Hi there,
We are currently implementing the pipeline change and run into some issues. Basically we have two ssh keys stored at Vault and mounted to the Kubernetes secrets. One of the ssh key is used for fetching plugin at the remote private repository and the other one is for working repository checkout. However, when we fetch these two keys at the same step, how can we handle the key assignments without creating conflicts between the two? The following code presents a high-level implementation
steps:
- label: "plugin_name"
plugins:
- kubernetes:
checkout:
cloneFlags: -v --filter=blob:none
gitEnvFrom:
# 1) Repo key
- secretRef: { name:xx-xx-ssh-key-secret }
# 2) Slack key
- secretRef: { name: buildkite }
podSpecPatch:
containers:
- name: container-0
image: xx
- "ssh://git@github.com/xxx/plugin.git#v0.2"
We have tried adding hooks to swap the key in the pipeline. But since repo-level hook takes place after the plugin fetching, therefore it did not work. How can we adjust the implementation so that it does not affect plugin checkout and working repo checkout.