Improve the deploy keys scenario to generate the SSH keys pair dynamically and actually use it in a CI job
The following discussion from gitlab-ce!16096 should be addressed:
@rymai said:
I think we should generate the key pair dynamically for each run, and actually ensure that the key can be used from a CI job, after we add it. That said, we can separate the implementation in several MRs, e.g. this MR adds the scenario to register a deploy key, then we could improve it by generating the deploy key dynamically, and using it in a CI job, in a second MR.
@rymai said:
To clarify things, this should improve the first iteration that was only adding a deploy key, by:
-
Generating the deploy key pair dynamically https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/16562 -
Add the private key to a CI/CD secret variable -
Push the repo in a CI job to show that using the deploy works
Presiquites:
-
Add a new scenario to add secret variables https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/16607 -
CI/CD end-to-end tests https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/16619
And example of such script can be found at https://gitlab.com/gitlab-org/release-tools/blob/c90fc4a045095f237f2ac2a32e68c79ca5bc0e83/.gitlab-ci.yml#L49-65.
Edited by Martin Wortschack