Clone private GitHub repo in Google Cloud Build yaml

Question

According to a note in Cloud Build documentation titled Accessing private GitHub repositories:

When you run builds using Cloud Build triggers, you can automatically connect to any private repository you own without storing your credentials in Secret Manager.

Based on this, I have tried to git clone my private GitHub repo (without piping ssh keys from Secret Manager to ssh files which the doc states is unnecessary using a build trigger) to no avail. Using ssh below in my cloudbuild.yaml file:

steps:
- name: google/cloud-sdk:alpine
  id: Clone repo
  entrypoint: git
  args: ['clone', 'git@github.com:my-org/my-repo.git']

results in error:

Step #0: Host key verification failed.
Step #0: fatal: Could not read from remote repository.

And using https

  args: ['clone', 'https://github.com/my-org/my-repo.git']

I get:

Step #0 - "Clone repo": fatal: could not read Username for 'https://github.com': No such device or address

Is there any way to clone a private GitHub repo within cloudbuild.yaml without tediously piping ssh keys from Secret Manager to volumes before the clone? Any tips would be much appreciated.

Answer 1

I found a similar case that has been created as an issue in github which can help you to resolve your errors while using ssh.

For https approach, I would recommend you to remove https://github.com from the url. And I found another issue that has been created in github which can help you to resolve your issue while using https approach.

Answer 2

As mentioned in the note shared, You need to configure your Cloud Build Trigger, if you want to avoid Secret Manager.

The Build Trigger setup step involves authenticating to your source repository with your username and password.

So when you fire this Cloud Build Trigger, it will not ask for your credentials in Secret Manager, as the authentication is already provided in an earlier step (Trigger Setup).