Gitlab-CI clone private repo from setup.py with token instead of ssh keys?
Question
I have a Python project which I want to build and test with gitlab-ci.
In my setup.py file I have a few dependencies that can currently be downloaded using SSH keys.
[setup.py]
...
install_requires=[
"test1 @ git+ssh://git@ssh.git.xxxx.de/path/to/repo/test1.git@1.1.0#egg=test1",
"test2 @ git+ssh://git@ssh.git.xxxx.de/path/to/repo/test2.git@1.0.2#egg=test2",
],
Despite this configuration, can I use the "CI_JOB_TOKEN" in gitlab-ci pipeline to access these resources?
echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
Or do I inevitably have to store an additional secret variable with the ssh private key in gitlab-ci and add this key for each stage in "before_script"?
[gitlab-ci.yml]
...
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "$SSH_PRIVATE_KEY")
Is there any advantage to using ssh-keys instead of https?
1 answers
solution1
0 ACCPTED 2020-07-14 12:05:35
Based on GitLab CI/CD docs :
The Job environment variable
CI_JOB_TOKENcan be used to authenticate any clones of dependent repositories.
As mentioned above, using CI_JOB_TOKEN does not give pipelines write access to dependent repositories. It can just be used for clone/download dependent repositories.
On the other side, using SSH private key gives more permissions to your pipeline.
There are other ways to access dependent repositories. You can access the repositories you need by defining Deploy Tokens or Deploy Keys for them.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.