I successfully added a private repository to my pom.xml with credentials in settings.xml
and locally the build works fine (with a cleared cache - just to be sure).
But how would I pass the settings.xml entries to cctrlapp APP_NAME/dev push?
The build fails due to failing authentication against the private repository (Bitbucket in this case): the downloads contain a 401 resonse HTML "Please log in".
I investigated for the system.properties as well as the log
-----> executing /srv/tmp/buildpack-cache/.maven/bin/mvn -B
-Duser.home=/srv/tmp/builddir
-Dmaven.repo.local=/srv/tmp/buildpack-cache/.m2/repository
-s /srv/tmp/buildpack-cache/.m2/settings.xml
-DskipTests=true clean install
which does not seem an option for overriding.
Thank you very much in advance.
We provide the public key specific to your app in the application details. By adding this to Bitbucket (or any repository service supporting access via SSH) and specifying SSH when accessing the private repository the platform will be able to authenticate using the private key.
$ cctrlapp APP_NAME details # will show the public key
Related
I am trying to install an R package from a private git repository hosted on my employer's internal Bitbucket server.
I have had success using remotes::install_git() for other projects on public servers in the past however for this specific project I need to connect to the repository via an HTTPS url and use a personal access token (PAT) to authenticate. The remotes::install_git() documentation includes an entry for adding credentials, but the documentation for this option is sparse. There is a lot of documentation for remotes::install_github(), but as this is not a github hosted repository, many of the suggestions there do not seem to work.
My go to :
gitcred <- git2r::cred_user_pass(username="$(USERNAME)",password="$(PAT)")
#here you can put any private repo such as devops azure or bitbucket, etc..
remotes::install_git("https://dev.azure.com/XXX", credentials = gitcred)'
I have two organization in my Azure DevOps. I need to create a build pipeline
in one organization using a git repository from another.
For "Get Sources" I've created a connection for "Other Git" and specified my user name/password. Running the pipeline fails:
fatal: Authentication failed for 'https://:#abc.com/abc.Kernel/_git/ABC.Kernel/'
[warning]Git fetch failed with exit code 128, back off 2.662 seconds before retry. Is there any solution?
I've created a security token and used it instead of the password. It worked.
When it comes the Azure DevOps there are several ways to manage git repositories. First make sure that you are using the source that will get you the result that you expect. Other Git is listed as a "generic" protocol (see supported-repository-types). I would recommend that you use a Service Connection that has read access to the other orgaization.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops
If you really want to use "Other Git", you will have to make sure you enable access to the repo from the organization's settings page. see change-application-access-policies
New to Artifactory so please bear with me.
Trying (and failing) to create new access token.
The GUI in Artifactory has nothing for this but points to a users guide (https://www.jfrog.com/confluence/display/RTF/Access+Tokens) which talks about managing access tokens through a WAR file.
Here is the blurb:
Access Service
From Artifactory version 5.4, access tokens are managed under a new service
called Access which is implemented in a separate WAR file, access.war. This
change has no impact on how access tokens are used, however, the Artifactory
installation file structure now also includes the added WAR file under the
$ARTIFACTORY_HOME/webapps folder. Artifactory communicates with the Access
service over HTTP and assumes it is running in the same Tomcat using the
context path of "access".
OK, great. So how do I access this thing?
I also don't know much about web apps/servers. Prior to today, I thought WAR was a fight between nations :-)
My Artifactory server proc is running, and I can confirm that the access war file (apparently a jar file of sorts) is in the webapps dir.
I am able to get a artifactory via "http://myserver:8081/artifactory/webapp/#/home".
As it turns out, I believe the interface to manage access tokens is not provided through a gui. Rather, you have to use REST and curl commands.
The documentation mentions:
It is up to the Artifactory administrator to make sure that all participating instances are equipped with the same key pair.
That means you need to have access to the server (where Artifactory is installed).
On that server, the folder where Artifactory is installed is reference ARTIFACTORY_HOME.
That is what is used in the next doc extract:
Start up the first Artifactory instance (or cluster node for an HA installation) that will be in your circle of trust. A private key and root certificate are generated and stored under $ARTIFACTORY_HOME/access/etc/keys.
Copy the private key and root certificate files to a location on your file system that is accessible by all other instances/nodes that are in your circle of trust.
Before bootstrapping, for each of the other instances/nodes, create the $ARTIFACTORY_HOME/access/etc folder and create a properties file in it called access.bootstrap.config with the following contents:
key=/path/to/private.key
crt=/path/to/root.crt
When each instance/node starts up, if the $ARTIFACTORY_HOME/access/etc/access.bootstrap.config file exists, then the private key and root certificate are copied from the specified location into the server's home directory under $ARTIFACTORY_HOME/access/etc/keys.
I have a repo that is currently private. My Firebase deployment token is stored as an Env Var in the CircleCI GUI. The CircleCI 2.0 documentation clearly states
Do not add keys or secrets to a public CircleCI project
Also, from what I can find in the FAQ, a CircleCI project is made public if the associated GitHub repo is made public.
Now, I intend to open source the project on GitHub, will it make the Env Var in CircleCI visible to anyone since the CircleCI project will become public?
If the Env Var is publicly visible, what is an advised way to keep my deployment token hidden from others? Do I have to resort to a solution like GCP KMS?
A CircleCI Employee clarified this for me on their forums.
That warning is meant for the config[.yml]. You can use UI-based CircleCI environment variables safely.
If the repo/project is public, you'll just want to make sure that:
envars in forked builds are turned off in settings
you don't echo/print those variables to build output at all since that might be visible to the public
So it is possible to have a public repo (and thus public CircleCI project) with deployment keys safely configured in the CircleCI GUI.
It sounds like you're using CircleCI for your repo, but the open-source version of your project won't require deployment tools like Firebase. If that's right, then you should keep the Firebase deployment token wherever it's convenient and secure for you.
It also sounds like maybe you're just keeping the deployment token directly in your repo right now, since that's private. If you only have a handful of secrets in your repo, something like git-crypt might meet your needs. Once you hit a larger volume, you're probably going to want something centralized, and using Cloud KMS to encrypt secrets is one option.
I have an ec2 instance running on AWS. Aegir installed and drush make works perfect for installing new platforms except when I need to download a theme from a private github repository.
drush make doesn't have access to the github private repository and fails the platform install.
How do I overcome this? Is there some fancy way to give drush make or the aegir user ssh keys for the git repository?
I don't know much about ssh-agent, but I figured maybe getting that to run all the time on my server so aegir will have access to my github.
how to make drush make access a private github repository?
Generate an SSH key on the EC2 instance, then add the public key (usually id_rsa.pub) to the private repository as a deoploy key.
stevenh512 is right,a step by step explanation follows:
Disclaimer: I use GitLab + custom VPS on Centos but the same workflow can be applied on any hosting (with ssh) and GitHub (ps I love GitLab for private repos)
Login to VPS as aegir, probably you can’t (if you configure your server tightly secure) so login as root an su aegir
Go to home dir (cd /var/aegir) and check is you have an SSH key. If you have one jump 1 step.
cat ~/.ssh/id_rsa.pub
If you don’t have create one and don’t use a pass-phrase (for more info http://community.aegirproject.org/node/30#SSH_keys but there are solutions if you want a pass-phrase). After the creation you will have the key’s random image. (Study the SSH it's too important for security!)
ssh-keygen -t rsa
Copy the key and then go to you GitHub/Lab->account/profile settings->SSH keys->Add SSK key. For title give anything you want (like: Aegir Key) and for key paste the key from your server.
cat ~/.ssh/id_rsa.pub
Now back to server you must add the Git as known host, we go the easy way: just login with ssh and type yes when it will ask for connection. Ready!!
ssh git#github.com
- or -
ssh git#gitlab.com
Testing: make a .make file and save it somewhere public (like Dropbox, right click copy public url) like:
core = 7.x
api = 2
projects[drupal][version] = 7.26
projects [my_module_name][type] = "module"
projects [my_module_name][download][type] = "git"
projects [my_module_name][download][url] = "git#gitlab.com:my_repo.git"
projects [my_module_name][download][branch] = "master"
Go to aegir gui and create an new platform and wait for verification (otherwise you can ssh as aegir to the server and test it with drush make url.make folder)
Warning! This workflow isn’t the most secure! Just experiment with it and configure proper your server!
Info: This workflow also works for your local dev machine (linux, mac, cygwin) to play with private repositories on GitHub and GitLab