HowTo: Teamcity + GitHub - continuous-integration

Has anybody successfully configured Teamcity to monitor, extract, and build from GitHub?
I can't seem to figure how where and how to configure the SSH keys for Teamcity. I have Teamcity running as a system service, under a system account. So where does Teamcity stash its SSH configuration?
EDIT
To get this to work, I needed to stop the agent from running under a system account.

Ok... I got this to start working on my Windows server. Here are the steps I took to configure TeamCity 4.5 Professional:
Downloaded the JetBrains Git VCS Plugin
Copied the downloaded zip file to .BuildServer\plugins
In the Administration > Edit Build Configuration > Edit VCS Root configuration screen, I selected "Git (JetBrains)"
Entered my Clone Url from the GitHub project page
Set for authentication method "Default Private Key" -- this is IMPORTANT
The TeamCity BuildAgent should be running as a standard user, with the SSH installation configured properly for that user.
Follow the GitHub SSH directions for SSH configuration
Leave the username blank. This should already be provided for in your GitHub clone URL

I got "Default Private Key" to work with agents running as the SYSTEM user on Windows. For me, the answer was having the identity file at
C:\Windows\SysWOW64\config\systemprofile\.ssh\id_rsa
instead of at
C:\Windows\System32\config\systemprofile\.ssh\id_rsa

Your question is specific to SSH, but it is certainly easier and quicker to use HTTP over TLS, as GitHub and TeamCity both now support HTTP authentication. Furthermore, GitHub also supports personal api tokens with limited permissions, that you may configure to your liking, or create a new user if you prefer.
See image below of our TeamCity settings.

Since TeamCity 8.1, there is an official support for SSH key management, please read this docs: https://confluence.jetbrains.com/display/TCD9/SSH+Keys+Management

for private key, username must be blank.

(This is a up to date answer to an old question)
I got ssh based builds working with github/gitlab and teamcity 7 like this:
Log onto the teamcity machine and use puttygen/ssh-keygen to generate a rsa key pair and save the openssh key somewhere sensible.
(Gotcha - Using puttygen? Make sure the private key is in openssh format - puttygen > conversions > export openssh key)
I suggest you save the private key in
C:\.ssh\id_rsa
Now setup "default private key" in teamcity - create a file
C:\.ssh\config
And in it place this:
Host * IdentityFile c:\.ssh\id_rsa
Login to your gitlab/guthub account and paste in the openssh public key for your teamcity private key.
You should now be able to create a git vcs root in teamcity that can use the default private key to pull your source.

You may need a third party plugin like this

I don't know why but choosing Default Private Key failed to me.
Then I choose to Custom Private Key as screen shot below:
The Username field has to be empty.
The Passphrase field is the password of the your private key
(Assume you have added the public key of this private key in git already.)
Hope no one got stuck like me !

Related

Getting "fatal: Authentication failed" -error when sending git commands in Windows 10

After updating domain password, accessing git-repo is no longer possible. VS Code and Source Tree as well as Visual Studio are returning the following error message on pull, push, fetch etc..
fatal: Authentication failed
Normally a credentials pop-up should appear however this is not happening. Also the common recommendation is not working:
git config --global credential.helper wincred
The password is stored in windows credential manager and needs to be updated. Open command prompt and enter the following command to view the list of stored passwords:
rundll32.exe keymgr.dll,KRShowKeyMgr
Scroll down in the list until you spot the git-related entries. Click it and edit the correct password.
Voilà!
I agree with Jesper, Other way to do is - On windows, if you can navigate to :
Control Panel\User Accounts\Credential Manager
Under Windows Credentials\Windows Vault page on Generic Credentials, you can update the password of existing GIT record or can also add new Generic Credentials.
Updated answer for Mac users :
In case if you're here with similar issue on Mac, you can do similar thing in keychain access - by deleting the existing GIT record, & then if you pass your credentials again in git bash or any other tool a new record gets created, things should work.
Try the following:
Click Start
Type: Credential Manager
See the Windows Credential Manager shortcut and double-click it to open the application.
Once the app is open, click on the "Windows Credentials" tab.
Locate the credentials that you want removed, they will start with "git:" and might begin with "ada:"
Click on the credential entry, it will open a detail view of the entry.
Click Remove and confirm removal when prompted.
I have experience a similar issue with Windows 10 and here's how I have solved it:
From Windows Search, type Credential Manager:
Open Credential Manager, and navigate to Windows Credential Tab:
You should see an entry for git credentials in Windows Credential Manager:
Here is the root cause, this git credentials is locally cached/saved to your local computer, and since we have changed our Active Directory password, it is currently out of synch.
Click Edit, and change this to your new/changed Active Directory password (this password has to match your new/changed Active Directory password) :
Note: This is for using git with https only, not for SSH: https://docs.github.com/en/free-pro-team#latest/github/using-git/which-remote-url-should-i-use
Save, it should work (does not require terminal or machine restart).
Lastly, if you do not have access to Credentials Manager (due to admin/security policy), you can force git to prompt for password by do a git pull from the specific repo by using username based repo url, e.g.
git pull https://{yourgitusername}#{gitrepo}.git
Note that, this is repo specific so you will have to do this each repo.
Good luck.
Nothing worked for me, even uninstall git and reinstall. What worked for me was to create a Personal Access Token from your github account and use that as the password. This page will detail the procedures: https://medium.com/#ginnyfahs/github-error-authentication-failed-from-command-line-3a545bfd0ca8
I faced the same issue and none of the above mentioned solutions did work. Finally I just removed git for windows and reinstalled the same without any credential managers. This solved the authentication issue with git.
Using Git for Windows (2.30.0), with the cross platform credential manager, with the remote set as a https GitHub address, to a public repository, doing git push by itself wasn't sufficient.
Instead I had to explicitly do git push origin main (replace main with master, or whatever your branch is) to have Git for Windows load a GitHub authentication page where I could authorize the application.
Creating a personal access token, as noted in another answer, was not necessary. Windows credentials were not present in Windows Credential Manager, but were added as Generic Windows Credentials via this method.
I had the same issue when Cloning the repository via Bash/VS Code with "fatal:Authentication failed". I used SSH Key authentication instead to connect my repository following the article: [https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops&tabs=current-page][1]
I didn't get any errors after with any bash commands!
Above solution works only if your machine can SSH.
Try to manually remove setting
credential.helper=wincred from
C:\Users\<YOUR LOGIN>\.gitconfig file it it's there.
For me it helped after password change in LDAP.
Command to change setting didn't helped.
Honestly, what worked for me was installing the latest version of Git (2.36.1) to the day of this comment.
Happened the same: it stoped working after I changed the AD password. But it seems to be a bug in older releases.
This was a tip that Azure DevOps gave:
The only thing which worked for me was to remove the remote and add it back. I have tried deleting the credentials and even reinstalling the git the latest version. But the suggested way to access the remotes repos from Github and Microsoft DevOps is by using a shared key.
I was having the same problem and the best solution would be to insert whenever putting " git clone https://#praat.scm.azurewebsites.net:443/.git " [Insert after http:// your username and # ] and the cloning will work.

Xcode5 bot cannot authenticate to git repo

I've set up a Mavericks box with OS X Server and Xcode 5.01. My source code is on a git repo that I have to access via https with a username and password.
In Xcode (on the same machine), I've cloned the project, built it and run it to check that all is fine. Then I've created a bot, selected the current server and scheme, and hit "integrate now". It fails after 5 seconds. I get:
Cloning into 'https_code_saers_com_myproject'...
fatal: could not read Username for 'https://code.saers.com': Device not configured
I checked that Xcode5 could pull new commits, so it has the username and password, yet by bot does not. Also, the "Device not configured" confuses me.
Any suggestion to how I can explicitly set the Username and Password?
Cheers
Nik
This may just be confusion in terminology, but the bot itself shouldn't be connecting to your repository. OSX Server does that. Before you can create a bot, you should've had to setup your repository in Server. When you do that, you get the opportunity to set username and password for accessing the repository.
It sounds like perhaps you have XCode configured to synch with your repository, but you must separately set up Server to access it as well. See the "XCode" tab in the Server app.
you may be running into the same problem we had- it was passphrase-protected keys. xcode + server + git cannot properly use passphrases on the keys.
thus, you must use a pashphrase-less key with os x server connecting to the git repo.
ssh-keygen -p
hope it helps.
edit: you might need to enable HTTP access to the git repo with this command:
git update-server-info # If planning to serve via HTTP

Git on Windows - How to authenticate with remote repo on Linux

Due to some serious problems with a Git repo on Windows over HTTP, we're moving our Git 'server' to Linux.
Assuming I have already the msysgit for Windows installed and Putty, how will I authenticate the SSH connection when I clone, pull and push?
In case of SSH:
on the server, you'll need to allow authentication with public and private keys, you can google how to do it, for example http://shapeshed.com/setting_up_git_for_multiple_developers/
on the client, just put your private key into .ssh folder in your windows home, for example C:\Users\Name\.ssh, much like on unixes.
You can still use HTTP, it will either (1) always ask for username and password or (2) you can also put username and password into the URL: https://username:password#git.mydomain.com/...
This page has everything covered about using PuTTy for Git public key authentication.
In short:
Generate keypair with puttygen
Put the public key in server
In your local computer, set GIT_SSH environment variable to point to plink.exe
Run putty pageant and load your private key there
I recommend working through this tutorial.
The caveat is that it talks about github, so the story of telling the server about your SSH key is different.
What's also different is how do you intend to manage your developers.
The "problem" is that SSH operates with real remote (server-side, I mean) users, which have to have regular Unix system accounts.
This is okay if you have just a handful of developers. You then just need to add all of them to a special group (say, devel) and make sure you initialize your server-side bare repos using git init --bare --shared=group and make them group-writable and belonging to that group devel (this might also be helped out by creating all the repos under a directory which has its "group sticky bit" set and belongs to that group devel).
To distribute the public part of a developer's key to the server in such a setup you have to literally copy and paste that key part (from the developer's id_rsa.pub file, it's ASCII) to the file /home/developer/.ssh/authorized_keys file. If that file does not exist, create it.
If the key was generated on a machine with OpenSSH client installed, you can transfer the key using the ssh-copy-id program, in one step.
This might become messy, so you might consider implementing a solution which virtualizes Git users (like github does). There are plenty to choose from:
gitolite — supposedly the most popular solution. No frills, is administered using a specialized admin Git repo holding the developers' public keys and a configuration file describing the repos and permissions on them. Plain Perl, installable as a package on most sensible distros.
gitlab — a turn-key all-in-one solution. Written in Ruby, so you might face maintenance nightmares.
gitblit — another all-in-one solution, written in pure Java (note that it does not call out to vanilla Git and uses a pure Java Git layer — JGit).

Linking heroku app to a private(organization) github repo

Working on local, pushing changes to Heroku works and the app works as expected. However I am having trouble linking heroku app to a private repo on Github.
Current configuration looks something like this
git#github.com:{Organization}/{project}.git
Where should I configure username/password for the private repo?
I tried (even though this is not the preferred way)
username:password#github.com/{organization}/{project}.git
would appreciate any pointers regarding this.
EDIT:
I failed to mention that I am setting it under app settings in Heroku.
git#github.com:{Organization}/{project}.git
This is an ssh address, with the authentication managed by public/private key: make sure your public key is published among the collaborators' keys for that Organization.
No "username" or "password" here.
username:password#github.com/{organization}/{project}.git
That could be correct if you use that remote address as an HTTPS address.
Note that Honza Javorek mentions in "How do I access a private github repo from heroku?" in Nov. 2020:
Heroku only supports HTTP(S) Basic authentication with Git out of the box.
That's unfortunate as it means you'd need to add your credentials as part of the installation URL and commit that as plain text in your list of dependencies.
He suggests to create a new GitHub SSH key and follow the heroku-buildpack-ssh-key process:
heroku buildpacks:add https://github.com/heroku/heroku-buildpack-ssh-key.git -i 1
heroku config:set BUILDPACK_SSH_KEY=$(cat ~/.ssh/id_rsa_heroku)
If you want to use a private repo, heroku needs to send github some sort of token as you know. If you create a deploy key on that private repo, you can use https://github.com/siassaj/heroku-buildpack-git-deploy-keys

Teamcity and gitosis authentication issue

I've a git repository administered by gitosis on my server. On the same server I have teamcity for my CI.
I can't seem to connect to the git repository through teamcity.
I've an Administrator user that can access the repository (its under a git user on the same server) through cygwin, however when I try to setup teamcity to access with the Administrator's private key I get an authentication issue: 'Connection test failed: com.jcraft.jsch.JSchException: Auth fail'.
In team city I have username style as email, authentication method as private key, the username is the same as the public key and the path to the private key is correct.
When using password access I'm told the path doesn't look like a git repository, even though it is and works fine through cygwin.
If anyone has teamcity connecting to a gitosis repository please let me know how you managed it.
I've solved the problem.... I was using the wrong user type. I was using just user name not user name email.

Resources