Teamcity Github Deploy Key Could Not Read From Remote Repository

Integrating TeamCity and GitHub with SSH is actually as piece of cake as y'all would call up information technology is

At RiskLens we have been using TeamCity with Mercurial and Kiln for a while now. This year we accept decided to make the movement to GitHub for our source control. Very exciting! In our conversion, nosotros ran into some frustrating bumps with getting TeamCity integrated. Our GitHub company organisation was setup with individual repositories for security reasons. Information technology was decided that nosotros would integrate over SSH, again for security reasons.

Sounds easy enough, right? Unfortunately, this took the states far longer to work through the details of than nosotros would like to admit. As well many instructions and blog posts walked through doing this with public repos or with a specific user's repositories, not repositories for an organization. All the blogs, StackOverflow posts, and forum posts did (technically) contain all the data we needed, but unfortunately, the information we needed was scattered across all of them! After traversing bullheaded alleys, following ruby-red-herrings, and copy pasting .ssh into virtually every folder nosotros could find (don't ask) we finally got what should exist a days worth of piece of work done subsequently a week of overworking our Google-fu muscles and shouting 'There IS NO Way THIS IS THIS HARD!'.

Hither is all the information yous need in one location. We did all the difficult work, and then you don't have to.

Suggested Tools

• Latest version of TeamCity
  In that location have been reports of some SSH issues with previous versions of TeamCity which should now be resolved in 2017.two. Upgrading our instance to this version solved half our integration bug.
• Secure password keeper
  The SSH central process will generate both a public and individual central for y'all to salvage. Y'all'll also need to have and securely store/retrieve a passphrase then we recommend utilizing a secure password keeper for this. See 10 Best Password Managers of 2018 for some ideas.

Configure Build Server

Install Git

Outset things showtime. You demand to be certain Git is installed on your TeamCity build server. Download and install information technology from here. This volition include GitBash which is what is needed for setting up the SSH key on the server.

Set your organisation PATH environment variable

The PATH variable doesn't automatically get set correctly and so you will desire to check it and confirm the following is present or add it if not.

          C:\Program Files\Git\cmd;C:\Program Files\Git;C:\Program Files\Git\usr\bin        

The default install location is what our case uses for Git. But be certain to have your PATH reverberate the install location of Git on your system. The ~\Git\usr\bin is very important as this is the location of the ssh-agent which TeamCity will be looking for when it runs.

Setup GitHub

There are a few unlike ways to configure TeamCity to deeply connect to private repositories on GitHub. We chose to utilize the SSH Deploy Key option as it fit our needs well and didn't crave us to apply login credentials or create a special GitHub user account for TeamCity. See all the available options hither:

The simply real downwardly side to the Deploy Key method is that you volition need to create a new Deploy Key for each repository. So if you have a lot of repositories this could be wearisome.

Create the SSH Deploy Key for your private repository

Using GitBash on whatsoever machine (doesn't demand to be the build server), follow these steps to create a new SSH cardinal. Full details can exist found here. Learn more about ssh-keygen hither.

          $ ssh-keygen -t rsa -b 4096 -C "key label"        

Quick command breakup:

• -t is the key blazon and rsa is the algorithm used to generate the primal. This is preferred and recommended by GitHub.
• -b is the bits specifying the key size. To an extent the higher the number the greater the security level. RSA defaults to 2048 but 4096 is recommended by GitHub.
• -C is for comments and is saved in the comment field of the key. This can exist any cord you want to aid place the fundamental.

Follow the prompts given. It's recommended you lot choice a non-default name for the key if you accept multiple repositories yous will exist creating keys for. The last prompt will exist for a passphrase. Be sure to securely save this somewhere for afterward use (as suggested… continue this in a secure password keeper).

This process will generate a private and public key for y'all to utilise.

Add Deploy Key to GitHub private repository

You lot will need to copy the SSH key you only created to the clipboard via the following control within GitBash:

          $ clip < ~/.ssh/{key_name}.pub        

Replace {key_name} with what you named your central. Be sure to copy the public key.

Now within GitHub, we volition add the public key to the list of repository deploy keys.

1. Go to your individual repository inside your organization
2. Click Settings
3. Click Deploy keys
4. Click Add together deploy key
5. Requite the new deploy key a title (recommend calling information technology "TeamCity" since it'due south for that integration)
6. Paste the central in from the clipboard
7. Check Allow write access (this allows TeamCity to tag the repository)
8. Click Add together fundamental

Setup TeamCity

Add the SSH folder to TeamCity build server

With our setup we have the TeamCity server and agents running on the aforementioned motorcar merely nether different users. Under the user used past the TeamCity Amanuensis, yous need to be sure the following folder exists, and if not, create it or copy it in from another user.

          C:\Users\{TeamCity Amanuensis Username}\.ssh        

Windows volition not let yous to create this folder yourself via the GUI. You can use GitBash to create the folder.

          $ mkdir .ssh        

Setup the known_hosts file on TeamCity build server

Inside the new .ssh folder, yous volition need to copy in or create a known_hosts file.

Populate the file by running the following control from GitBash. It will collect the necessary public SSH host keys for the host we've selected — github.com. We are porting the results out into our known_hosts file which the Agent will use when information technology connects.

          $ ssh-keyscan -t rsa github.com >> /c/users/{TeamCityAgentUser}/.ssh/known_hosts        

Quick command breakdown:

• -t once again specifies the key blazon and that RSA is the algorithm beingness used with SSH.
• github.com is the host we are scanning for SSH host keys.
• The last piece of the control is the location of the known_hosts file for the Agent we are updating with the results of running the command.

Run this command once on the server. Information technology'll prime the known_hosts file so that the first few runs of the builds from TeamCity will be certain it gets updated as needed with host information.

Add together SSH key to TeamCity

Next we'll add together the SSH key to the TeamCity project connected to that repository.

1. Get to Administration
2. Click on Projects
3. Select the projection for your repository from the list
4. Click SSH Keys from the left side of the folio
5. Click Upload SSH Key
6. Give the fundamental a proper noun that will be unique (suggested: "TeamCity_GitHub_RepoName" where "RepoName" is the proper noun of your repository)
7. Browse to and select the individual key (this may be on your local figurer or yous may demand to move your private key somewhere accessible via this prompt)
8. Click Save

Setup TeamCity Project

Set TeamCity Projection VCS to utilise GitHub with SSH key

Yet in your projection in TeamCity, click VCS Roots from the left side of the page. If you already have a VCS Root to GitHub, you can update it to the below settings to work with SSH. If yous don't have a GitHub VCS Root setup, then click Create VCS Root to get started.

1. Set the Type of VCS to "Git"
2. VCS Root Proper noun & ID can be whatever yous similar (suggested is "RepoName_Git")
3. Fetch URL will need to be copied from GitHub
4. Get to your repository's principal page in GitHub
5. Click Clone or download
6. Click "Use SSH" which should update the URL to something that starts with git@github.com:
7. Click the Copy to Clipboard push button
8. Paste this into the Fetch URL back in TeamCity for your project
9. Default branch can be whichever branch you prefer to work with the most, for united states that was refs/heads/develop
10. Gear up the Authentication Method to "Uploaded Fundamental"
11. Leave the Username blank
12. Select the key you added in the concluding footstep from the dropdown for the Uploaded Central

Setup TeamCity Build Configuration

With our build configurations, we wanted TeamCity to run our tests and deploy the lawmaking if the tests pass. Post-obit successful deployment we wanted to tag the repository with a marker.

Add VCS to build config with SSH primal

Within your build configuration of your project, click Version Control Settings from the left side of the page. Click Attach VCS Root and select the Git VCS Root from the last pace.

Add SSH agent build characteristic

Notwithstanding inside the build configuration, click on Build Features on the left side of the folio. Click Add Build Feature and select SSH Agent. In the prompt, select the uploaded key for your repository and copy in your saved passphrase for it. Click Relieve.

Yous should now be all setup to run your desired build steps! The build may fail the offset two or 3 times equally the known_hosts file gets populated. Don't panic but practise monitor the file to confirm it's existence updated with each run attempt.

There ya go folks, feel free to commend with your own experiences, errors and successes. That way, maybe the procedure will become easier for the next person to set this upward.

vidalseessishe.blogspot.com

Source: https://medium.com/@amaya30/integrating-teamcity-and-github-with-ssh-is-actually-as-easy-as-you-would-think-it-is-3429e01112ea

Share this post