ssh-agent icon indicating copy to clipboard operation
ssh-agent copied to clipboard
verified publisher icon webfactory

`no such identity` on self-hosted Linux Github runner

Open ghost opened this issue 1 year ago • 2 comments

I have setup a self hosted runner on Linux for my Github workflow and I am using ssh-agent to provide access to private repos dependencies.

On git clone ... I get an error:

Cloning into 'repo 2'... no such identity: /home/github/.ssh/key-fffb0082e1157c90572...: No such file or directory

But in the webfactory/ssh-agent step before the clone I see the following output:

Adding private key(s) to agent Identity added: (stdin) ([email protected]:repo1.git) Identity added: (stdin) ([email protected]:repo2.git) Key(s) added: 3072 SHA256:hAs1tUrOBaHbagBJZ... [email protected]:repo1.git (RSA) 3072 SHA256:Q77jCBXY8ISwrfJBp... [email protected]:repo2.git (RSA) Configuring deployment key(s) Added deploy-key mapping: Use identity '/home/github/.ssh/key-1f819af0a2d0117f7a1c4...' for GitHub repository repo1 Added deploy-key mapping: Use identity '/home/github/.ssh/key-7c10775661e565cd952033acf519154...' for GitHub repository repo2

Both keys have a different identity than mentioned on the error. Is this maybe a caching problem?

Relevant workflow job:

jobs:
  tests:
    runs-on: self-hosted
    steps:
      - name: Place SSH private key to grant access to other repos
        uses: webfactory/[email protected]
        with:
          ssh-private-key: |
            ${{ secrets.PRIVATE_KEY_FOR_REPO1 }}
            ${{ secrets.PRIVATE_KEY_FOR_REPO2 }}
      - run: |
          rm -rf tmp && mkdir -p tmp && cd tmp
          git clone [email protected]:repo1.git
          git clone [email protected]:repo2.git

I already use the same runner another repository's CI with ssh-agent with success.

ghost avatar Feb 01 '24 08:02 ghost

Doing a grep on the faulty key (fffb0082e1157c90572...) I saw an entry in /home/github/.gitconfig, in the system user that does the runner. It looks like data persists from the other workflow that conflicts with this one.

After removing the file the job succeeds.

Can I use a local and temporary folder specific to each workflow instead of the system user home directory?

Robert-DEMCON avatar Feb 01 '24 08:02 Robert-DEMCON

I ended up working around this by adding a step to change the home directory first for the rest of the actions:

      - run: echo "HOME=$RUNNER_TEMP/github" >> "$GITHUB_ENV"

However, this does not change the location of the key files, they will still end up in /home/github/.ssh. But the .gitconfig file will now be placed under the job temp directory. And this seems to work.

Robert-DEMCON avatar Feb 01 '24 09:02 Robert-DEMCON