I'm trying to set up automated build for go projects. Most people just use github dependencies which don't need credentials. We have some internal dependencies however available on our private git central server. Credentials are needed however to have go access these.
A possible workaround would be to configure a global git variable inside our build machines / build dockers; something like:
git config --global url."https://user:password#private.git.server/".insteadOf "https://private.git.server/"
however this doesn't seem to be the best solution to me, since the password would be stored in a human-readable text file.
I think the git-credentials plugin should be able to help me out; could I maybe export GIT_TERMINAL_PROMPT=1 and let the git-credentials plugin fill in for me?
How could I make sure go get or go install gets access to our private repository in a secure way?
I use a workaround with GITHUB_TOKEN to solve this.
Generate GITHUB_TOKEN here https://github.com/settings/tokens
export GITHUB_TOKEN=xxx
git config --global url."https://${GITHUB_TOKEN}:x-oauth-basic#github.com/mycompany".insteadOf "https://github.com/mycompany"
This way you don't expose the password and can revoke token at any time.
Note: Go uses http when downloading dependencies, not ssh.
Related
Has anybody a working example of how to push a container image into a ghcr using the jib gradle plugin from within a github actions workflow?
I've tried the whole day but whatever combination of password or tokens I try I always end with the jib plugin complaining about an invalid authentication. Although I can push to the ghcr from my local computer with gradlew jib.
Really, I would be very thankful for any help.
> com.google.cloud.tools.jib.plugins.common.BuildStepsExecutionException: Build image failed, perhaps you should make sure you have permissions for ghcr.io/tobias-neubert/eclipse-temurin and set correct credentials. See https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#what-should-i-do-when-the-registry-responds-with-forbidden-or-denied for help
You have to
allow your repository access to the package (github profile page -> Packages -> Package Settings)
Set the write permission for the GITHUB_TOKEN in your workflow (permissions.packages: write)
I want to use Go Remote repository proxying Github. I have created Go remote repo github proxying https://github.com/ and I have created a Go virtual repository as well. Credentials added as mentioned in https://www.jfrog.com/confluence/display/RTF/Go+Registry#GoRegistry-RemoteRepositories.
I did everything explained on the link above but when I tried to get the modules I get that:
go env -w GONOSUMDB="*github.com/xxx/*"
export GOPROXY="https://test:%5Bredacted%5D#xxx.jfrog.io/artifactory/api/go/go"
go mod download -x
get https://test:%5Bredacted%5D#xxx.jfrog.io/artifactory/api/go/go/github.com/xxx/platform/#v/v0.21.0.mod
get https://test:%5Bredacted%5D#xxx.jfrog.io/artifactory/api/go/go/github.com/xxx/platform/#v/v0.21.0.mod: 404 Not Found (0.894s)
go: github.com/xxx/platform#v0.21.0: reading https://test:%5Bredacted%5D#xxx.jfrog.io/artifactory/api/go/go/github.com/xxx/platform/#v/v0.21.0.mod: 404 Not Found
Besides that, I can get public modules from github. Auth seems not working.
You should upgrade to JFrog Artifactory 6.19+ or 7.4.0+ as this was a missing feature until then (https://www.jfrog.com/jira/browse/RTFACT-19395).
I want to build a project in Azure Pipelines, but I want to know what the idiomatic way is to obtain the latest tag, latest tag distance, and repo remote path/URL in order to pass those values into the actual build script that is inside the repository.
Previously our build script would invoke hg log -r . --template with a clever template, but we found when moving to Continua CI build server that the build agent doesn't have access to the actual repository during a build, and had to find another way.
I'm assuming the same issue would crop up with Azure Pipelines and haven't quite found the relevant docs yet on artifact versioning.
Many thanks in advance.
For git at least, Azure Pipelines does a full clone of the repo by default, unless you explicitly denote that you're doing a shallow clone (source: https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/pipeline-options-for-git?view=azure-devops).
Deriving the version/tag can be done via normal git commands (i.e. git describe --tags or whatever you prefer), which can then be saved as VSO variables to be accessed in later steps in the same job (see https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch#set-variables-using-expressions for more info on how to do that).
I'm using Golang and GitLab CI, and I've got a GitLab CI configuration which works perfectly for 12 projects, but not for a 13th.
The problem I have is that I'm trying to go get some private repositories, which go get tries to run over HTTPS, which is turned off.
The solution, that works in the other repos, is this:
git config --global url."git#gitlab.my.site:".insteadOf "https://gitlab.my.site/"
However, in the runner for this one project, on the same GitLab, with the exact same config (except for the service name), this happens:
[...]
$ git config --global url."git#gitlab.my.site:".insteadOf "https://gitlab.my.site/"
$ cd ${APP_PATH}
$ go get
# cd .; git clone https://gitlab.my.site/group/project.git /go/src/gitlab.my.site/group/project
Cloning into '/go/src/gitlab.my.site/group/projects'...
GitLab: The project you were looking for could not be found.
fatal: Could not read from remote repository.
Why is it suddenly trying to clone over HTTPS? It happens in this one project only, consistently, but works in all the other ones. The only reason I can think about is that this one project uses a lot of different repos, rather than just one or two, but I have a hard time seing that this would be the actual issue.
How can I troubleshoot this?
Thanks.
Found the answer, and it's silly, and of course, my fault. I hadn't added the deploy key to the projects, of course rejecting the clones.
To fix the problem, in GitLab, go to the repository and then "Settings" > "Repository" and fold out "Deploy keys". There, make sure that the key you're trying to clone with is available and enabled.
I am trying to implement automated builds using Jenkins for my iOS projects. I added the Git plugin, but as soon as I try to put the URL for git in the git configuration for the project, it is showing the error in the screen shot below. Here Jenkins cannot clone from the repo to its workspace.
For the "Repository URL" field it is expecting a remote repository URL, something like git#github.com:github/hubot.git. It will use that url to copy down code to run the job against.
If you just want to run a job in a particular directory where you already have the code you want to work against, then leave this section empty. You can set the directory that you want to run a job in by
1. scroll to the "Advanced Project Options" section
2. click "Advanced"
3. Check "Use custom workspace"
For one off things, this is fine, but if you use this a lot, I think you'll find it more useful to commit your code to github and have jenkins clone down a fresh copy of code for each run.
You will get that error if you miss the following cases:
Whenever the clone URL is wrong.
When you are trying to clone from a place where you don't have the
access to git server.
Whenever your Pem key is not added to the list of keys on the git
server.
In most cases git bare repo has extension .git
I mean (other)/test1 dont look correct, i think it should be (other)/test1.git had this same error on my mac.
Actually i solved the issue . it was because of the permission the remote git is not updating properly