Fetching private repo using go mod in circle ci

Question

I followed this and added the keys in SSH Permissions as well as the fingerprint in my circle config file.

I also added this to my ~/.gitconfig as part of my circle compile step.

[url "ssh://git@github.com/MYORGANIZATION/"]
insteadOf = https://github.com/MYORGANIZATION/

following the official recommendation

When I SSH into the circle image I can see the fingerprint being added using this command ssh-add -l -E md5. But there's no keys added in ~/.ssh/. I'd expect to have ~/.ssh/id_rsa_<fingerprint> in there.

However I still get access denied when I try to retrieve the package.

Answer 1

The easiest way to get this to work is to follow the instructions for adding a machine user: https://circleci.com/docs/2.0/gh-bb-integration/#enable-your-project-to-check-out-additional-private-repositories

For a more complicated solution, read on.

I recently attempted the same thing. The add_ssh_keys keys should (and did in my case) add the id_rsa_<fingerprint> file.

The problem I ran into was that the key is added with an ssh config that contains:

Host !github.com *

I believe the problem is that it uses the default CircleCI key to authenticate with github. That key is valid, so github accepts it, but it most likely does not have access to the private repo in your dependencies.

To get it to work what I had to do was:

# Disable ssh-agent which seemed to override `-i`
export SSH_AUTH_SOCK=none
# Tell get to ssh with the key I want to use
export GIT_SSH_COMMAND="ssh -i /root/.ssh/id_rsa_FINGERPRINT

# Run some command to pull dependencies
go test ./...