I am trying to run Auditjs scans on my code using Nexus IQ server, I tried incorporating a batch command in jenkins freestyle project build step which ran successfully on local machine and resulting correct results in Nexus IQ server but unable to execute the same through jenkins.
Command used:
npx auditjs iq -a (application id in nexus) -s build -h (nexus private server) -u username -p password
1:When tried with a user credentials with application evaluator role , it resulted with a error of
[[ERROR]] auditjs-[Issue auditing your application!"No valid response from IQ, potentially check application ID you are using"]]
2: When the above command is executed with user credentials of Developer role in Nexus, it resulted in a build failure error... i found this through here so https://github.com/sonatype-nexus-community/auditjs/issues/218, gave it a shot but no luck
[[ERROR]] auditjs-[Issue auditing your application! Unable to submit to Third Party API
/_) /_`_ _ _ _/_ _ _ (/ /_`_._ _ _/ _
/_)/_/ ._//_// //_|/ /_//_//_' (_X / ///_'/ //_/_\
_/ _//
AuditJS version: 4.0.37
- Starting application
√ Starting application
- Getting coordinates for Sonatype IQ
√ Getting coordinates for Sonatype IQ
- Auditing your application with Sonatype IQ
√ Auditing your application with Sonatype IQ
- Authenticating with Sonatype IQ
√ Authenticating with Sonatype IQ
- Submitting your dependencies
× Submitting your dependencies
[91m[2022-05-02T17:15:03.269] [ERROR] auditjs - [39mThere was an issue auditing your application! Error: No valid ID on response from Nexus IQ, potentially check the public application ID you are using
at IqRequestService.<anonymous> (C:\Users\jenkins\AppData\Roaming\npm-cache\_npx\13732\node_modules\auditjs\bin\Services\IqRequestService.js:56:23)
at Generator.throw (<anonymous>)
at rejected (C:\Users\jenkins\AppData\Roaming\npm-cache\_npx\13732\node_modules\auditjs\bin\Services\IqRequestService.js:21:65)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
Related
I am using Jenkins Pipeline to download Jfrog artifactory on a server where Jfrog CLI is configured.
1.The following cmd when executed from Jenkins throws the below error:
jf rt dl is-passport-dev/xyz.zip C\Windows\xyz.zip
[Error] the --url option is mandatory
2.The same above command on executing directly on the jfrog configured server works like a charm.
3.Below cmd is executed as a workaround for Point 1:
jf rt dl --url https://<artifactory_url>/artifactory/is-passport-dev/xyz.zip C\Windows\xyz.zip
[Info] Searching items to download...
[Error] Server response: 403 Forbidden
Only non-anonymous users are allowed to access AQL queries
This error is seen both when executing from the jenkins pipeline and also on executing directly on jfrog configured server. I have ensured that the user and the repository has the right permission for uploading and downloading.
Note: jf rt upload --url <url_path> <source_file_path> <destination_file_path> works fine without any issues
Can someone suggest me how to overcome this problem?
The problem is that you are trying to download an Artifact but you are 'anonymous' (server is not configured in the cli):
two solutions:
give 'anonymous' users read rights on you repo (not recommended)
Configure the cli with a user and password/token
jf c add server_1
follow steps to configure
cmd to use it
jf rt dl is-passport-dev/xyz.zip C:\Windows\xyz.zip --flat --server-id server_1
Even though I am able to achieve the artifact download using curl commands instead of JFrog CLI, the downloading of the package with the curl command is extremely slow.
700MB zip takes close to 8 minutes with curl cmd.
Is it possible to reduce the download time here?
Summary:
I have made many attempts to deploy simple C# Blazor image in public DockerHub repo to Azure App Service web site. All attempts using bicep and the azure portal have failed.
Goal:
Use bicep inside of a Github action (CI/CD pipeline) to deploy from public DockerHub repo to Azure App Service Web Site. (I'm also curious as to how to do it on the portal).
What Works:
This powershell command successfully deploys my DockerHub image to the Azure App Service Web site:
az.cmd webapp create --name DockerhubDeployDemo004 --resource-group rg_ --plan Basic-ASP -s siegfried01 -w topsecretet --deployment-container-image-name siegfried01/demovisualstudiocicdforblazorserver
This bicep for creating an azure container instance also works.
Error Messages from Failed Attempts:
From the log files in the azure portal I get:
2022-05-20T21:50:35.914Z ERROR - DockerApiException: Docker API responded with status code=NotFound, response={"message":"pull access denied for demovisualstudiocicdforblazorserver, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"}
2022-05-20T21:50:35.915Z ERROR - Pulling docker image docker.io/demovisualstudiocicdforblazorserver failed:
2022-05-20T21:50:35.916Z WARN - Image pull failed. Defaulting to local copy if present.
2022-05-20T21:50:35.923Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2022-05-20T21:50:35.928Z INFO - Stopping site dockerdeploydemo003 because it failed during startup.
/home/LogFiles/2022_05_20_lw1sdlwk000FX5_docker.log (https://dockerdeploydemo003.scm.azurewebsites.net/api/vfs/LogFiles/2022_05_20_lw1sdlwk000FX5_docker.log)
2022-05-20T21:35:47.559Z WARN - Image pull failed. Defaulting to local copy if present.
2022-05-20T21:35:47.562Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
Failing Bicep Code:
I tried exporting the ARM code from the successful powershell deployment and the failed portal attempts and converting it to bicep. In both cases the code was very similar. In both cases I had to add/edit the app settings containing the dockerhub URL, account and password. I always received the above error messages. After deploying using bicep code, I could go back into the portal and view the appsettings (dockerhub creds & URL). They looked correct.
References:
Nice DockerHub example but no bicep code.. Says to use index.docker.io for the server and I tried that (did not work). I also tried using https://index.docker.io/v1/ for the server URL and that did not work either.
Nice Bicep Example but uses ACR instead of DockerHub
Another nice Bicep Example that uses ACR instead of DockerHub.
I was surprised I could not find the documentation on the DockerHub site!
Please help me correct my bicep code. I suspect I'm not specifying the correct URL or server for DockerHub.
Thanks
Siegfried
I could not find the web page on Dockerhub that gave the detailed information I was looking for (like the URL). However, the docker Info command as described here was very helpful.
This bicep code did the trick for me (with some help from the bicep support on github):
var appConfigNew = {
DOCKER_ENABLE_CI: 'true'
DOCKER_REGISTRY_SERVER_PASSWORD: dockerhubPassword
DOCKER_REGISTRY_SERVER_URL: 'https://index.docker.io/v1/'
DOCKER_REGISTRY_SERVER_USERNAME: dockerUsername
}
resource appSettings 'Microsoft.Web/sites/config#2021-01-15' = {
name: 'appsettings'
parent: web
properties: appConfigNew
}
And lastly, I discovered this by trial and error:
linuxFxVersion: 'DOCKER|${dockerUsername}/demovisualstudiocicdforblazorserver:${tag}'
Wow! I really worked hard for this one!
I am deploying a docker image from ACR to windows based App Service using Azure DevOps release pipeline (with Azure Web App on Container Deploy task). But getting the error as
"Error: Failed to patch App Service '[App Service Name]' configuration. Error: BadRequest - The parameter DOCKER_REGISTRY_SERVER_URL has an invalid value. Unexpected error when connecting to the registry. Cannot find available registry. https://[ACR Name].azurecr.io (CODE: 400) Error: Failed to update deployment history. Error: Ip Forbidden (CODE: 403)"
Both App Service and ACR are using private endpoint. We are using self hosted agent for our pipeline.
Please let me know how to fix this issue.
Here is a trouble shooting advice:
Please check the value of DOCKER_REGISTRY_SERVER_URL in your ARM template or config file.
What's more, if you are using ARM template, try to add "reserved": true to your properties.
I’m new to Jenkins. I am trying to deploy an Angular Application to Cloud Foundry on Bluemix but, with the CF plugin I am getting the failure with an error -
Cloud Foundry Plugin: org.cloudfoundry.uaa.UaaException: unauthorized:
BMXLS0202E: You are using a federated user ID, please use one time
code to login with option --sso.
I am not sure how can I use the command ibmcloud login -o <org> -s <space> --sso
I'm building a docker image via jenkins and want to deploy it to google cloud registry using the jenkins plugin (docker-build-step, Google Container Registry Auth Plugin, Google OAuth Credentials plugin), using the following instructions: https://wiki.jenkins-ci.org/display/JENKINS/Google+Container+Registry+Auth+Plugin
I have a VM instance on GCE where I have both jenkins and docker installed.
The build works OK, but it fails when I'm trying to push it to the Registry:
Successfully built c2ddc81c66d1
[Docker] INFO: Sucessfully created image eu.gcr.io/$project-id/base
[Docker] INFO: Pushing image eu.gcr.io/$project-id/base
ERROR: Build step failed with exception
javax.ws.rs.ProcessingException: org.apache.http.NoHttpResponseException: 127.0.0.1:2375 failed to respond
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:513)
at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:246)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:667)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:664)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
--
But when I try to push it via SSH, it works:
bash-4.2$ whoami
jenkins
bash-4.2$ gcloud docker push eu.gcr.io/$project-id/base
The push refers to a repository [eu.gcr.io/$project-id/base]
41772e41ab05: Layer already exists
a03f60753e4e: Pushing [=========> ] 9.223 MB/47.44 MB
I believe that if it was some kind of scope from the google VM, I shouldn't be able to do it via ssh either. Could it be the jenkins user environment variables?
Anyone has a working configuration for a similar scenario? Anyone that knows Jenkins well knows what kind of config could be causing this?
Also, before using http://127.0.0.1:2375 as the docker url, I had unix:///var/run/docker.sock, and with that configuration, instead of "127.0.0.1:2375 no HttpResponseExpcetion" I had "localhost:80 no HttpResponseExpcetion" on the log, so using the socket isn't the solution either.
Regards,
JS
The error is related with failed a connection between Jenkins and Google Registry. I'm assuming there's no problem with the network connection, since it's calling the localhost.
[Docker] INFO: Sucessfully created image eu.gcr.io/$project-id/base
[Docker] INFO: Pushing image eu.gcr.io/$project-id/base
ERROR: Build step failed with exception
javax.ws.rs.ProcessingException: org.apache.http.NoHttpResponseException: 127.0.0.1:2375 failed to respond
So, that leaves us with an applicational problem. Check your Google oAuth credentials, it can be an unauthorized access exception being throwed, in which you'll have to create the credentials.
In any case, check your logs and elevate the log level to see if there's any important info that went unnoticed.