In deployment, trying to checkout/merge in different repo than build repo


#1

We’re using CircleCI with BitBucket integration. This works great - we commit, it builds. No problem there.
As part of our process, we also need to interact with a Github repo as part of our deployment (it’s a long story). Anyway, my plan was to execute the following git commands under our “deployment” in circle.yml:

  • git config --global user.email “”
  • git config --global user.name “”
  • mkdir /home/ubuntu/foo
  • cd /home/ubuntu/foo
  • git init
  • git remote add … (adding the Github remote)
  • git fetch…
  • do some things…
  • git merge…
  • git push…

Nothing fancy.

We’ve uploaded the private SSH key to the Github repo in CircleCI. However, when we get to the “git fetch” step, we’re getting the following:

-platform: git-upload-pack: unknown error.
fatal: The remote end hung up unexpectedly

From what I’ve read, this is likely due to git not picking up the correct SSH key, however, people running into that problem usually see “permission denied”. We’re not seeing that.

Interestingly, if I enable SSH on the build and manually perform that exact same steps above, this works perfectly.

So, I’m just stuck at this point. I feel like I’ve tried everything I know to do and just can’t get anywhere.

Any help would be much appreciated. Thanks.

  • Terence

#2

I had roughy the same problem: we use two github repositories, repo1 triggers CircleCI to do a build, and then push to repo2.

After trying literally every trick in the book, here’s how we solved it:

  1. in your circle.yml file, add a hosts entry to: yourproject.github.com and point it to github’s IP (do a ping github.com. See expanded notes below for alternative options.

  2. Generate a keypair locally.

  3. in your projects CircleCI settings, under ssh permissions add that private key, and use yourproject.github.com as the host.

  4. Go to the target repository’s configuration page at github, add the public key to the repo’s deployment keys. Make sure you check “grant write access”

  5. in your deployment script, for the git url of the target repository, instead of using git@github.com:example/example.git use git@yourproject.github.com:example/example.git

That will crack this nut for you.

Notes:

  1. creating an /etc/hosts entry in your circle.yml file is a good medium term solution, but if github changes their ip’s, you’ll have to update your repo. that’s not ideal. If possible, I’d suggest going one step further, and looking at your organization’s dns & establishing a wildcard CNAME (like *.github.example.com record that simply points to github.com, and set the TTL really low. That way, if github changes their ip, your organization’s entry will update with it. then your deployments won’t randomly break one day.

#3