CI job with ssh-add fails on only: tags, except: branches

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Summary

I want to update my server packages with scp only when tags are created. However, ssh-add errors out, waiting for stdin even when a passphrase is not set, when tags are targetted and branches are excluded. It works when the only and except clauses are removed.

Steps to reproduce

1. Follow the steps to setup SSH keys in CI at https://docs.gitlab.com/ee/ci/ssh_keys/
2. Set the following in the .gitlab-ci.yml

only:
  - tags
except:
  - master

3. git tag -m '0.0.x'
4. git push && git push origin 0.0.x

Example Project

Providing an example project to reproduce this bug is beyond my bandwidth (mostly security issues), so please forgive me for not providing one.

After Step 1 above, just have this set:

scp:
  stage: deploy
  before_script:
    # Setup SSH deploy keys
    - npm install
    - 'which ssh-agent || ( apt-get install -qq openssh-client )'
    - eval $(ssh-agent -s)
    - echo "$IDENTITY" | tr -d '\r' | ssh-add - > /dev/null
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
  script:
    - npm run prepublish
    - scp "dist/20hz.bna" DESTINATION-SERVER-HERE
  only:
    - tags
  except:
    - branches

What is the current bug behavior?

I am getting this:

echo "$IDENTITY" | tr -d '\r' | ssh-add - > /dev/null
Enter passphrase for (stdin): 

What is the expected correct behavior?

I am expecting this:

echo "$IDENTITY" | tr -d '\r' | ssh-add - > /dev/null
Identity added: (stdin) (yaojie@amaterasu)

Relevant logs and/or screenshots

Correct case, when

  only:
    - master

Error case, when

  only:
    - tags
  except:
    - branches

Output of checks

This bug is happening in my private repository 20hz.