Unable to create deploy or user SSH keys in Github App

I set up a project using the Github App.

I think my issue is similar to #49542.

In my case, builds run just fine, but I want to add a step to pull a different repository into the build, and I am unable to add a user key.

I am able to add SSH keys under “Additional SSH Keys” but not under ‘Deploy Key’ or ‘User Key’.

On the ‘SSH’ tab for the project, when I click ‘Add Deploy Key’, a javascript console error is generated:

POST https://circleci.com/api/v1.1/project/circleci/SaZcRc7nK8cVXQoPnsqhrx/PEYbXZYqmjn58CLXZGuKxM/checkout-key 400 (Bad Request)
_app-c786c1a5af537225.js:1 Uncaught (in promise) Error: This API endpoint is not supported for this project type

I can post a longer stack trace if it would be helpful.

For ‘add user key’, I get a message, ‘Confirm this user is a machine user’ - but it isn’t clear what “this user” refers to.

This time the error is:

POST https://circleci.com/api/v1.1/project/circleci/SaZcRc7nK8cVXQoPnsqhrx/PEYbXZYqmjn58CLXZGuKxM/checkout-key 400 (Bad Request)
Uncaught (in promise) Error: Invalid checkout key type (valid types are deploy-key and bitbucket-user-key)

This seems like a bug, but if I am doing something wrong, I appreciate being pointed in the right direction.

Hi, sorry for the confusion. We are working on cleaning up the UI to not be misleading. “Additional SSH Keys” is the only section on that page that is relevant to orgs that integrate with GitHub App GitHub App integration overview - CircleCI

How are you trying to pull a different repo? By modifying the checkout step?

      - run:
          name: Blindly and insecurely accept that GitHub is who they say they are
          command: mkdir ~/.ssh/ && echo -e "Host github.com\n\tStrictHostKeyChecking no\n" > ~/.ssh/config
      - run:
          name: Clone starter kit repo
          command: git clone git@github.com:MyOrg/myrepo.git app

I think the next thing I will try is to add a key with github.com specified as the host

I’m getting the same error from my local when I:

ssh-add -D
ssh-add ~/.ssh/my_cool_key
git clone my-cool-repo.git

I think I need to work this out on the github end. Thanks for any insights of course.

Sorry for the delay, did a little digging internally. I think what you need to do is:

Manually provide the ssh keys as “additional ssh keys” and then add the key fingerprints in .circleci/config.yml and checkout the repos you need.

I believe you can add fingerprints using these docs: Add additional SSH keys to CircleCI - CircleCI. Let me know if that doesn’t work.

I thought that was what I was doing :slight_smile:

A couple of things got me past this step

  • run the checkout command before add_ssh_keys; otherwise, CIRCLE_CI_REPOSITORY_URL was empty
  • make sure I add the private key to the project, and the public key to the 2nd repository I want to work with :face_holding_back_tears:

Thanks for your assistance

Thank you, I’ll make sure we get the docs updated to be more clear. Let me know if you run into any other issues

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.