Gitlab CI - Commit & Push in a Job

Recently I needed to make a GitLab CI job where when a merge to master occurs, it runs a bash script, commits the files & pushes them back to master. I needed this to build a change log out of separate files, and now I have it working; it feels like a helpful thing to share how to do.

Get SSH fingerprint

You’re going to need the SSH fingerprint of your GitLab instance. If you don’t know this, you can get it by running the following command:

ssh-keyscan yourinstance.gitlab.com

# gitlab.com:22 SSH-2.0-GitLab-SSHD
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
# gitlab.com:22 SSH-2.0-GitLab-SSHD
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
# gitlab.com:22 SSH-2.0-GitLab-SSHD
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf

You only want the line that contains ssh-rsa, so for instance from above:

gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9

Setup

  • Generate a SSH key, doesn’t matter where, as you just want the contents of it.
  • Add the public part of the key as a Project Deploy Key and grant it write access.
  • Create a project CI/CD variable called SSH_PUSH_KEY and add the private part of your key as the value.
  • Create a project CI/CD variable called CI_KNOWN_HOSTS and add the SSH fingerprint of your GitLab instance as the value.

GitLab CI config

You’ll then need to add a job to your .gitlab-ci.yml file like so:

build_and_commit_files:
stage: build
rules:
- if: $CI_COMMIT_BRANCH == "master" && $CI_PIPELINE_SOURCE == "push"
    when: always"
- when: never
before_script:
- mkdir ~/.ssh/
- echo "${CI_KNOWN_HOSTS}" > ~/.ssh/known_hosts
- echo "${SSH_PUSH_KEY}" > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- git config user.email "gitlab@yourinstance.gitlab.com"
- git config user.name "GitLab"
- git remote remove ssh_origin || true  # May not have origin yet
- git remote add ssh_origin "git@$CI_SERVER_HOST:$CI_PROJECT_PATH.git"
script:
- touch example.txt # Or any command to change files
- git add -A && git commit -m 'Commit message' || true # May not have files to commit
- git push ssh_origin HEAD:master || true # May not have any commits to push

The above will commit & push to master, if you want to push to the current branch you should use $CI_BUILD_REF_NAME


Posted on July 26, 2022

GPG signed commits in PHPStorm on CentOS 7

Having the functionality of automatically being prompted to sign your commits while still using PHPStorms Git GUI means you’ll never forget to sign commits again.

To start with, the version of Git installed needs to be > 2.0, otherwise certain options we are using will not work.

On CentOS 7 you’ll need to either build from source, or use a 3rd-party repository such as the IUS Community Project in order to do that. I prefer using repositories over building from source, as it’s easier to update the packages later on.

To use the 3rd-party repository method run the following:

yum install epel-release
yum remove git
rpm -U https://centos7.iuscommunity.org/ius-release.rpm
yum install git2u

Next, if you don’t have a GPG key yet, you’re going to need to generate one, GitHub have a nice guide on this already.

Next we need to add some options to our git config, I’ve went with adding to my global configuration here, however you can set this on a project by project basis by just omitting the --global tag.

git config --global commit.gpgsign true
git config --global user.signingkey ENTER_YOUR_KEY

If you’re confused on how to get your signing key for above, again Github have a guide on that.

At this point, running git commit -S -m "Example commit" will prompt you to enter the password for your secret key.

The last part is to add the following configuration to ~/.gnupg/gpg.conf

no-tty

Now when you make a commit in PHPStorm, you’ll be prompted for the password for your secret key, and the commit will be signed.


Posted on January 23, 2019

Bash/Cygwin Terminal in PHPStorm

I’ve been meaning to post about this for a while, but it seems hard lately to make time to post here.

I personally hate windows shell, in my mind it is utterly useless. If I’m ever using it I’m probably not in a good mood. Powershell makes me laugh, like I’m sure it has some uses for people who for some insane reason run Windows servers, but for a sane developer; I think not.

Bash is where it’s at, probably the tool/language that saves me the most time on a day to day basis. Regex is a close second and guess what, Regex & Bash play very nicely together. Luckily I work with a company that exclusively uses Linux servers, because they make good decisions like that. So any server admin is painless, however for development, I still seem to be stuck in Windows land. I could make the leap over to just using Linux, however there are unfortunately a handful of programs keeping me on Windows and WINE still sucks.

So Bash on Windows, only one way to do that really. Cygwin . I’m not going to go into how to install that here, because it’s very simple, just download, run and press next.

Jetbrains make amazing products, PHPStorm is the editor I spend most of my time in, so I’ve shown how to do this here. However it should work for any Jetbrains IDE since they are all pretty consistent.

I liked the idea of a terminal window inside the IDE, mainly as just a quick way to grep or find things within projects. So I decided to figure out how to replace the windows terminal embedded in it with the cygwin terminal.

So it turns out it’s pretty simple, just go File -> Settings and hit Tools -> Terminal. You’ll want to change it’s default from cmd.exe to "C:\path_you_installed_cywin_to\bin\bash.exe" --login -i

Here is an image of what I have: phpstorm.png

After this, when you relaunch your terminal inside PHPStorm it will be the Cygwin terminal rather than the Windows terminal. However there is just one issue left to deal with, it will default to your Cygwin home directory rather than the project directory. Fixing this is also pretty easy just navigate to C:\path_you_installed_cywin_to\etc\bash.bashrc at the bottom of that file just add

cd "$OLDPWD"

Here is another image for those still confused:

script.png

Well that’s it, enjoy Bash’ing away inside PHPStorm.


Posted on March 14, 2017