How to link a deployment script/repo from an application repo in Gitlab CD?

Let’s say you have:

  • Repo A with a generic application.
  • Repo B with an Ansible deployment script.

Inside the RepoA CI/CD runner, I want to run the Ansible script from Repo B. What’s the best/easiest way to do this?

  • Git clean/smudge filters for ansible vault secrets
  • GIT over SSH in Ansible hangs, eventhough ssh-agent forwarding is set up
  • Cloning a git repo from Bitbucket with Ansible - asked for password two or three times
  • ansible: git module is hanging
  • How to run a shell command in ansible's check mode?
  • Ansible git module rev-parse
  • What I am trying is to create an extra ssh key for RepoB only and feed it into the runner via Secret Variables. Unfortunately, I would have to create a dummy user, that only has access to RepoB for that.

    Is there any other ways I could do that? It seems like that should be a pretty common workflow for deployments.

  • How to export a function, from tmux.conf
  • Atom text editor adds “^M” to empty lines
  • What is a “merge bubble”?
  • Interactive rebase after merging/other commits interleaving mine
  • Suddenly unable to git fetch from origin
  • how setup heroku toolbelt to use -r <nickname> to specify an app
  • One Solution collect form web for “How to link a deployment script/repo from an application repo in Gitlab CD?”

    You’re right, that’s a pretty common use case. Gitlab uses what it calls Deploy Keys to achieve this (more info here).

    I’ve answered a similar question here.

    Below is a version of that answer tuned to your specific needs.

    First generate a SSH key pair. You can use ssh-keygen -t rsa for that.

    Then go to Repo B’s gitlab page and locate the Deploy Keys setting. There you should paste the public key you just generated.

    Then go to Repo A locate the Variables page. Create a new private variable with the name SSH_PRIVATE_KEY for instance and paste the private key you generated there.

    Finally, in your .gitlab-ci.yml file add the following so that your private key will be available to your CI environment:

    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    # Run ssh-agent (inside the build environment)
    - eval $(ssh-agent -s)
    # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    

    Your Repo A CI environment should now be setup so that in can pull Repo B.

    Git Baby is a git and github fan, let's start git clone.