Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cannot pull the code from repository to docker images when build.

Chatree Kunjai
Chatree Kunjai June 26, 2024

 

 

Hi, I got the error when pulling the code from the private repository to the docker images.

On below is an errors.

#5 [10/10] RUN git clone --branch hotfix/some-hotfix git@bitbucket.org:workspaces-name/somerepo.git /basedir
#5 sha256:b815577ee879a9bc344d6239d834cc524f4a78f2f1c6949a2e14f2776a595c14
#5 0.291 Cloning into '/basedir'...
#5 0.319 Warning: Permanently added the ECDSA host key for IP address '18.205.93.2' to the list of known hosts.
#5 0.518 Permission denied (publickey).
#5 0.518 fatal: Could not read from remote repository.
#5 0.518
#5 0.518 Please make sure you have the correct access rights
#5 0.518 and the repository exists.
#5 ERROR: process "/bin/sh -c git clone --branch $BITBUCKET_BRANCH git@bitbucket.org:workspaces-name/somerepo.git /basedir" did not complete successfully: exit code: 128

The dockerfile.

FROM docker-image:base

# Add Maintainer Info
LABEL maintainer="somebody"

# Add Argument for build
ARG ssh_prv_key
ARG ssh_pub_key
ARG bitbucket_branch

RUN mkdir -p ~/.ssh && \
    chmod 0700 ~/.ssh

# Add the keys and set permissions
RUN echo "$ssh_prv_key" > ~/.ssh/id_rsa && \
    echo "$ssh_pub_key" > ~/.ssh/id_rsa.pub && \
    chmod 600 ~/.ssh/id_rsa && \
    chmod 600 ~/.ssh/id_rsa.pub

RUN touch ~/.ssh/known_hosts && \
    ssh-keygen -R bitbucket.org && sed -i.old -e '/AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/d' ~/.ssh/known_hosts && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

# setup code
RUN git clone --branch $bitbucket_branch git@bitbucket.org:workspaces-name/somerepo.git /basedir

CMD ["/run.sh"]

The docker build command on pipeline. The variable $SSH_PRIVATE_KEY and $SSH_PUB_KEY was added on repository variables.

docker build --no-cache -t $IMAGE_NAME --build-arg "ssh_prv_key=$SSH_PRIVATE_KEY" --build-arg "ssh_pub_key=$SSH_PUB_KEY" --build-arg bitbucket_branch=$BITBUCKET_BRANCH -f ./Dockerfile .

I tried to recheck the public key on my local machine that was added to ACCESS_KEY in the repository setting. It seems working fine.
# ssh -F /dev/null -o IdentitiesOnly=yes -i id_ecdsa git@bitbucket.org
allocation request failed on channel 0
authenticated via ssh key.

You can use git to connect to Bitbucket. Shell access is disabled
Connection to bitbucket.org closed.

I already tested the docker images on my local machine and is build completed, but on the bitbucket cloud. It stuck at the error above.

Any suggestion?
Answer
Watch
Like Sabine Mayer likes this
426 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 1, 2024

Hi Chatree,

Pipelines does not currently support line breaks in environment variables, and SSH key files contain line breaks. You will need to base-64 encode the private key on your computer, and then store in the variable $SSH_PRIVATE_KEY the base-64 encoded value.

Then, in the Dockerfile, you can decode the variable as follows:

RUN echo $ssh_prv_key | base64 --decode > ~/.ssh/id_rsa && \
    chmod 600 ~/.ssh/id_rsa

Similarly with the public key, although I don't think that you need the public key to be present in order to clone. Just the private key should be enough.

Could you give it a try and let me know how it goes?

You can also check the following page for info on how to encode the private key:

 

Just a heads up, in the command where you create the known_hosts file, you can remove the following part:

ssh-keygen -R bitbucket.org && sed -i.old -e '/AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/d' ~/.ssh/known_hosts

This is for removing entries with the old Bitbucket Cloud host key. If this is a brand new file, simply fetching the host keys with curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts is enough. This is not related to the Permission denied error you see; it's just a suggestion for improvement.

Kind regards,
Theodora

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.