Difference between Xcode and git for resolving swift packages - swift

So the background is this: I have an Xcode project that depends on a swift package that's in a private repository on github. Of course, this requires a key to access. So far, I've managed to configure CI such that I can ssh into the instance and git clone the required repository for the swift package. Unfortunately when running it with xcbuild as CI does, it doesn't work and I get this message:
static:ios distiller$ xcodebuild -showBuildSettings -workspace ./Project.xcworkspace \
-scheme App\ Prod
Resolve Package Graph
Fetching git#github.com:company-uk/ProjectDependency.git
xcodebuild: error: Could not resolve package dependencies:
Authentication failed because the credentials were rejected
In contrast, git clone will happily fetch this repo as seen here:
static:ios distiller$ git clone git#github.com:company-uk/ProjectDependency.git
Cloning into 'ProjectDependency'...
Warning: Permanently added the RSA host key for IP address '11.22.33.44' to the list of known hosts.
remote: Enumerating objects: 263, done.
remote: Counting objects: 100% (263/263), done.
remote: Compressing objects: 100% (171/171), done.
remote: Total 1335 (delta 165), reused 174 (delta 86), pack-reused 1072
Receiving objects: 100% (1335/1335), 1.11 MiB | 5.67 MiB/s, done.
Resolving deltas: 100% (681/681), done.
For a bit more context, this is running on CircleCI, set up with a Deploy key on GitHub, which has been added to the Job on CI.
Any suggestions about what might be different between the way Xcode tries to fetch dependencies and the way vanilla git does it would be great. Thanks.

For CI pipelines where you cannot sign into GitHub or other repository hosts this is the solution I found that bypasses the restrictions/bugs of Xcode around private Swift packages.
Use https urls for the private dependencies because the ssh config is currently ignored by xcodebuild even though the documentation says otherwise.
Once you can build locally with https go to your repository host and create a personal access token (PAT). For GitHub instructions are found here.
With your CI system add this PAT as a secret environment variable. In the script below it is referred to as GITHUB_PAT.
Then in your CI pipeline before you run xcodebuild make sure you run an appropriately modified version of this bash script:
for FILE in $(grep -Ril "https://github.com/[org_name]" .); do
sed -i '' "s/https:\/\/github.com\/[org_name]/https:\/\/${GITHUB_PAT}#github.com\/[org_name]/g" ${FILE}
done
This script will find all https references and inject the PAT into it so it can be used without a password.
Don't forget:
Replace [org_name] with your organization name.
Replace ${GITHUB_PAT} with the name of your CI Secret if you named it differently.
Configure the grep command to ignore any paths you don't want modified by the script.

This seems to be a bug in Xcode 11 with SSH. Switching to HTTPS for resolving Swift Packages fixes the issue:
So from this:
E29801192303068A00018344 /* XCRemoteSwiftPackageReference "ProjectDependency" */ = {
isa = XCRemoteSwiftPackageReference;
repositoryURL = "git#github.com:company-uk/ProjectDependency.git";
requirement = {
branch = "debug";
kind = branch;
};
};
to:
E29801192303068A00018344 /* XCRemoteSwiftPackageReference "ProjectDependency" */ = {
isa = XCRemoteSwiftPackageReference;
repositoryURL = "https://github.com/company-uk/ProjectDependency.git";
requirement = {
branch = "debug";
kind = branch;
};
};
Also, now that Xcode 12 is out, you can use that, where it's fixed.

In order to get private swift packages working with GitHub actions I had to add the following:
I had to add an SSH key to my secrets
On the xcodebuild step, I had to add the flag: -usePackageSupportBuiltinSCM
right before executing the xcodebuild step, I had to add the following run script:
- name: Add CI SSH Key
run: ssh-add - <<< "${{ secrets.YOUR_SECRET_SSH_KEY }}"

You can resolve this issue in a CI environment with Xcode 12 by adding your GitHub account to Accounts within Xcode.
Sign in with your GitHub account name and a personal access token you created on Github.
We are using Jenkins with Fastlane tools and when xcodebuild is invoked, it will use the access token to authenticate into the repos using HTTPS.

I had the same issue, the root cause for me is: the default github ssh key type is ed25519 ssh-keygen -t ed25519 -C "your_email#example.com".
But XCode doesn't support ed25519. Changed to RSA key works: ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
You can see the error under XCode Preference > Accounts > Github

I was able to build with a package from a private repo in GitHub actions with HTTPS URLs by creating a .netrc file using the extractions/netrc#v1 action.
Build:
runs-on: macos-12
steps:
- uses: actions/checkout#v3
- uses: extractions/netrc#v1
with:
machine: github.com
username: user
password: ${{ secrets.SWIFT_PACKAGE_MANAGER_PAT }}
- uses: extractions/netrc#v1
with:
machine: api.github.com
username: user
password: ${{ secrets.SWIFT_PACKAGE_MANAGER_PAT }}
After this, xcodebuild will use the PAT when accessing the private repo.
I tried to use GITHUB_TOKEN, but it seems that it is restricted to the current repo only. So I created a PAT for my GitHub account and added that to the repo secrets.

Related

Gitlab CI pipeline failing: a tag issue

My gitlab CI pipeline is setup to run maven tests from a docker image created from my maven project.
I have tested the pipeline on my master branch and it worked fine and ran the test.
However I have created a new feature branch and now running the pipeline yet again, however I now get this error
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: getting tag for destination: repository can only contain the runes `abcdefghijklmnopqrstuvwxyz0123456789_-./`: it2901/cs344-maven:feature/produce-allocation-pdf
ERROR: Job failed: command terminated with exit code 1
I can't seem to pinpoint the problem at all. I have also pushed the tag: tut3 to the feature branch as well.
Here is my .gitlab-ci.yml: https://controlc.com/7a94a00f
Based on what you shared, you have this configured:
VERSIONLABELMETHOD: "tut3" # options: "","LastVersionTagInGit"
It should be either:
VERSIONLABELMETHOD: ""
or
VERSIONLABELMETHOD: "LastVersionTagInGit"
or
VERSIONLABELMETHOD: "OnlyIfThisCommitHasVersion"
When you specify "tut3", the script takes it as if it was "" (empty string). Assuming you didn't define $VERSIONLABEL anywhere $ADDITIONALTAGLIST will also be empty.
And later in the code you can see that this gets executed:
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then ADDITIONALTAGLIST="$ADDITIONALTAGLIST latest"; fi
Assuming $CI_DEFAULT_BRANCH is set to master if you use a separate branch mybranch the code above won't get executed so it's likely that the Kaniko command line doesn't have any a neither a valid $FORMATTEDTAGLIST or $IMAGE_LABELS.
You can debug by seeing their output on the script which is happening at the end before calling Kaniko:
...
echo $FORMATTEDTAGLIST
echo $IMAGE_LABELS
mkdir -p /kaniko/.docker
...
A hack would be to override $CI_DEFAULT_BRANCH with your custom branch.
✌️

How to contribute to homebrew-cask using GitHub?

The quotation below is the instruction to contribute to brew-cask. However, I could not understand the sentence: github_user='<my-github-username>', I do not know whether should I input <>, and what is the github_user?
There is one email address, two names for one single GitHub account. What is more, when I input the last sentence: cask-repair --pull origin --push $github_user $outdated_cask. There is 2 errors: the requested upstream branch 'Andy1984' does not exist, and
Error creating pull request: Unprocessable Entity (HTTP 422)
Invalid value for "head"
and the result is There was an error submitting the pull request. Have you forked the repo and made sure the pull and push remotes exist? I am quite sure I followed the instructions. What is wrong?
# install and setup script - only needed once
brew install vitorgalvao/tiny-scripts/cask-repair
cask-repair --help
# fork homebrew-cask to your account - only needed once
cd "$(brew --repository)/Library/Taps/caskroom/homebrew-cask/Casks"
hub fork
# use to update <outdated_cask>
outdated_cask='<the-cask-i-want-to-update>'
github_user='<my-github-username>'
cd "$(brew --repository)/Library/Taps/caskroom/homebrew-cask/Casks"
cask-repair --pull origin --push $github_user $outdated_cask
According to the documentation you can also use a script to push new version of an existing cask.
Check: https://github.com/caskroom/homebrew-cask/blob/master/CONTRIBUTING.md#updating-a-cask
# install and setup script - only needed once
brew install vitorgalvao/tiny-scripts/cask-repair
cask-repair --help
# use to update <outdated_cask>
cask-repair <outdated_cask>

svn2git error PROPFIND request failed

I have Ruby, RubyGems, and svn2git installed under 32 bit windows 7.
svn2git https://code.google.com/p/skyrim-plugin-decoding-project/ --rootistrunk --revision 1:1693 --authors ~/authors.txt --verbose
The above line returns the following error:
Running command: git svn init --prefix=svn/ --no-metadata --trunk=https://code.g
oogle.com/p/skyrim-plugin-decoding-project/
Initialized empty Git repository in e:/tes5edit/.git/
RA layer request failed: PROPFIND request failed on '/p/skyrim-plugin-decoding-p
roject': PROPFIND of '/p/skyrim-plugin-decoding-project': 405 Method Not Allowed
(https://code.google.com) at /usr/lib/perl5/site_perl/Git/SVN.pm line 310
command failed:
git svn init --prefix=svn/ --no-metadata --trunk=https://code.google.com/p/skyri
m-plugin-decoding-project/
I read something about svnadmin so I tried the following
svnadmin: E205000: Repository argument required
I don't know what the argument would be.
I have never used GitBash or any of these programs. I have no idea what the proper commands would be to resolve the issue. I am also new to Git and have very little experience with it.
git svn clone http://my-project.googlecode.com/svn/ \
--authors-file=users.txt --no-metadata -s my_project
The standard commands also give errors
E:\TES5Edit_Git> git svn init https://code.google.com/p/skyrim-plugin-decoding-p
roject/
Initialized empty Git repository in E:/TES5Edit_Git/.git/
E:\TES5Edit_Git [master]> git config svn.authorsfile ./authors.txt
E:\TES5Edit_Git [master +1 ~0 -0 !]> git svn fetch
RA layer request failed: PROPFIND request failed on '/p/skyrim-plugin-decoding-p
roject': PROPFIND of '/p/skyrim-plugin-decoding-project': 405 Method Not Allowed
(https://code.google.com) at /usr/lib/perl5/site_perl/Git/SVN.pm line 148
E:\TES5Edit_Git [master +1 ~0 -0 !]>
As long as it makes a repo I can push I don't care how I do it. However, I did not start with a standard setup in the beginning and no idea what I was doing. So I want the clone to start at commit 1 and consider root as master, and all commits that make any kind of folder, rename folders, move folders, delete folders, all of everything created as branches.
After asking some friends I realized I had been using the wrong URL.
svn2git http://skyrim-plugin-decoding-project.googlecode.com/svn/ --rootistrunk --revision 1:1693 --authors ~/authors.txt --verbose
That would have been the correct init statment

Chef running git clone results in host key verification error

I am using Chef, invoked by Capistrano.
There is a directive to clone a repository using git.
git node['rails']['rails_root'] do
repository "git#myrepo.com:/myproj.git"
reference "master"
action :sync
user node['rails']['rails_user']
group node['rails']['rails_group']
end
When it gets to this point, I get:
** [out :: 10.1.1.1] STDERR: Host key verification failed.
So, I need to add a "known_hosts" entry. No problem. But to which user? The core of my problem is that I have no idea which user is executing what commands, and if they are invoking sudo, etc.
I've run keyscan to populate the known_hosts of root, and the user I ssh in as, to no avail.
Note, this git repo is read-protected, and requires ssh key access.
Another way to solve https://github.com/opscode-cookbooks/ssh_known_hosts
this worked for me
You can use an ssh wrapper approach. Look here for details.
Briefly do the following steps
First, create a file in the cookbooks/COOKBOOK_NAME/files/default directory that is named wrap-ssh4git.sh and which contains the following:
#!/usr/bin/env bash
/usr/bin/env ssh -o "StrictHostKeyChecking=no" $1 $2
Then, use the following block for your deployment:
directory "/tmp/private_code/.ssh" do
owner "ubuntu"
recursive true
end
cookbook_file "/tmp/private_code/wrap-ssh4git.sh" do
source "wrap-ssh4git.sh"
owner "ubuntu"
mode 00700
end
deploy "private_repo" do
repo "git#github.com:acctname/private-repo.git"
user "ubuntu"
deploy_to "/tmp/private_code"
action :deploy
ssh_wrapper "/tmp/private_code/wrap-ssh4git.sh"
end
The git repository will be cloned as user node['rails']['rails_user'] (via https://docs.chef.io/resource_git.html) - I assume that users known_hosts file is the one you have to modify.
I have resolved this issue as below
_home_dir = nil
node['etc']['passwd'].each do |user, data|
if user.eql? node['jenkins']['username']
_home_dir = data['dir']
end
end
key_config ="Host *\n\tStrictHostKeyChecking no\n"
file "#{_home_dir}/.ssh/config" do
owner node['jenkins']['username']
group node['jenkins']['username']
mode "0600"
content key_config
end

How to setup/debug github WebHook?

I have this local repo, I make changes and run:
git add .
git commit -m "message"
git push -u origin master
My github has two WebHooks set-up, one going to a http://requestb.in URL and another one going to a PHP executable script (755), in the same folder (accessible from outside).
The PHP script:
<?php echo `git pull origin master`;
// echo "works";
// echo `whoami` ?>
The commented test lines are working so this is my proof that the script path is OK and also the syntax.
However, after I push changes from local to github repo, I check files on the server but nothing happens, is obvious echo git pull origin master from my PHP script does nothing.
If I run this in a shell logged as a root (git pull origin master), the files are getting updated with the latest version from the repo.
Also, the second hook I have set-up, the one from requestb.in works as I can see the requests from github.
My folder on the server has the right permission, is accessible form the outside, I am desperate and I don't know how to get this working.
What is wrong, how can I make this working? How do I set-up the WebHook in the admin panel in github, or is it the PHP script, is there a permissions issue, what's wrong?! :O
Thank you.
Update after my 3 comments:
After dealing with it for couple more hours, I can clearly see that the WebHook doesn't really fire up the php file. If I run in shell logged as a root "php test.php" I get:
root#echo [/home/moove/public_html/dev/wert]# php hooh.php
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (1/1), done.
remote: Total 3 (delta 1), reused 3 (delta 1)
Unpacking objects: 100% (3/3), done.
From github.com:chrisdemetriad/wert
* branch master -> FETCH_HEAD
Updating 0c67b85..89e4fdf
Fast-forward
XXX.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
root#echo [/home/moove/public_html/dev/wert]#
Which is what I need and the files on the server get updated. But if I don't do it manually, the files do not get updated and this must be because of the php script. My latest version that works:
<?php echo `git pull origin master`;