Pulled latest jenkins image in docker. Followed the steps of jenkins io. Jenkins runs fine, I am able to create builds which checkout git repos.
What doesn't seem to work, is to create a pipeline for a PRIVATE github repo. The documentation states:
create access token in github [OK]
use it to authenticate [OK]
choose company/project [OK]
choose multibranch repo [OK]
create pipeline [fails]
The wizard complains about that there is no existing Jenkinsfile in my repo. That's incorrect. I do have a Jenkinsfile, which is correct (generated by blueocean too). So I guess the fact the blueocean complains about missing Jenkinsfile is related to not being able to find the project/branches in github. Something with credentials no longer working?
Also, when I follow the steps and try to manually create the pipeline:
Again, a strange error message, again I guess related to something which is broken in credential management, either in jenkins <-> github, or blueocean <-> github.
Last, when I open the build (=pipeline) from jenkins dashboard, I can click on Scan repository log which at least states the error clearly.
ERROR: [Mon Jul 11 12:43:07 UTC 2022] Could not update folder level actions from source blueocean
[Mon Jul 11 12:43:07 UTC 2022] Finished branch indexing. Indexing took 0.23 sec
FATAL: Invalid scan credentials when using anonymous access to connect to basprins/unode on https://api.github.com
Finished: FAILURE
Again, the Personal Access Token is good. I created one with ALL scopes enabled (max rights in my repo) just to be sure nothing is left unchecked. It is "good enough" to login and checkout the branch. It seems to fail with actually creating the pipeline. I have no clue what else can be wrong on my side.
I tried any combination of username/password (legacy email address username + legacy password, or my github username + personal access token, and all 4 possible combinations of the two username/password pairs). Nothing gives.
Is there anybody that can confirm (or deny?) that above is possible, or would be willing to reproduce it on your side? It's an no-brainer docker setup. All you need to create is some temporary PRIVATE github.
Looking forward to an actual answer!
I had the same error and it seems like the jenkins credentials for the personal access token are not getting created automatically. This is how you can check if your issue is the same as mine:
Open the configuration of the multibranch pipeline.
Go to branch sources and then check if there is a name in the dropdown for credentials.
If there is no name then it's the same issue.
The following is what I did to fix it:
Click on Add and create a credential with the following values:
Kind: Choose the option username and password.
username: Enter the github username.
password: Enter the api token you created.
Create the credential by clicking on add.
Choose the credential in the dropdown credentials and save the configuration.
Go to the overview page for the multibranch pipeline (in the old jenkins, not blueocean) and click on Scan repository now to run the scan again with working credentials.
The error should now be resolved.
Related
I'm following the steps listed here to try and link an existing local project to a new repo on GitHub.
I ran gh repo create but got an Authentication error, with a note to update my credentials in the .gitsomeconfig file. I ran gh configure and entered my GitHub username and my GitHub password (since I chose that option instead of using an authentication token). I entered them exactly the same as I type them in. Then I ran gh repo create again and still ran into the Authentication error. I output the content of .gitsomeconfig and verified that the user_login is correct (It doesn't display my password anywhere).
I've tried running gh configureat least 6 times now. I've copied and pasted from Lastpass to be extra sure I'm entering credentials correctly. I've tried both my username and my email address since I wasn't sure which gh configure actually wanted for username, but neither seem to work. I'm at a loss for what might be going wrong. Any thoughts or suggestions?
The right command is gh auth login, using your GitHub account name and your GitHub token (not password, your PAT: Personal Access Token, with scopes "admin:org, gist, repo, user, workflow")
Then you can check with gh auth status.
Once the status is clean (authenticated), you can proceed with other commands, like gh repo create.
I have my personal GitHub account which has been given access to Repos that exist as part of an organization. I'm trying to create a pull-request from within VSCode for these Repos, but I get the below error.
Is there a setting I'm just missing?
[Info] GitHubRepository> Creating pull requests failed: HttpError: Validation Failed: {"resource":"PullRequest","field":"head","code":"invalid"}
HttpError
Check first if you have a git config credential.helper set (to, for instance on windows, manager-core)
If you have, that means the wrong credentials (username/password) are cached in said credential helper. They are not the ones for your organization GitHub account.
See GitHub "Caching your GitHub credentials in Git" and update them.
I just created a new organization for my team on Azure DevOps. I wanted to activated the git access through username/password to begin with(for multiple reasons: We use Https, so no ssh certificate, and I've no idea how to use PAT with our current git client(sourcetree)).
Currently, when I go in my settings on "Alternate credentials", I get this:
But I've been into the organization page and I cannot find this settings? How can I enable it?
But I've been into the organization page and I cannot find this
settings? How can I enable it?
You can't enable that, the Alternate authentication credentials setting has been removed from Organization settings=>Policies for newly created organizations. Check the blog shared above in Michael's answer.
I've no idea how to use PAT with our current git client.
It's recommended to use PAT instead since you have no SSH certificate. Here're samples about how to use git+pat without pop-up window for credentials (Useful when you're running the commands in pipeline, since you can't enter credentials if there's pop-up window):
1.You can generate Git credentials to get temp username and password, and then use format:
git clone https://UserName:Password#dev.azure.com/OrgName/ProjectName/_git/RepoName
2.You can create a limited PAT(more secure then Full access) and use command:
git clone https://anything:{yourPAT}#dev.azure.com/OrgName/ProjectName/_git/RepoName
Same format when using git push...
Also you can clone the repo with git clone + URL from this button. Per my experience, it will prompt for credentials and save the credentials in local machine.
For Source Tree:
Url: https://OrganizationName.visualstudio.com
userName: The email address of your azure devops account
password: PAT
Enter correct URL format, click the refresh PAT button and enter the email as username, PAT as password. The authentication succeeds in my source tree for windows.
Looks like effective March 2, 2020 Alternate Credentials are no longer supported. Organizations created before then can use them for a short time to transition to PATs. New organizations do not have that option. Source
From Microsoft DevBlog:
Deprecation Timeline
Beginning December 9, 2019 we will disable and hide Alternate Credentials settings for organizations that don’t have Alternate Credentials set. This change will be in effect for all these organizations by December 20, 2019.
In the coming months we will work with our customers that are still using the feature, to help them switch to another, more secure authentication method.
March 2, 2020 – Start gradually disabling Alternate Credentials for all Azure DevOps organizations.
Legacy Organizations
If you have a legacy organization, the option would appear under Organization Settings, Policies (under the Security subheading). The toggle is called "Alternate authentication credentials"
I have followed the process described in Multiple GitHub Accounts & SSH Config (stefano's answer) and have set up SSH access to multiple repositories using deploy keys. I've tried that on repositories of a specific GitHub organization and it works fine - I can pull and push changes. I've also tried this on my user area and it still works great.
However, when trying this on repositories in another GitHub organization (e.g. when doing a git push) it fails with the following error
ERROR: Permission to XXXX/YYYY.git denied to deploy key
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
When checking SSH access through ssh -T I get
"Hi XXX/YYYY! You've successfully authenticated, but GitHub does not provide shell access."
which suggests that SSH should be working.
I have gone through the organization settings (main page for GitHub organization > Settings) and they have pretty much identical settings, except from what you would expect to be different e.g. contact email etc.
I was wondering if anyone has any ideas about what could be causing this. Are there any more organization settings somewhere by any chance?
ERROR: Permission to XXXX/YYYY.git denied to deploy key
This looks like you are trying to push using a deploy key. This key is used for deployment and therefore only to read-only access of your repository. Make sure you have the key which is enrolled in your github account, make sure it is used (IdentityFile in ~/.ssh/config) and get rid of the deploy key from the standard location which is picked by default (~/.ssh/id_{rsa,dsa,ecdsa,ed25519}). Note, that if there are more "valid" keys, only the firs succeeds.
I have a GitHub repository which I would like to have notify Jenkins of new commits via a post-receive hook. I've installed the GitHub plugin into Jenkins and have allowed for Jenkins to manage it's own hook URLs. The project has the correct git repository URL and is instructed to "Build when a change is pushed to GitHub". When I have GitHub send a test payload I find this in the nginx webserver that front's Jenkins:
207.97.227.233 - - [15/Sep/2011:07:36:51 +0000] "POST /github-webhook/ HTTP/1.1" 403 561 "-" "-"
I was running SSL so I disabled it to no effect. Do I need to provide special permissions to an anonymous user in the permissions matrix?
Please forgive the lack of configuration files: I'm happy to share those that might exist but I don't know what might be useful to share.
As I don't allow anonymous access, it turns out I needed to create a specific user for GitHub pushes and to grant it Overall read, Job create and Job read. It was also necessary to bundle the authentication into the webhook URL, like so:
https://foo:password#jenkins.example.com/github-webhook/
From Github's instructions ("Configuring global authentication", the first section),
1. Create a user in Jenkins which has, at a minimum, Job/Build permissions
2. Log in as that user (this is required even if you are a Jenkins admin user), then click on the user's name in the top right corner of the page
3. Click 'Configure,' then 'Show API Token...', and note/copy the User ID and API Token.
4. In GitLab, when you create webhooks to trigger Jenkins jobs, use this format for the URL and do not enter anything for 'Secret Token': http://USERID:APITOKEN#JENKINS_URL/project/YOUR_JOB
In my case I used http://USERID:APITOKEN#myIPaddress:808/ and no project/YOUR_JOB
As previously mentioned Jenkins does not allow anonymous access (you don't want people to trigger builds for you!). Adding a username and password in the clear is not the best solution.
1) If your Jenkins is behind a VPN, you need to make sure that your Jenkins webhooks URL are exposed
2) In the GitHub plugin configuration add the correct accessible Jenkins webhook URL(https://jenkins.example.com/github-webhook/) in Override Hook URL
3) Add a secret in the Shared secret section (preferably a long random string). This would be a token sent from Jenkins to GitHub and vice versa for authentication. This should be different from the GitHub Server Credentials!
4) Make sure the user has owner access to add webhooks to your GitHub repos
5) Don't forget to re-register the webhooks after this
https://username:password#jenkins.example.com/github-webhook/ worked for me but the password has to be encoded for the payload to work. My github was not able to contact jenkins due to nginx authorisation but passing username and encoded password worked!