I need to get the latest travis build status of a repo through their API. I need a behavior identical to that of build status badge i.e it shows passing when a "push" is passing, even if a newer "pull_request" is failing.
One way of achieving is to list all builds of a repo using this and then traverse in reverse direction until I find a build which is not a pull requests and then check its status.
However, there must be a short way of doing it because the same behavior is used by build status badge. Traversing the builds every time just to get the last build status seems like a pain.
What is the API endpoint use by build status batch to directly get the last "push" build status of a repo?
The easiest solution is to not use Travis API but the build status badge. The test "passing" or "failing" is embedded as text in the SVG image:
curl -s 'https://api.travis-ci.org/$USER/$REPO.svg?branch=$BRANCH' | grep pass
curl -s 'https://api.travis-ci.org/$USER/$REPO.svg?branch=$BRANCH' | grep fail
Unless you know the build.id, the best way I think is to use the API you are referring to and pass in the query parameter limit. Something like this:
repo/{repository.id}/builds/builds?limit=1
repo/{+repository.slug}/builds/builds?limit=1
Response would still be an array but index 0 will be the most recent build. limit is not documented but it is used by Travis for their pagination.
Thank you for your question, I am looking to accomplish the same objective, here are some detailed examples of how the API should work. From that I derived the following steps to get the build status of a repository default branch using Travis CI. Below are detailed instructions:
TLDR
travis status -r a-t-0/sponsor_example --com --token <your personal Travis token>
Detailed instructions
Open a terminal and login to use the Travis Api. You can do that by first getting a Travis token, by login in with git from your terminal:
travis login --com --auto
If that does not work(returning Not Found), you should add a GitHub Token manually.
Source: https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token
2.1 To get this token, first verify your github email adress if you did not yet do that.
2.2 Go to: https://github.com/settings/tokens
2.3 Add a new token and select:
2.3.1 repo control of private repositories
2.3.2 admin:org control of orgs and teams, read and write org projects
2.3.3 admin:repo_hook Full control of repository hooks
2.3.4 admin:org_hook control of organization
2.4 Write down the secret personal access token from github. It can have a form like: 1somelettersandsomenumbersordigitsandth4
2.5 Next, use this token to login to either the --pro, --com or --org account types of Travis using:
travis login --pro --github-token 1somelettersandsomenumbersordigitsandth4
travis login --com --github-token 1somelettersandsomenumbersordigitsandth4
travis login --org --github-token 1somelettersandsomenumbersordigitsandth4
That should return: Successfully logged in as <your github username>!.
2.6 Note there are three types of api call licenses: pro, com, org. This is visible in `travis status -h
2.7 To get your pro token:
travis token --pro
Your access token is <somepersonalprotoken>
2.8 To get your --org token:
travis token --org
Your access token is <somepersonalorgtoken>
2.9 To get your --com token:
travis token --com
Your access token is <somepersonalcomtoken>
Export your travis token to terminal before running the tests with:
COM_TRAVIS_TOKEN="<your secret travis pro/com token>"
Get the build status with:
travis status -r {your GitHub username}/{your repo name} --com --token $COM_TRAVIS_TOKEN
E.g.
travis status -r a-t-0/sponsor_example --com --token $COM_TRAVIS_TOKEN
Related
I'm attempting to create a Terraform-integrated script that will create and configure a Google Cloud VM that will install Github Runner as self-hosted. The repository is under my workplace's 'organization' and it is closed to the public. Everything goes smoothly until I need to configure the runner. In repository instructions for creating self-hosted runner written as this:
# Create the runner and start the configuration experience
$ ./config.cmd --url https://github.com/my_work_place_organizaiton_name/repository_name --token ASZER2QS4UVEAL3YLMZ3DIMUIC
The issue is that, because it is an unattended script, it will run entirely on its own with no strings attached, and everything should be generated as automatically as possible. So I need a way to generate/retrieve this token ASZER2QS4UVEAL3YLMZ3DIMUIC automatically.
I think I found a way (correct me if I wrong) here: Create a registration token for an organization. So far so good. I managed to create a powershell script to execute all steps in new Github self-hosted runner until the step where I need to generate token. Once I run the command (even in Github CLI) I get an error back like this:
gh api --method POST -H "Accept: application/vnd.github+json" /orgs/my_work_place_organizaiton_name/actions/runners/registration-token
{
"message": "Must have admin rights to Repository.",
"documentation_url": "https://docs.github.com/rest/reference/actions#create-a-registration-token-for-an-organization"
}
gh: Must have admin rights to Repository. (HTTP 403)
gh: This API operation needs the "admin:org" scope. To request it, run: gh auth refresh -h github.com -s admin:org
I am an admin in this repository but not in the organization, and I am afraid that no one will grant me admin access to the organization, and even more, I cannot simply put admin:org credentials in some script - this is a "no go."
So, my question is, how can I fully automate the generation of this Github token (which is generated for everyone in the instructions page without any admin privileges)?
After a lot of try and catches it seems I found an answer. What is work for me is generating token for repository and not generating token for repository in organization.
According to Github documentation: Create a registration token for a repository this is a POST request you must send from Github CLI for example:
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
/repos/OWNER/REPO/actions/runners/registration-token
and according to documentation:
OWNER
string
Required
The account owner of the repository. The name is not case sensitive.
REPO
string
Required
The name of the repository. The name is not case sensitive.
So I put my organization name as an OWNER and not my username and voila ! it is worked !
so - instead sending request as:
/repos/my_user_name/REPO/actions/runners/registration-token
I send it as:
/repos/my_organization_name/REPO/actions/runners/registration-token
and immediately get a valid token back.
Prequisite: I have read: https://docs.aws.amazon.com/codebuild/latest/userguide/sample-github-pull-request.html
I also read this: https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
and this: Accessing GitHub pull request details within AWS CodeBuild
We have several codebuild jobs that trigger on Github pull requests/pull request updates.
As that other question states, far I have seen $CODEBUILD_WEBHOOK_EVENT which shows something like PULL_REQUEST_UPDATED and CODEBUILD_WEBHOOK_TRIGGER which shows something like pr/123
However I am trying to get the actual payload of the webhook event - specifically the title and description of the PR. How can I obtain these?
My fear is that the answer is this information is lost, and that somehow I need to connect to the github API from within the codebuild job in a back and forth. But then they question will be how to authenticate since this is a private repo..
Not sure if you ever found an answer to this, but I ran into something similar. To get other info from GitHub, I used its API. For authentication, you can add the GitHub token as an environment variable in the buildspec file. I'd recommend storing it in Parameter Store as a secure string. Here's a working example file that retrieves the name of the first label on the PR:
version: 0.2
env:
shell: bash
parameter-store:
GITHUB_AUTH_TOKEN: GITHUB_AUTH_TOKEN
phases:
install:
runtime-versions:
nodejs: 16
build:
commands:
- |
PR_NUMBER=$(cut -d "/" -f2 <<< "$CODEBUILD_SOURCE_VERSION")
echo $PR_NUMBER;
PR_LABEL_NAME=$(curl --request GET --url "https://api.github.com/repos/<put repo name here>/pulls/$PR_NUMBER" --header "Authorization:Bearer $GITHUB_AUTH_TOKEN" | jq -r '.labels[0].name');
If the build is triggered by a PR being created or updated, the CODEBUILD_SOURCE_VERSION var will have a value of "pr/1234" where "1234" is the pull request number. I'm using cut to get the number and drop "pr/".
In an Azure Pipelines Task, I am attempting to create and push a new branch. I am able to clone the repo using the $(System.AccessToken) variable, bit when I try to push the new branch I get the following error:
remote: TF401027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\(GUID)', scope 'repository'.
If I check my repository security, I see that both the Build Service user and Project Collection Build Service Accounts group has Contribute, Create Branch, Contribute to pull request, and Create Tag permission set to "Allow", which from all the research I've done is all I should need to do.
How can I troubleshoot this issue? I assume that either I am missing something silly, or there's a permissions inheritance issue. However, if I'm setting security on the repository itself my assumption is that should override any inherited permissions.
Pipeline:
steps:
- powershell: |
git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" clone "https://repoaddress/_git/common"
cd common
git checkout develop
git checkout -b release/$(build.buildNumber) $(build.buildNumber)
git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push -u origin HEAD
displayName: 'Create Branch From Tag'
Permissions:
It should caused by your build service account do not have the contribute permission for this repository.
Go Project setting --> Repositories --> click Repos you want to operate -->set repository permissions accordingly.
Note: Service account is Project Collection Build Service (org name)
Update1
I got the issue, add this service account {project name} Build Service ({Org name}) and configure the account permission, it will work.
According to the error message: Details: identity 'Build\(GUID)', scope 'repository'., we could get the service account GUID
Check this REST API, it could list the service account, we could search the service account name via the GUID, then configure the permission.
Update2
Since you are using AccessToken, it update the repo via service account, as another workaround, we could use Personal access token do the same things, and it do not need to configure service account permission.
Update2
A sample power shell script to clone the repo via PAT token:
$MyPat = 'yourPAT'
$B64Pat = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(":$MyPat"))
git -c http.extraHeader="Authorization: Basic $B64Pat" clone https://dev.azure.com/yourOrgName/yourProjectName/_git/yourRepoName
And we will receive two notifications during the lifetime of a PAT - one upon creation and the other seven days before the expiration. You could refer to this doc for more details.
Seven days before your PAT expires, you receive a notification similar to the following example.
Then we could change the Expiration time.
I'm trying to encrypt a service account file for Google Cloud and transfer over BitBucket to eventually deploy to GCP Kubernetes. I'm using the travis command line to do this, but whenever I try to log in via the command line it assumes I have a GitHub account associated with Travis CI not BitBucket.
travis encrypt-file service.json -r USERNAME/REPO
When I run this, Travis assumes I have trying to auth a GitHub account and asks me to login. It tries to validate my username and password against GitHub not BitBucket.
We need your GitHub login to identify you.
Is there an alternative command line command that lets me force a BitBucket login? Or a workaround for allowing me to encrypt the file and include in my .travis.yml build file?
You can use -t TRAVIS_TOKEN instead of authentication via login command (login command assumes that you want to login via GitHub)
Your encrypt command will look like this:
travis encrypt-file --pro --repo USER/REPO -t TRAVIS_TOKEN file --add
Steps to get user token:
Login into Travis (via BitBucket)
Click your user icon (top right corner) and select Settings
This will show you your Repositories with option to show Settings or Plan.
Select Settings
Click Copy token from API authentication
Or just click this link Travis CI preferences and Copy Token.
I am having problems using setup releases with a github token. I like travis-ci but I am not willing to hand out my github password - I need to use the token and I read the documentation as this should be possible this way. Unfortunately it still asks for pasword:
$ travis login --github-token XXXXXXXXX
Successfully logged in as ligi!
$ travis whoami
You are ligi (ligi)
$ travis setup releases
Detected repository as ligi/gobandroid, is this correct? |yes|
Username:
Here's a route which doesn't involve typing your GitHub password into the terminal. I assume you have the travis CI installed. This assumes you're using travis-ci.org, but replacing --org with --com should work otherwise.
If github.com/your/repo was your repo:
Generate a Github personal access token with the following scope: read:org, public_repo, repo:status, repo_deployment, user:email, write:repo_hook
(Optional?) Login using travis login <github token> --org
Run echo <github token> | travis encrypt --org -r your/repo
Use that secret in your .travis.yml file as described in the documentation
You may need to provide full repo scope, but for the free tier of Travis, public_repo is enough. I'm also not sure which of the other scopes are mandatory.
echo is useful on Windows because Ctrl-D doesn't work properly in Powershell.
The Travis CI CLI will not send the GitHub password to Travis CI, instead it will send it to GitHub and use it to generate a GitHub token (the same is true for travis login).
However, if you still feel uncomfortable, you can configure the deployment manually.
Add the following to your .travis.yml:
deploy:
provider: releases
api_key: "GITHUB OAUTH TOKEN"
file: "FILE TO UPLOAD"
skip_cleanup: true
on:
tags: true
all_branches: true
You can encrypt the GitHub OAuth token via travis encrypt .... It is not necessary to be logged in via the CLI for this, and the encryption happens locally.
See http://docs.travis-ci.com/user/deployment/releases/ for the full documentation
I think you can use -t/--token option, e.g.
travis login --org --github-token G1tHu8T0K3N
travis setup releases --org -t G1tHu8T0K3N