Can not run git commands in custom steps in digitalocean

the .drone.yml is below:

kind: pipeline
type: digitalocean
name: build

token:
from_secret: digitalocean_token

server:
image: docker-18-04
size: s-2vcpu-4gb
region: sfo2

steps:

  • name: submodules
    image: alpine/git
    environment:
    SSH_KEY:
    from_secret: github_ssh_key
    commands:
    • mkdir $HOME/.ssh
    • echo “$SSH_KEY” > $HOME/.ssh/id_rsa
    • ssh-keyscan github.com >> ~/.ssh/known_hosts
    • chmod 600 $HOME/.ssh/id_rsa
    • echo -e “Host github.com\n\tStrictHostKeyChecking no\n” >> ~/.ssh/config
    • git config core.sshCommand ‘ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no’
    • git submodule update --init --recursive

The error log is:

  • git submodule update --init --recursive
    19 Submodule ‘child-repo’ ([email protected]:azuruce/child-repo.git) registered for path ‘child-repo’
    20 Cloning into ‘/tmp/drone-EtWrGGTs1O1Tn3kJ/drone/src/parent-repo’…
    21 Host key verification failed.
    22 fatal: Could not read from remote repository.

I tried a few ways to work around the host key validation error, but is not successful.

understood this is not a drone issue but ssh issue. I hope someone has seen the same error and solved it already.

appears to be alpine/git problem


reproduce by “docker run alpine/git clone xxx”

as an aside, the digital ocean runner does not use the alpine/git image (or any containers for that matter). All pipeline steps are executed directly on the droplet using ssh. So in this case, the error would be unrelated to any issues with alpine/git.

I think you are clarifying digitalocean runner is not the cause of the problem which I tend to agree. the problem is with alpine/git whose instruction require you to mount ~/.ssh into container before running.

well, what he is saying is the digitalocean runner does not create containers, and ignores any use of image: in your yaml. So in this case alpine/git is not actually being used.

Thanks! I got that now.
Here is what I found:

  1. if I use alpine/git, I will need to create HOME variable, ~/.ssh directory, ~/.ssh/id_rsa (.pub), ~/.ssh/known_hosts before I can update submodules.

The code worked is:

kind: pipeline
name: build
steps:

  • name: submodules
    image: alpine/git
    environment:
    SSH_KEY:
    from_secret: github_ssh_key
    commands:
    • mkdir -p $HOME/.ssh
    • echo “$SSH_KEY” > $HOME/.ssh/id_rsa
    • chmod 600 $HOME/.ssh/id_rsa
    • ssh-keyscan github.com > /root/.ssh/known_hosts
    • git submodule update --init --recursive

If I use digital ocean, I need the same 5 lines.