Heroku/Github set up connection issue? - github

I am doing an exercise where I've a forked repository, and started a heroku account, did "create a new app" and "deploy with github" but when I go to connect to github, a red error message pops up saying "Error: remote could not connect or was closed."
I have had no problems connecting github to other services, and I've found other people with connection issues, but more along the lines of "why isn't my app working" and mine is" why can't i link the two so I can continue with this exercise?"
Any help is greatly appreciated.
I've followed the instructions after setting up a heroku account, having an app repository fork on github, confirming my email, "create a new app" option on heroku, and on the ensuing "deploy" tab, clicked on the "connect github" option. I expected it to work.

Yes this is a known issue and caused by some data breach related to Github Authorization. Security measures have taken place and Github authorization has been disabled until further notice. Please see
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
And based on this ongoing incident,
As reported yesterday, revocation of all OAuth tokens from the Heroku
Dashboard GitHub integration is complete. Until further notice, we
will not issue OAuth tokens from the Heroku Dashboard. These actions,
based on our current understanding of the issue, should prevent
unauthorized access to your GitHub repositories.
We will continue to work with GitHub to provide additional guidance on
how to review your GitHub logs for evidence of exfiltration or
malicious activity. Please reach out to security#salesforce.com with
any information that may assist us with our ongoing investigation.
Please continue to visit status.heroku.com for the latest updates.
If you still want to deploy, you can switch from GitHub to Git quite easily, please read this: https://help.heroku.com/CKVOUPSY/how-to-switch-deployment-method-from-github-to-heroku-git-with-all-the-changes-app-code-available-in-a-github-repo

Related

Can I trust Git Credential Manager by GitCredentialManager?

I've used Github desktop for a couple of years. Today it will suddenly would not log in to my account, although I have not changed password lately. When I click login with browser I'm taken to a page that says "Git Credential Manager by GitCredentialManager wants to access your account" and that I should authorize full read and write access.
Googling this has not given me any clues to why this would suddenly happen. Do I have to start using this service to login to Github desktop or could this be a phishing attempt?
I was in the same boat. After Googling a bit, I found this post on the GitHub blog:
https://github.blog/2022-04-07-git-credential-manager-authentication-for-everyone/
Seems this is an official replacement for handling credentials in GitHub and Git Desktop.

Deprecated password authentication with github warning

Hello community can you please help me out, not very knowledgeable in this area
I got an email from git saying that personal password is no longer gonna be supported and that team city was using it so I went into GitHub and generated a token and added to the VCS in the, after our next deploy I got an email from GitHub saying, you are still using the password dummy, so I asked our server guy to update TeamCity as we were several versions behind, so he did and we ran a deploy again today. I pay a visit to the VCS again and saw my Authentication method was set to Password/Token. I got no email from GIT this time saying I was dummy and "Developer Settings/Personal access tokens" mention TeamCity has used it but TeamCity keeps saying this ▼▼▼▼ any ideas ?? Thanks.
git) https://github.com//xxxxxxxxxx is using deprecated password authentication with github.com and will soon stop working
Please consider switching to either personal access token or to SSH private key authentication.
Edit VCS root
Solution as mentioned in the error.
It is also mentioned on TeamCity documentation
You may either use SSH priv/pub keys as authentication or "Personal Access Token".
I can tell by git) https://github.com//xxxxxxxxxx that you are currently using HTTPS instead of SSH to source your VCS, so the most similar solution is GitHub Private Access Token (linked: how-to)
Go to Setting > Developer Settings > Personal Access Token and click "Generate New".
If this is a private GitHub repo, you will need to tick the "repo" scope.
On your TeamCity VCS change the password to be the Personal Access Token you generated.
Tip: since you can not view the PAT after generating nor after using on the VCS, it is recommend to set the PAT as a root configuration variable, so you can call it on this VCS, build features, or other future use.

Why is the Build trigger complaining about Webhooks missing

It is time we enabled the Continuous Integration of the build pipeline, so when I went to do just that, i am seeing something strange...
The trigger appears to be enabled? yet theres a message suggesting webhooks are missing to the repo and need to be restored. When i click restore, it fails!
The remote repository’s webhooks are missing or incorrect.
An error occurred while restoring the trigger’s webhook: Could not recreate the subscription. An error was encountered while creating the existing subscription: Unable to configure a service on the selected Bitbucket repository. Bitbucket returned the error 'Your credentials lack one or more required privilege scopes.'.
I asked the admin of the repo to try restoring it because i thought maybe this is a permissions issue, and even he got the error...
This is what the repository settings page shows for both myself and the repo developer/admin...
Do we have to add a webhook manually on bitbucket?
After debugging the issue further with the developer, it appears the app password we created in bitbucket may not have had the "Webhooks" option enabled.
Unfortunately, we cannot edit app passwords in Bitbucket, which is a bad constraint but whatever.
We ended up just creating a new app password, and enabled Webhooks permissions this time, then i updated the service connection with this new app password, and wala, it worked!

Should GitHub Pages https:<moniker>.github.io/<repo> point to Read-the-docs build?

I have a GitHub repo of docs linked to my RTD account. The GitHub/RTD connection appears to be set up correctly with a functional webhook (green checks at both ends). Commits to the repo trigger a successful build on RTD as expected. RTD is an Authorized OAuth App and my RTD account is connected to my GitHub account.
Under Settings -> GitHub pages, I have tried both master branch and master branch/docs. I would expect https://moniker.github.io/repo-name/ to go to the connected RTD docs. But it just shows the repo-name/README.md file, not the repo-name.rtfd.io docs. Am I misunderstanding the linkage or the use of GitHub Pages? Or am I completely missing something? Thanks for any insight.
I put in a help desk question to GitHub and their response was:
GitHub Pages provides its own web hosting and will not integrate with external services. If you're publishing your site elsewhere GitHub Pages will not link to it.
So the answer is "no", adding the webhook only triggers a new build on commits and I do explicitly need a docs/index.html (or .md) that redirects to the RTD documentation.

GitHub Organization Repo + Jenkins (GitHub Plugin) integration

I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.