Access to other repositories

2 minute read

Some projects have dependencies that require access to other private repositories during the build. There are several options for configuring your project to be able to access other private repositories.

The Default Configuration

CodeShip creates a SSH key pair for each project when you first configure it. This SSH key allows CodeShip to clone that main private repository by default. It will also allow CodeShip to clone other public repositories on the same SCM. For example if your private repository is on GitHub, CodeShip can clone your private repository and any public repository on GitHub during your build.

On CodeShip you can view the SSH public key under Project Settings > General. This key is automatically added as a deploy key to the repository on your SCM. For example on GitHub you can see this deploy key by going to your repository and navigating to Settings > Deploy keys.

If your project needs to access other private repositories during the build (e.g., git submodules) you will encounter a cloning error and will need to do additional configuration to enable access.

The Machine User Solution

The recommended solution for accessing other private repositories is to configure a machine user on your SCM.

  • Create a machine user on your SCM

  • Remove the CodeShip deploy key from the SCM (on GitHub you will find this on your repository under Settings > Deploy keys)

  • Now add the SSH public key from your CodeShip project (under Project Settings > General) to the machine user (this is the key that was previously added as a deploy key)

  • Grant the machine user access to the main repository and any private repositories it needs to access on the SCM

  • Start a new build and your project should now be able to access the private repositories

Even though the above example references GitHub, the process should be similar for Bitbucket and GitLab.

The Personal Account Solution

As an alternative you can also apply the same process above to a personal GitHub user account instead of a machine user. Keep in mind this will allow the CodeShip project to access any repository that the personal account has access to. Also note that if the personal account has permissions revoked on the SCM (for example if an employee leaves the company) then all of the CodeShip projects using that account’s authorization will also break.

Typical Error Messages

If your project needs to access another private repository and has not been configured yet, you may see clone errors like these:

remote: Repository not found
fatal: Could not read from remote repository
Permission denied (publickey).
Please make sure you have the correct access rights and the repository exists.
Clone of 'git@bitbucket.com:username/reponame.git' into submodule path 'path' failed