The snapcore/action-build GitHub Actions builds the snap within an LXD container, which is therefore unable to access the private SSH key required to access a private repository.
This results in Snapcraft failing to pull the source:
Failed to pull source: command ['git', 'clone', '--recursive', 'git@github.com:ubuntu-robotics/hello-world.git', '/root/parts/my-part/src']
exited with code 128.
Make sure sources are correctly specified.
This guide is an extension of Build a snap from a private repository to address this specific issue.
Set up the SSH keys for the project
First, make sure to have generated a private key (without passphrase) and registered the public key on your GitHub account. See Adding a new ssh key for GitHub’s own instructions.
You now need to add your SSH key as a secret to the repository you wish to run the CI on. See Creating secrets for a repository for details.
Make sure to set the name to PRIVATE_RSA_KEY and the value to the content of the private key (by default, the content of ~/.ssh/id_rsa).
The private key is now stored as a secret in the repository and will be available as a variable to our GitHub workflow.
Use the key in a GitHub Workflow
A workflow using snapcore/action-build will look like:
- uses: actions/checkout@v3
- uses: snapcore/action-build@v1
Snapcraft has the flag --bind-ssh that will import the complete ~/.ssh directory, which means we need to write the private key secret to ~/.ssh/id_rsa so it can be imported by Snapcraft.
We also need to create the ~/.ssh/known_hosts file because the CI cannot prompt you to validate the remote repository host. In this case, the host is github.com.
The workflow should be modified as follows:
- uses: actions/checkout@v3
+ - name: Create ~/.ssh
+ run: |
+ mkdir ~/.ssh
+ echo "${{ secrets.PRIVATE_RSA_KEY }}" > ~/.ssh/id_rsa
+ chmod 600 ~/.ssh/id_rsa
+ ssh-keyscan -H github.com >> ~/.ssh/known_hosts
- uses: snapcore/action-build@v1
+ with:
+ snapcraft-args: --bind-ssh
The Snapcraft command called by the snapcore/action-build will then properly import and use the private key.
A complete example can be found on GitHub.
Last updated a month ago.