1

我正在使用IBM Cloud Code Engine 从私有 git repo 构建源代码。我试过很多次,buildrun总是失败。以下是我已经完成的步骤。

  1. 将我的公钥 (/root/.ssh/id_rsa.pub) 作为部署密钥添加到我的私人仓库

  2. 使用 IBM Cloud Code Engine CLI 创建存储库访问凭证 ibmcloud ce repo create --name ibmgithub --key-path /root/.ssh/id_rsa --host github.ibm.com

  3. 使用 IBM Cloud Code Engine CLI 创建构建,然后提交构建运行 ibmcloud ce build create --name minion --image us.icr.io/mynamespace/myimg --rs ce-default-icr-us-south --git-repo-secret ibmgithub --source https://github.ibm.com/myaccount/myrepo --strategy dockerfile --size medium

  4. 构建运行总是失败

#:~/synthetics-private-minion# ibmcloud ce bd get -n minion
Getting build 'minion'
OK
Name:          minion  
ID:            0abc63a0-07d5-42c5-b70a-227e52310276  
Project Name:  private location  
Project ID:    25491342-e9e8-4ac7-90ff-b9994cda9242  
Age:           6m24s  
Created:       2021-03-31T04:11:41-05:00  
Status:        Succeeded  
Reason:        all validations succeeded  
Image:            us.icr.io/mynamespace/myimg 
Registry Secret:  ce-default-icr-us-south  
Build Strategy:   kaniko-medium  
Timeout:          10m0s  
Source:           https://github.ibm.com/myaccount/myrepo  
Commit:           main  
Dockerfile:       Dockerfile  
Repo Secret:      ibmgithub  
Build Runs:    
  Name              Status                                                                                                                                                                                                                                                                                                                            Age  
  minion-run-sj5fl  "step-git-source-source-cm7pc" exited with code 1 (image: "icr.io/obs/codeengine/tekton-pipeline/git-init-4874978a9786b6625dd8b6ef2a21aa70@sha256:47b8008fa1910fa36c8284871eb9d8e7fbab8bc3a1db4cdd97c61d88727cc58f"); for logs run: kubectl -n 7pztl5cw3ad logs minion-run-sj5fl-nbzft-pod-rx9x9 -c step-git-source-source-cm7pc  5m42s
  1. 我怀疑构建运行无法从我的私人仓库中获取源代码。我检查了 repo UI,它显示了 deploy key Never used

任何人都可以对此有所了解吗?谢谢。

4

2 回答 2

2

The build capability of IBM Cloud Code Engine can access source code in public and private repositories. There are two criteria for a repository to be public:

  1. The repository must be marked as public at your repository provider (for example GitHub, or GitLab).
  2. The repository must be accessible without any authentication. This plays a role for GitHub Enterprise installations, for example github.ibm.com, which can put an additional authentication in front to prevent anonymous access.

The second criteria makes your repository a private one from Code Engine perspective. To address a repository in a Code Engine build, there is a simple rule:

  • For a public repository, use the HTTPS URL of the repository and no repository access secret
  • For a private repository, use the SSH URL of the repository and a repository access secret

You correctly specify a repository access secret, but must change your source URL to use the SSH protocol. The easiest way to find the URL, is the Code drop-down in GitHub:

GitHub Code drop-down

So it should be git@github.ibm.com/myaccount/myrepo in your case.

Further references:

Instructions on how to setup a repository access secret can be found in Accessing private code repositories.

Troubleshooting for a failed BuildRun can be found in Troubleshooting tips for builds. It includes instructions to retrieve the logs from your BuildRun and translates the error message you see into the root cause with steps to resolve them.

于 2021-04-01T06:56:10.967 回答
1

Since you're using an ssh key, make sure the URL to your git repo starts with git@ instead of https://. So it should be git@github.ibm.com/myaccount/myrepo in your case.

For further issues with failing builds, you can check the related troubleshooting buildruns section in the Code Engine docs.

于 2021-03-31T20:05:06.900 回答