I have made github actions and written code for react native in .yml file
I need to pass security secret actions but I am not able to access Repository secrets appid and password and I need to pass that in action script but I m not able to access that
Created action script and getting error like:
What went wrong:
A problem occurred evaluating root project '***'.
Could not get unknown property 'application_id' for Credentials [username: null] of type org.gradle.internal.credentials.DefaultPasswordCredentials_Decorated.
can someone guide me right method to pass repository secrets
help will be much appreciated
I have already added secrets in actions secrets but unable to fetch in action script,
- run: |
cd project_name && yarn
cd android
./gradlew clean build
-PAPPLICATION_ID=$APPLICATION_ID // name from action secrets ID
-PPASSWORD=$PASSWORD // name from action secrets Password
an easy way to set secrets value as environment variables, you could simply do:
- name: build
env:
APPLICATION_ID: ${{ secrets. APPLICATION_ID }}
PASSWORD: ${{ secrets. PASSWORD }}
run: |
cd project_name && yarn
cd android
./gradlew clean build
-PAPPLICATION_ID=$APPLICATION_ID // name from action secrets ID
-PPASSWORD=$PASSWORD // name from action secrets Password
Related
I'm building an apptainer/singularity multi-stage recipe in a gitlab CI environment.
The first step of the recipe is built from an image hosted in a private registry, whereas the second built from an image hosted on dockerhub. Something like this:
# First stage
BootStrap: docker
Registry: <my_private_registry>
From: <my_image>
Stage: base
%files
...
%post
...
# Second stage
BootStrap: docker
Registry: index.docker.io
From: continuumio/miniconda3
Stage: final
%files from base
...
%post
...
Since the first registry is private, in the gitlab CI instance I'm setting the variables APPTAINER_DOCKER_USERNAME and APPTAINER_DOCKER_PASSWORD, as suggested here for CI/CD workflow.
This allows to build the first stage of the recipe succesfully.
Unfortunately, when the build of the second stage starts, it fails with:
> FATAL: While performing build: conveyor failed to get: unable to retrieve auth token: invalid username/password: unauthorized: incorrect username or password
I think because the credentials for my private registry are passed to dockerhub in the second stage.
How can I login to different registries in multi-stage builds?
Any idea about how to deal with this problem?
I found a way to accomplish what I wanted. The fact was that environment variables overrides other login modes.
So I deleted the APPTAINER_DOCKER_USERNAME and APPTAINER_DOCKER_PASSWORD environment variables and, using this method, I added the following before_script field to my .gitlab-ci.yaml:
apptainer:
stage: deploy
image:
name: kaczmarj/apptainer:1.1.3
entrypoint: [""]
tags:
- privileged
before_script:
- echo "$DOCKER_REGISTRY_TOKEN" | apptainer remote login --username <my_username> --password-stdin docker://$CI_REGISTRY
This way, both the private registry (stored in $CI_REGISTRY) and the public
one (dockerhub) are available.
We store our configurations on the vault and during the Github action workflow we pull this and intend to use this for the app during build time.
This is our workflow
- name: Get app configs from vault
env:
ENVIRONMENT: development
run: |
chmod +x scripts/ci/get-app-configs.sh
scripts/ci/get-app-configs.sh
echo "action_state=yellow" >> $GITHUB_ENV
- name: Set .env to process.env of github actions
uses: cardinalby/export-env-action#v1
with:
envFile: '.env'
expand: 'true'
- name: Generate APK
env:
EXPO_TOKEN: ${{ secrets.EXPO_TOKEN }}
run: |
echo "${{ env.action_state }}"
echo ${{ env.FIREBASE }}
eas build --platform android --local --profile development --non-interactive
The Get app configs from vault step creates an .env file with the following contents
FIREBASE={firebase_config_string}
And then inside firebase.ts we do this.
const firebaseConfig = JSON.parse(process.env.FIREBASE as string) as FirebaseOptions;
The app works fine when testing on an emulator but when testing the actual APK on a physical device, it always crashes. And in the logcat I keep seeing this error E AndroidRuntime: com.facebook.react.common.JavascriptException: SyntaxError: JSON Parse error: Unexpected identifier "undefined", stack:.
I've already narrowed it down to the firebase.ts process.env since the app doesn't crash when the config is hard coded.
I can see the env.FIREBASE as an env variable inside the Generate APK step so it's being passed to other steps fine. And the echo also prints out the value fine.
Is it not possible to access the env variables of Github action within the code during build time? Or are there other ways to achieve this?
Kept the github workflow as it is.
Fixed by using expo-constants.
Renaming the app.json to app.config.js to be able to add the following lines:
import 'dotenv/config';
export default {
expo: {
extra: {
ENV_VAR: process.env.ENV_VAR,
},
},
};
And access the said variable from the app by
import Constants from 'expo-constants';
const ENV_VAR = Constants.manifest?.extra?.ENV_VAR
I'm trying to deploy my static site to Azure storage but have been having issues getting the site open correctly even though the github action executes without errors and the files seem to be in place. In the browser, index.html seems to load along with the css and js.... but the site does not run properly. The console shows a failure in the js:
The odd thing is that I don't have any issues using the azure storage extension in vscode or using the azure cli:
az storage blob upload-batch --account-name <ACCOUNT_NAME> -d '$web' -s ./dist --connection-string '<CONNECTION_STRING>'
when I deploy from my laptop.
My github action looks like this:
name: Blob storage website CI
on:
push:
branches: [master]
pull_request:
branches: [master]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: npm install
run: |
npm install
- name: npm build
run: |
npm run build
- name: Azure Login
uses: azure/login#v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure CLI script
uses: azure/CLI#v1
with:
azcliversion: latest
inlineScript: |
az storage blob upload-batch --account-name <ACCOUNT_NAME> -d '$web' -s ./dist --connection-string '${{ secrets.BLOB_STORAGE_CONNECTION_STRING }}'
# Azure logout
- name: logout
run: |
az logout
based on this article here.
I thought that it might be due to the azure cli version, but none of the versions I've tried have made a difference.
Any ideas why my site broken using github action and azure cli to deploy?
For anyone interested - I was missing environment variables during the build process in the GitHub Action. I was able to pass these without checking in the .env files using github secrets.
There's now a step in the action to create a .env,
- name: Set Environment Variables
run: |
touch .env
echo ENVIRONMENT_VARIABLE=${{secrets.ENVIRONMENT_VARIABLE}} >> .env
and another to remove it:
- name: Remove Environment Variables
run: |
rm .env
I have a very basic integration configured for Gitlab-CI but it fails almost at the beginning when it has to clone the code.
My integration is this:
image: node:latest
stages:
- build
- test
cache:
paths:
- node_modules/
- dist/
build-prod:
stage: build
script:
- npm install
- npm run build-prod
artifacts:
paths:
- node_modules/
- dist/
test_with_karma:
stage: test
script: ng test
And the error that I get is this:
Running with gitlab-runner 11.7.0 (8bb608ff)
on fakehost 2eaf11ea
Using Docker executor with image node:latest ...
Pulling docker image node:latest ...
Using docker image sha256:8c67bfd7b95bdc535edc4a4144f5392b0f73efd6385fbcb47747d028d7059359 for node:latest ...
Running on runner-2eaf11ea-project-56-concurrent-0 via fakehost...
Cloning repository...
Cloning into '/builds/redacted/frontend'...
remote: You are not allowed to download code from this project.
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx#working-domain.com/redacted/frontend.git/': The requested URL returned error: 403
/bin/bash: line 65: cd: /builds/redacted/frontend: No such file or directory
ERROR: Job failed: exit code 1
What is the problem here?
Check if this is covered by gitlab-org/gitlab-ce issue 39469
YAY - it works for me. This problem seems to have multiple solutions.
The one that worked for me is #44855
To summarize. Being an Administrator on Gitlab does not mean you have the "access" to do whatever you want to do in Gitlab.
"Unable to access" permissions applies to the person who is logged into Gitlab and running the job.
To fix the problem - the person / account running the job must be a member (master) of the project.
This will apply to private projects.
It is not necessary to make a private project Public even though that appears to fix the problem. GITLAB suggests you must have https for the project to work you can use http.
SOLUTION - add your account to the project even if you are the Administrator
And:
Conrad has described it correctly.
You need to have rights to the project to run pipeline, however, as administrator, you can start any pipeline.
I've got the case when the user being Admin in Gitlab could push his commit from command line, although theoretically having no rights to project - and the pipeline has failed.
This inconsistency need to be fixed, either Admin user should not be able to push/start pipeline, having no rights for it, or he should authomatically be granted all rights to all projects. I'd prefer the first one, because it separates gitlab administration from project rights. Sometimes I prefer not having full rights, just like working as non-root under Linux.
I mirrored a private repository from Github to run builds with gitlab runner. My project has private gems hosted on Github and the build is failing with
Fetching git#github.com:private/gem.git
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Retrying `git clone 'git#github.com:private/gem.git' "/builds-ci/gitlab/repo/vendor/ruby/2.4.0/cache/bundler/git/gem-a356dd016736a58b8b77677e8d7df689f8f43ada" --bare --no-hardlinks --quiet` due to error (2/4): Bundler::Source::Git::GitCommandError Git error: command `git clone 'git#github.com:private/gem.git' "/builds/gitlab-ci/repo/vendor/ruby/2.4.0/cache/bundler/git/gem-a356dd016736a58b8b77677e8d7df689f8f43ada" --bare --no-hardlinks --quiet` in directory /builds/gitlab-ci/repo has failed.Host key verification failed.
fatal: Could not read from remote repository.
I used personal Github access token to mirror private repositories from Github to Gitlab. There is a way to use Github access token to clone private gems with bundler without the need to set up SSH keys:
export BUNDLE_GITHUB__COM=x-access-token:<token>
Do I need to create a separate access token and paste it into .gitlab-ci.yml
image: ruby:2.4.1
variables:
BUNDLE_GITHUB__COM=x-access-token:<token>
...
Or I can use the token which I used to mirror repositories from Github? Like this
variables:
BUNDLE_GITHUB__COM=x-access-token:$SOME_GITLAB_JOB_ACCESS_TOKEN
?
I managed to do it with adding BUNDLE_GITHUB__COM to .gitlab-ci.yml commiting it to the source code for now:
# .gitlab-ci.yml
variables:
BUNDLE_GITHUB__COM=x-access-token:<token>
...