Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-11369

If I want to use git submodules then I shouldn't have to upload and configure SSH keys on each Bamboo Agent.

    • 12
    • 42
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      I'm not sure if this is applicable, so if someone find this issue wrong - please 'wontfix' it.

      Lets assume we have a Git repository hosted via ssh:// protocol. Access to that repository is via the ssh (rsa) private/public key authentication. Lets assume the repo contain submodules. So for example we have in .submodules

      [submodule "submodules/core"]
      	path = submodules/core
      	url = ssh://git.company.com/projects/core.git
      

      (where our repository is under ssh://git.company.com/projects/product.git)

      In such scenario Bamboo Agents will do:
      1) fetch the data from ssh://d73ceba5-2327-4e81-8c63-f61ad3024bc3@127.0.0.1:58505/projects/product.git -PROXIED> ssh://git.company.com/projects/product.git to agent's Job working directory
      2) bamboo issues "git submodule init; git submodule update" commands.
      3) thus git notices there are some submodules defined (in "workDir/.submodules" file)
      4) git will execute another fetch, this time from ssh://git.company.com/projects/core.git and will put it under ./submodules/core directory (note that here it is the Git that deduces the correct url from .submodules file, not the Bamboo).
      5) finish (update the workspace, index, etc)

      Now, problem is in step (4) - it won't go through Bamboo SSH proxy, and as it won't be proxied the Bamboo user will have to setup all Bamboo Agents correctly (with .ssh/config files and rsa-identity files). This can be PITA. Would be good if somehow Bamboo would work with submodules in more transparent way so the Bamboo user wouldn't have to do the setup manually.

            [BAM-11369] If I want to use git submodules then I shouldn't have to upload and configure SSH keys on each Bamboo Agent.

            I put in a support ticket and received a workaround that works IF you are using Bitbucket with Bamboo. I don't know whether this works with any other Git server. The workaround is to use only relative SSH URLs in your .gitmodules file. This only works if your main repository is on the same server as the submodule repositories you are trying to authenticate against. If you have external submodules, you'll have to clone them into the same Bitbucket instance as your main repository in order to use this workaround.

            Also, note that you still need to manually copy the public SSH key from the "Advanced" tab of the main Repository configuration, and add it as a "Read" Access Key in the repository permissions of each of the submodules in Bitbucket.

            [submodule "submodule"]
            	path = submodules/submodule
            	url = ../submodule.git
            [submodule "importing"]
            	path = submodules/importing
            	url = ../../e2/importing.git
            

            Dana Cartwright added a comment - I put in a support ticket and received a workaround that works IF you are using Bitbucket with Bamboo. I don't know whether this works with any other Git server. The workaround is to use only relative SSH URLs in your .gitmodules file. This only works if your main repository is on the same server as the submodule repositories you are trying to authenticate against. If you have external submodules, you'll have to clone them into the same Bitbucket instance as your main repository in order to use this workaround. Also, note that you still need to manually copy the public SSH key from the "Advanced" tab of the main Repository configuration, and add it as a "Read" Access Key in the repository permissions of each of the submodules in Bitbucket. [submodule "submodule" ] path = submodules/submodule url = ../submodule.git [submodule "importing" ] path = submodules/importing url = ../../e2/importing.git

            cmanzur added a comment -

            I can't make it work using YAML specs.

            I set id_rsa ssh key with chmod 600 on the agent.

            I also configured the .ssh/config to use this key.

            Please, fix this bug.

             

            cmanzur added a comment - I can't make it work using YAML specs. I set id_rsa ssh key with chmod 600 on the agent. I also configured the .ssh/config to use this key. Please, fix this bug.  

            wow this issue open more than my total years of experience 

            Anbalagan Akilan added a comment - wow this issue open more than my total years of experience 

            axxonadmin added a comment -

            That's nonsense. It's a bug. Please fix it.

            axxonadmin added a comment - That's nonsense. It's a bug. Please fix it.

            Kevin Tan added a comment -

            @jcbsv Thank you for your help, it work!

            But i have to make a minor modification in order to make it work - replaced > to />

            Unable to find source-code formatter for language: shell. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
            @echo off
            
            if exist "%USERPROFILE%" (
            if not exist "%USERPROFILE%\.ssh" mkdir "%USERPROFILE%\.ssh"
            )
            
            call :data1  /> "%USERPROFILE%\.ssh\id_rsa"
            
            exit /b
            
            :data1
            echo -----BEGIN RSA PRIVATE KEY-----
            echo ...
            echo -----END RSA PRIVATE KEY-----
            
            exit /b
            

            Kevin Tan added a comment - @jcbsv Thank you for your help, it work! But i have to make a minor modification in order to make it work - replaced > to /> Unable to find source-code formatter for language: shell. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml @echo off if exist "%USERPROFILE%" ( if not exist "%USERPROFILE%\.ssh" mkdir "%USERPROFILE%\.ssh" ) call :data1 /> "%USERPROFILE%\.ssh\id_rsa" exit /b :data1 echo -----BEGIN RSA PRIVATE KEY----- echo ... echo -----END RSA PRIVATE KEY----- exit /b

            jcbsv added a comment -

            @jingzheng.tan, you can add a script task to your build plan (before the source code checkout task) that uploads the ssh key to the agent, see this blog post for details: https://blog.nephics.com/2018/08/24/multi-repository-build-plans-with-atlassian-bamboo/

             

            jcbsv added a comment - @jingzheng.tan, you can add a script task to your build plan (before the source code checkout task) that uploads the ssh key to the agent, see this blog post for details: https://blog.nephics.com/2018/08/24/multi-repository-build-plans-with-atlassian-bamboo/  

            Kevin Tan added a comment -

            I encountered the same problem and i google but yet to find a solid work-around. Does anyone have luck to find one?

            Kevin Tan added a comment - I encountered the same problem and i google but yet to find a solid work-around. Does anyone have luck to find one?

            Atlassian Update – [30 April 2019]

            Hi everyone,

            Thanks for your interest in this issue.
            This request is considered a potential addition to our longer-term roadmap.

            We'll typically review this request in about 6 months time, at which point we’ll consider whether we need to alter its status.

            For the nearest future we've decided to prioritise other areas of the Bamboo roadmap, including:

            1. Performance and stability improvements
            2. Providing building blocks for High Availability and Disaster Recovery solutions
            3. Improving permission system
            4. Allowing per-project allocation of resources
            5. Improving Bitbucket Server and Jira integrations

            You can learn more about our approach to highly voted server suggestions here.

            To learn more on how your suggestions are reviewed, see our updated workflow for server feature suggestions.

            Kind regards,
            Bamboo Team

            Pawel Skierczynski added a comment - Atlassian Update – [30 April 2019] Hi everyone, Thanks for your interest in this issue. This request is considered a potential addition to our longer-term roadmap. We'll typically review this request in about 6 months time, at which point we’ll consider whether we need to alter its status. For the nearest future we've decided to prioritise other areas of the Bamboo roadmap, including: Performance and stability improvements Providing building blocks for High Availability and Disaster Recovery solutions Improving permission system Allowing per-project allocation of resources Improving Bitbucket Server and Jira integrations You can learn more about our approach to highly voted server suggestions here . To learn more on how your suggestions are reviewed, see our updated workflow for server feature suggestions . Kind regards, Bamboo Team

            This is not a suggestion, btw, this is a BUG that should get fixed.

            nexum Support added a comment - This is not a suggestion, btw, this is a BUG that should get fixed.

            Big problem here right now, but seemingly not for Atlassian

            nexum Support added a comment - Big problem here right now, but seemingly not for Atlassian

              mgardias Marcin Gardias
              jac-bamboo-user Bamboo User on JAC
              Votes:
              273 Vote for this issue
              Watchers:
              182 Start watching this issue

                Created:
                Updated:
                Resolved: