In my Dockerfile I want to clone a repo from github. To achieve that I applied the following command to my Dockerfile:
RUN git clone -b docker https://<pat-token>:x-oauth-basic#github.com/<mygithubaccount>/<repository.git> /myfolder
Of course, the phrases in square brackets are placeholders.
When I build the image from my Dockerfile I can read authentication error in the output:
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
I assume that is something around my authentication string. Maybe I cannot use a personal access token?
How do I correctly authenticate against github in my Dockerfile?
Fixed it - I've had a type in the token 🙈
Related
I want to git clone a private repository with two factor authentication on my mac, I already have a personal access token in my gitlab, and I'm trying to find the correct command to run on the vscode terminal.
omarfuentes#192 ~ % git clone https://gitlab.com/OmarLeonardo/frappe/proyectos/frappe-oms/frappe-server.git?personal_access_token=myaccesstoken
however the answer is:
zsh: no matches found: https://gitlab.com/OmarLeonardo/frappe/proyectos/frappe-oms/frappe-server.git?personal_access_token=myaccesstoken
If you are using a PAT (Personal Access Token) with the right scope, you should use:
git clone https://<my-user-id>:<my-token>#gitlab.com/<my-account>/<my-project-name>.git
# or
git clone https://oauth2:<my-token>#gitlab.com/<my-account>/<my-project-name>.git
That would avoid the need to URL encode your parameter.
To clarify, if you created your account with Google you can find your username in the URL to the repository. You can also see the name of your project there. So if your URL looks like the below:
https://gitlab.com/me1234567/myproject/-/tree/main
your final command would look like this:
git clone https://oauth2:my-personal-token-123#gitlab.com/me1234567/myproject.git
The User ID you see under the Gitlab Edit profile can not be used, nor your email address or the "username" you see under your avatar which starts with #
Can Google Cloud Build use an NPM token during the install process?
I'm using a private NPM package across applications and I know we can place the token within an .npmrc file
//registry.npmjs.org/:_authToken=<YOUR_AUTH_TOKEN>
But I would like to keep the token out of the codebase(s) and use SM for what it's for.
But this doesn't seem possible and the docs do not seem to cover this.
Meanwhile, posting the solution proposed by sethvargo and guillaume blaquiere for visibility.
You can set the token value as an environment variable, NPM_TOKEN. In that case, you can use the native Cloud Build + Secret Manager integration to inject the value: cloud.google.com/build/docs/securing-builds/use-secrets
If the NPM_TOKEN solution doesn't work, you can still use the Secret Manager and Cloud Build to load your token, write your .npmrc file with a script and then run your build.
I had to get experienced help for Secret Manager for this and it still took over 20 hours.
Assuming you possess general knowledge of GCP and Secret Manager and have your NPM token on-hand (found at npmjs.com/settings/USERNAME/tokens)
Create a Secret Manager secret named NPM_TOKEN with its value
being the private NPM package's automation token
Within the cloudbuild.yaml build process create an .npmrc
steps:
- name: bash
args: ['-c', 'echo //registry.npmjs.org/:_authToken=$$NPM_TOKEN > .npmrc'] <-- main takeaway
secretEnv: ['NPM_TOKEN']
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
args: ['gcloud', 'app', 'deploy']
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/NPM_TOKEN/versions/latest
env: 'NPM_TOKEN'
Now the cloud build process has an NPM_TOKEN value to pull in the private NPM package.
Getting the following error when using drone cli to add/activate repo
No help topic for 'add'
I can confirm I am successfully login and I am an admin.
{"id":1,"login":"XXXXX","email":"","machine":false,"admin":true,"active":true,"avatar":"https://bitbucket.org/account/XXXX/avatar/32/","syncing":false,"synced":1578888217,"created":1578431775,"updated":1578891320,"last_login":1578891344}
I can also list my repo using 'drone repo ls'
My guess, if you are using the add option is that you are still interacting with drone 0.8 or below, in this case the docs have been archived to an alternate location in favor of the latest version (v1.x). The old docs are still available under the following URL and help for the add option is present there:
https://0-8-0.docs.drone.io/cli-repository-add/
If you are not using 0.8 and are indeed trying to use 1.x, perhaps you are referencing improper documentation, as this cli option shifted in v1 to enable
$ drone repo enable <repo/name>
Regardless of the versions however, you will want to ensure you both have admin access to the repository (so that drone is able to add the appropriate webhooks) and also refresh or sync your repo listing in if it is something brand new:
$ drone repo sync
username/hello-world
organization/minio
...
NOTE: This might take a bit depending on how many repos you have access to
I am running version 0.8.4 as a container in my lab. CLI is also at version 0.8.4
I am trying to use a secret in a command one of my containers is trying to run.
Following the documentation has me needing to sign a repo to allow the job to consume the secret. The drone CLI does not seem to have a
drone sign command for me to run. So I create the secret with a --skip-verify=true flag. This creates the secret but when I run the job it errors out. The output in the UI shows a blank space where the secret should be injected.
Here is an excerpt of my .drone.yml where I am trying to inject secrets -s production -u ${cf_user} -p ${cf_password} --s
I have tried all the following ways to create a secret:
drone secret add <repo_name> --name <key> --value <value> --skip-verify=true
drone secret add <repo_name> --name <key> --value <value>
GUI Creation
I notice when I create an all capital name value the UI represents the value in all lowercase when the CLI shows it in capitals.
I also notice that if I include hyphens in the name and try to use that in my drone.yml the job errors out immediately with a bad substitution error.
Any help understanding what I am doing wrong would be much appreciated!
I got lost in the different documentation available. Should have been looking here rather than secret-guide.
In case I am not alone, I needed to add a secrects block in my pipeline.
I also needed to access them with $SECRET_KEY rather than ${SECRET_KEY}
pipeline:
publish:
image: governmentpaas/cf-cli
secrets: [ cf_user, cf_password ]
Just a little update on this one, I stumbled over it as well because the docs are inconsistent.
In the 0.8.5 version the only thing I had to do is:
add secrets via CLI or UI
add secrets array to utilise it
no need to pass variables to environment.
I am currently running CE version 8.17.4 and am attempting to setup a deploy key with write access (as of 8.16) so that my runner instance may commit build artifacts back to the repository. I took the following steps to set this up:
On the runner instance, I generated the ssh keypair with the command:Â
sudo ssh-keygen -t rsa -C "label" -b 4096
The generated keypair was saved to /home/gitlab-runner/.ssh/id_rsa and password protected.
Within Gitlab, I created a public deploy key from the admin console and pasted the contents of id_rsa.pub into the appropriate field and verified that the key fingerprints matched. I checked the "Write access allowed" box.Â
In the private project that I wished to enable repository access from the runner, I enabled the newly created public deploy key.
This is a LaTeX document respository, so in the .gitlab-ci.yml file, I issue the following script after building the pdf:
after_script:
 - "git commit -am 'autobuild PDF'"
 - "git push origin master"
When the changes were committed, the build ran successfully on the runner up until the git push origin master command, and this error was thrown:
fatal: Authentication failed for 'http://gitlab-ci-token:xxxxxxxxxxxxxxxx#host/project.git/'
Ok. A couple questions:
If the deploy key is just an SSH key, shouldn't it be connecting on the secure port or does this matter? I haven't found much documentation on using this new write-permission deploy key feature, so am I missing something in the steps I took above?
Do I need to include [ci skip] in the commit message to avoid looping CI builds? I saw this concern come up in the original issue tickets for this feature, but did not see whether this step was required or not.Â
Thanks for any help!
Jawad's comment worked for me: you need to force SSH. for example
git remote add ssh_remote git#host:user/project.git
git push ssh-remote HEAD:dev
thanks jawad