I'm trying to follow GitHub tf automation where I'm trying to capture {{ steps.plan.outputs.stdout }}.
However, I'm getting empty results.
Is there anyway I can capture the results from GitHub?
Related
I wanted to create a Github workflow that push feed to Azure Artifacts. I carefully followed the article here and the tutorial here. However, I keep getting this error
error: Unable to load the service index for source https://pkgs.dev.azure.com/<org>/<proj>/_packaging/<proj>/nuget/v3/index.json. error: Response status code does not indicate success: 401 (Unauthorized).
I created a PAT for all accessible organizations, granted it full access and added it in my Github Action secrets just as the docs says but the error persists. Does anyone have idea what could be wrong here?
So the workflow is actually using another action actions/setup-dotnet#v1to build and publish the package. Turned out this action does not properly pass the personal access token as api key in the nuget push command. I created an issue here which was not resolved as at now. However, I was able to resolve the issue by directly adding --api-key ${{ secrets.GITHUB_TOKEN }} to dotnet nuget push command. My resulting command looks like:
- name: 'dotnet publish'
run: dotnet nuget push bin/Release/*.nupkg --api-key ${{ secrets.GITHUB_TOKEN }}
This works for both Azure Artifacts and Github Registry.
Have your check the corresponding project and org build service account with <ProjName> Build Service (<OrgName>) and Project Collection Build Service (<OrgName>) have the enough role access permission in your target feed?
I am adding a Github actions workflow to execute terraform commands as part of the pipeline.
The terraform code refers refer to terraform modules from another repo as follows.
module <moduleName> {
source = "git::git#github.com:<orgName>/<moduleRepo>.git//<modulePath>?ref=<moduleTag>"
...
}
This will lead to fetching the code from given tag during terraform init command execution.
To ensure that https url is used instead of SSH git url. I am overriding the git config url as follows.
git config --global url."https://oauth2:$GITHUB_TOKEN#github.com/<orgName>/<moduleRepo>.git".insteadOf "ssh://git#github.com/<orgName>/<moduleRepo>.git"
But GITHUB_TOKEN does not allow git clone and this fails with the following error:
remote: Invalid username or password.
fatal: Authentication failed for
'https://github.com/<repoName>/<moduleRepo>.git/'
I also tried adding permission to the workflow for repositories as follows:
permissions:
repository-projects: read
The repo setting for action is set to : Allow all actions and reusable workflows
If I change the GITHUB_TOKEN with my PAT with repo permissions, then the workflow works without any issues.
Please let me know how to configure GITHUT_TOKEN with required permissions. I want to make it work with GITHUB_TOKEN rather than PAT.
Eventually I was able to figure out the issue. The GITHUB_TOKEN is made available to the Github Action workflow as a secret and not as an environment variable.
The issue was I was treating it as an environment variable and using it as such, which lead to the error.
I changed the workflow as follows to use it as a secret.
jobs:
<jobName>:
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I updated the git config as follows to use the token properly:
git config --global url."https://oauth2:$GH_TOKEN#github.com/<orgName>/<moduleRepo>.git".insteadOf "ssh://git#github.com/<orgName>/<moduleRepo>.git"
The workflow now seems to work properly.
The usage is documented here: https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api#authentication-example-for-github-actions
Adding my answer here to help others facing similar issue.
I'm on the CI part of the course
I'll start by saying all works well, and I could follow the process with ease. However, there something that works, and I cannot figure out how. Lets take this part of the main.yml file:
- name: Log in to GitHub Packages
run: echo ${GITHUB_TOKEN} | docker login -u ${GITHUB_ACTOR} --password-stdin docker.pkg.github.com
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I have these params like GITHUB_ACTOR and GITHUB_TOKEN, that I didn't define as any part of my code, or write into a panel inside github. Are they automaticly filled in by github? If I change my token, will this code still work?
Thanks in advance
This is documented in "Automatic token authentication"
At the start of each workflow run, GitHub automatically creates a unique GITHUB_TOKEN secret to use in your workflow.
You can use the GITHUB_TOKEN to authenticate in a workflow run.
When you enable GitHub Actions, GitHub installs a GitHub App on your repository.
The GITHUB_TOKEN secret is a GitHub App installation access token. You can use the installation access token to authenticate on behalf of the GitHub App installed on your repository. The token's permissions are limited to the repository that contains your workflow
You have Default environment variables, including:
GITHUB_ACTOR: The name of the person or app that initiated the workflow.
For example, octocat.
I have a simple Node JS application built in the build directory using yarn and trying to deploy on GitHub Pages using GitHub Actions using crazy-max/ghaction-github-pages#v2 actinon in the simplest form:
- name: Deploy
uses: crazy-max/ghaction-github-pages#v2
with:
target_branch: master
build_dir: build
env:
$GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
(Note I deploy to master because the repository name is equal to the <<username>>.github.io)
To my surprise, it fails on the following error:
Error: You have to provide a GITHUB_TOKEN or GH_PAT
The whole message is not helpful as long as I know the GITHUB_TOKEN is automatically generated with each build.
The repository has the following settings under Action:
Actions permissions: Allow all actions
Fork pull request workflows from outside collaborators: Require approval for first-time contributors
Workflow permissions: Read and write permissions
The whole token and permissions management in GitHub is overkill for simple projects and the documentation lacks sample settings and the reader only goes down the rabbit hole.
How to get this run?
Based on the documentation I'm reading, it looks like you need to remove the leading $ from your environment variable name you are setting
Like this:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Documenation:
https://github.com/crazy-max/ghaction-github-pages
I would put my questions through following points, hope it's make clear now:
The application source code is in application_code repo.
The pipeline code(YAMLs) are in pipeline_code repo. Because I'd like to version it and don't like to keep in application_code repo. Just to avoid giving control to Dev team to manage it.
Problem statement:
The pipeline YAML won't be triggered unless it's in the source code repository based on the events pr, commit etc.
Can we trigger or execute YAML file which is in pipeline_repo whenever there's event triggered in application_code repo?
I've tried achieving above using Classic pipeline and YAML template but this don't work together. As I can execute a YAML template from a YAML pipeline only not from a classic pipeline like below:
#azure-pipeline.yaml
jobs:
- job: NewJob
- template: job-template-bd1.yaml
Any ideas or better solution than above?
The feature Multi-repository support for YAML pipelines will be available soon for azure devops service. This feature will support for triggering pipelines based on changes made in one of multiple repositories. Please check Azure DevOps Feature Timeline or here. This feature is expected to be rolled out in 2020 Q1 for azure devops service.
Currently you can follow below workaround to achieve above using Build Completion(the pipeline will be triggered on the completion of another build).
1, Setup the triggering pipeline
Create an empty classic pipeline for application_code repo as the triggering pipeline, which will always succeed and do nothing.
And check Enable continuous integration under Triggers tab and setup Bracnh filters
2, setup the triggered pipeline
In the pipeline_code repo using Checkout to Check out multiple repositories in your pipeline. You can specifically checkout the source code of application_code repo to build. Please refer below example:
steps:
- checkout: git://MyProject/application_code_repo#refs/heads/master # Azure Repos Git repository in the same organization
- task: TaskName
...
Then in the yaml pipeline edit page, click the 3dots on the top right corner and click Triggers. Then click +Add beside Build Completion and select above triggering pipeline created in step 1 as the triggering build.
After finishing above two steps, when changes made to application_code repo, the triggering pipeline will be executed and completed with success. Then the triggered pipeline will be triggered to run the real build job.
Update:
Show Azure DevOps Build Pipeline Status in Bitbucket.
you can add a python script task at the end of the yaml pipeline to update the Bitbucket build status. You need to set a condtion: always() to always run this task even if other tasks are failed.
You can get the build status with env variable Agent.JobStatus. For below example:
For more information, please refer to document Integrate your build system with Bitbucket Cloud, and also this thread.
- task: PythonScript#0
condition: always()
inputs:
scriptSource: inline
script: |
import os
import requests
# Use environment variables that your CI server provides to the key, name,
# and url parameters, as well as commit hash. (The values below are used by
# Jenkins.)
data = {
'key': os.getenv('BUILD_ID'),
'state': os.getenv('Agent.JobStatus'),
'name': os.getenv('JOB_NAME'),
'url': os.getenv('BUILD_URL'),
'description': 'The build passed.'
}
# Construct the URL with the API endpoint where the commit status should be
# posted (provide the appropriate owner and slug for your repo).
api_url = ('https://api.bitbucket.org/2.0/repositories/'
'%(owner)s/%(repo_slug)s/commit/%(revision)s/statuses/build'
% {'owner': 'emmap1',
'repo_slug': 'MyRepo',
'revision': os.getenv('GIT_COMMIT')})
# Post the status to Bitbucket. (Include valid credentials here for basic auth.
# You could also use team name and API key.)
requests.post(api_url, auth=('auth_user', 'auth_password'), json=data)