In this section, the codecov documentation says:
The upload token is required for all uploads, except originating from public projects using Travis-CI, Circle CI, Azure, Github Actions.
What prevents "hackers" from uploading a fake codecov file and claiming the file was uploaded from a public repository with Codecov enabled?
What makes public projects special?
Codecov uses the status of the CI, the progress of the current job, and knowledge from the public API of both the repo and CI providers to determine whether or not a tokenless upload on a public repository should be successful
Source: I work at Codecov at the time of this answer
Related
I'm trying to add the sonarqube badge to my Gitlab repository.
I've read some answers that talk about this issue for the private project, but it's not the case for me:
Sonarqube quality badges on gitlab
My project is public:
but still, I get 401 on the badge API endpoint:
Request URL: https://{my.sonarqube.domain}/api/project_badges/measure?project={project-key}&metric=alert_status
Request Method: GET
Status Code: 401
Just to clarify more:
The API endpoint is throwing 401 unless I send the auth token with the request.
But I can't set a basic auth on the Gitlab badge section, Can I?
Sonarqube Version: 8.9 (build 43852)
A workaround can be achieved waiting for the sonarqube team to solve their authentication problem:
We need to retrieve svg from sonarqube using curl and save them as artifacts
Then we can create custom badge in the gitlab settings.
Ie :
badges-job: # This job runs in the deploy stage.
stage: deploy # It only runs when *both* jobs in the test stage complete successfully.
script:
- 'curl -u ${sonarqube_token}: "https://example.sonarqube.com/api/project_badges/measure?project=Test&metric=coverage" > sqcoverage.svg'
artifacts:
paths:
- sqcoverage.svg
Settings in gitlab settings :
Badge image URL
https://example.gitlab.com/%{project_path}/-/jobs/artifacts/%{default_branch}/raw/sqcoverage.svg?job=badges-job
I've asked the same question at SonarCommunity site.:
https://community.sonarsource.com/t/public-project-badge-to-gitlab-401/47766
Thanks for Eng. Sylvain Combe for his answer.
Apparently, This can't be done without authentication, the only option available now is disabling sonar.forceAuthentication attribute in your sonar configuration, which will make your sonar accessible by everyone.
URl mention in documentation:
GET https://dev.azure.com/{organization}/{project}/_apis/build/builds/{buildId}/artifacts?artifactName={artifactName}&api-version=4.1
How to get the buildid via REST API or can we download the artifact without buildId
That worked for me, it was on preview back then:
GET https://dev.azure.com/{organization}/{project}/_apis/build/latest/{definition}?branchName={branchName}&api-version=5.0-preview.1
The following API gets a specific artifact for a build:
GET https://dev.azure.com/{organization}/{project}/_apis/build/builds/{buildId}/artifacts?artifactName={artifactName}&api-version=5.1
You could get a list of builds, including buildid via the following API:
GET https://dev.azure.com/{organization}/{project}/_apis/build/builds?api-version=5.1
With optional parameters:
GET https://dev.azure.com/{organization}/{project}/_apis/build/builds?definitions={definitions}&queues={queues}&buildNumber={buildNumber}&minTime={minTime}&maxTime={maxTime}&requestedFor={requestedFor}&reasonFilter={reasonFilter}&statusFilter={statusFilter}&resultFilter={resultFilter}&tagFilters={tagFilters}&properties={properties}&$top={$top}&continuationToken={continuationToken}&maxBuildsPerDefinition={maxBuildsPerDefinition}&deletedFilter={deletedFilter}&queryOrder={queryOrder}&branchName={branchName}&buildIds={buildIds}&repositoryId={repositoryId}&repositoryType={repositoryType}&api-version=5.1
While the following API gets the latest build for a definition, optionally scoped to a specific branch:
GET https://dev.azure.com/{organization}/{project}/_apis/build/latest/{definition}?branchName={branchName}&api-version=5.1-preview.1
You could get a list of definitions:
GET https://dev.azure.com/{organization}/{project}/_apis/build/definitions?api-version=5.1
With optional parameters:
GET https://dev.azure.com/{organization}/{project}/_apis/build/definitions?name={name}&repositoryId={repositoryId}&repositoryType={repositoryType}&queryOrder={queryOrder}&$top={$top}&continuationToken={continuationToken}&minMetricsTime={minMetricsTime}&definitionIds={definitionIds}&path={path}&builtAfter={builtAfter}¬BuiltAfter={notBuiltAfter}&includeAllProperties={includeAllProperties}&includeLatestBuilds={includeLatestBuilds}&taskIdFilter={taskIdFilter}&processType={processType}&yamlFilename={yamlFilename}&api-version=5.1
I am trying to run Vorto dashboard on Raspberry Pi to visualize my Bosch IoT "things" data.
In order to run the Vorto Dashboard, I installed npm and nodejs and created the config.json file.
I am getting the below error whenever I try to run the dashboard using the command: sudo vorto-dashboard config.json, knowing that I already added the OAuth2 Client credentials.
No credentials given, can not get things
Could not get the token with given credentials. - StatusCodeError: 400 -
{"error":"unauthorized_client","error_description":"INVALID_CREDENTIALS:
Invalid client credentials"}
I am currently contributing the Vorto Project as an Intern at Bosch. Due to changes in the Vorto-Dashboard we combined and merged the functionality of a previous dashboard with another coexisting updated UI, providing advanced ways to visualize the existing devices.
As the uploaded state was work in progress, we temporarily disabled the config.json methodology and removed existing references from the documentation. Apparently, the reference in the tutorial you found was omitted, sorry for that!
Today, I deployed a new version 0.5.0 of the vorto-dashboard which should work as usual. You are now able to work with either process.env.[...] varibales or a config.json file. Thank you Mena for the quick response!
Feel free to let me know if you need any further help or have additional feedback.
TL;DR
To resolve your issue, store your OAUth credentials as environmental variables.
E.g. in debian et al., export BOSCH_CLIENT_ID=... etc., then start the dashboard in the same terminal.
Context
I was about to ask the same question, as I got the same error message no matter how I referenced the config.json file (relative path, absolute path, no reference, etc.).
For clarification, the tutorial pointing to a config.json resource for storing OAuth credentials is here.
Quoting:
While the dependencies are being installed, create the config.json file and insert client_id, secret and scope from your Already created
OAuth2 Client. The content of the file has to look like this:
{
"client_id": "<YOUR_CLIENT_ID>",
"client_secret": "<YOUR_CLIENT_SECRET",
"scope": "<YOUR_SCOPE>",
"intervalMS": 10000
}
The reference to the config.json file has been removed from the README.md resource in the vorto-dashboard module of vorto-examples.
The latest README.md suggests providing the OAuth credentials through environmental variables:
You can provide your OAuth2 credentials through environment variables.
The three environment variables you have to provide are:
BOSCH_CLIENT_ID
BOSCH_CLIENT_SECRET
BOSCH_SCOPE
[...]
Looking at the source, I can only find an explicit reference to a config.json in the start script entry for package_for_deployment.json (nor anything around the source seems to be consuming, say, argv[2] for that matter).
The AuthToken.js resource in charge of handling OAuth credentials only seems to reference environmental variables through the process.env.[...] references.
Elaboration
This is only speculation at the time of writing, but I suspect the reason why the config.json methodology has been abandoned might have something to do with strengthening security, i.e. not storing OAuth credentials permanently in a file.
If that much is true, then the tutorial page should probably be amended with the latest instructions from the README.md.
I'm trying to make a simple forge test work.
I am been using this basic git project:
https://github.com/leefsmp/view.and.data-boilerplate
what i did so far:
i created an account.
implemented the creds in the config file
uploaded a file to models.autodesk.io using my secret key.
4 i took the udn and passed it into the viewer.js file.
ran npm install
npm run
when i go to the localhost:3000 i still get :
dXJuOmFkc2sub2JqZWN0czpvcy5vYmplY3Q6bW9kZWwyMDE2LTExLTExLTEyLTQxLTA3LXlldmJwbHl0Yzkya3Y2cGtqdW10Z2F5ZnJ3dTAvUkEtUy1CdWlsZGluZy5ydnQ:1 GET https://developer.api.autodesk.com/viewingservice/v1/dXJuOmFkc2sub2JqZWN0cz…TEyLTQxLTA3LXlldmJwbHl0Yzkya3Y2cGtqdW10Z2F5ZnJ3dTAvUkEtUy1CdWlsZGluZy5ydnQ 401 (Unauthorized)
viewer.js:210 Access was denied to a network resource (HTTP 403).
The buttons for the load and unload extension are visible.
any ideas what i'm missing here?
I think you are looking at a deprecated repo, if you want to start with the use of boilerplate samples of the API this is a better option for you.
https://github.com/Autodesk-Forge/forge-boilers.nodejs
I would like all my projects in a GitLab group to have shared configuration for a webhook:
<MY_JENKINS_INSTANCE>/git/notifyCommit?url=$CHANGED_REPOSITORY
GitLab webhook documentation suggests it should be possible:
If you have a big set of projects in the one group then it will be convenient for you to configure web hooks globally for the whole group. You can add the group level web hooks on the group settings page.
That sound exactly like what I am after though I see no such thing on group settings page in my gitlab 7.0.0. I was not able to find out if this feature is not newer than that in the changelog.
Does the feature exist? How do I use it?
That's possible in the enterprise version only:
In GitLab Enterprise Edition you can configure web hooks globally for the whole group. You can add the group level web hooks on the group settings page Settings > Web Hooks.
Following up on #VertigoRay's comments, here's a procedure to do it using GitLab CE API:
Have, or create an user in GitLab and a personal access token with api scope:
User (top right avatar) > Settings (menu) > Access tokens (sidebar)
Check api scope (checkbox)
Click on create personal access token (button)
<my_personal_token> is the value in Your New Personal Access Token (text field)
Perform an HTTP request to get all projects:
GET https://gitlab.example.com/api/v4/projects
Private-Token: <my_personal_token>
Accept: application/json
For each project in the response:
id which is the <project_ID> to be used in the next request URL
Convert the value of ssh_url_to_repo so that it becomes URL encoded <encoded_ssh_url>
Example: ssh://git#example.com:1234/group/alpha.git becomes ssh%3A%2F%2Fgit%40example.com%3A1234%2Fgroup%2Falpha.git
For each project, perform an HTTP request to create a hook:
POST https://gitlab.example.com/api/v4/projects/<project_ID>/hooks
Private-Token: <my_personal_token>
Content-Type: application/json
{
"url": "https://jenkins.example.com/git/notifyCommit?url=<encoded_ssh_url>",
"enable_ssl_verification": true
}
This should be scripted in the langage of your choice.
Not suitable as a persistent solution, but this might be useful for someone looking for a one-time change (from the raketasks documentation):
Add a webhook for projects in a given NAMESPACE
# omnibus-gitlab
sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme
# source installations
bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme RAILS_ENV=production