Expected Behavior

As explained in the ssh-authentification-git doc, it should be possible to use an SSH private key as a Kubernetes Secret for accessing Git repositories.

Actual Behavior

While it was working with Tekton Pipelines v0.2.0, it does not work anymore using the v0.3.0. The key verification process is failing:

{"level":"info","ts":1556251943.4086926,"logger":"fallback-logger","caller":"creds-init/main.go:40","msg":"Credentials initialized."}
2019-04-26 00:12:27.510
{"level":"warn","ts":1556251947.509826,"logger":"fallback-logger","caller":"logging/config.go:65","msg":"Fetch GitHub commit ID from kodata failed: \"ref: refs/heads/master\" is not a valid GitHub commit ID"}
2019-04-26 00:12:27.822
{"level":"error","ts":1556251947.8217,"logger":"fallback-logger","caller":"git/git.go:35","msg":"Error running git [fetch --depth=1 --recurse-submodules=yes origin master]: exit status 128\nHost key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\t/workspace/go/src/github.com/tektoncd/pipeline/pkg/git/git.go:35\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\t/workspace/go/src/github.com/tektoncd/pipeline/pkg/git/git.go:81\nmain.main\n\t/workspace/go/src/github.com/tektoncd/pipeline/cmd/git-init/main.go:36\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:200"}
2019-04-26 00:12:28.068
{"level":"error","ts":1556251948.068128,"logger":"fallback-logger","caller":"git/git.go:35","msg":"Error running git [pull --recurse-submodules=yes origin]: exit status 1\nHost key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\t/workspace/go/src/github.com/tektoncd/pipeline/pkg/git/git.go:35\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\t/workspace/go/src/github.com/tektoncd/pipeline/pkg/git/git.go:84\nmain.main\n\t/workspace/go/src/github.com/tektoncd/pipeline/cmd/git-init/main.go:36\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:200"}
2019-04-26 00:12:28.068
{"level":"warn","ts":1556251948.0682614,"logger":"fallback-logger","caller":"git/git.go:85","msg":"Failed to pull origin : exit status 1"}
2019-04-26 00:12:28.084
{"level":"error","ts":1556251948.0844312,"logger":"fallback-logger","caller":"git/git.go:35","msg":"Error running git [checkout master]: exit status 1\nerror: pathspec 'master' did not match any file(s) known to git\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\t/workspace/go/src/github.com/tektoncd/pipeline/pkg/git/git.go:35\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\t/workspace/go/src/github.com/tektoncd/pipeline/pkg/git/git.go:87\nmain.main\n\t/workspace/go/src/github.com/tektoncd/pipeline/cmd/git-init/main.go:36\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:200"}
2019-04-26 00:12:28.084
{"level":"fatal","ts":1556251948.0845652,"logger":"fallback-logger","caller":"git-init/main.go:37","msg":"Error fetching git repository: exit status 1","stacktrace":"main.main\n\t/workspace/go/src/github.com/tektoncd/pipeline/cmd/git-init/main.go:37\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:200"}
2019-04-26 00:17:14.383
{"level":"warn","ts":1556252234.3828588,"logger":"fallback-logger","caller":"logging/config.go:65","msg":"Fetch GitHub commit ID from kodata failed: \"ref: refs/heads/master\" is not a valid GitHub commit ID"}

Steps to Reproduce the Problem

1. Install Tekton Pipelines v0.3.0

kubectl apply -f tekton-pipelines-release-0.3.0.yaml
namespace/tekton-pipelines created...

1. Apply the taskrun-git-ssh.yaml example
   kubectl apply -f examples/taskruns/taskrun-git-ssh.yaml

2. Check the TaskRun status, it failed

   kubectl get tr
   NAME                                       SUCCEEDED   REASON   STARTTIME   COMPLETIONTIME
   test-taskrun-with-serviceaccount-git-ssh   False                12s         2s
   

3. Delete the tekton-pipelines namespace

kubectl delete namespace tekton-pipelines
namespace "tekton-pipelines" deleted

1. Install Tekton Pipeline v0.2.0

kubectl apply -f tekton-pipelines-release-0.2.0.yaml
namespace/tekton-pipelines created...

1. Delete and re-apply the taskrun-git-ssh.yaml resources

 kubectl delete -f examples/taskruns/taskrun-git-ssh.yaml
 kubectl apply -f examples/taskruns/taskrun-git-ssh.yaml

1. Check the pod logs, the git repo is cloned and the README.md file is displayed as expected

{"level":"info","ts":1556252251.2401526,"logger":"fallback-logger","caller":"git-init/main.go:100","msg":"Successfully cloned \"[email protected]:tektoncd/pipeline.git\" @ \"master\" in path \"/workspace/gitssh\""}
2019-04-26 00:17:32.105
# ![pipe](./pipe.png) Tekton Pipelines
2019-04-26 00:17:32.105
2019-04-26 00:17:32.105
[![Go Report Card](https://goreportcard.com/badge/tektoncd/pipeline)](https://goreportcard.com/report/tektoncd/pipeline)
2019-04-26 00:17:32.105
2019-04-26 00:17:32.105
The Tekton Pipelines project provides k8s-style resources for declaring
2019-04-26 00:17:32.105
CI/CD-style pipelines.
2019-04-26 00:17:32.105
....

Additional Info

As a workaround, I have replaced the git-init digest in the Pipeline v0.3.0 release YAML file(sha256:3841b557289a2d19737889083cbb9ae4532183eee69058c542f0d117a89de0ec) with the one used in the release v0.2.0 (sha256:48cd443a758f049763ddc95921b72c2cf3b3e7d27c1660a76b7aa12d08f94a74) and it worked

- gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:48cd443a758f049763ddc95921b72c2cf3b3e7d27c1660a76b7aa12d08f94a74

k get tr
NAME                                       SUCCEEDED   REASON   STARTTIME   COMPLETIONTIME
test-taskrun-with-serviceaccount-git-ssh   True                 8h          8h