Add ssh-key add to cni-plugin push-images pipeline [master]#11952
Conversation
danudey
added
docs-not-required
There was a problem hiding this comment.
Pull request overview
This PR updates the SemaphoreCI “push-images” pipeline for the cni-plugin component by adding an ssh-add step to the global prologue, presumably to ensure SSH credentials are available during image publishing.
Changes:
- Add
ssh-add ~/.ssh/id_rsato the.semaphore/push-images/cni-plugin.ymlglobal job prologue.
| - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin | ||
| - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io | ||
| - export BRANCH_NAME=$SEMAPHORE_GIT_BRANCH | ||
| - ssh-add ~/.ssh/id_rsa |
There was a problem hiding this comment.
ssh-add ~/.ssh/id_rsa is likely to fail in Semaphore because this pipeline does not load an SSH key secret (most other pipelines add keys from ~/.keys/* after chmod 0600, e.g. .semaphore/release/cut-branch.yml), and ~/.ssh/id_rsa may not exist or may be passphrase-protected. Since the global prologue runs even for PR builds (where the jobs are no-ops), a failing ssh-add would break the workflow unnecessarily. Please either (a) add the appropriate SSH-key secret and use the established ~/.keys/* + chmod 0600 pattern, or (b) gate ssh-add behind a key-exists/branch-only check if it’s only needed for non-PR publishing runs.
| - ssh-add ~/.ssh/id_rsa | |
| - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ] && [ -f "${HOME}/.ssh/id_rsa" ]; then ssh-add "${HOME}/.ssh/id_rsa" || true; fi |
No description provided.