Capistrano Deploy fails on git step in remote server

ssh

#1

We are attempting to setup CD for an existing application that uses capistrano to deploy to EC2. Currently, the deploy fails early when running the command git ls-remote --heads git@github.com:my-org/my-repo:

** Execute git:check
  INFO [28b2624a] Running /usr/bin/env git ls-remote --heads git@github.com:my-org/my-repo.git as ubuntu@server.ip.address
 DEBUG [28b2624a] Command: ( export GIT_ASKPASS="/bin/echo" GIT_SSH="/tmp/appname/git-ssh.sh" ; /usr/bin/env git ls-remote --heads git@github.com:my-org/my-repo.git )
 DEBUG [28b2624a] 	Permission denied (publickey).
 DEBUG [28b2624a] 	fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
cap aborted!

We’ve added some extra debug tasks to see if ssh agent forwarding is working and I can see the github deploy key and the key for EC2 running through capistrano on the EC2 server using ssh-add -L. I can even have a capistrano step run ssh -T git@github.com and I get the expected response of Hi org-name/softwareteam! You've successfully authenticated, but GitHub does not provide shell access.

Things get weird when I debug a build using SSH. Attempting to deploy fails in the Circle SSH environment unless we run ssh-add -D and then ssh-add the keys in ~/.ssh/, at which point cap staging deploy is successful. Adding these commands to the deploy step in circle.yml does not resolve anything.


#2

Looks like we’re having the same problem. Our deploy is doing the same check. If I understand correctly, it is because when invoked from Capistrano, git is trying to use the SSH key that CircleCI is using to SSH into the server, which isn’t added to Github. Is there a way to forward the CircleCI “deploy key” for this step, since it’s already being used to access the repo in the first place?


#3