In CircleCI, we need to add_ssh_keys to access another private repo that is not in the organization.
We are using fastlane match in the jobs so it is not simple checkout.
e.g.
- add_ssh_keys:
fingerprints:
- "SO:ME:FIN:G:ER:PR:IN:T"
How do you do that in GitHub Actions?
You can use the install SSH key action. Just make sure you’re using a SSH git URL in your Matchfile, not a HTTPS URL.
Related
GitHub provides documentation here about how to include submodules correctly so that they can be checked out by the "build and deploy" action.
My problem is that one of my submodules is a private repo and so this Action fails every time when GitHub's server is unable to check out this repo. The thing is that I don't really want GitHub to do anything with this submodule. All of the documentation (HTML generated by doxygen) is in the main repo in the docs folder.
The only other solution I found was to get a deploy key for the private repo to allow GitHub's server to access it, however, as I've said, I don't want or need this anyway. Plus, I don't actually own the private repo and I don't want to have to ask for a separate deploy key for this.
Try to create Node.js app in OpenShift in terminal, like this:
./oc new-app https://j4nos#bitbucket.org/j4nos/nodejs.git
Source code in BitBucket in a private account, how to set credentials? Once it asked for password, but not again. How can I set credentials?
Added annotated secret from GUI: repo-at-bitbucket
I have read Private Git Repositories: Part 2A tutorial, strange that for HTTPD app there is a Source Secret filed to select secret, but not when Node.js + MongoDB combo is selected. Why?
Ahh .. need to select pure Node.js app.
You need to authenticate to the private git repository. This can be done a few different ways. I would suggest taking a few a minutes and reading this blog series which outlines the different methods you can take.
https://blog.openshift.com/private-git-repositories-part-1-best-practices/
After reading first through initial few posts explaining concepts and doing it with GitHub, only then look at the BitBucket example.
https://blog.openshift.com/private-git-repositories-part-5-hosting-repositories-bitbucket/
Those GitHub examples have more explanation which will then make BitBucket example easier to understand.
The likely reason you were prompted for the password when running oc new-app is that you used:
oc new-app https://j4nos#bitbucket.org/j4nos/nodejs.git
Specifically, you didn't specify a S2I builder to use. As a result, oc new-app will try and checkout the repo locally to analyse it to try and work out what language it uses. This is why it would prompt for the password separately.
It is better to specify the builder name on the command as:
oc new-app nodejs~https://j4nos#bitbucket.org/j4nos/nodejs.git
This is an abbreviated form of the command and is the same as running:
oc new-app --strategy=source --image-stream nodejs --code https://j4nos#bitbucket.org/j4nos/nodejs.git
If you specify the builder, it already knows what to use and doesn't analyse the code so will not prompt for the password, plus you wouldn't need user in the URI.
Either way, when building in OpenShift you still need the basicauth secret and should annotate it so it knows to use the secret for that build.
I'm trying to migrate from OpenShift 2 to OpenShift 3.
I have created a new app on OpenShift 3 but I'm struggling to clone my BitBucket private git repository to it. (I had no problem with OpenShift 2).
I have tried setting secrets (SSH or Basic Authentication) in Build/Advanced Options but without luck.
Here is the error message :
Cloning "git#bitbucket.org:(myusername)/(myrepository).git" ... error:
build error: Host key verification failed. fatal: Could not read from
remote repository. Please make sure you have the correct access rights
and the repository exists.
The steps if working from the command line are as follows:
1) Create a new SSH key pair for use with the repository. This cannot have a passphrase.
ssh-keygen -C "openshift-source-builder/repo#bitbucket" -f repo-at-bitbucket -N ''
This will generate files:
repo-at-bitbucket
repo-at-bitbucket.pub
being the private and public key files.
2) Go to Settings->Access keys for the repository on BitBucket, select Add key and in the popup window enter the key name openshift-source-builder and paste in the contents of the public key file. In this case repo-at-bitbucket.pub. Confirm creation by clicking on Add key on the popup window.
3) Create a secret in OpenShift for the key by running:
oc secrets new-sshauth repo-at-bitbucket --ssh-privatekey=repo-at-bitbucket
4) Enable access to the secret from the builder service account.
oc secrets link builder repo-at-bitbucket
5) In order that OpenShift knows the secret is for this specific private Git repository and automatically uses it, annotate the secret with the SSH URI for the repository.
oc annotate secret/repo-at-bitbucket \
'build.openshift.io/source-secret-match-uri-1=ssh://bitbucket.org/yourusername/private-repo.git'
Very important here is the form of the URI. In the BitBucket web interface it will show it as:
git#bitbucket.org:yourusername/private-repo.git
Do not use that. You need to use the SSH form of the URI here.
6) We can then deploy the application from the private Git repository.
oc new-app httpd~git#bitbucket.org:yourusername/private-repo.git --name mysite
Okay to use git#bitbucket.org:yourusername/private-repo.git here, or could also use the SSH form of the URI.
You can also do all this from the web console instead. Important if creating the secret as a separate step in web console to link the builder service account when doing that. If create the source secret when deploying, then it will automatically link the builder service account.
Note that if the OpenShift instance has a firewall between it and BitBucket and SSH connections are blocked, this will not work. In that case you need to fall back to using a personal access token (app password) over a SSH connection using HTTP basic authentication.
These details are now much better explained by the blog post series starting with:
https://blog.openshift.com/private-git-repositories-part-1-best-practices/
I can't seem to create a project from a url when using TeamCity. I am hosting my code on bitbucket using mercurial. When I enter the repository URL, I get this error:
Cannot create a project using the specified URL. The URL is not
recognized.
My url looks like this:
https://logeyg#bitbucket.org/logeyg/tracs-enhancements
And I am of course supplying a username and password. I have tried removing the 'logeyg#' but that doesn't work either.
Did you try SSH URL? What exact version of TC do you use?
There were some fixes in 9.0.2 version (https://youtrack.jetbrains.com/issue/TW-39730), maybe it is also for BitBucket.
Btw. I've just tried with internal Git repo and it works fine with both HTTPS and SSH protocols. Maybe there is a problem with BitBucket itself.
There is a ticket suggi(https://youtrack.jetbrains.com/issue/TW-48788) suggesting mercurial may not be installed.
Ensure mercurial is installed (https://www.mercurial-scm.org/)
Try https://bitbucket.org/logeyg/tracs-enhancements/src without the username and add /src
Check the Admin-> Diagnostics -> Server Logs -> teamcity-vcs
This will provide more info eg. invalid credentials, hg not installed.
If your using bitbucket. Use the clone project URL. Once you do that the "create project URL" in TC will auto detect everything. I user Https and not ssh. Thanks
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
Continuous Integration stack on Windows with Mercurial + Mercurial Queues?
If so, what does your build process look like?
I'm having a difficult time (mostly because of my lack of experience/understanding of all 3 tools) getting TeamCity to run my FinalBuilder scripts. Right now I have FinalBuilder managing all the source control checkouts and TeamCity basically just running the FinalBuilder script and reading in the NUnit test results, but it doesn't work due to authentication errors while executing mercurial commands to kiln.
If you've installed the Kiln Client on the machine running your FinalBuilder script, you'll have access to the "kilnauth" mercurial extension that should solve this problem for you.
Just log on to the build machine as the user that runs the FinalBuilder script and manually execute one push or pull command from the Mercurial repository you're trying to use, you'll be asked to authenticate. Authenticate once, and the Kiln Client extensions will remember this authentication for this user...and any subsequent runs by the FinalBuilder script should authenticate just fine.
Does this solve the problem for you? It's the best solution as it doesn't store any username or password on your machine. There are obviously other possibilities, like changing the path of your Mercurial to use the format http://{username}:{password}#{kiln url}...but this isn't as nice or safe as the technique above.
Does this make sense?
I don't know anything about Kiln, but I've just started working for VSoft and am working on a Mercurial action for the next version of FinalBuilder. Hopefully some of this will help.
Are you athenticating via SSH or SSL? Can you pull/push to the repository from the command line? Pretty much anything you can get to work from the command line should be possible with FinalBuilder.
To authenticate to BitBucket via SSH, I did the following:
download puttygen and pageant
create a new SSH key in puttygen
add the private key to pageant
add the public key to BitBucket
From there, I can successfully
hg push ssh://hg#bitbucket.org/user/repo
NB, I also have TortoiseHG installed, and Mercurial is using TortoisePlink as the ssh client.
If you're using SSL, you can store the username/password combo in your FinalBuilder action. To turn a TextEdit box into a password field, change the PasswordChar property from #0 to *. Then in the ReadData event, add something like
Page.tbPassword.Text = DecryptString(Properties.PropertyAsString("Token"));
and in the WriteData event, add
Properties.PropertyAsString("Token") = EncryptString(Page.tbPassword.Text);
When you add the Token property to your action, tick the Property is Hidden from Action Inspector and Property is Read Only in Action Inspector options.
To generate your repository string, you'll want to do something like this in the Action's GetCommandLine event:
var repo = Context.Properties.PropertyAsString("Repository");
var username = Context.Properties.PropertyAsString("Username");
var password = DecryptString(Context.Properties.PropertyAsString("Token"));
var repo = "ssh://" + username + ":" + password + "#" + repo;
CommandLine.AddArgument("push", repo, qtNone);
NB, I haven't tested that code, but hopefully it gives you an idea.