IBM Cloud Code Engine fails to build for private repo

Question

I'm using IBM Cloud Code Engine to build the source code from a private git repo. I have tried many times, and the buildrun always failed. Following are the steps I have done.

1. Add my public key (/root/.ssh/id_rsa.pub) to my private repo as a deploy key

2. Use IBM Cloud Code Engine CLI to create repo access credential ibmcloud ce repo create --name ibmgithub --key-path /root/.ssh/id_rsa --host github.ibm.com

3. Use IBM Cloud Code Engine CLI to create a build and then submit a build run ibmcloud ce build create --name minion --image us.icr.io/mynamespace/myimg --rs ce-default-icr-us-south --git-repo-secret ibmgithub --source https://github.ibm.com/myaccount/myrepo --strategy dockerfile --size medium

4. The build run always fails

#:~/synthetics-private-minion# ibmcloud ce bd get -n minion
Getting build 'minion'
OK
Name:          minion  
ID:            0abc63a0-07d5-42c5-b70a-227e52310276  
Project Name:  private location  
Project ID:    25491342-e9e8-4ac7-90ff-b9994cda9242  
Age:           6m24s  
Created:       2021-03-31T04:11:41-05:00  
Status:        Succeeded  
Reason:        all validations succeeded  
Image:            us.icr.io/mynamespace/myimg 
Registry Secret:  ce-default-icr-us-south  
Build Strategy:   kaniko-medium  
Timeout:          10m0s  
Source:           https://github.ibm.com/myaccount/myrepo  
Commit:           main  
Dockerfile:       Dockerfile  
Repo Secret:      ibmgithub  
Build Runs:    
  Name              Status                                                                                                                                                                                                                                                                                                                            Age  
  minion-run-sj5fl  "step-git-source-source-cm7pc" exited with code 1 (image: "icr.io/obs/codeengine/tekton-pipeline/git-init-4874978a9786b6625dd8b6ef2a21aa70@sha256:47b8008fa1910fa36c8284871eb9d8e7fbab8bc3a1db4cdd97c61d88727cc58f"); for logs run: kubectl -n 7pztl5cw3ad logs minion-run-sj5fl-nbzft-pod-rx9x9 -c step-git-source-source-cm7pc  5m42s  

5. I doubt the build run failed to fetch the source code from my private repo. And I checked on the repo UI, it shows the deploy key Never used.

Can anyone shed some light on it ? Thanks.

Answer 1

Since you're using an ssh key, make sure the URL to your git repo starts with git@ instead of https://. So it should be [email protected]/myaccount/myrepo in your case.

For further issues with failing builds, you can check the related troubleshooting buildruns section in the Code Engine docs.

Answer 2

The build capability of IBM Cloud Code Engine can access source code in public and private repositories. There are two criteria for a repository to be public:

1. The repository must be marked as public at your repository provider (for example GitHub, or GitLab).
2. The repository must be accessible without any authentication. This plays a role for GitHub Enterprise installations, for example github.ibm.com, which can put an additional authentication in front to prevent anonymous access.

The second criteria makes your repository a private one from Code Engine perspective. To address a repository in a Code Engine build, there is a simple rule:

• For a public repository, use the HTTPS URL of the repository and no repository access secret
• For a private repository, use the SSH URL of the repository and a repository access secret

You correctly specify a repository access secret, but must change your source URL to use the SSH protocol. The easiest way to find the URL, is the Code drop-down in GitHub:

So it should be [email protected]/myaccount/myrepo in your case.

Further references:

Instructions on how to setup a repository access secret can be found in Accessing private code repositories.

Troubleshooting for a failed BuildRun can be found in Troubleshooting tips for builds. It includes instructions to retrieve the logs from your BuildRun and translates the error message you see into the root cause with steps to resolve them.