I have setup the pact broker locally and able to publish the pacts which are also verified by the provider successfully. I am at the point to use webhook which kicks off a build of the provider project if the pact content has changed since the previous version. Can I use the webhook concept in my local because my consumer and provider are not configured in CI?
You'll need to create a local "CI server" on your machine. It doesn't really have to be a proper CI server, but it does have to be able to accept an HTTP request that will kick off a build somehow.
You should be able to create a very simple ruby/javascript/python HTTP server that will run the provider build in a backgrounded process when it receives a request. Or, you could install a copy of something like Jenkins locally.
Related
I am trying to understand the difference between Service Hooks and Service Connections in Azure DevOps.
Service Hooks and Service Connections both seem to do the same thing according to these description.
"Service connections enable you to connect to external and remote services to execute tasks in a job."
Service Connections
"Service hooks let you run tasks on other services when events happen in your Azure DevOps projects."
Service Hooks
None of these pages tell the reader the difference between service hooks and service connections. Even though I am sure each is used for a different purpose.
Service connections enable you to connect to external and remote services to execute tasks in a Azure pipeline job. For example, you may need to connect to your Microsoft Azure subscription, to a different build server or file server, to an online continuous integration environment, or to services you install on remote computers.
You could go to Project Settings>>Service connections page to see available service connections. And when you use tasks which required to connect to external and remote services, you will see it requires you to set up corresponding service connection. For example, if you use GitHub repository as the source repository in pipeline, you need to set up GitHub service connection.
In the meanwhile, Service hooks let you run tasks on other services when events happen in your Azure DevOps projects. You could go to Project Settings>>Service hooks page to integrate with your favorite services by notifying them when events happen in your project. For example, create a card in Trello when a work item is created or send a push notification to your team's mobile devices when a build fails.
You can also use service hooks in custom apps and services as a more efficient way to drive activities when events happen in your projects. Also you could create a service hook for Azure DevOps with Microsoft Teams, so members can get notified when builds are completed, work item updated, etc.
I am totally new in hubot, and I am stuck at something seems easy.
I want to use this plugin to send messages to users via slack when they have a mention comment or there's a comment on their pull requests.
But I have some trouble setting on Github webhook, how to fill in this form correctly? What's the hubot_url should be? If I test on my local machine, should the URL be http://localhost:port/hubot/github-pull-request?room=ROOM&only-mentioned=1?
And what's the port of hubot if I test it on my local machine? It seems I fill it with wrong data. The delivery failed and got a service timeout error.
I have some powershell scripts in my CI server to check the state of some WebJobs.
But I have few problems.
I'm using publish settings file, but it expires and my build starts to fail.
I don't want to use a Management Certificate that will expose all management features.
And I don't want to put my user credentials on the CI server that will also expose all management features.
There is any way to create a CI user or credential with restricted permissions?
Thanks!
Azure Functions provides a good solution to this problem. You can create a Service Principle account, with certificate login and then restrict that account to whatever actions you need it to allow (via RBAC)
You can then have an Azure PowerShell script running in Functions, that is called from a webhook from your CI engine. That way the only credentials that are stored on your CI are the webhook secret, and if your CI engine has a static IP you can verify that commands only come from that address, and drop anything else.
I have setup a build process in VSTS that is pulling source code from a public facing SVN url. It works great when I manually queue the build from the dashboard or if I schedule a build to run at a certain time. However, when a build gets queued by continuous integration it throws the following exception:
An exception occurred while polling the repository. Error: Microsoft.TeamFoundation.Build2.Server.Extensions.BuildPollingException: Unable to connect to a repository at URL '<Path to the URL I am referencing>' --->
SharpSvn.SvnRepositoryIOForbiddenException: Unable to connect to a repository at URL '<Path to the URL I am referencing>' --->
SharpSvn.SvnRepositoryIOForbiddenException: Access to '<Path to the trunk of the repository>' forbidden
When I look at the event log on the server that Subversion lives on, it shows that the build agent is trying to access the URL with an anonymous login, hence the exception I am seeing.
Has anyone ran into this before? I know I have configured the service endpoint correctly with user credentials since it works when I manually fire off or schedule queue the build. I've done pretty extensive searching on this topic but have not found much info that involves VSTS and SVN issues. Any guidance or questions will be greatly appreciated.
The CI's Polling Job is executed by the Job Agent on the TFS server. Apparently, your Job Agent is configured to run as NT AUTHORITY\NETWORK SERVICE (i.e., as DOMAIN\TFSSERVER$). On the other hand, it looks like you VisualSVN Enterprise instance is configured to use NTLM. In this case, basic credentials are not used by the SharpSvn library the Polling Job uses to access the repository. Unfortunately, that's SharpSvn restriction. You either should provide the computer account (DOMAIN\TFSSERVER$) with the READ access to the SVN repository in the VisualSVN server configuration (to continue using NTLM), or disable NTLM on the VisualSVN server to switch to Basic authentication.
[Few technical details]The anonymous requests you see in SVN logs are part of the normal HTTP request flow implemented in the SharpSvn library:
The library first submits an anonymous request to the server.
If the server rejects the request, the library inspects the WWW-Authenticate response headers to detect the authentication scheme
requested by the server.
The WWW-Authenticate: NTLM header has a higher priority comparing to WWW-Authenticate: Basic. That's why username and password
specified in the connection endpoint are not used at all.
If only the WWW-Authenticate: Basic header is present in the response, the library uses a callback function provided by the client
To request credential information. At this point username and
the password specified in the connection endpoint is provided to the
library by the Polling Job.
[Note 1] The Polling Job does not download any sources from the SVN repository, it only requests the list of files changed since its last successful execution and decided if it's time to schedule a build.
[Note 2] If the Polling job continuously fails for the same reason, it reports each 100th failure to TFS as a failed build providing a reason of the failure.
Alex
I look to be having a similar issue. Using TFS 2015 Update 3 and VisualSVN Server 3.4.6. I get the same error with CI polling. On the SVN Server I get the following errors every time TFS polls: Access denied: 'TFSSERVER$' OPTIONS : [client ]
Here TFSSERVER$ is the computer name of our TFS Server.
So I gave DOMAIN\TFSSERVER$ Read Only permissions at the root of the repository and then things worked OK. Not happy that I had to do that of course.
Filed this bug about it: SVN CI Polling Uses TFS Machine Account Not SVN Account Set in the Service EndPoint
There isn't any big difference between CI and manual/scheduled build for SVN repository. When you configure it to continuous integration, it just keeps checking the SVN repository by the Polling interval you set and then run the build if there is any new change. The only difference between them is that you need to set "Filters" for CI and base on the access forbidden error message you get, you don't have the permission to read the path. So you need to check if your account has the read permission to the path you set in "Filters".
I am trying to understand how does the gerrit-trigger in Jenkins works in details?
Also, how is the test for the triggered cose is being invoked ?
Thanks,
The gerrit trigger works like this:
It connects to the gerrit server using ssh and uses the gerrit stream-events command
It then watches this stream as the data comes in
It will try to match the events to triggers that have defined in your projects
Potential pit-falls:
Jenkins user has improper ssh credentials
Jenkins user does not have the stream-events rights
How to check:
Login as jenkins user
ssh -p 29418 jenkins#your.domain.com gerrit stream-events
Push a commit to the server and you should see things on your stream
Problems:
ssh connection failed? setup you ssh key pair
No streaming right? Go to the All-Projects->Access and under Global Capabilities add Stream Events to the Non-Interactive Users group