I added a Sonarqube task into my azure build pipeline, in order to login to my sonarqube server I need to run a command, which uses trunst store ssl.
my pipeline looks just like this:
- task: SonarSource.sonarqube.15B84CA1-B62F-4A2A-A403-89B77A063157.SonarQubePrepare#4
displayName: 'Prepare analysis on SonarQube'
inputs:
SonarQube: abc-sonarqube
scannerMode: CLI
configMode: manual
cliProjectKey: 'abc'
cliProjectName: 'abc'
cliSources: src
extraProperties: |
sonar.host.url=https://sonarqube.build.abcdef.com
sonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=mvn/sonar.truststore -Djavax.net.ssl.trustStorePassword=changeit
I am not sure, if this command "sonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=mvn/sonar.truststore -Djavax.net.ssl.trustStorePassword=changeit" correct is.
I got the error "API GET '/api/server/version' failed, error was: {"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"}
"
PS: my project is angular project.
any solutions?
Azure Pipepline with task Sonarqube https
This issue should be related in how the configure task works. So, even if we add the certificate to the java trustore, the task that sets the configuration uses a different runtime (not java at least) to communicate with the server, that’s why you still get that certificate error.
To resolve this issue, you could try to:
set a global variable, NODE_EXTRA_CA_CERTS, and set it to a copy of
the root cert we had stored locally in a directory. See this article.
Check the related ticket for some more details.
Hope this helps.
Related
Hello I’m having a problem when I try to deploy my Synapse workspace to another environment (eg. Development to Test).
The problem is that the SQL linked services doesn’t seems to deploy properly. The first screenshot is from the development synapse and the second screenshot form test. As you can see the settings of the linked service are completely different.
Development
Test enviroment
I’m using the standard synapse deployment task in my DevOps pipeline
- task: Synapse workspace deployment#1
displayName: 'Synpase deployment task for workspace: syn$(name)$(environment)'
inputs:
TemplateFile: '$(System.DefaultWorkingDirectory)/$(cicd_synapse_workspace_origin)/TemplateForWorkspace.json'
ParametersFile: '$(System.DefaultWorkingDirectory)/$(cicd_synapse_workspace_origin)/TemplateParametersForWorkspace.json'
AzureSubscription: '${{ parameters.sercon }}'
ResourceGroupName: 'rg-$(name)-$(environment)'
TargetWorkspaceName: syn$(name)$(environment)
OverrideArmParameters: '
-ls_sq_mark_connectionString $(Connectionstring)
Whereby I overwrite the linked service with a variable form the DevOps library (it contains the following code “("Integrated Security=False;Encrypt=True;Connection Timeout=30;Data Source=databaseserver;Initial Catalog=database")”
The thing I noticed when I looked into the JSON file (TemplateForWorkspace.json) that the linked service is defined as follow:
"ls_sq_mark_connectionString": {
"type": "secureString",
"metadata": "Secure string for 'connectionString' of 'ls_sq_mark'"
},
Maybe the problem is, is that it's suddenly a securestring? But i have no idea how to fixed this issue.
I have a simple yaml pipeline file as follows:
stages:
- stage: build_xm2simu
displayName: This is the build stage of the XM Simu project
# dependsOn: string | [ string ]
# condition: string
jobs:
- job: linux_dotnet_build
pool:
name: my-desktop
# demands:
# - netcore -equals 3.1
steps:
- powershell: dotnet restore source\backend\XM2Simu\XM2Simu.csproj
and I also have configured three different agents:
my-desktop / windows host agent → capabilities: {plenty but netcore}
my-desktop / linux docker agent with dotnet → capabilities: netcore 3.1, PowerShell 6.x, {some more}
my-desktop / linux docker agent with azure cli
In case I remove the explicit demand with netcore then it runs on my windows host agent and fails as expected since there is no source\backend\XM2Simu\XM2Simu.csproj file currently there.
In case the netcore demand is added, it doesn't finds any agent suitable, and I only get the following message:
Waiting for an available agent. All eligible agents are disabled or offline
I also get the above message in case the netcore demand is removed but the windows host agent is offline.
Question: How to find out Azure DevOps Services pipeline demand / capability requirements to select some specific agent? (implicit and explicit demands)
Note: I'm currently investigating this issue and maybe related to this post.
How to find out Azure DevOps Services pipeline demand / capability requirements to select some specific agent? (implicit and explicit demands)
What you did should be correct.
According to your troubleshooting steps and the error messages you get:
Waiting for an available agent. All eligible agents are disabled or offline
Besides, I also test your yaml file with my private agent, it works fine.
It seems the error comes from the agent linux docker agent with dotne itself, it should not a eligible agents.
So, first, we could check if that agent keep Online. If yes, we could try to update the agent.
Second, if above not help, please download the latest agent from VSTS web page, and config again.
Hope this helps.
I'm unable to run the Docker Compose task on Azure DevOps and every solution I've looked up online, either makes no sense, or does not work for my scenario.
The job output for the failure is:
This is a very simple process, artifacts are copied to a folder during build, and the docker-compose.yml and .dockerfile is added to this directory, which then needs to be run.
One article explained that if you add your docker-compose.yml to the same folder as the files the image will be hosting and the .dockerfile, that it might cause the daemon to fall over and generate this generic error, so I've added a .dockerignore file, but this issues persists.
I'm using a Hosted Agent - Ubuntu-18.04.
My task looks like this:
steps:
- task: DockerCompose#0
displayName: 'Run a Docker Compose command'
inputs:
azureSubscription: 'Test Dev Ops'
azureContainerRegistry: '{"loginServer":"testdevops.azurecr.io", "id" : "/subscriptions/{subscription_key}/resourceGroups/Test.Devops/providers/Microsoft.ContainerRegistry/registries/testdevops"}'
dockerComposeFile: '$(System.DefaultWorkingDirectory)/$(Release.PrimaryArtifactSourceAlias)/test.ng.$(Build.BuildNumber)/dist/testweb/docker-compose-build.yml'
dockerComposeCommand: build
arguments: '--build-arg azure_pat=$(System.AccessToken) --build-arg azure_username=Azure'
The idea here is that this container is composed and delivered straight to Azure's Container Registry.
I have ensured that the user that's running this process, as been granted permissions in that ACR, as well as added the user to the Administrative group in Azure DevOps.
A lot of responses talks about adding the user to the Docker group, but this is a Hosted Agent, not a private agent, so there is no such option.
I have even tried installing Docker CLI before this task, but nothings working.
Am I being daft to think that I can compose in Azure DevOps?
Edit
The contents of my artifacts folder looks something like this:
This error message is extremely misleading. If anyone from Microsoft is looking at this question, please consider making the error more specific, if possible.
It turned out, I missed a semi-colon in a build task that replaced tokens before the build artifacts was pushed from the build output, and because of that, the yaml file had a #{..} token inside of it, which caused the docker-compose to fail.
It had nothing to do with permissions, nor a .dockerignore file, very misleading.
I try to copy ARM templates to storage but failing.
What could wrong with YML?
ERROR:
& "AzCopy\AzCopy.exe" logout
INFO: Logout succeeded.
INFO: AzCopy.exe: A newer version 10.4.3 is available to download
Disconnect-AzAccount -Scope Process -ErrorAction Stop
Clear-AzContext -Scope Process -ErrorAction Stop
##[error]Upload to container: 'arm' in storage account: 'devopsstorageken' with blob prefix: 'test'
failed with error: 'AzCopy.exe exited with non-zero exit code while uploading files to blob storage.'
For more info please refer to https://aka.ms/azurefilecopyreadme
Finishing: AzureFileCopy
YML:
- task: AzureFileCopy#4
inputs:
SourcePath: '$(Build.Repository.LocalPath)/ARMTemplates/CreateSQLServerARM'
azureSubscription: 'TestRG-Conn'
Destination: 'AzureBlob'
storage: 'devopsstorageken'
blobPrefix: 'test'
ContainerName: 'arm'
I try to copy ARM templates to storage but failing. What could wrong
with YML?
Your yml looks right. I guess there might be something wrong with the task itself.
As a workaround we can use the AzureFileCopy#3, in this version we don't need to do any extra job in Azure Web Portal.
And in preview AzureFileCopy#4, there's some difference. We need to make sure the Service Principal we use in this task have access to the Storage Account. For me, I need to navigate to Access control page and Add a role assignment(Storage Blob Data Contributor/owner role) to my Service Principal/Managed Identity:
So that the AzureFileCopy version4 could also work on my side.
I also had to go back from AzureFileCopy#4 to AzureFileCopy#3. Since I am using Azure DevOps Pipelines, I already have the Contributor role for my Storage Account via my Service Connection.
However, I still have issues as soon as I configured TLS 1.2 as a requirement for my Storage Account. Currently, I can only work around the problem if I also allow TLS 1.0 here. The TLS option is the only way to get the task runnig.
Artifact PathPlease check the Source* correctly. Just to troubleshoot, provide the absolute path of the artifact and then try to deploy, you will able to do it.
Once you succeed, reverse engineer the things and work on the absolute path of the Source.
It's working fine on Version 2.
Note: If you are using Extract Files task, then try to replace it with Unzip task
In addition to #lolance answer, watch out for your source path parameter. Do not use * after your trailing slash that is folder/build/*.
I have an Azure web app. This web app has a QA deployment slot for pre-production testing. When I check in my code from VS, I have it setup to build and deploy to the QA deployment slot. This works great. However, a few configurations need to be updated in the QA web app so the application points to the correct service endpoints (i.e. not dev). To do this, my initial approach was to add a PS task to the Release that unzips my deployment zip, updates the configuration files, rezips them and then allows the Release flow to deploy the updated zip. This works locally, but running into filename length issues on the server when unzipping, which I can't change.
Now I'm trying to just include my update PS scripts in my deployment package, and then run the scripts AFTER the deployment has occurred. So, I'm looking at this Powershell on Target Machines task to run a PS on the QA slot server to update configurations. However, it's asking for Machines, which would be the server name of the slot server. I don't have that. I also don't know where to get it. I also don't have the path to the PS scripts once I have the server name. I dumped out the server variables and none of them help me, unless there is a cmdlet to look up environments that I'm not aware of.
System.DefaultWorkingDirectory: 'C:\a\2ed23b64d'
System.TeamFoundationServerUri: 'https://REDACTED.vsrm.visualstudio.com/DefaultCollection/'
System.TeamFoundationCollectionUri: 'https://REDACTEDvisualstudio.com/DefaultCollection/'
System.TeamProject: 'REDACTED'
System.TeamProjectId: 'REDACTED'
Release.DefinitionName: 'REDACTED'
Release.EnvironmentUri: 'vstfs:///ReleaseManagement/Environment/46'
Release.EnvironmentName: 'QA'
Release.ReleaseDescription: 'Triggered by REDACTED Build Definition 20160425.4.'
Release.ReleaseId: '31'
Release.ReleaseName: 'Release-31'
Release.ReleaseUri: 'vstfs:///ReleaseManagement/Release/31'
Release.RequestedFor: 'Matthew Mulhearn'
Release.RequestedForId: ''
Agent.HomeDirectory: 'C:\LR\MMS\Services\Mms\TaskAgentProvisioner\Tools\agents\1.98.1'
Agent.JobName: 'Release'
Agent.MachineName: 'TASKAGENT5-0020'
Agent.Name: 'Hosted Agent'
Agent.RootDirectory: 'C:\a'
Agent.WorkingDirectory: 'C:\a\SourceRootMapping\REDACTED'
Agent.ReleaseDirectory: 'C:\a\2ed23b64d'
Anyone have any idea, or a better approach, to accomplish what I'm attempting?