I have just hit this issue and I was able to work around thanks to your reference to the Xcode issue. In my case I have a GitHub hosted iOS project with a private package hosted on a separate GitHub repo. I had to add two steps between the project checkout and building the app:
Firstly I added an ‘Activate SSH key (RSA private key)’ step, setting the ‘SSH private key in RSA format’ to a variable name, eg: ‘$DEPLOYMENT_KEY’ (this has to be done manually in .yml). Then create a secret for that variable with the value of the private key. In my case this the private key for the GitHub Deployment Key for the private dependency.
Secondly as per the Apple workaround, I needed to add an entry to the known_hosts file. This can be done via a ‘Script’ step. For GitHub, you can use:
for ip in $(dig @8.8.8.8 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts
This is working and I expect you can achieve the same with Bitbucket.