How to handle private repositories ?

[pquerner]

I have a private repository I want on my private gitlab instance mirrored, how would I do this?

Currently I get permission error.

START [2018-02-23 13:41:50.765365723 +00:00]: ssh://[email protected]:7999/xxxx.git -> [email protected]:xxx/xxxxx.git
Cloning into bare repository './mirror-dir/ssh-git-bixxxxxl-git'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

[pquerner]

I had to just ssh-add my key. But this only works for me in a non-dockerized way.
Can you help me "forward" my loaded key to the docker container?
I tried https://github.com/uber-common/docker-ssh-agent-forward but I had no luck so far.

Also tried

docker run -i -t -v $(readlink -f $SSH_AUTH_SOCK):/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent -e GITLAB_PRIVATE_TOKEN="xxx" git-mirror ..

or

docker run -v ssh-agent:/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent/ssh-agent.sock -e GITLAB_PRIVATE_TOKEN="xxx" bachp/git-mirror -g mirror -u http://gitlab.example.de

I couldnt check if this is working because I was unable to change the entrypoint of the container.

[bachp]

@pquerner One way would be to use --http, but I don't think it is currently possible to add the credentials right now.

I will see if I can come up with a way to pass credentials to a HTTPS request.

PS. I'm planing to change the as already discussed in #3

[pquerner]

I guess HTTPS would work ok, but then again you'd have to save your credentials somewhere to make this automatic.
Imo its better to use SSH alltogether because of the use of private/public keys.

[bachp]

You might have a look at: https://git-scm.com/docs/gitcredentials
If you find a way to make it work it might me worth do add a chapter to the documentation.

[airesch]

While not exactly a direct answer, if you have CI/CD setup on your GitLab instance you can setup a new project with the following .gitlab-ci.yml:

image: bachp/git-mirror

before_script:
  ## Install ssh-agent if not already installed, it is required by Docker.
  ## (change apt-get to yum if you use an RPM-based image)
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'

  ## Run ssh-agent (inside the build environment)
  - eval $(ssh-agent -s)

  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null

  ## Create the SSH directory and give it the right permissions
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh

  - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  #- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
mirror:
  script:
  - git-mirror -g mirror -u https://gitlab.url

And in the Secret variables in the project:
GITLAB_PRIVATE_TOKEN the user token
SSH_PRIVATE_KEY everything from your private key file
SSH_KNOWN_HOSTS everything from the known_hosts file (alternatively if you want to turn off the check, then uncomment the StrictHostkeyChecking line, tho I haven't tested that myself)

You can then just schedule the pipeline to run when you want it to mirror.