Comments (15)
In the next version, AL-Go will display a warning when it encounters secrets, which might cause this kind of disruption.
Displaying the name of problematic secrets - but obviously not the values.
It is still up to the customer/partner to make sure that these secrets are not made available in AL-Go repositories.
from al-go.
The customer has more than 700 repros, so it was not an option right now to change the setup - instead a temporary solution where all the org-secrets is overwritten in the algo repro with the same variables at repository-level has been created (with a dummy json-structure). This made the difference and now it's working again.
Thanks for your help, Fredddy - and for making the change to better warnings in the next version.
from al-go.
It looks like you have spaces or newlines in your secrets (maybe the authcontext is not compressed)?
from al-go.
I checked the json in the authcontext and no spaces or new lines :/
I also checked the values in postman to verify the app registration.
from al-go.
It might be another secret or an organizational secret accessible in this repo.
Looking at
You can see that everywhere where there is a { or a } - they are masked as three *'s
This happens when the brackets are considered secrets - and then everything falls apart.
from al-go.
Yes, I know that it, for some reason, is considered a secret, but I can see that I didn't write that explicitly in my question, sorry :)
I am working on a customer github-repository, so I will have to ask the admin to check the organizational secrets. Do you have an idea which other secrets the al-go needs to access on that level?
I also suspect that it could be a lack of sufficient permissions, so looking into that as well.
from al-go.
It might be secrets made available to this repo that the repo doesn't use.
AL-Go doesn't use a lot of secrets, but if secrets with this content is made available to the github repo, they are masked as well.
You can see which secrets are made available to the repo under:
https://github.com/<owner>/<repo>/settings/secrets/actions
The AL-Go repository should only have secrets available, which it needs.
from al-go.
Thank you very much :) Will look into that.
from al-go.
Hi Freddy
I have investigated the problem with customers admin of their github-repro.
It dosen't matter if we use an account with full admin permissions or with a pro-github subscription - we still have the same problems.
The customer did not want to recreate all their organisational secrets as you suggested. They are pretty sure they have well formed json as they are used all the time.
Instead the admin tried ruling them out the current repository - that did not change error-message either.
The problem with the environment being regarded as secrets starts immediatly after initiating the repo at step 1 - both with an organisational account and a personal account and with a free or pro subscription.
For your information the repro is internal as it is not possible to make it public as your walkthrough suggests.
Any more ideas? :)
from al-go.
The issue comes from secrets being formatted as:
{
"property": "value"
}
instead of
{"property":"value"}
Both are perfectly fine json - but the upper will cause issues.
I will do some investigations on whether we can avoid that.
from al-go.
The issue starts at initiating the repro - before any secrets have been created, so in that case it must be some organisational secrets in the customer environment as you suggested. Thank you very much for looking into it anyway, Freddy :) I have also asked the customer to go through their variables again
from al-go.
Hi again :)
I asked the customer to open temporaraly for the possibility to create public repros in their organisation - and this made the difference.
No problems with environments to be regarded as secret. So it seems that it is not possible to use ALGo for private repositories.
from al-go.
AL-Go works just fine with private repositories as well. The difference is that all the organizational secrets are probably not available to public repositories, the secrets are probably set to be available to private repositories:
Secrets should only be available to the repositories who needs them.
from al-go.
Okay, happy to hear that :)
In fact, the customer tried this at one point without success - but I do not know exactly how it was done, so I will inform him of this and ask him to try again.
from al-go.
Okay, thank you - that sound good. The customer has a complex setup, that has to be changed first - so if you could publish the algo-changes or send them here it would be a great help.
from al-go.
Related Issues (20)
- Change version HOT 2
- Timeouts when downloading Artifacts? HOT 6
- AppSource App deployment failes with PerTenantExtensionCop Error PTE0001 and PTE0002 HOT 6
- Unstable workflow "Test Current" HOT 4
- CICD workflow is deploying a different app version number from the build artifact HOT 1
- keyVaultCodesignCertificateName - error HOT 3
- SyncMode for custom deployments? HOT 4
- Automatic updates for AL-Go are failing HOT 9
- Deployment to the sandbox environment failed with the error message: "underlying connection was closed." HOT 3
- Publish to AppSource fails with error code AVS0106 HOT 2
- Deliver to Storage Failing with Error Message "unable to locate apps" HOT 1
- Sync-NAVApp : Table 344 Setup Checklist Line :: The table 'Setup Checklist Line' cannot be located. Removing tables is not allowed unless they are temporary or are being moved by migration to another app. HOT 4
- BCContainerHelper settings skipped HOT 2
- RELEASENOTES.copy.md not updated when running Update AL-Go System Files? HOT 1
- Publish to AppSource does not include library app HOT 12
- Enhancement request: named secret setting fot AZURE_CREDENTIALS
- No apps to publish given during DeployTo job
- Steps in "Publish To Environment" not using custom shell-property from deployment settings
- Build cannot find build artifacts
- Deliver to Storage is not using ubuntu runner
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from al-go.