November 18, 2019, 4:38pm

the .drone.yml is below:

kind: pipeline
type: digitalocean
name: build

token:
from_secret: digitalocean_token

server:
image: docker-18-04
size: s-2vcpu-4gb
region: sfo2

steps:

name: submodules
image: alpine/git
environment:
SSH_KEY:
from_secret: github_ssh_key
commands:
- mkdir $HOME/.ssh
- echo “$SSH_KEY” > $HOME/.ssh/id_rsa
- ssh-keyscan github.com >> ~/.ssh/known_hosts
- chmod 600 $HOME/.ssh/id_rsa
- echo -e “Host github.com\n\tStrictHostKeyChecking no\n” >> ~/.ssh/config
- git config core.sshCommand ‘ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no’
- git submodule update --init --recursive

The error log is:

git submodule update --init --recursive
19 Submodule ‘child-repo’ (git@github.com:azuruce/child-repo.git) registered for path ‘child-repo’
20 Cloning into ‘/tmp/drone-EtWrGGTs1O1Tn3kJ/drone/src/parent-repo’…
21 Host key verification failed.
22 fatal: Could not read from remote repository.

I tried a few ways to work around the host key validation error, but is not successful.

azuruce · November 18, 2019, 9:18pm

understood this is not a drone issue but ssh issue. I hope someone has seen the same error and solved it already.

azuruce · November 18, 2019, 9:23pm

appears to be alpine/git problem

reproduce by “docker run alpine/git clone xxx”

bradrydzewski · November 18, 2019, 11:46pm

as an aside, the digital ocean runner does not use the alpine/git image (or any containers for that matter). All pipeline steps are executed directly on the droplet using ssh. So in this case, the error would be unrelated to any issues with alpine/git.

azuruce · November 19, 2019, 12:09am

I think you are clarifying digitalocean runner is not the cause of the problem which I tend to agree. the problem is with alpine/git whose instruction require you to mount ~/.ssh into container before running.

ashwilliams1 · November 19, 2019, 3:50am

well, what he is saying is the digitalocean runner does not create containers, and ignores any use of image: in your yaml. So in this case alpine/git is not actually being used.

azuruce · November 19, 2019, 6:46am

Thanks! I got that now.
Here is what I found:

if I use alpine/git, I will need to create HOME variable, ~/.ssh directory, ~/.ssh/id_rsa (.pub), ~/.ssh/known_hosts before I can update submodules.

The code worked is:

kind: pipeline
name: build
steps:

name: submodules
image: alpine/git
environment:
SSH_KEY:
from_secret: github_ssh_key
commands:
- mkdir -p $HOME/.ssh
- echo “$SSH_KEY” > $HOME/.ssh/id_rsa
- chmod 600 $HOME/.ssh/id_rsa
- ssh-keyscan github.com > /root/.ssh/known_hosts
- git submodule update --init --recursive

If I use digital ocean, I need the same 5 lines.