0

Hoping someone here might be able to help as I'm not too familiar with go.

My Jenkins slaves are running on Amazon Linux 2 on EC2, using the EC2 plugin. I'm currently creating a job to build and deploy a Go application using the Go plugin, but am getting stuck on running a 'go get' on a private repository in BitBucket. The error I'm getting is:

403 Forbidden
    server response: Access denied. You must have write or admin access.

After searching online I found that running git config --global url."git@bitbucket:".insteadOf "https://bitbucket.org/ should help so I've build this into the slave image, but I'm still getting the same issue. I've also set GOPRIVATE=bitbucket.org/ORG_NAME/ as was advised.

Permissions on the repo are correct so I'm not quite sure what's going on here and I'm wondering if I should go down the route of using containers or whether that will just complicate things more.

Any advice would be helpful, thanks!

JTaylor
  • 85
  • 1
  • 8
  • Is this helpful? [go-get-private-bitbucket-repo-giving-403-forbidden](https://stackoverflow.com/a/67767876/10866798) – nipuna Aug 05 '21 at 17:34
  • 2
    Does this answer your question? [Go get private bitbucket repo giving 403 forbidden](https://stackoverflow.com/questions/63791976/go-get-private-bitbucket-repo-giving-403-forbidden) – nipuna Aug 05 '21 at 17:35
  • Unfortunately not, I've tried everything that post suggests. I think it might be to do with the way git is set up on Jenkins builds, as those solutions work locally but not on Jenkins itself. Thanks anyway – JTaylor Aug 05 '21 at 20:21
  • `https` requires one type of authentication, while `git@...` typically goes over ssh. You need to figure out which one you have configured and make sure it's sucessfully authenticating. If it helps to take Go out of the equation, try doing a `git clone` operation, say to a location in `/tmp`, before running `go get...` – erik258 Aug 06 '21 at 04:49
  • The job itself uses ssh to checkout a repo under the same organisation initially so they key definitely works, there just seems to be some issue once it runs the `go get`. I'll try the `git clone` though, that sounds like a good next step. Thank you! – JTaylor Aug 06 '21 at 08:47

1 Answers1

0

Here are a few things you could check.

  • This site discuss the same error as you got.
    https://github.com/golang/go/issues/46344

  • Then the error mentioned that you need write access (not read).
    Could the error be related to the fact that you cannot write where you are trying to clone?

  • In the past we had to access private repos that required authentication.
    For what I knew at the time that go get, did not supported authentication, and wanted to use http: or https: only (no ssh:).

The trick we found was to add in our .gitconfig file (e.g. in your $HOME)

[url "ssh://git@myserver.org/"]
  insteadof = https://myserver.org/

This means that go get would issue a git clone over https,
but that this was replaced by a git clone ssh://git@....
Our machines add ssh keys in the user account and the matching keys on the git server.
That did the trick to use go get on an authenticated repo.

Update: reading your question again I realized that you have tried the insteadof config. Mine has a slightly different syntax although.

This trick is worth being publicized. It solved some thorny issue we had in the past.

Alain Drolet
  • 1
  • 6