I’ve read the post on here about CircleCI 2.0 and I have all of my build working, except for the final git checkout and push to the infrastructure settings repo.
- fetches docker image to use on CircleCI
- creates the tagged docker image of the sample-app-frontend-acme
but then fails to checkout the repo that contains the live infrastructure settings with the error:
Cloning into '/tmp/infra-live-acme'...
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Exited with code 128
terraform-update-variable --name "version" --value "$CIRCLE_SHA1" --tfvars-path "$SERVICE_PATH/terraform.tfvars" --git-url "email@example.com:myorg/infra-live-acme.git" --git-checkout-path "/tmp/infra-live-acme"
terragrunt apply --terragrunt-working-dir "/tmp/infra-live-acme/$SERVICE_PATH" -input=false -auto-approve
I’m unsure how to check the credentials used by CircleCI or Terraform in the above code. From what I understand, its terraform performing the git checkout - but I may be wrong.
If its CircleCI performing the checkout then I’m unsure how to proceed. CircleCI already has a ssh key to the
infra-live-acme repo (because its building the repo).
Are you sure?
Typically, we set up these CI/CD builds in the app repos (e.g.,
sample-app-frontend). By default, CircleCi configures the repo with a Deploy Key that gives access solely to that one repo. Since the CI/CD build also wants to check out another repo,
infrastructure-live, what we typically recommend doing is:
- Create a machine user.
- Give that machine user read access to the app repos and
infrastructure-modules and write access to
infrastructure-live (make sure to login as the machine user to accept these invites!).
- Logged in as the machine user, go to the CircleCi build for your app, click “settings”, “SSH permissions”, “Checkout SSH Keys”.
- Click “Authorize with GitHub.”
- Click “Add User Key.”
Now your build will have an SSH key that has access to all the same repos as the machine user, including both the sample app repo and
@jim - thanks for the quick answer. Your instructions worked.
However, I had to make the
app repo writable to the machine user as well as the
infra-live repo, in order to enable the settings button in CircleCI for the
app repo (so I could add the
Ah, you’re right, thanks for the correction. Not sure if you have to maintain the write settings permanently, or only to add the key initially, but you’ll definitely need it at the start.