We have an macOS Xcode project that is built from scripts triggered by Bamboo CI. Recently, our builds have recently started failing with this message:
No certificate matching 'cert name' for team 'team id': Select a
different signing certificate for CODE_SIGN_IDENTITY, a team that
matches your selected certificate, or switch to automatic
provisioning.
Our project uses manual codesigning, and our build command is as follows:
xcodebuild -project ProjectName -target TargetName -configuration Release
CODE_SIGN_IDENTITY="Certificate Name" APP_VERSION="major.minor"
REVISION_NUMBER="build" CONFIGURATION_BUILD_DIR="output directory"
DEVELOPMENT_TEAM=${developmentTeam}
Upon running this instruction in the build script, the build fails at the Check Dependencies step with the aforementioned error message.
Running the build script locally works and the build completes successfully. This indicates that Bamboo is unable to see the signing certificate. What should I do to make the relevant certificate visible to Bamboo?
I've made sure of the following:
None of the certs are expired
The build is not waiting on a codesign dialog box
NB: Builds from as late as yesterday (Sept 11) have been successful, but those are from a different Bamboo plan branch. There have been several code changes between the branch I am building now and the previously successful branch, but none involving the project I am building.
Turns out it was my mistake.
The bamboo agent was started from a ssh prompt, causing it to be unable to see certificates for some reason, even though I was logged in as a local user (similar to this problem). Stopping the bamboo agent, then restarting it from a local terminal on the build server caused the bamboo agent to see the certs again, and builds to complete successfully.
I'm leaving this here in case others run into this problem and find this solution useful.
Related
I'm completely new to trying to implement GitLab's CI/CD pipelines, but it's been going quite well. In fact, for my ASP.NET project, if I specify a Publish Profile in the msbuild command that uses Web Deploy, it actually deploys the code successfully to the web server.
However, I'm now wanting to have the "build" job create artifacts which are uploaded to GitLab that I can then subsequently deploy. We're using a self-hosted instance of GitLab, for which I'm not an admin, but I can speak to the admin if I know what I'm asking for!
So I've configured my gitlab-ci.yml file like this:
variables:
NUGET_PATH: 'C:\Program Files\Nuget\Nuget.exe'
NUGET_SOURCES: 'https://api.nuget.org/v3/index.json'
MSBUILD_PATH: 'C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\MSBuild\Current\Bin\msbuild.exe'
stages:
- build
build-job:
variables:
CI_DEBUG_TRACE: "true"
stage: build
script:
- '& "$env:NUGET_PATH" restore ApplicationTemplate.sln -Source "$env:NUGET_SOURCES"'
- '& "$env:MSBUILD_PATH" ApplicationTemplate\ApplicationTemplate.csproj /p:DeployOnBuild=true /p:Configuration=Release /p:PublishProfile=FolderPublish.pubxml'
artifacts:
paths:
- '.\ApplicationTemplate\bin\Release\Publish\'
The output shows that this builds the code just fine, and it also seems to successfully find the artifacts for upload. However, when it uploads the artifacts, even though the request gets a 200 OK response, the process fails. Here is the log output:
So, it finds the artifacts, it attempts to upload them and even gets a 200 OK response (in contrast to the handful of similar reports of this error I've been able to find online), but it still fails due to an invalid argument.
I've already enabled verbose debugging, as you can see from the output, but I'm none the wiser. Looking at the GitLab Runner entries in the Windows Event Log on the box where the runner is hosted doesn't shed any light on things either. The total size of the artifacts is 61.1MB, so I don't think my issue is related to that.
Can anyone see from this output what's invalid? Can I identify which argument is invalid and/or why it's invalid?
Edit: Things I've tried
Specifying a value for artifacts:expire_in.
Setting artifacts:public to FALSE, since I'm using a self-hosted GitLab environment and the default value for this setting (TRUE) is not valid in such an environment.
Trying every format I can think of for the value of the artifacts:paths setting (this seems to be incredibly robust - regardless of the format I use, the Runner seems to have no problem parsing it and finding the files to upload).
Taking a cue from this question I created a new project with a very simple build job to upload a single file:
stages:
- build
build-job:
variables:
CI_DEBUG_TRACE: "true"
stage: build
script:
- echo "Test" > test.txt
artifacts:
paths:
- test.txt
About 50% of the time this job hangs on the uploading of the artifacts and I have to cancel it. The other half of the time it fails in exactly the same way as the my previous project:
After countless hours working on this, it seems that ultimately the issue was that our internal Web Application Firewall was blocking some part of the transfer of artefacts to the server, or the response back from it. With the WAF reconfigured not to block traffic from the machine running the GitLab Runner, the artefacts are successfully uploaded and the job succeeds.
This would have been significantly easier to diagnose if the logging from GitLab was better. As per my comment on this issue, it should be possible to see the content of the response from the GitLab server after uploading artefacts, even when the response code is 200.
What's strange - and made diagnosing the issue even harder - is that when I worked through the issue with the admin of our GitLab instance, digging through logs and running it in debug mode, the artefact upload process was uploading something successfully. We could see, for example, the GitLab Runner's log had been uploaded to the server. Clearly the WAF's blocking was selective and didn't block everything in both directions.
We have had a java application that's been running on bluemix for more than a year that we update periodically (a few times a week). In the last few days however, even though the build is successful, we cannot launch it. The error is the following (we never saw this before):
App/0 Error occurred during initialization of VMJul 10, 2017 12:13:14.002 PM
App/0 Could not find agent library /home/vcap/app/.java-J-buildpack/open_jdk_jre/bin/jvmkill-J-1.9.0_RELEASE in absolute path, with error: /home/vcap/app/.java-J-buildpack/open_jdk_jre/bin/jvmkill-J-1.9.0_RELEASE: cannot open shared object file: No such file or directory
The deploy cmd is
cf push "${CF_APP}" -p target/universal/myapp-SNAPSHOT.zip -b https://github.com/cloudfoundry/java-buildpack.git -k 2G
As you are able to deploy using a previous version of the buildpack, this suggests that a recent change in the buildpack may be a reason for the latest buildpack breaking.
I was going to suggest opening a ticket on the github repo, but I see you have already done that :)
I am trying to use the Publish Over SSH plugin to publish many kinds of build artifact to an external server. Examples of build artifacts are compiled builds, XML output from testing, and JSON output from linting.
If testing or linting results in errors, the build will fail or be marked unstable. In the case of a failed build, the Publish Over SSH plugin will not copy the build artifacts, writing to the console:
SSH: Current build result is [FAILURE], not going to run.
I see no reason why I wouldn't want to publish this information if it exists, and I would like to continue to report errors as build failures. So, is there any way to force Jenkins to publish build artifacts even if the job is marked as a failure?
I thought I could use the Flexible Publish to force this, by wrapping the Publish Over SSH in an "always" condition, but this gave the same output as before on a build failure.
I can think of a couple of work-arounds:
a) store the build status in an environment variable; force the status to SUCCESS; perform the publish step; recover the build status from the environment variable using java jenkins-cli.jar set-build-status $STORED_STATUS
OR
b) Write a bash script to perform the publishing step manually using SSH, cutting out the Publish Over SSH plugin altogether
Before I push forward with either of these solutions (neither of which I like), is there any piece of configuration that I'm missing?
The solution I ended up using was to use rsync/ssh to copy the files manually using a post build script. I configured this in my Jenkins Job Builder YAML like so:
- publisher:
name: publish-to-archive
publishers:
- post-tasks:
- matches:
- log-text: ".*"
script: |
ssh -i ${{HOME}}/.ssh/id_rsa jenkins#archiver "mkdir -p {archive_path}"
rsync -Pravdtze "ssh -i ${{HOME}}/.ssh/id_rsa" {source_path} jenkins#archiver:{archive_path}
Quoting old hooky on jenkinsci-users:
How can I force Publish Over SSH to work even if the build has been marked
a failure?
Use "Send files or execute commands over SSH after the build runs" in
configuration section "Build environment"
Job configuration / Build Environment / Send files or execute commands over SSH after the build runs
instead of using a post-build or build-step.
Trying to set up Jenkins on one of my servers for the first time and think I might be missing something.
Jenkins 1.545
Phing 2.6.1
Jenkins builds give me the following output.
Building in workspace /var/www/vhosts/domain.co.uk/httpdocs
looking for '/var/www/vhosts/domain.co.uk/httpdocs/build.xml' ...
looking for '/var/www/vhosts/domain.co.uk/httpdocs/build.xml' ...
looking for 'build.xml' ...
buildfile 'build.xml' not found.
Build step 'Invoke Phing targets' marked build as failure
Finished: FAILURE
If I run my build.xml on it's own it works fine.
I'm using a custom workspace at the moment, before I tried a symlink from the default workspace to my webroot, when I did that it found the build file but failed when trying to run phing. I know it's a problem with permissions but I'm not sure exactly what.
I'm running this on a plesk web server and have tried adding the jenkins user to the psacln and psaserv groups but that didn't work either.
I use hudson but I think is the same problem.
Provide to ant job the full path (advanced settings)
${WORKSPACE}/buil.xml
Assuming the correct set of jenkins user
RUN_AS_USER=jenkins
Go to the custom workspace and
chown -R jenkins:jenkins myworkspace
if it doesn't work
chmod -R 777 myworkspace
then you will fix later.
I hope it helps.
I get this error when trying to build a project using Team Build (MSBuild) on TFS 2010:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets (1970):
Cannot import the following key file: CCC.pfx.
The key file may be password protected.
To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_C00C673BBB353901
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets (1970):
Importing key file "CCC.pfx" was canceled.
It all builds OK in Visual Studio 2010. The assembly is signed with a PFX file. Usually in Visual Studio we are prompted for the password the first time we build, but then never again...
I've tried running:
sn -i companyname.pfx VS_KEY_3E185446540E7F7A
as other replies as suggested in Stack Overflow question Cannot import the keyfile 'blah.pfx' - error 'The keyfile may be password protected'. I've tried importing into the personal certificate store as suggested in Stack Overflow question Using MSBuild to sign ClickOnce or assembly results in error MSB3321. But all to no avail, still the same error.
How do I do it? Do I have to somehow add the certificate to the Windows account the build service runs under or something like that?
Alternatively, how do I make the build done in Team Build not use signing? I just want to check it compiles and run the unit tests. I don't need signing for that.
You need to adapt this answer to your specific. Something like:
sn -i companyname.pfx VS_KEY_C00C673BBB353901
What I did is not that elegant, but works: log in as the user that runs msbuild on the build machine, manually invoke msbuild, and then type in the password when prompted. It'll now be saved in that user's certificate store, and now the builds can run unattended.
What finally fixed it for me was making the account under which TFS Build service runs an administrator on the local machine.
Don't know though if any of the other stuff I was trying before also needs to be done to get it working. But before it was admin it didn't work after it became admin it worked.
I was getting the same error, and after reading your "administrator" comment - I just ran VS Command Prompt as Admin and it now works fine.
I have faced similar issue
Scenario 1: While building project in local system
In my case i was getting the manifest signing error once i download the project from TFS and build it.
To avoid this issue I right clicked on the project ==> Properties ==> Signing
then unchecked "Sign the ClickOnce Manifests"
OR
You can click Select from store button and select your login id from the dialog box open.
OR
You can install the PFX file manually and later click on More Options button to install those certificate.
Scenario 2:- Manifest error during Build
Here to resolve this error i first clicked Select from store button and select my login id from the dialog box .Then I committed that project in TFS first and then run the build.
I had following settings:
<PropertyGroup>
<SignAssembly>false</SignAssembly>
<AssemblyOriginatorKeyFile>MyKey.pfx</AssemblyOriginatorKeyFile>
</PropertyGroup>
Assembly signing was turned off, but AssemblyOriginatorKeyFile caused error during manifest sign. Removed AssemblyOriginatorKeyFile to fix it.