【发布时间】:2018-05-09 12:53:21
【问题描述】:
从 Circle 1.0 迁移到 2.0。 我可以毫无问题地获取我的代码,但用于部署的 ssh 密钥似乎不可用。
所以当部署步骤开始时,它会失败:
#!/bin/bash --login
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
bundle exec cap staging deploy
else
echo "Not on develop branch"
fi
(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as [redacted]@staging.captaincontrat.com: Authentication failed for user [redacted]@staging.captaincontrat.com
Net::SSH::AuthenticationFailed: Authentication failed for user [redacted]@staging.captaincontrat.com
Tasks: TOP => rvm:hook
(See full trace by running task with --trace)
Exited with code 1
我尝试使用add_ssh_keys 步骤,但密钥仍然不可用。
As the documentation specifies that it adds all keys by default 反正我删了。
这里是config.yml文件,大部分是迁移脚本的结果:
version: 2
jobs:
build:
working_directory: ~/captaincontrat/captaincontrat
parallelism: 1
shell: /bin/bash --login
environment:
CIRCLE_ARTIFACTS: /tmp/circleci-artifacts
CIRCLE_TEST_REPORTS: /tmp/circleci-test-results
# As our ruby version is a bit old, we can't use a pre-configured circle image.
# So we need to use one with a large number of languages and other packages.
# Once ruby is updated, choose a more recent image for better and faster builds.
# https://circleci.com/docs/2.0/circleci-images/
docker:
- image: circleci/build-image:ubuntu-14.04-XXL-upstart-1189-5614f37
command: /sbin/init
steps:
- checkout
# Prepare for artifact and test results
- run: mkdir -p $CIRCLE_ARTIFACTS $CIRCLE_TEST_REPORTS
# Dependencies
- run:
name: Show me the available ssh keys
command: 'ls -lha ~/.ssh'
- run:
name: Start redis
command: 'sudo redis-cli ping >/dev/null 2>&1 || sudo service redis-server
start; '
# Restore the dependency cache
- restore_cache:
keys:
# This branch if available
- captaincontrat-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
# Default branch if not
- captaincontrat-develop-
- run: gem install bundler
- run: echo -e "export RAILS_ENV=test\nexport RACK_ENV=test" >> $BASH_ENV
- run: 'bundle check --path=vendor/bundle || bundle install --path=vendor/bundle
--jobs=4 --retry=3 '
- save_cache:
key: captaincontrat-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
paths:
- vendor/bundle
- ~/.bundle
- run: |-
mkdir -p config && echo 'test:
adapter: mysql2
database: circle_ruby_test
username: ubuntu
host: localhost
' > config/database.yml
- run:
command: bundle exec rake db:create db:schema:load --trace
environment:
RAILS_ENV: test
RACK_ENV: test
# Test
# This would typically be a build job when using workflows, possibly combined with build
- run: bin/rspec_all
- run: bundle exec codeclimate-test-reporter $CIRCLE_ARTIFACTS/coverage/.resultset.json
# Deploy if develop
# This should be in a workflow, but workflows can't cancel redundant jobs for now.
- deploy:
name: Deploy to staging if branch is develop
command: |
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
bundle exec cap -t staging deploy
else
echo "Not on develop branch => Not deploying to staging"
fi
# Teardown
# If you break your build into multiple jobs with workflows, you will probably want to do the parts of this that are relevant in each
# Save test results
- store_test_results:
path: /tmp/circleci-test-results
# Save artifacts
- store_artifacts:
path: /tmp/circleci-artifacts
- store_artifacts:
path: /tmp/circleci-test-results
我错过了什么‽ 谢谢!
编辑:这是解决方案
重点是:
- add_ssh_keys
- 然后run evalssh-agent&& ssh-add ~/.ssh/id_rsa* 在cap deploy 之前,因为我需要.ssh/id_rsa 通过代理转发签出回购中的代码
# Deploy if develop
- add_ssh_keys
- deploy:
name: Deploy to staging if branch is develop
command: |
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
eval `ssh-agent` && ssh-add ~/.ssh/id_rsa* && bundle exec cap staging deploy
# ... snip
为确保代理转发,您可以在 capistrano 阶段配置中添加set :ssh_options, forward_agent: true。
【问题讨论】:
-
请注意:您可以为自己的问题提供答案,而不必使用问题本身来提供答案。这将使我们所有人都对答案进行投票和评论.. :)
标签: capistrano continuous-deployment ssh-keys circleci circleci-2.0