I am trying to create a website through Azure Resource Manager and then deploy from a private Github repository.
I have an ARM Template that works for a public repository. if I then make the repository private, connect to it through the Portal it all works fine.
If I redeploy the ARM Template it will fail with the message
"Cannot find SourceControlToken with name GitHub."
It seems that when the portal connects to a private repo it will create an ssh key that is used to authenticate.
The ssh key appears to come from kudu which can be gotten once the site is deployed.
I have also tried using access tokens, but couldn't get these to work with the repourl
So the simple question is, how do I deploy a private repo via ARM template
In order to use this via ARM template, you need to first do it at least once using the Preview Portal (https://portal.azure.com/). You can do this on any site, and with any repo. It just needs to happen once to set up the GitHub relationship. Doing it via the old portal won't work.
Then, to check that things are set up properly:
Go to https://resources.azure.com/
Go under /providers/Microsoft.Web/sourcecontrols/GitHub
Make sure the token is set
It seems that when the portal connects to a private repo it will
create an ssh key that is used to authenticate.
Thats right.
Solve same problem by changing GitHub repository to External Git.
Create new GitHub account and shared read access to private repo
Generate access token
And use next url in templates, in portal, azure rest api, etc.
https://{github-username}:{access-token}#github.com/{organisation-acount}/{repo}.git
Besides, this will help to avoid GitHub limitation for 20 connections, and you can use your repository in more than 20 Azure WebApps.
This error occurs due to connecting Github to multiple Azure accounts. To resolve it, simply revoke all Azure-related apps from the "Authorized OAuth Apps" section in Github settings (https://github.com/settings/applications), then re-authorize Github in Azure. This should allow you to save the deployment.
Related
I want to set up a CD for my Azure Web App Service, I'm using a private GitLab Repository. Why is the "Sync" Button not clickable?
Fetched SSH from Web App Service with
https://website.scm.azurewebsites.net/api/sshkey?ensurePublicKey=1
Added SSH to GitLab (Settings > Repository > Deploy Keys)
Added Deployment Settings in my Azure Web App Service (Deployment Center) as followed:
Steps are from kudu Documentation. As said here the Sync Button should work now but it doesnt. Any ideas for this issue?
The documentation says:
Use your repo's URL when setting this up. This will allow the 'sync' button in the portal to work.
Note: this may not work with private GitHub repos (see issue 2464). In that case, you may need to set it up as Local Git instead.
Note that for a SSH URL (git#gitlab.xxx.git), you do not use username/password usually. Try and use an HTTPS URL instead.
I don't know why this issue is happening, but I am confident that the configuration was done properly.
I created an Azure VM, installed Jenkins in that, and created a freestyle project. And Then I added the git and Azure Service Principle credentials to the global unrestricted access to Jenkins credentials (system). When I try to add a post-build setup of publishing to an azure web app, I get the following errors.
I have added images, please open the links and look into them, and help me out.
As you can see, the service principle has been successfully verified.
But in the second picture, when I try to access the resource group, it says none, even though I have created a resource group, app service plan, app services etc.
I tested in my enviroment and facing the same Issue,Even after Succefully verified the service principle.
Did few reaseach and found that Azure App Service Plugin is up for adoption and under maintaiance and few of them as been deprecated and also they are looking for new maintainer. The Same issue is happing with other Azure plugin as well like Azure Storage,Azure Cosmos and many more...
Even though in the document its stated you can install the Azure App Service plugin manually before officially release but when i tried to install the maven repro its prompting for enter the credential to download the repro. Seems its private repro we can't access.
For Workaround for this issue or for more information you can reach out to Jenkins Community Team or Support.
I have come across this problem that when I queue a build of my flutter code in Azure Pipeline, one of the packages in the pubspec.yaml tries to access a Private Azure repo for one of it's plugin. This is throwing a build error. So how can I solve this in the pipeline.
Thanks in advance.
You can go to the private azure repo, Click Clone and then Click Generate Git Credentials.
Then you will get a username and password. You can use the username and password to access this private repo. For below example:
git clone https://username:password#dev.azure.com/{org}/{proj}/_git/{repo}
You can also use Personal access token(PAT) with Code read scope to access to private azure repo
git clone https://PAT#dev.azure.com/{org}/{proj}/_git/{repo}
Please check here to get a Person access token.
Hope above helps!
The question is about Authentication in Build Pipelines, not for cloning the project. Cloning the project is fine whatever mechanism you consider it works. But how does the Build machine that is residing in cloud knows to authenticate?
So I solved this issue by following these steps:
1) create a PAT token for my account in Profile> Security tokens> personal access token
2) define the scopes / permission and copy that PAT token into my local machine (notepad)
3) use the private dependencies in pubspec yaml
Eg:
plugin_name:
git:
url: https://PAT#dev.azure.com/{org}/{proj}/_git/{repo}
This workflow is already automated and officially supported. You need to install the official Azure Pipeline in your GitHub account via Marketplace. This will trigger an OAuth authentication workflow to connect your Azure Devops and GitHub account.
After successful authentication you will see a GitHub installation token in your Azure DevOps Service Connections.
After this you will be able to access private repo securely in your pipeline.
You can achieve it by using an SSH key with the following steps,
Generate an ssh key pair
Add a public key to the github repo Upload
Private key to the Azure DevOps secure files
Configure the Azure DevOps pipeline via YAML
Here is a sample
In my current company we use GitHub Enterprise as revision control. Where I sign in with SAML to access my account. Now I want to deploy code that is there in GitHub to my Azure App service. So in azure deployment options, I selected GitHub option. But it is saying "Azure needs your permission to access your GitHub account" and asking me to login into GitHub. But I do not have GitHub user name and password as we are using SAML to access GitHub account. Could you please help me how can I authorize GitHub account with Azure?
Azure GitHub deployment process
The Azure deployment process is kinda tricky, trying to deploy from Github Enterprise, I manage to get it working like this:
In the Azure project menu, click on Properties then for the DEPLOYMENT TRIGGER URL, copy it.
Go to the project settings in Github Enterprise, on the option Hooks & Services and add a new webhook, set the DEPLOYMENT TRIGGER URL on the Payload URL, leave everything else the same.
Now we add the deployment process, in the Azure project menu click on Deployment Options then choose as source External Repository
On your Github Account go to settings, then on the menu click on Personal Access Tokens, now generate a new token and give it the following scopes: repo and admin:pre_receive_hook then copy the token
Finally, set the main branch that will activate the webhook when you push code on the repo, on the repository URL we have to set the following items:
https://<github_access_token>:x-oauth-basic#github.<enterprise>.net/<repo_name_from_root>
something like this:
https://c4207e6aae44ce086595c9abfcccb5123caf20cc:x-oauth-basic#github.mycompany.net/repolocation/deployrepo
Now push on your repo and the webhook will automatically trigger the deployment and build process.
I have a private repository hosted on BitBucket. On Azure I have created a web app and in the app service I want to set a deployment source to my BitBucket instance.
The authorization was ok, but when I want to select a project, the list shows no results.
What can be the issue here ?
Update: it looks like an authorization issue, because when opening the list of branches using the rest api, i get a forbidden result: https://bitbucket.org/api/1.0/repositories/{org}/{repo}/branches
When the admin of my repo is available I'll ask for admin permission and update this post.
It was a permission issue. To have deployment source attached to a BitBucket instance, you need admin rights on the repository.