I can't use Drone Secret

I’m new at Drone ci. I’m trying to git fetch branch, edit and push to a branch. but I can’t use Github personal token and ssh for pushing branch.

    image: docker:git
    secrets: [ssh_key]
    commands:
      - mkdir ~/.ssh
      - echo "${ssh_key}" > ~/.ssh/id_rsa
      - chmod 600 ~/.ssh/id_rsa
      - ssh-agent sh -c 'ssh-add ~/.ssh/id_rsa; git fetch git@github.com'
      - git fetch origin deploy
      - git checkout deploy
      - sed -i "s+dther/golang-http:.*$*+dther/golang-http:${DRONE_COMMIT_SHA}+g" kustomize/bases/hola/deployment.yaml
      - cat kustomize/bases/hola/deployment.yaml
      - git add .
      - git commit -m "Change image version to ${DRONE_COMMIT_SHA}" -a
      - git push origin deploy

The result is like this.

when using ${variable} syntax in the commands section you need to escape. see https://docs.drone.io/pipeline/environment/syntax/#common-problems

1 Like

even I use like this:

      - echo $ssh_key > ~/.ssh/id_rsa

error is still same

this line of the script looks to have an error:

ssh-agent sh -c 'ssh-add ~/.ssh/id_rsa; git fetch git@github.com'

you are trying to git fetch from git@github.com which is not a valid github repositroy.


The problem is secret can’t write to file.

here is a real world example of shell commands that we use in Drone to setup an ssh key. The below commands are verified and confirmed to work, as long as you setup your secret properly.

The error message in your previous post states that it fails because it is an invalid format. Notice in the example I posted above that we quote the ssh key before writing to a file so that it preserves newlines. This is important and is omitted in your example above, which could explain the failure.


it is still error

ssh isn’t ok so I change it without using ssh. but it is still not ok


it is ok on my laptop but not on drone cloud.

are you certain your token has write access to the repository? It looks like the repository is being successfully cloned which would imply the secret is successfully being used to pull the repository … if pull is successful, but push fails, it would imply the token lacks permission

Yes, token has write access. I have test on my laptop.