3

I am using https://github.com/researchgate/gradle-release with the below config in my ci on Gitlab:

release:
image: gradle:jdk11
stage: release
script:
 - git checkout master
 - ./gradlew release
only:
 - master
when: manual

And it complains that the user does not have access to write to the repo.

Execution failed for task ':example-core:preTagCommit'.
> Failed to push to remote - [][remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab.com/myUser/example.git/': The 
requested URL returned error: 403

I checked and the CI Job Token only has read access. Is there a way to login here as part of the script ideally with a token instead of hard-coding credentials? Thanks.

Edit one: I tried using SSH key/ deploy key with the following config. But it did not work:

release:
image: gradle:jdk11
stage: release
script:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client - 
y )'

- eval $(ssh-agent -s)
- ssh-add <(echo "$CI_CD_SSH_KEY")
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- git config --global user.email "myUserg@gmail.com"
- git config --global user.name "GitLab CI/CD"
- git checkout -B master
- ./gradlew release -DskipTests

Edit two: I have added the correct config here. The trick is to check out the repo after adding the SSH key to the right place and to the SSH agent:

release:
image: gradle:jdk11
stage: ...
before_script:
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)

# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- echo "$CI_CD_SSH_KEY" | tr -d '\r' | ssh-add -


- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
 # copy the keys to the right place
- ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- git config --global user.email "username@gmail.com"
- git config --global user.name "GitLab CI/CD"
- git remote set-url origin git@gitlab.com:username/project.git
- git checkout master
# grab the version from the properties file
- VERSION=`grep 'version' ./gradle.properties | grep -oE "(([0-9]{1,3}\.){2} 
[0-9]{1,3})"`

After this, you can then run your script like this:

  script:
- ./gradlew release
BlackLog
  • 301
  • 1
  • 5
  • 17
  • Somewhere in that release target, you’re trying to create a git commit without having set up the user name and email for the author. – Timothy Brackett Nov 12 '20 at 01:42
  • I put the wrong message, but I just corrected it. – BlackLog Nov 12 '20 at 01:49
  • You want to create a Masked and Protected variable in your project’s CI/CD Settings and then reference that. – Timothy Brackett Nov 12 '20 at 01:53
  • Done that, doesnt work here. It only works when the auth details is included in the URL like when we clone. I have also tried the SSH key/ Deploy key combo. Surprisingly that did not work either. It should have... It is bizarre. – BlackLog Nov 12 '20 at 05:07
  • Sorry, can’t help any further. That gradle plugin doesn’t seem to support providing credentials. – Timothy Brackett Nov 12 '20 at 05:22
  • I'm not that familiar with gitlab-ci but can it be that the ssh key approach doesn't work as the ci might does a checkout via https? – Hillkorn Nov 12 '20 at 08:34
  • Yes, that was actually part of the problem. – BlackLog Nov 13 '20 at 02:52

0 Answers0