I have come across this problem that when I queue a build of my flutter code in Azure Pipeline, one of the packages in the pubspec.yaml tries to access a Private Azure repo for one of it's plugin. This is throwing a build error. So how can I solve this in the pipeline.
Thanks in advance.
You can go to the private azure repo, Click Clone and then Click Generate Git Credentials.
Then you will get a username and password. You can use the username and password to access this private repo. For below example:
git clone https://username:password#dev.azure.com/{org}/{proj}/_git/{repo}
You can also use Personal access token(PAT) with Code read scope to access to private azure repo
git clone https://PAT#dev.azure.com/{org}/{proj}/_git/{repo}
Please check here to get a Person access token.
Hope above helps!
The question is about Authentication in Build Pipelines, not for cloning the project. Cloning the project is fine whatever mechanism you consider it works. But how does the Build machine that is residing in cloud knows to authenticate?
So I solved this issue by following these steps:
1) create a PAT token for my account in Profile> Security tokens> personal access token
2) define the scopes / permission and copy that PAT token into my local machine (notepad)
3) use the private dependencies in pubspec yaml
Eg:
plugin_name:
git:
url: https://PAT#dev.azure.com/{org}/{proj}/_git/{repo}
This workflow is already automated and officially supported. You need to install the official Azure Pipeline in your GitHub account via Marketplace. This will trigger an OAuth authentication workflow to connect your Azure Devops and GitHub account.
After successful authentication you will see a GitHub installation token in your Azure DevOps Service Connections.
After this you will be able to access private repo securely in your pipeline.
You can achieve it by using an SSH key with the following steps,
Generate an ssh key pair
Add a public key to the github repo Upload
Private key to the Azure DevOps secure files
Configure the Azure DevOps pipeline via YAML
Here is a sample
Related
In my current company we use GitHub Enterprise as revision control. Where I sign in with SAML to access my account. Now I want to deploy code that is there in GitHub to my Azure App service. So in azure deployment options, I selected GitHub option. But it is saying "Azure needs your permission to access your GitHub account" and asking me to login into GitHub. But I do not have GitHub user name and password as we are using SAML to access GitHub account. Could you please help me how can I authorize GitHub account with Azure?
Azure GitHub deployment process
The Azure deployment process is kinda tricky, trying to deploy from Github Enterprise, I manage to get it working like this:
In the Azure project menu, click on Properties then for the DEPLOYMENT TRIGGER URL, copy it.
Go to the project settings in Github Enterprise, on the option Hooks & Services and add a new webhook, set the DEPLOYMENT TRIGGER URL on the Payload URL, leave everything else the same.
Now we add the deployment process, in the Azure project menu click on Deployment Options then choose as source External Repository
On your Github Account go to settings, then on the menu click on Personal Access Tokens, now generate a new token and give it the following scopes: repo and admin:pre_receive_hook then copy the token
Finally, set the main branch that will activate the webhook when you push code on the repo, on the repository URL we have to set the following items:
https://<github_access_token>:x-oauth-basic#github.<enterprise>.net/<repo_name_from_root>
something like this:
https://c4207e6aae44ce086595c9abfcccb5123caf20cc:x-oauth-basic#github.mycompany.net/repolocation/deployrepo
Now push on your repo and the webhook will automatically trigger the deployment and build process.
I'm deploying with Visual Studio Team services to Azure (NodeJS) but the problem is when files are changed in the remote repo in azure (through my site) I can't get them to my local repo. How can I get it without manually going in and copy the files? (Git pull doesn't work)
According to your description, I assume that your local repository is link to VSTS repo and VSTS repo push files to Azure Remote Repo. In this scenario, your local repo isn't linked to Azure Remote Repo, when you execute git pull from local repo, it just try to pull the changes from VSTS repo, not Azure Repo. To pull the changes from Azure Repo, trying the steps blow:
Configure "Deployment credentials" from Azure Portal. You'll need to use this credential to authenticate Azure Repo.
Open Kudu service page of your webapp. For example, if your app url is "https://app1.azurewebsites.net/", then the Kudu service page is "https://app1.scm.azurewebsites.net/".
Click "Source control info" link in Kudu service page. You will get the URL of the Azure Remote Repository.
Go to your local repo and add a remote repo with the URL you get from Step 3.
Perform a pull action from the new added remote repo and enter the credential you configured in Step 1 when prompted.
I have a private repository hosted on BitBucket. On Azure I have created a web app and in the app service I want to set a deployment source to my BitBucket instance.
The authorization was ok, but when I want to select a project, the list shows no results.
What can be the issue here ?
Update: it looks like an authorization issue, because when opening the list of branches using the rest api, i get a forbidden result: https://bitbucket.org/api/1.0/repositories/{org}/{repo}/branches
When the admin of my repo is available I'll ask for admin permission and update this post.
It was a permission issue. To have deployment source attached to a BitBucket instance, you need admin rights on the repository.
We have Private Github server in Ubuntu running in Azure subscription and requirement is to migrate Github to another private github server. Decided to migrate Azure from one Subscription to another subscription taking the image.
So,What are the steps/process has to be done pre and post activities for Private Github server migration from Azure to Azure subscription?
You mean : You have a Private Git server not a Private GitHub server in Ubuntu I am right?
These links might to help you?
https://azure.microsoft.com/en-gb/documentation/articles/web-sites-publish-source-control/
https://azure.microsoft.com/en-us/blog/azure-welcomes-parse-developers/
Changing a remote's URL
https://help.github.com/articles/changing-a-remote-s-url/
replace remote repository with local repo, but keep commit history of remote
I am trying to create a website through Azure Resource Manager and then deploy from a private Github repository.
I have an ARM Template that works for a public repository. if I then make the repository private, connect to it through the Portal it all works fine.
If I redeploy the ARM Template it will fail with the message
"Cannot find SourceControlToken with name GitHub."
It seems that when the portal connects to a private repo it will create an ssh key that is used to authenticate.
The ssh key appears to come from kudu which can be gotten once the site is deployed.
I have also tried using access tokens, but couldn't get these to work with the repourl
So the simple question is, how do I deploy a private repo via ARM template
In order to use this via ARM template, you need to first do it at least once using the Preview Portal (https://portal.azure.com/). You can do this on any site, and with any repo. It just needs to happen once to set up the GitHub relationship. Doing it via the old portal won't work.
Then, to check that things are set up properly:
Go to https://resources.azure.com/
Go under /providers/Microsoft.Web/sourcecontrols/GitHub
Make sure the token is set
It seems that when the portal connects to a private repo it will
create an ssh key that is used to authenticate.
Thats right.
Solve same problem by changing GitHub repository to External Git.
Create new GitHub account and shared read access to private repo
Generate access token
And use next url in templates, in portal, azure rest api, etc.
https://{github-username}:{access-token}#github.com/{organisation-acount}/{repo}.git
Besides, this will help to avoid GitHub limitation for 20 connections, and you can use your repository in more than 20 Azure WebApps.
This error occurs due to connecting Github to multiple Azure accounts. To resolve it, simply revoke all Azure-related apps from the "Authorized OAuth Apps" section in Github settings (https://github.com/settings/applications), then re-authorize Github in Azure. This should allow you to save the deployment.