Azure build pipeline with dependency on private AZ repo - azure-devops

We have an Angular project in an Azure repo that references another private Azure project/Repo in the packages.json file under dependencies. The project builds fine locally for all developers, but fails in the Azure Pipeline with Authentication failed. What is the correct way to pull code from a private Azure repo into another projects build pipeline?
I changed the access protocol from ssh to https and have done a lot of reading about how to accomplish this. I have read about the personal access tokens, but this doesn't seem like a good solution.
"core-js": "^2.5.4",
"xxx": "git+https://xxx#dev.azure.com/xxx/xxx#master",
"date-fns": "^1.30.1",
Note: The error is saying fatal: Authentication failed for 'https://dev.azure.com/..., which doesn't include the provided username in the dependency url.

Agree with yours. I also think that using PAT token is not a security way, because it does not expose the token exactly.
If you want to use SSH, you need first sure that the repos you want to install has a package.json at root.
And then, generate a pair of public/private key with the command: vssh-keygen -t rsa. After that, you can follow this doc: Use SSH key authentication to install them into your org.
Clone the repos with SSH, and this will make your client accept the fingerprint expressed by the server. Then, go repos page, get the SSH URI to cloning your repos and add it into the dependencies section of your package.json file:
"dependencies": {
"testproj": "git+ssh://account#ssh.visualstudio.com:v3/{org name}/{project name}/{repos name}"
}

Related

Azure pipeline to build xcode project can't clone repo

I would like to know if you have any ideas of what happens to the following pipeline I'm developing to build an xcode project.
I'm configuring a pipeline with the xcode build, copy files, and publish artifact tasks.
I have configured the build task, with my xcworkspace path, and set up the scheme
I have all of my repos, in bitbucket, but I have set it up a service connection between my Azure devops, and bitbucket, using an app password, which have all the permissions allowed, I have developed a pipeline to build an Android app, and I don't have problems with that one, just to mention that this one doesn't depends on other separated repos
The thing is that, the developer separated the api client in a repo, from the main repo were the iOS code is, so when Azure tries to clone this repo, it can't be done, due to a host key verification, he told me that this repo is dependency of the main iOS repo.
This is the error
I'm new to Azure devops, but I have searched for solutions, and nothing. I understand that I have to configure an SSH key, but, I'm using a pipeline with a hosted microsoft agent. Should I add a task to actually set up this SSH key to the agent? Or it is only permission problems?
The things I have done, are:
Creating the app password again, with all permissions set
Change my project path, and use the correct scheme, cause I was using the wrong one. But there's no difference
The only thing I have left is to add the user from my Azure devops to a group of admins, who actually have permissions to the repo Azure is trying to clone. But I need to open a ticket with my partner, cause I cannot logged into the mail account.

Github Actions cannot find NuGet package hosted in GitHub Packages

I have a GitHub organisation set up and within that are two private repositories: Library and App. I have managed to configure a GitHub Action for the Library repository to create a NuGet package and push it to nuget.pkg.github.com. I added the Library package as a dependency to the App project and can fetch these locally using a configured Personal Access Token. I am now working on the GitHub Action to build and run unit tests on the App project.
I have added a step to the workflow to add the NuGet package source
- name: Set package source
run: dotnet nuget add source --username USERNAME --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/REDACTED/index.json"
This is exactly the same line as is used when pushing the package, but when I reach the dotnet restore step later I get the following error:
/home/runner/work/App/App/App.Services/App.Services.csproj : error NU1101:
Unable to find package Library. No packages exist with this id in source(s): github, nuget.org [/home/runner/work/App/App/App.sln]
I understand that it is likely possible to work around this by adding a new Personal Access Token to the secrets of the App repository, but would prefer to rely on GITHUB_TOKEN if possible for both the security and management benefits.
According to GitHub, installing packages hosted with GitHub Packages requires minimal configuration using GITHUB_TOKEN. And by default, GITHUB_TOKEN has both read and write permissions for packages.
This question is different from this one as that relates to an issue with empty NuGet.config files which has since been resolved.
I hit the same problem, GITHUB_TOKEN can be used to push packages but not pull packages from other repos within the same organisation. This thread has a lot of people complaining about it: https://github.com/actions/setup-node/issues/49. I was unable to get any of the workarounds there working for me, and had no option in GitHub to grant specific permissions to repositories in the organisation for packages. Had to use a PAT in the end.

How to use private packages in Azure Pipelines During CI/CD builds

I am using Azure CI/CD pipelines for Flutter build. In my Pubspec yaml file, I have dependencies that are private to my project and the code is hosted in same azure devops project but in different repository. During Build (i.e. Flutter Packages get) it gives me error saying Authentication failed?. I tried with PAT token where in prior to flutter build task i used git command to set that token, but it didn't solve the issue. Can anyone help me out?
I am open to being shown a better way but these are the steps I took to solve this issue a little while ago.
Assuming you are referencing the package in your pubspec.yaml using git over ssh on azure devops like:
repo_name:
git:
ref: 'tag or other identifier'
url: you#vs-ssh.visualstudio.com:v3/you/project/repo_name
Generate a new ssh key pair on your machine.
Upload the private key to the library secure files section on azure devops.
Add the install ssh key task to your azure pipelines build, using the key pair generated in the previous steps and referencing the private key uploaded to the secure files library. link
Upload the public key to your list of public keys. (This step I'm not 100% sure is necessary but I did it initially and things have worked so I haven't changed removed it)
So in my azure-pipelines.yaml the install ssh key step looks kinda like this where id_rsa is the name of the private key in my secure files.
- task: InstallSSHKey#0
inputs:
knownHostsEntry: 'vs-ssh.visualstudio.com, ...etc'
sshPublicKey: 'ssh-rsa ...etc'
sshKeySecureFile: id_rsa
A private feed is created with permissions such that only you have access.
The build agent run with user(build service account), give to this user permissions in the feed. From Feed settings->Permissions, assign your build service account owner permission.
Also verify the token is working, make sure you have selected sufficient scopes for this token to authorize for your specific tasks.
Besides try adding a variable system.debug with a value of true you’ll get more information in the failure. That might help pinpoint the problem.

How to use Heroku config vars with GitHub to install remote private repo?

I would like to remove my user name and personal access token from the package.json file in my React application.
The package being installed is a private remote GitHub repository for which I am the owner.
The request is being made over the HTTPS protocol.
E.g: "react-trello": "https://username:token#github.com/username/react-trello.git#dev/branch"
I have a PAT issued from GitHub. But I'm having trouble accessing them in the package.json file in my project.
Should I create Heroku config vars with the PAT value?
heroku config:set -a my-app GITHUB-TOKEN=466ghdf57
In Heroku config you can set variable names to use with GitHub. How do I set my user name, password and token? As Heroku config variables?
E.g: USERNAME, GITHUB-USER, TOKEN, GITHUB-TOKEN.
I've tried creating variables such as USERNAME, TOKEN, GITHUB_USER. But it doesn't work if I remove my credentials from the package.json file.
E.g: "react-trello": "https://github.com/username/react-trello.git#dev/branch".
I get an error: Fatal: Could not read Username for "https://github.com".
Am I missing something?
Heroku doesn't provide this out of the box, and package.json doesn't natively support environment variables.
One option is to build your dependency as an NPM packages and publish it on a private package repository, e.g. Gemfury, whose Heroku addon has a free plan supporting a single private module.
Briefly, you can publish your module to Gemfury with https://npm-proxy.fury.io/APPID/, followed by npm login and npm publish. Then, in the Heroku app that depends on your private module, add a .npmrc file containing
always-auth=true
registry=https://npm-proxy.fury.io/APPID/
//npm-proxy.fury.io/APPID/:_authToken=${FURY_AUTH}
and set a Heroku config var FURY_AUTH containing your Gemfury auth token.
This does mean you'll have to update your published library on Gemfury before the dependent application will see changes you make to it. This is probably a good idea anyway; depending on specific tagged releases is safer than depending on mutable branches.
There is also this workaround which may let you effectively inject environment variables into your package.json, but I haven't tried it.

unable to deploy from codeship to heroku

We had a consultant configure our CI, but since he left we get the following error whenever trying to deploy:
Warning: Permanently added 'heroku.com,40.19.75.141' (RSA) to the list of known hosts.
! Your account pedro#someemail.com does not have access to mysascards-staging.
!
! SSH Key Fingerprint: 41:fc:8a:39:fb:ed:eb:a6:69:a5:1b:ff:35:84:41:2f
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
If I add "pedro#someemail.com" to heroku, the deployment works fine.
How do I remove the dependency on this account from our codeship configuration?
In order for you to deploy your app using Codeship, you need to provide the Heroku API key from your Heroku account.
You can access your Heroku API key here -
https://dashboard.heroku.com/account.
Once you have your API key, you can change the deployment configuration with the following steps:
Navigate to your project
Click Project Settings
Click Deploy
Copy/Paste the API key to Heroku API Key
Make sure the Heroku user's API key has access to the application mysascards-staging
If the project has been transferred (as it appears yours has), the SSH Key that was assigned to the project most likely needs to be recreated.
You can recreate the SSH key by submitting a help ticket, and the add the key to both Heroku and the SCM.
Let me know if this helps!
To clarify the answer above - it was necessary to generate a new SSH key on codeship as the account had changed ownership.
This key then needed to be added to both the remote GIT repo (bitbucket in my case) and in Heroku. In both cases, this was possible directly on the site (no command line needed).