Unable to access private git using Gogs

we are in a corporate environment, all git repositories are private (we use gogs). now when i push to my repo,
it fails with:
"unable to access ‘xxxxx (git repo url)’ the requested URLR returned error 500.
exit with status 128."
should i enter my credential in .drone.yml file?
but drone has my credentials already, I have logged in when i enabled the repository.
should I use secrets?

There are a few options here. For private repositories, drone automatically includes a .netrc in your environment to authorize git access. This means you can use git+https and drone will automatically authenticate.

This means you can simply change the URL you are using from ssh to https and the request will automatically be authorized.

-git@github.com:foo/bar.git
+https://github.com/foo/bar.git

You can alternatively use secrets to add a token or ssh key, which could be used at runtime to authenticate git requests.

thank you. but first, the url is already uses http (not https). url is "http://code.COMPANY.com/ORG/REPO.git. should it be strictly https not http?

for the alternative. my difficulty is that i can not find how should i write my .drone.yml to set credential. (I am using 0.5)
should I write something like this?
clone:

clone:
-path http://http://code.COMPANY.com/ORG/REPO.git
-username USER
-password PAS

??

unable to access ‘xxxxx (git repo url)’ the requested URLR returned error 500

my expectation is that drone is able to use the .netrc file to authenticate to the repository and push. If you are getting errors, perhaps it makes sense to check the gogs logs to see why this fails?

the .netrc file looks something like this:

machine gogs.mycompany.com
login <your gogs token here>
password x-oauth-basic

The .netrc is a standard file for http authentication, and as long as your url matches the machine pattern in this file the username and password credentials are used automatically.

The only reasons I could see this not working is if the token used for authorization does not have access to push to the repository. This would happen under the following circumstances:

  1. the individual that activated the repository had their write permissions revoked
  2. the individual that acrivated the repository does not have push access to the target remote

where the file should be? cant find it in the server with drone installed as docker container, in ~/.netrc

the .netrc is added to your build containers at runtime, at /root/.netrc

build container? drone agent? or the image i use for building?
if it is in drone agent container, how i am supposed to inspect it. it does not have bash or anything

1 Like

This is a working example from my private Gogs instance that alters and then pushes code to a private repository during my build pipeline.

The is my sample Yaml configuration file:

pipeline:
  build:
    image: golang:1.5
    commands:
      - cat /root/.netrc
      - touch foo.txt
      - git add .
      - git config --global user.email "you@example.com"
      - git config --global user.name "Brad Rydzewski"
      - git commit -m "added file [ci skip]"
      - git push origin master

These are the build logs which demonstrate successful push:

+ cat /root/.netrc
machine gogs.drone.io
login <redacted>
password x-oauth-basic
+ touch foo.txt
+ git add .
+ git config --global user.email "you@example.com"
+ git config --global user.name "Brad Rydzewski"
+ git commit -m "added file [ci skip]"
[master 8448859] added file [ci skip]
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 foo.txt
+ git push origin master
To http://gogs.drone.io/bradrydzewski/foobar.git
   12e0f24..8448859  master -> master

Note that this is not a new feature for drone. The .netrc has been used for about 18 months now to authorize repository access.

please note I amnot trying to push to a repository, but I am at first stage to pull from the repository and run my build steps.
gogs logs does not tell about .netrc file but only indicates 401 Unauthorized and then panics…
I just activate my repository on on drone, and push my .drone.yml to gogs repository, webhook is there and drone starts to build my project, then it fails, indicating it can not pull the repository.
because it can not clone the repository, it does not run build pipeline to “cat /root/.netrc” and see the result.
totally stuck here.

please note drone exec in the cloned folder works perfectly. (because it does not run the clone step first???)
and it says there is no /root/.netrc file available. (does not run in new container???)

  • git init

exact error message:

Initialized empty Git repository in /drone/src/code.mapfa.net/m.shams/CI_images/.git/

fatal: unable to access ‘http://code.mapfa.net/m.shams/CI_images.git/’: The requested URL returned error: 500

exit status 128

gogs logs does not tell about .netrc file but only indicates 401 Unauthorized

Is your Gogs instance using private mode? This means your repository is Public, but private mode requires authorization to clone public repositories. If this is the case, Drone does not yet support private mode for Gogs.

and then panics

Or maybe you need to upgrade Gogs. See Gogs issue 3538

please note drone exec in the cloned folder works perfectly. (because it does not run the clone step first???)

Yes, this is correct, drone exec does not clone the repository because it uses the local code on your system. It is meant for local testing. If you want to debug the git clone stage in isolation please see http://readme.drone.io/0.5/debugging-plugins/#example-git-plugin

and it says there is no /root/.netrc file available

In order for drone to create a netrc when using drone exec you need to provide the CLI with the netrc credentials. If you think about this, it makes sense, because how is the CLI supposed to know your Gogs token otherwise?

fixed with gogs upgrade. was bug #3538
wonder why they do not release a path for it.
thank you so much.

great, glad to hear you are up and running! cheers