How to link a deployment script/repo from an application repo in Gitlab CD?

Let’s say you have:

  • Repo A with a generic application.
  • Repo B with an Ansible deployment script.

Inside the RepoA CI/CD runner, I want to run the Ansible script from Repo B. What’s the best/easiest way to do this?

What I am trying is to create an extra ssh key for RepoB only and feed it into the runner via Secret Variables. Unfortunately, I would have to create a dummy user, that only has access to RepoB for that.

Is there any other ways I could do that? It seems like that should be a pretty common workflow for deployments.

  • How to clear git caches?
  • gitlab and nginxX failing with error 403
  • How do I create a GitLab webhook?
  • Permission Denied (publickey) - Git Bash on Windows
  • GitLab showing computer name + router name as commiter name
  • Install node module from own gitlab server
  • why gitlab refuse push pdf file?
  • GitLab webhook error 'Hook Execution Failed'
  • One Solution collect form web for “How to link a deployment script/repo from an application repo in Gitlab CD?”

    You’re right, that’s a pretty common use case. Gitlab uses what it calls Deploy Keys to achieve this (more info here).

    I’ve answered a similar question here.

    Below is a version of that answer tuned to your specific needs.

    First generate a SSH key pair. You can use ssh-keygen -t rsa for that.

    Then go to Repo B’s gitlab page and locate the Deploy Keys setting. There you should paste the public key you just generated.

    Then go to Repo A locate the Variables page. Create a new private variable with the name SSH_PRIVATE_KEY for instance and paste the private key you generated there.

    Finally, in your .gitlab-ci.yml file add the following so that your private key will be available to your CI environment:

    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    # Run ssh-agent (inside the build environment)
    - eval $(ssh-agent -s)
    # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'

    Your Repo A CI environment should now be setup so that in can pull Repo B.

    Git Baby is a git and github fan, let's start git clone.