On my Jenkins server, I have a project that checks some source code out of SVN and runs a build script called MakeInstaller.ps1 that got checked out along with the source code. It's pretty straight-forward and this part is working great.
What's not working great is that part of MakeInstaller.ps1 attempts to do an svn export of a specific revision of some other source code, but it doesn't have the credentials to connect to SVN. When I run the build-scripts on my PC this is totally fine, because Tortoise SVN has the credentials cached.
Jenkins has my SVN credentials already, but that's only used when Jenkins checks out the source code, not when my build script attempts to check out the source code.
I've tried:
Installing the Tortoise SVN command-line tools on the machine that's running Jenkins. This fixed my initial "svn.exe not found" error, but it has no way of knowing my credentials for this server
I even logged into the SVN server using Tortoise SVN on that machine to attempt it to get it to cache the credentials, but it's still not working. I'm guessing it's because the Jenkins service does not run under the same user that I was logged in as.
I feel like I'm getting off on the wrong path though. It seems a bit odd to have Tortoise SVN installed on that machine along side whatever SVN client the Jenkins SVN plug-in is already using.
My question: Is there a way to do SVN export from inside a build-script in Jenkins and have it use the credentials that Jenkins already knows about? Can I use the same svn.exe that the Jenkins SVN plug-in is using? I really don't want to include the credentials in the build script itself.
Most of the similar questions I found involved the initial check-out failing due to bad credentials, not a check-out that happens as part of the build script.
In the end, I ended up doing something like Jenkins: Access global passwords in powershell
I had to use EnvInject because the Credentials Binding plugin was giving me an error when I tried to save the project. This involved adding another instance of my SVN password to Jenkins, and hardcoding the Jenkins user name into my build script, but it's working.
Now the build script attempts to authenticate with a dummy svn info command. If I'm running the script on my local machine, that works and it proceeds without a user-name or password. If the dummy svn info command fails, it attempts to log in with --username Jenkins and --password $env:svnpassword where the svnpassword environment variable is provided by EnvInject.
Related
I am new with Amazon codecommit.
Following their instruction, I did some works like below
make a new IAM user with AdministratorAccess
make a new codecommit repository
install awscli and did aws configure
When I right finished those things, I could pull/push from codecommit.
However it became disabled with intellij Idea.
I did something like...
I pull a project from gitlab
git remote rm origin
git remote add origin [code commit url]
git branch --set-upstream-to origin/master
Now I type git [pull / push] origin master, I got this error message.
unable to access 'https://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/test17/': The requested URL returned error: 403
When I access this url via browser, it requires id/pw. But my IAM user account information is not working.
What should I do? Is there any way to switch gitlab and codecommit in intellij?
Thanks.
IntelliJ does not use awscli. It uses the default system shell.
From the description, it looks like push/pull does not work for the command-line git in the native shell, so the issue is not IntelliJ-related.
Probably git tries to use wrong credentials save in its credential.helper, that is why it fails.
Check git config credential.helper to see if any is configured. If there is one, try disabling it or clear the saved credentials.
From the description it looks like you are trying to connect to a CodeCommit repository in Intellij using https. To do this you need to generate GitCredentials(username/password) for your iam user in the IAM console.
Detailed steps are documented in the aws documentation: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html
Once you have the username/password you can use those credentials to connect to your CodeCommit repository in Intellij.
Tested on a Mac. Your milage may vary!
I just ran into the same issue. MacOS stores the GIT UID and PW in the Keychain (in your Applications > Utilities Folder). I deleted all references to AWS Code Commit from the keychain, which forced me to reenter the UID & PW. This seems to have solve the problem.
As a side note: I think this happened because I revoked a prior GIT credential on AWS and created a new one. I think that the keychain was entering the old UID/PW which then failed during authentication.
First, you are going to want to create an IAM user with appropriate permissions and then create Git credentials. Then go to IntelliJ IDEA and say you are opening project from VCS with Git credentials, use the AWS git credentials you created and log in. Once you have logged in, you should be able to pull/push to the repo. If you are still having issues and have checked the credentials you are using are active, along with the IAM user those credentials are attached to have the right permissions, I would recommend creating a ticket on AWS support as there may be something wrong with your account that AWS staff will need to fix.
is there any way to provide username and password for git pull as command line arguments? in svn there was something like:
svn up --no-auth-cache --username $SVN_USER --password $SVN_PASSWORD
Is there any equivalent of this in git? I can't store the credentials on the filesystem.
Basically, I have a script running build for multiple correlated projects. Because the script is on a shared server and is to be run by different users, I can't store the credentials on the server. I don't want to prompt the user, because the script fetches data from multiple SVN/GIT repositories with single username/pass so I want to read the credentials once via the script and then pass them to git pull or svn up commands
If you're using HTTPS, a solution might be in this answer:
The not secure way is to include credentials in the url you're pulling, https://user:password#server.com/path/to/repo. Apparently, your credentials end up as plain text in the .git folder and/or in log files.
The secure way is to configure a "credential helper" in git. Then it will remember the credentials once they're used. It will store the credentials securely on the machine, but if you use the system-wide configuration they will apply to all users. For example, with msysgit on Windows I'd use the wincred helper: git config --system credential.helper wincred. My understanding is that --system turns the credential helper on for all repositories and all users on the system, so you'll have to decide if this is okay for your server. Disclaimer: I've only used --global before.
I haven't seen better options for your situation, but some of the real git gurus might chime in.
We in our team are planning to use gerrit. So, to get introduced, I did set up a server, used open-id for authentication and created some test-users and test-projects in it.
Now we are ready to use it. But we actually prefer LDAP for real use.
So, can I change my authentication system from open-id from LDAP? What will happen to current users then?
I want to clear test projects and changes. How can I do them?
Can I complete delete existing gerrit setup and initiate a fresh setup in same machine? (I tried extracting the jar in different folder, but I faced some problems in it)
I am using Ubuntu 12.04 as my server.
Please help.
Delete the database (you're not using the H2 database anymore, but some MySQL or PostgreSQL server, don't you?) plus the directory where Gerrit is running (the -d parameter, see docs). Additionally, remove the git repos, if you configured them to be located on a different path.
Then all your data is gone and you can start from scratch.
I am trying out Github for Windows and I am getting the following error when I try to publish a newly created repository.
Authentication failed
Your credentials may be out of date. Please log out of the application and then log back in before retrying the operation.
Needless to say I've logged out and back in multiple times without success. I've also uninstalled and installed the latest version to no avail.
The repository is a new one I created within the application and contains only the .gitattributes, .git and README files.
I am a complete newbie to Github so it's quite possible I've messed something up during the setup process.
I was able to solve this by:
Press Settings - Open in GitShell.
git status
git push (or pull)
introduce credentials (here is the most important step, somehow git client messed up or forgot your credentials).
After giving correct credentials you can exit from git shell and use git client again.
It turns out that the problem was Github for Windows was having a problem with the password it had stored. Github support's instructions were as follows:
Log out of Github for Windows.
Change my password on github.com
Log back into Github for Windows.
I was then able to publish my changes.
Did you setup your ssh keys?
https://help.github.com/articles/generating-ssh-keys#platform-windows
I have my Hudson CI server setup. I have a CVS repo that I can only checkout stuff via ssh. But I see no way to convince Hudson to check out via ssh. I tried all sorts of options when supplying my connection string.
Has anyone done this? I gotta think it has been done.
If I still remember CVS, I thought you have to set CVS_RSH environment variable to ssh. I suspect you need to set this so that your Tomcat process gets this value inherited.
You can check Hudson system information to see exactly what environment variables the JVM is seeing (and passes along to the build.)
I wrote up an article that tackles this you can find it here:
http://www.openscope.net/2011/01/03/configure-ssh-authorized-keys-for-cvs-access/
Essentially you want to set up passphraseless ssh keys for your build user. This will allow authentication to occur without the need to work out some kind of way to key in your password.
<edit> i.e. Essentially the standard .ssh key client & server install/exchange.
http://en.wikipedia.org/wiki/Secure_Shell#Key_management
for the jenkins user account:
install user key (public & private part) in ~/.ssh (generate it fresh or use existing user key)
on cvs server:
install user key (public part) in ~/.ssh
add to authorized_keys
back on jenkins user account:
access cvs from command-line as jenkins user and accept remote host key (to known_hosts)
* note any time remote server changes key/ip you will need to manually access cvs and accept key again *
</edit>
There's another way to do it but you have to manually log from the build machine to your cvs server and keep the ssh session open so hudson/jenkins can piggyback the connection. Seemed kinda pointless to me though since you want your CI server to be as hands off as possible.