Basically i have the following scenario that i need to solve:
On a schedule basis, OctopusDeploy is pulling the latest releases from code repo using GitHub Feed and then perform some operation through the tentacle agent on another server.
Problem:
Currently we have to trigger a release in Github manually whenever there is changes to the repo so that Octopus Deploy can pick up new changes. Is there a way to trigger the release in GitHub automatically whenever there is a merged event to the master.
Thanks.
I’m going to guess that you don’t want to expose your Octopus Deploy instance to the internet... so how about use reoccurring scheduled deployments?
https://octopus.com/blog/octopus-release-2018.4#recurring-scheduled-deployments
Currently we have to trigger a release in GitHub manually whenever there is changes to the repo so that Octopus Deploy can pick up new changes.
Is there a way to trigger the release in GitHub automatically whenever there is a merged event to the master.
First, since March 2022 (4 years later):
Octopus Deploy is now a GitHub secret scanning partner
GitHub secret scanning protects users by searching repositories for known types of secrets.
By identifying and flagging these secrets we help protect users from data leaks and fraud associated with exposed data.
We have partnered with Octopus Deploy to scan for access tokens for their cloud-hosted product, Octopus Cloud.
Octopus API keys allow users to perform tasks like creating and deploying releases. We'll forward access tokens found in public repositories to Octopus Deploy, who will notify the affected user via email
In that new context:
no need for an external private Octopus Deploy
The check would be done for any new commit
But this is limited to secret scanning, so it might not do everything you were doing in your case.
Related
My organization recently changed from using personal GitHub accounts to using GitHub Enterprise Managed Users. Since that change our pipeline continuous integration (in Azure Devops) has stopped working. We can still run the builds manually without issue, but it isn't even attempting to start the builds automatically. I've created new personal access tokens for the pipelines, but that hasn't fixed the continuous integration. Does anyone have any suggestions on what I should look at to get this working again?
Instead of relying on user-authenticates service connections between GitHub and Azure Pipelines, I recommend switching over go the Github App for Azure Pipelines to control what repositories Azure Pipelines can access:
https://github.com/apps/azure-pipelines
That will drastically simplify access maintenance between GitHub and Azure Pipelines and will break the reliance on personal or enterprise managed accounts.
I wound up fixing this by going to the repository in Git Hub, go to settings on the repository, and then to Web Hooks. In there, the hook that Azure Pipelines uses had an error on it because when our tech group migrated the repo they did not bring the secret over. To fix it I just had to delete the web hook, go to the pipeline and a button appeared to restore the connection.
I have multiple servers installed at client site. I can access all of them via anydesk. I have python project running on them. All of the source code is in azure devops. I want to create a CI CD pipeline so that whenever we merge pull request to main branch, it should automatically be deployed on client's server.
Previously, I have worked on many web API's which was deployed on azure. We had branches created for each client and whenever we merge changes into those clients branch, it automatically used to start deployment on API as our repo and branch was linked to web API.
To deploy the new code changes on server, I have to follow manual way of first logging into the client server via anydesk and then perform the git pull to pull the required changes. This is very manual thing and we sometime do mistake in it. I am looking for a way to connect the client server with the branch of the repo so that once we merge our changes to that branch, it should automatically deploy the changes. Is there any way we can do it? Is there any tool/service available for this. All the client server are Ubuntu machines. Please give some suggestions. Thanks
We have two Azure DevOps Organizations,
1. Development
2. Client
I would like to know if we can synchronize Azure DevOps Repos from one organization (Development) to different organization (Client) in a secure way?
If it is possible, what would be the best way to sync from one organization to another securely?
NOTE: We are able to manually clone the Repo from one to another organization for the first time with the help of PAT and GIT Auth but the problem arises when we want to update or re-sync the code. We have to manually re-import the repo (By deleting the existing one) to make changes.
We need to do this programmatically and to another organization.
Azure DevOps Repos synchronization between Organization
Sorry but as I know there's no such out-of-box feature available in Azure Devops Service.
There're similar user voices here: Sync between projects in same org and Automatically Sync Azure Devops Repos with GitHub Repos. Usually one organization is responsible for one product, so Azure Devops doesn't recommend cross-organization actions. But if you do want this behavior in your scenario, you can use these two directions:
1.Try free Git Tools for Azure Devops extension from Martin Hinshelwood. Some steps about how to use it:
Install it in your Development organization, it contains one Publish Git Repo task.
Create a new classic build pipeline named SyncRepos, add the Publish Git Repo task in it.
(Yaml pipeline also works well, but since this is one pipeline in which only exists one task, classic pipeline is enough)
Configure the task. We only need to configure the git repo url, so it's quite easy.
Assuming the name of same repos in another organization Client is ReposToSync, and this repos is in ProjectA. So the url you should enter in pipeline(in organization Development) should be:
See this: https://anything:PAT#dev.azure.com/Client/ProjectA/_git/ReposToSync.
(You should use a PAT which has repos-related permissions. I used Full Access one to test it easily but it should be much better if you create a PAT scoped in repos permissions. It's more secure !)
Now set the trigger, enable the CI and add all the branches into filter.
Yaml pipeline is better in step4 cause it supports trigger all branches with wildcard *. See this.
Now in Development organization, when I have any change in master and qwe branches, it will automatically trigger the pipeline to run. Then the task will sync the changes in Development's repos with repos in 'Client' organization.
Any change in Development org will start a sync, if you want to same behavior in 'Client', you also need another similar pipeline in 'Client'. And, yaml pipeline with wildcard is better if you want the pipeline to monitor newly created branch.
In additions: Apart from using the task from extension, we can also use git commands in CMD task if you're familiar with those commands.
2.Feel free to post a new feature request to our User Voice forum. If you gets enough votes, the request's priority increases and the team would consider it seriously.
Hope all above helps :)
Update1:
No matter git commands or extension, if we want to make it more secure(avoid using PAT or other secrets directly in task), we can use secrets to store the important info like PAT.
1.See create secret variable in Variable Group, then link the variable group, after that we can use $(MyPat) in task and it won't be displayed in log.
2.Also you can consider using Azure Key Valut. Related doc: Link secrets from an Azure key vault.
Today I tried a way of doing it I found in a blog post and it worked perfectly (and is tremendously easy to do).
Steps:
Create a PAT (personal access token) to your Development organization (I see you already have one so skip this step)
Go to the target repo in the Development organization, click clone and copy the url
In the Client organization import the repository with the url you have copied and with your PAT (same here, I think you already did this so skip this step)
Now clone the repo to your computer from the Client organization and add a remote to the repo in your Development organization. If you don't know about remotes, this page could help: Managing remote repositories
After this, you will be able to push and fetch from the Development organization's repo.
Source: Azure DevOps Fork Repos between two Organization - Michael Ghebremedin
I need help to understand better how to create complete CI/CD with Azure Devops for APim. Ok I already has explored the tools and read docs:
https://github.com/Azure/azure-api-management-devops-resource-kit
But I still have questions, my scenario:
APim dev instance with APi and operations created and others settings, as well APim prod instance created but empty.
I ran the extract tool and got the templates (not all), still need the Master (linked templates), and on this point seat my doubt, I already have 2 repos too(dev and prod).
How can I create the Master template, and how my changes from dev environment will be automatically applied to prod?
I didn't used the policyXMLBaseUrl parameters not sure what Path insert there, although seems #miaojiang inserted a folder from azure storage.
After some search and tries I deployed API's and Operations from an environment to another, but we still don't have a full automated scenario, where I make a change in a instance and that is automatically available.Is necessary to edit policies and definitions directly on the repositories or run the extract tool again.
Overview:
I'm using GitHub Pages feature to host documentation. I'm working on a CI/CD process to automate the build so that when the source for the documentation is updated it automatically rebuilds the content and deploys to GitHub Pages.
Details:
So far, using AWS CodeBuild, I've implemented the following:
Pulls down source from GitHub Repo
Uses MkDocs to build and deploy to the special gh-pages branch using the "mkdocs gh-deploy" command.
This is done with command lines in the CodeBuild Buildspec. The reason I'm using commands is that I want to use GitHub Deploy Keys opposed to creating user account (used as a machine account) that my team would need to manage.
I have it all working except what triggers the build. If the process was using a user account to authenticate then I can use AWS CodePipeline which creates a Webhook within the GitHub repo, and then notifications are sent via the Webhook to say that the master branch was updated, which would trigger a new build.
I'd like to implement a similar process but using the GitHub repo's Deploy Key. Any suggestions?