Can't get sauce labs and travis CI to work - travis-ci

I'm trying to run a test with sauce labs + travis CI but no luck.
Here's where I think the issue is:
https://travis-ci.org/angulytics/angular-snitch/builds/50894194#L402
UnknownError: Sauce Labs Authentication Error.
You used username 'None' and access key 'None' to authenticate, which are not valid Sauce Labs credentials.
However, I have added the keys to my travis settings page. Also, it looks like Travis is in fact exporting them
https://travis-ci.org/angulytics/angular-snitch/builds/50894194#L80
$ export SAUCE_USERNAME=[secure]
$ export SAUCE_ACCESS_KEY=[secure]
So what's going on?
If it helps, you can check the rest of the protractor.conf here
https://github.com/angulytics/angular-snitch/blob/master/protractor.conf.js

I can't remember where exactly I found the answer, but I had to remove the seleniumAddress config option for reasons I don't really understand.

Related

Puppet Code Manager setup issue with Bitbucket

I have just installed puppet server enterprise and successfully added a few nodes and got some custom modules running also. I am now wanting to move to Code Manager before we get too deep in it.
I have followed the instructions for creating an empty Bitbucket repo here and initializing it with one single file environment.conf on a production branch as described in that link.
I have then followed the steps here to configure Code Manager but when I get to Test the control repository section to test the connection with puppet-code deploy --dry-run I get the following error:
--dry-run implies --all.
--dry-run implies --wait.
Dry-run deploying all environments.
2021/12/21 20:21:12 ERROR - [POST /deploys][500] Errors while collecting a list of environments to deploy (exit code: 1).
"/opt/puppetlabs/puppet/lib/ruby/gems/2.7.0/gems/rugged-0.27.7/lib/rugged/repository.rb:258: warning: Using the last argument as keyword parameters is deprecated\nERROR\t -\u003e Unable to determine current branches for Git source 'puppet' (/etc/puppetlabs/code-staging/environments)\nOriginal exception:\nFailed to authenticate SSH session: Unable to send userauth-publickey request at /opt/puppetlabs/server/data/code-manager/git/git#git.company.com-1234-in-puppet-control-repo.git\n"
I have added the puppet server's SSH pub key to the bitbucket repo's access tokens.
There are a few things in that error message im not fully understanding.
Unable to determine current branches for Git source 'puppet' - What is meant by source 'puppet' - my repo is called puppet-control-repo...?
Failed to authenticate SSH session: Unable to send userauth-publickey request - My puppet master's SSH keys are in the token list for that repo so confused here also.
Any guidance would be appreciated.
UPDATE (13-01-2022):
I can successfully clone on puppet server using command
git clone ssh://git#git.example.com:1234/project/puppet-control-repo.git --config core.sshCommand="ssh -i /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa"
Note sure why puppet is still returning:
Failed to authenticate SSH session: Unable to send userauth-publickey request
I don't know if you saw the instructions here https://puppet.com/docs/pe/2021.4/control_repo.html#managing_environments_with_a_control_repository but you can run
puppet infrastructure configure
which makes sure the files have right permissions.
I would also test attempting a clone with keys works outside of code deploy
git clone -i /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa your_gir_url
If this works it may be worth being aware of an issue we experienced on github https://puppet.com/blog/how-githubs-protocol-changes-impact-your-puppet-code-deployments/ which depending on bitbuckets approach to protocal may be having a similar affect.
We are updating docs to recommend the usage of more secure keys ed25519 creating as per the article.
if a manual clone doesnt work it suggests bitbucket doesn't have your public key correctly
Also a more complete debugging command is
runuser -u pe-puppet -- /opt/puppetlabs/puppet/bin/r10k -c /opt/puppetlabs/server/data/code-manager/r10k.yaml deploy environment production --puppetfile --verbose debug2
FOLLOWUP
On investigation we found https://support.puppet.com/hc/en-us/articles/227829007 which showed ssh:// was required at the start of r10k_remote making an example command of ssh://git#bitbucket.org:davidsandilands/control-repo.git
I have requested updates to https://support.puppet.com/hc/en-us/articles/227829007 to highlight this is not a version confined issue and asked for the puppet code manager configuration docs to be updated to reflect this may be required.
I see that you have a .pub file in the ssh directory. I believe it's expecting a private key there.
Also do you have the master class set up to point to your repo inside of Puppet Enterprise web ui?
You'll want to set the following parameters on that class.
code_manager_auto_configure = true
r10k_private_key = $PRIVATE_KEY_IN_SSH_FOLDER_ABSOLUTE_PATH
r10k_remote = Your git URL
The PE Master can be found in Node Groups on the PE Web UI Node Groups -> PE Infrastructure -> PE Master
Thanks to #david-sandilands for helping me resolve this and guiding me to this article via the puppet community slack. Top guy!
EDIT 1:
The solution was documented here: https://support.puppet.com/hc/en-us/articles/227829007-Fix-your-Bitbucket-Stash-Code-Manager-configuration-in-Puppet-Enterprise-2015-3-to-2017-2
However the documentation was out of date as it affected version 2021.4 also.
In short:
r10k_remote = "ssh://git#git.company.com:1234/project/control-repo.git"
Not
r10k_remote = "git#git.company.com:1234/project/control-repo.git"
When working with Bitbucket Server.
EDIT 2:
Puppet have since updated their documentation:
https://puppet.com/docs/pe/2021.5/code_mgr_config.html#code_mgr_enable

Automating 2FA using Fastlane/CircleCI

What is the correct way to setup 2FA for beta uploads to iTunesConnect/TestFlight?
There are so many links and forums answers but none solve the issue.
Currently I have added the environment variables into CircleCI, including the Application Specific Password generated on the AppleID.
I have a lane in Fastlane that looks like this
desc "Alpha build"
lane :alpha do
match(type: "adhoc")
gym(export_method: "ad-hoc")
upload_to_testflight(skip_submission: true)
end
I run the preauth command below before the alpha lane
- run:
name: Spaceship pre-auth for 2FA
command: bundle exec fastlane spaceauth -u [redacted].com
Fastlane seems to be failing on auth even if the password is correct
Please check your credentials and try again.
This could be an issue with App Store Connect,
Please try unsetting the FASTLANE_SESSION environment variable
If I remove the spaceauth command circleci is failing by timing out waiting for 2FA.
The Fastlane site says that there is no need to use spaceauth unless additional app store connect APIs are being used such as uploading metadata etc. It states that for uploads to testflight only the Application Specific Password should be enough, although this doesnt work either.
Has anyone solved this issue that can advise please?
You can authenticate with Apple through API key. You can generate the key here: https://appstoreconnect.apple.com/access/api.
Once you have the key.p8 file, you can used to auth with the fastlane command: app_store_connect_api_key as follow:
app_store_connect_api_key(
key_id: "ABCDEFG",
issuer_id: "Your_issuer_id",
key_content: File.read("./key.p8").chomp,
duration: 1200,
in_house: false
)
After the execution of the command, the key session is store in the following env var: APP_STORE_CONNECT_API_KEY so your upload to testflight should look like this:
upload_to_testflight(
groups: ["Friends & Family","Mytest-Group"],
ipa: "./build/myapp.ipa",
api_key: Actions.lane_context[SharedValues::APP_STORE_CONNECT_API_KEY]
)
Use CI server's REST API to update the value of FASTLANE_SESSION configuration parameter. In our case we have it defined in one place and it gets reused by all jobs that need to auth to Dev Center / App Store Connect. I haven't looked into details, but I'm sure there's a way to update the job/project parameter via REST call. Then again, have a scheduled job that runs spaceauth and uses REST API to set the new value.
The docs are wrong there - and it's my fault. I updated the docs article before the actual code enabling this is merged.
Your best best currently is to create a second account that doesn't have 2FA enabled, or using spaceauth locally and then copying the returned value into a ENV variable on your CI provider, although it probably will only work 24 hours. We are currently investigating how to improve this.

How do I use travis encrypt to encrypt browserstack key?

I am having trouble getting my browserstack credentials to work on Travis. The credentials work locally if I don't encrypt the key and trigger the build from my local by just using environment variables.
I am using travis encrypt, which is instructed here: https://docs.travis-ci.com/user/browserstack/ but I am not sure I am using it correctly and am having difficulty finding documentation on the command.
If my browserstack key is foo, should the command be:
travis encrypt foo
travis encrypt BROWSERSTACK_ACCESS_KEY=foo
travis encrypt BROWSERSTACK_ACCESS_KEY="foo"
or something else? I am using the output of the command and putting it at the end of my .travis.yml like so:
addons:
browserstack:
username: "myusername"
access_key:
secure: "encryptedkey"
But I am consistently getting Browserstack access_key is invalid. in my Travis build.
Since Travis uses bash to evaluate this (iirc) you should use single quotes instead as bash will not expand special characters within single quotes. And you could probably also wrap the whole thing in double quotes for good measure, so this should work:
travis encrypt "BROWSERSTACK_ACCESS_KEY='foo'"
Also, if I understand your use of this secret correctly you should do something like this instead to configure the addon:
secure: "$BROWSERSTACK_ACCESS_KEY"

How to login into a Travis Enterprise using Travis CLI?

I'm trying to login to an own hosted Travis Enterprise, but usual travis login and travis login --pro are trying to login to usual Travis SAAS environment
Given that your Travis is hosted at travis.fewlaps.com, run
travis login -I -t your-travis-token -e https://travis.fewlaps.com/api --github-token=personal-access-token-from-githubenterprise &&
travis endpoint --set-default -e https://travis.fewlaps.com/api
...and then, to use your own Travis instead of the common one at every travis command,
travis endpoint --set-default -e https://travis.fewlaps.com/api
Remember that Travis will need that your GitHub Enterpise has the needed permissons. Right now, we're giving to that token these permissions:
repo (all of them)
admin:repo_hook
user
For those still struggling with this, the following helped me:
travis login --pro -X --github-token ${github-token}
Make sure you set the github token for your personal account with access to the private repos as detailed here, and create the token with the following permissions:
For private projects:
user:email (read-only)
read:org (read-only)
repo
for open source projects:
user:email (read-only)
read:org (read-only)
repo_deployment
repo:status
write:repo_hook
I have been struggling with this for several months and finally figured it out (accidentally). You can use the -X option to log into enterprise accounts. This might have always been present, but I was not aware of it.
travis login -X --github-token ${my-github-enterprise-token}
Then enter the enterprise domain when prompted and use it as the default endpoint.

travis-ci encrypt command is asking for login --pro

I am trying to encrypt some signature details using travis cli:
travis encrypt SONATYPE_USERNAME=xxxx
I get an error saying :
not logged in, please run travis login --pro
Is it required to have a pro login to use encrypt? Can I not use org login and use this command?
To encrypt, Travis-CLI will require being logged in first. The --pro flag provided with the help string is a good default (travis.com (paid) users are more likely to use the CLI), but not strictly necessary and can be replaced with --org, which will use the travis.org (free) endpoint.
for https://travis-ci.org
travis login --org
travis encrypt <string> --org

Resources