CircleCI unable to checkout infrastructure settings repo (sample-app-frontend-acme)

github
circleci
#1

Hi.
I’ve read the post on here about CircleCI 2.0 and I have all of my build working, except for the final git checkout and push to the infrastructure settings repo.

The build:

  • fetches docker image to use on CircleCI
  • creates the tagged docker image of the sample-app-frontend-acme

but then fails to checkout the repo that contains the live infrastructure settings with the error:

Cloning into '/tmp/infra-live-acme'...
ERROR: Repository not found.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Exited with code 128

Reading the deploy.sh code:

terraform-update-variable --name "version" --value "$CIRCLE_SHA1" --tfvars-path "$SERVICE_PATH/terraform.tfvars" --git-url "git@github.com:myorg/infra-live-acme.git" --git-checkout-path "/tmp/infra-live-acme"
terragrunt apply --terragrunt-working-dir "/tmp/infra-live-acme/$SERVICE_PATH"  -input=false -auto-approve

I’m unsure how to check the credentials used by CircleCI or Terraform in the above code. From what I understand, its terraform performing the git checkout - but I may be wrong.

If its CircleCI performing the checkout then I’m unsure how to proceed. CircleCI already has a ssh key to the infra-live-acme repo (because its building the repo).

Recommended auth mechanism for fetching gruntwork modules on CI
#2

Are you sure?

Typically, we set up these CI/CD builds in the app repos (e.g., sample-app-frontend). By default, CircleCi configures the repo with a Deploy Key that gives access solely to that one repo. Since the CI/CD build also wants to check out another repo, infrastructure-live, what we typically recommend doing is:

  1. Create a machine user.
  2. Give that machine user read access to the app repos and infrastructure-modules and write access to infrastructure-live (make sure to login as the machine user to accept these invites!).
  3. Logged in as the machine user, go to the CircleCi build for your app, click “settings”, “SSH permissions”, “Checkout SSH Keys”.
  4. Click “Authorize with GitHub.”
  5. Click “Add User Key.”

Now your build will have an SSH key that has access to all the same repos as the machine user, including both the sample app repo and infrastructure-live.

#3

@jim - thanks for the quick answer. Your instructions worked.

However, I had to make the app repo writable to the machine user as well as the infra-live repo, in order to enable the settings button in CircleCI for the app repo (so I could add the ssh key).

#4

Ah, you’re right, thanks for the correction. Not sure if you have to maintain the write settings permanently, or only to add the key initially, but you’ll definitely need it at the start.