I created a group "mygroup"
Created a repository "myrepository"
Add patch .gitlab-ci.yml#mygroup/myrepository as documented - https://docs.gitlab.com/ee/ci/pipelines/settings.html#custom-ci-configuration-path
but gitlab ci does not see this file from another repository.
Maybe we should do something else?
I worked with the same problem.
You should change mygroup and myrepository visibility to internal or public.
change group visibility
change repository visibility
Related
We have an open source project in GitHub. And we use Azure DevOps pipelines for our CI.
We publish our artefacts to S3 and Maven after successful tests, so all the credentials are stored as secret variables.
It's nice that export and echo $top_secret are conveniently obfuscated with ***, but unfortunately literally any user on GitHub can create a pull request against our repo, and as part of the changes, they can edit our azure-pipelines.yml and call a curl (or similar) to read the credentials from environmental variables and send them to their own server.
In other CI providers (Travis CI) secret variables are not accessible from PR branches.
How can I prevent PRs from touching my CI configuration file and do anything with it?
How can I prevent PRs from touching my CI configuration file and do anything with it?
You CI configuration file is save in the GitHub open source and you want to restrict users from changing this file, right? Since we cannot set file permission in the GitHub. we cannot prevent PRs from touching your CI configuration file.
As a workaround, we could create classic editor pipeline in the Azure DevOps and set the CI Trigger, such as below. If users do not have permission to change the build definition, they cannot change your CI build definition.
Update1
I want to create a central point repository with templates for all my rust projects. And in other projects I just wanna add link to them:
here is an example link to my templates repository. You can find them here.
trigger: ["master"]
pr: ["master"]
resources:
repositories:
- repository: templates
type: github
name: xoac/rust-azure-pipelines
# Test top level crate
- template: azure-test-stable.yml#templates
parameters:
name: test_tokio
displayName: Test tokio
cross: true
And I am getting an error here
I have found here that I need specify service connection.
If you choose github as your type, then name is the full name of the GitHub repo including the user or organization. For example, Microsoft/vscode. Also, GitHub repos require a service connection for authorization.
I don't know what type of connection this should be.
I want to make it accessible to everyone who want to use it.
It would be a Github service connection (when you create new service connection)
Permissions are granted on build level, not on user level, so anyone who can launch the build would be able to launch it and it would work
for github repo name, i think you are using the correct one, but you would also need to add endpoint: service_connection_name to the repositories definition.
Reading:
https://learn.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema#repository-resource
In my project's settings I see this:
Public deploy keys available to any project (15)
Rewind
CFMM Ansible Deployment
LRM Puppet Test
gitlab-runner (lion)
deploy#jasmine
deployer#stridsberg.nu
test-server
gitlab-runner
kijkmijnhuis#SensioLabsInsight
And many more... what are these things for? I know that if I enable one, that key then could clone my repo... but why are these things showing to me? Is there any benefit?
See "Deploy Keys":
Deploy keys allow read-only or read-write (if enabled) access to one or multiple projects with a single SSH key pair.
This is really useful for cloning repositories to your Continuous Integration (CI) server. By using deploy keys, you don't have to setup a dummy user account.
I use them with Jenkins: easy to setup, easy to revoke if needed.
And I use a read-write deploy key for a maven release task to be able to push back to any repo where that key is deployed.
I have a Gitlab group (testgroup) also I have the project (testproject). Now the testproject is in the testgroup.
What would happen if I added A group (testgroup) master as a developer in the inside of the project?
Would they able to accept the merge request for the particular project?
How could I add the group master as a developer in the same group's project?
Someone who is declared a group master is not a project Master, even if that project is in the group
See Group permission: he or she only has the additional privilege of creating projects in the group.
When I try to select team member for a git repository in gitlab there I see no chance to assign a whole group. Is this a missing function? Or is it possible anyway?
I am using Gitlab 6.0