we are in a corporate environment, all git repositories are private (we use gogs). now when i push to my repo,
it fails with:
"unable to access ‘xxxxx (git repo url)’ the requested URLR returned error 500.
exit with status 128."
should i enter my credential in .drone.yml file?
but drone has my credentials already, I have logged in when i enabled the repository.
should I use secrets?
There are a few options here. For private repositories, drone automatically includes a .netrc
in your environment to authorize git access. This means you can use git+https
and drone will automatically authenticate.
This means you can simply change the URL you are using from ssh to https and the request will automatically be authorized.
-git@github.com:foo/bar.git
+https://github.com/foo/bar.git
You can alternatively use secrets to add a token or ssh key, which could be used at runtime to authenticate git requests.
thank you. but first, the url is already uses http (not https). url is "http://code.COMPANY.com/ORG/REPO.git. should it be strictly https not http?
for the alternative. my difficulty is that i can not find how should i write my .drone.yml to set credential. (I am using 0.5)
should I write something like this?
clone:
clone:
-path http://http://code.COMPANY.com/ORG/REPO.git
-username USER
-password PAS
??
unable to access ‘xxxxx (git repo url)’ the requested URLR returned error 500
my expectation is that drone is able to use the .netrc
file to authenticate to the repository and push. If you are getting errors, perhaps it makes sense to check the gogs logs to see why this fails?
the .netrc
file looks something like this:
machine gogs.mycompany.com
login <your gogs token here>
password x-oauth-basic
The .netrc
is a standard file for http authentication, and as long as your url matches the machine pattern in this file the username and password credentials are used automatically.
The only reasons I could see this not working is if the token used for authorization does not have access to push to the repository. This would happen under the following circumstances:
- the individual that activated the repository had their write permissions revoked
- the individual that acrivated the repository does not have push access to the target remote
where the file should be? cant find it in the server with drone installed as docker container, in ~/.netrc
the .netrc
is added to your build containers at runtime, at /root/.netrc
build container? drone agent? or the image i use for building?
if it is in drone agent container, how i am supposed to inspect it. it does not have bash or anything
This is a working example from my private Gogs instance that alters and then pushes code to a private repository during my build pipeline.
The is my sample Yaml configuration file:
pipeline:
build:
image: golang:1.5
commands:
- cat /root/.netrc
- touch foo.txt
- git add .
- git config --global user.email "you@example.com"
- git config --global user.name "Brad Rydzewski"
- git commit -m "added file [ci skip]"
- git push origin master
These are the build logs which demonstrate successful push:
+ cat /root/.netrc
machine gogs.drone.io
login <redacted>
password x-oauth-basic
+ touch foo.txt
+ git add .
+ git config --global user.email "you@example.com"
+ git config --global user.name "Brad Rydzewski"
+ git commit -m "added file [ci skip]"
[master 8448859] added file [ci skip]
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 foo.txt
+ git push origin master
To http://gogs.drone.io/bradrydzewski/foobar.git
12e0f24..8448859 master -> master
Note that this is not a new feature for drone. The .netrc
has been used for about 18 months now to authorize repository access.
please note I amnot trying to push to a repository, but I am at first stage to pull from the repository and run my build steps.
gogs logs does not tell about .netrc file but only indicates 401 Unauthorized and then panics…
I just activate my repository on on drone, and push my .drone.yml to gogs repository, webhook is there and drone starts to build my project, then it fails, indicating it can not pull the repository.
because it can not clone the repository, it does not run build pipeline to “cat /root/.netrc” and see the result.
totally stuck here.
please note drone exec in the cloned folder works perfectly. (because it does not run the clone step first???)
and it says there is no /root/.netrc file available. (does not run in new container???)
- git init
exact error message:
Initialized empty Git repository in /drone/src/code.mapfa.net/m.shams/CI_images/.git/
-
git remote add origin http://code.mapfa.net/m.shams/CI_images.git
-
git fetch --no-tags origin +refs/heads/master:
fatal: unable to access ‘http://code.mapfa.net/m.shams/CI_images.git/’: The requested URL returned error: 500
exit status 128
gogs logs does not tell about .netrc file but only indicates 401 Unauthorized
Is your Gogs instance using private mode? This means your repository is Public, but private mode requires authorization to clone public repositories. If this is the case, Drone does not yet support private mode for Gogs.
and then panics
Or maybe you need to upgrade Gogs. See Gogs issue 3538
please note drone exec in the cloned folder works perfectly. (because it does not run the clone step first???)
Yes, this is correct, drone exec
does not clone the repository because it uses the local code on your system. It is meant for local testing. If you want to debug the git clone stage in isolation please see http://readme.drone.io/0.5/debugging-plugins/#example-git-plugin
and it says there is no /root/.netrc file available
In order for drone to create a netrc when using drone exec
you need to provide the CLI with the netrc credentials. If you think about this, it makes sense, because how is the CLI supposed to know your Gogs token otherwise?
fixed with gogs upgrade. was bug #3538
wonder why they do not release a path for it.
thank you so much.
great, glad to hear you are up and running! cheers