On CI machine, xcodebuild does not use correct .ssh keys for private GitHub SPM
Originator: | uson1x | ||
Number: | rdar://FB8248693 | Date Originated: | 03.08.2020 |
Status: | Open | Resolved: | |
Product: | Xcode | Product Version: | 11.6 |
Classification: | Incorrect/Unexpected Behavior | Reproducible: |
We are using Bitrise as a CI machine for our project and one of the dependencies is an SPM package, hosted in a private GitHub repository. Locally, everything works great. However, when we are trying to configure Bitrise, we always get errors like Command line invocation: /Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild -resolvePackageDependencies Resolve Package Graph Fetching git@github.com:<redacted>.git xcodebuild: error: Could not resolve package dependencies: Authentication failed because the credentials were rejected On the same machine, `git clone git@github.com:<redacted>.git` works great. I don’t know if we are doing something wrong, or xcodebuild does not respect the SSH configuration when it resolves the dependencies, or something is not compatible with GitHub SSH. But we were not able to make it work and had to switch to GitHub Private Access Tokens, which is less secure and less convenient in our case. GitHub PATs are attached to an account, not a repository. And putting GitHub PAT into CI, gives CI access to all other repositories available from this account, not only to the SPM repo. With SSH keys we could in theory add separate repository-level keys to our main repo and SPM repo. Steps to reproduce: Add private GitHub repo as SPM package in Xcode via SSH. Try to resolve dependencies on a CI like Bitrise. Expected: Private SPM package is resolved correctly, when `git clone` works on the same machine for this repository Actual result: `git clone` works, but xcodebuild -resolvePackageDependencies fails with “Authentication failed because the credentials were rejected”
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!