When trying to push to a Dokku remote, I get errors.

For the following examples website is my application name and domain.com is the domain that points to my server.

Running locally

On a local machine, this is as simple as running:

1. ssh-add dokku_key
2. git remote add dokku [email protected]:website
3. git push dokku

First attempt

With the following drone config

  - name: push commit
    image: appleboy/drone-git-push
    settings:
      ssh_key:
        from_secret: dokku_ssh_key
      remote: [email protected]:website
      remote_name: dokku

I get the error:

level=fatal msg="parse \"[email protected]:website\": first path segment in URL cannot contain colon"

I imagine this is because of the lack of a protocol, in this case ssh. After adding it and trying again, no luck...

Second attempt

  - name: push commit
    image: appleboy/drone-git-push
    settings:
      ssh_key:
        from_secret: dokku_ssh_key
      remote: ssh://[email protected]:website
      remote_name: dokku

I get the error:

level=fatal msg="parse \"ssh://[email protected]:website\": invalid port \":website\" after host"

Hello,

Thank you for your useful plugin.
Is there a way to add tag on commit (with commit: true) to be pushed ?

Hello,

I am self hosting both gitea and woodpecker. I encounter following error:

fatal: could not read Username for 'https://gitea.example.com': No such device or address

step declaration:

  - name: push commit
    image: appleboy/drone-git-push
    settings:
      remote_name: origin
      branch: master
      local_ref: master

Is there option to set custom DNS? I had similar issue when tried to push image using docker buildx plugin. Setting custom_dns helped

      custom_dns:
        - 10.10.10.1
        - 8.8.8.8

docker buildx reference
https://woodpecker-ci.org/plugins/Docker%20Buildx

This issue was introduced in v0.2.2. It is caused by 1aa722b, in the following code:

Here, the EnvVars slices are not of the appropriate form. This makes the environment variables not load correctly, causing the plugin to fail in some use cases.

This patch fixed the issue for me:

diff --git a/main.go b/main.go
index cee6a2d..00bfa9e 100644
--- a/main.go
+++ b/main.go
@@ -44,17 +44,17 @@ func main() {
 		&cli.StringFlag{
 			Name:    "netrc.machine",
 			Usage:   "netrc machine",
-			EnvVars: []string{"PLUGIN_NETRC_MACHINE,DRONE_NETRC_MACHINE"},
+			EnvVars: []string{"PLUGIN_NETRC_MACHINE", "DRONE_NETRC_MACHINE"},
 		},
 		&cli.StringFlag{
 			Name:    "netrc.username",
 			Usage:   "netrc username",
-			EnvVars: []string{"PLUGIN_USERNAME,DRONE_NETRC_USERNAME,GITHUB_USERNAME"},
+			EnvVars: []string{"PLUGIN_USERNAME", "DRONE_NETRC_USERNAME", "GITHUB_USERNAME"},
 		},
 		&cli.StringFlag{
 			Name:    "netrc.password",
 			Usage:   "netrc password",
-			EnvVars: []string{"PLUGIN_PASSWORD,DRONE_NETRC_PASSWORD,GITHUB_PASSWORD"},
+			EnvVars: []string{"PLUGIN_PASSWORD", "DRONE_NETRC_PASSWORD", "GITHUB_PASSWORD"},
 		},
 		&cli.StringFlag{
 			Name:    "ssh-key",

I got key auth issues when use this plugins:

+ git add --all --force
0s
2
+ git commit -m '[skip ci] Commit dirty state'
0s
3
+ git remote add deploy [email protected]:yangxuan8282/test_droneci.git
0s
4
+ git push deploy HEAD:master
0s
5
Host key verification failed.
1s
6
fatal: Could not read from remote repository.
1s
8
Please make sure you have the correct access rights
1s
9
and the repository exists.
1s
10
exit status 128

I have add the ssh key with:

drone secret add --image=plugins/git-push yangxuan8282/gitblog-bkend GIT_PUSH_SSH_KEY ~/.ssh/coding

and the same key works on hosts, the permissions of ssh key is 600

Thanks for making the project.

Please add option to ignore files from commit.

While investigating #40, I noticed that WriteToken in plugin.go doesn't actually do anything. It appears that it should be transforming a URL like https://example.com/path.git into https://user:[email protected]/path.git based on the contents of DRONE_NETRC_USERNAME and DRONE_NETRC_PASSWORD.

But that doesn't happen, because WriteToken is a value receiver rather than a pointer receiver:

func (p Plugin) WriteToken() error {
	var err error
	p.Config.Remote, err = repo.WriteToken(
		p.Config.Remote,
		p.Netrc.Login,
		p.Netrc.Password,
	)
	return err
}

So WriteToken is just updating a copy of the config.

But just turning WriteToken into a pointer receiver would be worse. The DRONE_NETRC_* credentials are for the server you're cloning from. If you're pushing to a different server, then you're going to send the credentials for your source repo, which is probably not what you want.

I'm not that familiar with how git uses .netrc, but maybe adding the user/pass to the URL is unnecessary, since drone-git-push also writes .netrc? And .netrc has a machine name that prevents us from sending credentials to an unintended server.

I want to deploy the code after it got the test to pass, but I got a error that's SSH authentication permission denied, I added root user public key in Drone host server to SSH Git target server's authentication file. where did I do wrong?

Do you have plans to complete this plugin?

This is a follow-up for issue #43 . I just tried with a new release - still have some issues.

You can find drone.yml here: https://github.com/jobrunr/jobrunr/blob/master/.drone.yml.

What I try to do: update the Readme with the latest version (so the tag)
How do I try it:

  - name: update readme
    image: jobrunr.io/build-container:1.0
    commands:
      - rm -f *.hprof
      - sed -i "s@<version>.*</version>@<version>${DRONE_TAG}</version>@g" README.md # replace version in README
      - sed -i "s@'org.jobrunr:jobrunr:.*'@'org.jobrunr:jobrunr:${DRONE_TAG}'@g" README.md # replace version in README
      - git config --global --add url."[email protected]:".insteadOf "https://github.com/" # Switch to ssh instead of https

  - name: push updated readme
    image: appleboy/drone-git-push
    settings:
      branch: master
      remote_name: origin
      ssh_key:
        from_secret: GITHUB_SSH_KEY
      force: false
      commit: true
      commit_message: "Update readme to new version [CI SKIP]"
      author_name: drone-bot
      author_email: [email protected]

The output for step push updated readme:

latest: Pulling from appleboy/drone-git-push
--
2 | Digest: sha256:144fd3130840d8ca0eba4b2aa98da027086d2d3fee6f2fbf4914564ad0a3b3f1
3 | Status: Image is up to date for appleboy/drone-git-push:latest
4 | + git add --all
5 | + git diff-index --quiet HEAD --ignore-submodules
6 | + git commit -m Update readme to new version [CI SKIP]
7 | + git push origin HEAD:master
8 | fatal: could not read Username for 'https://github.com': terminal prompts disabled
9 | exit status 128

Any idea on how to solve this?

Thanks again,
Ronald

Hi, I would like to see the option to git push --mirror the repo.

• Is the key even loaded in the second configuration ? (Examples below)
• If the format really is invalid in the first example, what format should the private key be and does it need to be parsed somehow ?

Environment 1:

Secret has been set ssh_key, with rsa or ed key same result.

I also tried to change the line endings of the keys with sed, no luck.

sed ':b;N;$!bb;s/\n/\\n/g'

.woodpecker.yml

pipeline:
  publish:
    image: appleboy/drone-git-push
    settings:
      branch: main
      remote: [email protected]:<removed>
      force: false
      commit: true
      commit_message: "Drone build ${DRONE_COMMIT_SHA:0:7}"
      author_name: "John Doe"
      author_email: "[email protected]"
      ssh_key:
        from_secret: ssh_key

Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
Load key "/root/.ssh/id_rsa": invalid format
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Environment 2:

Same as in Environment 1 just without the definition of the secret name.

.woodpecker.yml

pipeline:
...
...
      author_email: "[email protected]"
      #ssh_key:
      # from_secret: ssh_key

Host key verification failed.
fatal: Could not read from remote repository.

HTTPS support will allow users to use github tokens & basic auth to clone repos much simpler then by using SSH keys, which when using in an automated system might be a good idea to have.

This will also help simplify the act of needing to save an SSH key in your repo or having to convert it to the proper syntax to be saved inside secrets (copy/pasting into drone UI doesn't seem to be sufficient at this moment due to how it handles spaces).

Dear,

I'm trying to use your plugin to update the version on my Readme.md and it works using drone exec on my local machine.

In drone itself however, I receive the following error:

latest: Pulling from appleboy/drone-git-push
--
2 | Digest: sha256:b646fd6089dfdac9d86ce9b82225f2758a4c9e9340b3b86e68471395bc3d2e05
3 | Status: Image is up to date for appleboy/drone-git-push:latest
4 | + git add --all
5 | + git diff-index --quiet HEAD --ignore-submodules
6 | + git commit -m Update readme to new version [CI SKIP]
7 | + git push origin HEAD:master
8 | fatal: could not read Username for 'https://github.com': terminal prompts disabled
9 | exit status 128

This is my config:

  - name: push updated readme
    image: appleboy/drone-git-push
    settings:
      branch: master
      remote_name: origin
      ssh_key:
        from_secret: GITHUB_SSH_KEY
      force: false
      commit: true
      commit_message: "Update readme to new version [CI SKIP]"
      author_name: drone-bot
      author_email: [email protected]

I think it might be related to the fact that I have 2FA enabled. See https://jacopretorius.net/2018/05/git-error-could-not-read-username.html

Thanks,
Ronald

Hello, I found that in gitea, the commiter of the commit pushed by this plugin looks wrong. would you please help check it? Thanks!

https://drone.gitea.io/go-gitea/gitea/56106/1/4

https://github.com/go-gitea/gitea/blob/main/.drone.yml#L536-L548

go-gitea/gitea@f6e2dba

I have currently a workflow with an build step and a deploy step, that works as expected:

when:
  - event: push
    branch: main

steps:
  build:
    image: node:slim
    commands:
      - corepack enable
      - pnpm install --frozen-lockfile
      - pnpm run build

  deploy:
    image: alpine/git
    secrets:
      - git_token
    environment:
      - BUILD_DIR=dist
      - TARGET_BRANCH=pages
    commands:
      # Git configuration
      - git config --global user.name "$CI_COMMIT_AUTHOR"
      - git config --global user.email "$CI_COMMIT_AUTHOR_EMAIL"
      - git clone -b $TARGET_BRANCH https://[email protected]/${CI_REPO}.git $TARGET_BRANCH
      # Copy build
      - cp -ar $BUILD_DIR/. $TARGET_BRANCH/
      - cp .domains $CI_REPO_NAME || true # Ignore if it doesn't exist
      # Commit & Push
      - cd $TARGET_BRANCH
      - git add .
      - git diff-index --quiet HEAD || git commit -m "$CI_COMMIT_MESSAGE"
      - git push

How can i achieve the same as:

...

steps:
  ...

  deploy:
    image: alpine/git
    secrets:
      - git_token
    environment:
      - BUILD_DIR=dist
      - TARGET_BRANCH=pages
    commands:
      # Git configuration
      - git config --global user.name "$CI_COMMIT_AUTHOR"
      - git config --global user.email "$CI_COMMIT_AUTHOR_EMAIL"
      - git clone -b $TARGET_BRANCH https://[email protected]/${CI_REPO}.git $TARGET_BRANCH
      # Copy build
      - cp -ar $BUILD_DIR/. $TARGET_BRANCH/
      - cp .domains $CI_REPO_NAME || true # Ignore if it doesn't exist
      # Commit & Push
      - cd $TARGET_BRANCH
      - git add .
      - git diff-index --quiet HEAD || git commit -m "$CI_COMMIT_MESSAGE"
      - git push

but with appleboy/drone-git-push?

Hey, I get the following error when I want to push the code on github.

time="2020-06-14T12:33:21Z" level=fatal msg="parse \"[email protected]:fh-trier/latex-templates.git\": first path segment in URL cannot contain colon"

https://drone.cryptic.systems/fh-trier/latex-templates/8/1/3

Here is my defined drone.yml section:

- name: push-latest-commit
  image: appleboy/drone-git-push
  settings:
    remote: [email protected]:fh-trier/latex-templates.git
    force: true
    key:
      from_secret: github_ssh_key
  when:
    repo:
    - fh-trier/latex-templates
    branch:
    - master
    event:
    - push

Can someone explain to me where the error is? I think I have set it up as described in the documentation or is it out of date?

Volker

I have problems with the key parameter.

I would like to write the key directly into the yaml but I do not know in which format
(line breaks ?, private + public, only private).

Hello there,

Thank you very much for developing this plugin. It is quite useful for doing automatic version bumps when dependencies are updated with tools like renovate.

I have more or less integrated the plugin into my workflow and everything is working as expected except from the fact that a push via the plugin always cancels the running workflow and triggers a new one on Woodpecker CI.

According to the documentation simply including [skip ci] or [ci skip] should prevent a new workflow from starting while keeping the ongoing one running.

I can confirm that this works when I manually push commits through the terminal but for whatever reason the message content gets ignored when a push is triggered via the plugin.

Does the plugin do anything special that requires special treatment? To be honest, I am not sure if this is an issue with the plugin or Woodpecker CI itself. If you think that this is likely a Woodpecker issue I will open a new issue on their repo as well.

Follow up of #49 with

Hi

I am using the latest release v0.2.2

Since a couple of weeks I have a problem with pushing content from drone to git with the following error:

+ git add --all
+ git diff-index --quiet HEAD --ignore-submodules
+ git push origin HEAD:master
fatal: could not read Username for 'https://gitlab.com': terminal prompts disabled
exit status 128

I am using the plugin as follows:

kind: pipeline
name: debug ci

steps:
  - ...
  - name: Push changes to master
    image: appleboy/drone-git-push:0.2.2
    settings:
      remote_name: origin
      branch: master
      force: false
      commit: true
      commit_message: '[skip ci] Update HISTORY.md'
      ssh_key:
        from_secret: CICD_BOT_PRIV_KEY

image_pull_secrets:
  - dockerconfigjson

trigger:
  branch:
    - master
  event:
    - push

I have tried to set remote as conclusion of #43 but it does not seem to work:

If I add the following piece of yaml:

remote: [email protected]:<repo>

I get the following error:

error: remote origin already exists.
exit status 3

New issue since the solutions in #16 and #28 seem to be using an old cli, since the --image tag is not present in the current drone cli, and trying to port their solutions haven't worked.

I am running Drone on a remote server, and am using it to create a sort of gated check-in to my Gitea repo. This involves manually pushing to branch A, after which tests are run and if the tests are completed the code is merged and pushed to branch B. I want to make this push using SSH keys related to a service account.
Despite verifying that the SSH key pair is functional, and being able to do the same push using HTTPS instead, I keep getting the following error when using this plugin:

Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
exit status 128

This is my yaml definition for the step:

  - name: push
    depends_on:
    - merge
    image: appleboy/drone-git-push
    settings:
      branch: B
      remote: git@gitea-host:owner/repo.git

and I've set the secret GIT_PUSH_SSH_KEY, and signed the yaml as follows:

drone secret add --name GIT_PUSH_SSH_KEY --data @relative/path/to/id_rsa user/repo
drone sign user/repo --save

Am I missing something obvious, or does someone have a suggestion as to what I am doing wrong?

I always got:

Warning: Permanently added 'gitea.example.com' (ECDSA) to the list of known hosts.
Load key "/root/.ssh/id_rsa": invalid format
Permission denied (publickey).
fatal: Could not read from remote repository.

ssh and git push from a shell works without problems. Any suggestions? I don't know what I'm doing wrong.

... name and remove remote after task

Not an issue, but some clarifying questions to a new user:

1. Why does remote_name default to deploy as opposed to origin?
2. why does branch default to master as opposed to whatever branch is currently checked out (ie ${DRONE_BRANCH})?
3. ssh_key is mandatory right, ie. there's no way to tap into the authentication granted to drone instance itself?
4. why doesn't remote default to ${DRONE_GIT_SSH_URL}?

This is so the pipeline step definition could be less verbose, assuming the most common use-case would be (commiting and) pushing back to same reporitory & branch.

Following drone step definition works, but feels like it could/should be more terse:

- name: git-push
  image: appleboy/drone-git-push
  settings:
    ssh_key:
      from_secret: github_ssh_key
    branch: "${DRONE_BRANCH}"
    remote: "${DRONE_GIT_SSH_URL}"
    followtags: true
  when:
    branch:
    - master

This repo is affected by the exec /bin/drone-git-push: exec format error message for those using :latest on x86_64 because latest is tagged for arm64 only.

See here and here for issues on drone-ssh and drone-scp respectively.

Hi, getting this error in my drone ci pipeline. I think it has something to do with the author key value. Any idea how to fix this?

+ git add --all
+ git diff-index --quiet HEAD --ignore-submodules
+ git commit -m [bot] [skip ci] bump image tag -a=""theautomation" <"[email protected]">"
error: unknown switch `='
usage: git commit [<options>] [--] <pathspec>...

Description

I had several builds fail this morning as they tried to push GitHub code to a repo via a drone pipeline. The error occurred in the final step of my pipeline:

  - name: Publish website
    image: appleboy/drone-git-push
    settings:
      remote_name: test_repo
      remote: git@custom_url.com:test/test.git
      branch: gh-pages
      path: /drone/src/website
      key: GIT_PUSH_SSH_KEY
      force: true
    environment:
      GIT_PUSH_SSH_KEY:
        from_secret: GIT_PUSH_SSH_KEY

The error was as follows:

time="2020-03-09T18:33:42Z" level=fatal msg="parse \"git@custom_url.com:test/test.git\": first path segment in URL cannot contain colon"

This is likely occurring because a regression of a previous issue with net/url in 1.14. See this issue: golang/go#29261

Changing the image from appleboy/drone-git-push to appleboy/drone-git-push:0.2.0-linux-alpine to migrate to the last working version resolved the issue.

support push commit with tags

Is there a specific reason you are including the --force flag here?
https://github.com/appleboy/drone-git-push/blob/master/repo/commit.go#L13-L16

Using the --all and --force flags together causes the addition of even files matching patterns in the .gitignore. Is this your intention?

You have to change at https://github.com/drone-plugins/drone-git-push/blob/master/main.go#L127 "remote" to just remote to use the remote variable instead of the string.