rundeck-plugins / git-plugin Goto Github PK

I would like to request an enhancement that would enable this plugin to manage the most common operations around working with git.

Situation:

Rundeck server has local files that get modified as part of other jobs. Gitlab is used to store master copy and revision changes. git-plugin is then called to add and stage changes to those files, and push changes up to git branch. Support commit message boilerplate with ability to prepend/append additional values/variables.

If one cancels a job in the midst of git clone, next time it'll fail with:

java.lang.NullPointerException
Failed pulling the repository from ssh://[email protected]/your/repo.git: null

Instead, it should clean up the mess and retry gracefully IMHO.

├── gradle
│ └── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties

i think folder is missing

It looks like the git plugin when checking out a repository with symlinks does not create the symlink on the filesystem but instead just creates a file with the destination which I think is what git is tracking internally.

This plugin does not seem to provide the supplied authentication method (tried ssh key & password) to git-lfs if a given repo uses it. Only files tracked with regular git are pulled down in this case.

The event like the below occurred and can not resolve it.
rundeck/rundeck#4205

I think it probably relates to git-plugin of rundeck. If you know something, could you tell me?
Thank you.

Hi

I need execue the git clone into a node select in Nodes tab inside the job, is it possible? Or only is it possible download in the rundeck server node?

Can we have an option to pull the latest changes on workflow execute? Currently I have to remove the directory before and reclone it would be nice if this was a single step instead of two separate workflow steps.

Hi,

Is it possible to use SSH Key Storage Path in plugin configuration to refer to a ssh key ?

Regards

Hello,

I'm having issues trying to use this plugin to clone a Git repo from a private Bitbucket using an SSL certificate signed by a private CA.

The error message:

org.eclipse.jgit.api.errors.TransportException: https://XXX.XXX.com/scm/itg/git.git: cannot open git-upload-pack
...
Caused by: org.eclipse.jgit.errors.TransportException: https://XXX.XXX.com/scm/itg/git.git: cannot open git-upload-pack
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Failed cloning the repository from https://XXX.XXX.com/scm/itg/git.git: https://XXX.XXX.com/scm/itg/git.git: cannot open git-upload-pack

I have Rundeck configured to use the truststore with the CA certificate marked as trusted. The ssl.properties points to the truststore and has the correct password.
When I list the content of the truststore, I see the CA certificate correctly.

Any idea how to make this work?

Thanks!

Hi,

I'm dealing with the problem in title.

When i use the plugin with an https or ssh url with groups/subgroup/project the output give me a null pointer exception.
Exemple url : ssh://git@/Group/Subgroup/project.git

`
java.lang.NullPointerException

17:01:57 |   |   | at org.eclipse.jgit.lib.ObjectIdOwnerMap.get(ObjectIdOwnerMap.java:131)
17:01:57 |   |   | at org.eclipse.jgit.revwalk.RevWalk.parseAny(RevWalk.java:857)
17:01:57 |   |   | at org.eclipse.jgit.revwalk.RevWalk.parseCommit(RevWalk.java:772)
17:01:57 |   |   | at org.eclipse.jgit.api.RebaseCommand.call(RebaseCommand.java:296)
17:01:57 |   |   | at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:324)
17:01:57 |   |   | at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:80)
17:01:57 |   |   | at java_util_concurrent_Callable$call$0.call(Unknown Source)
17:01:57 |   |   | at com.rundeck.plugin.GitManager.performPull(GitManager.groovy:122)
17:01:57 |   |   | at com.rundeck.plugin.GitManager.this$2$performPull(GitManager.groovy)
17:01:57 |   |   | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
17:01:57 |   |   | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
17:01:57 |   |   | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
17:01:57 |   |   | at java.lang.reflect.Method.invoke(Method.java:498)
17:01:57 |   |   | at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
17:01:57 |   |   | at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:59)
17:01:57 |   |   | at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:169)
17:01:57 |   |   | at com.rundeck.plugin.GitManager.cloneOrCreate(GitManager.groovy:71)
17:01:57 |   |   | at com.rundeck.plugin.GitManager$cloneOrCreate$0.call(Unknown Source)
17:01:57 |   |   | at com.rundeck.plugin.GitCloneWorkflowStep.executeStep(GitCloneWorkflowStep.groovy:128)
17:01:57 |   |   | at com.dtolabs.rundeck.core.execution.workflow.steps.StepPluginAdapter.executeWorkflowStep(StepPluginAdapter.java:114)
17:01:57 |   |   | at com.dtolabs.rundeck.core.execution.ExecutionServiceImpl.executeStep(ExecutionServiceImpl.java:111)
17:01:57 |   |   | at com.dtolabs.rundeck.core.execution.workflow.BaseWorkflowExecutor.executeWFItem(BaseWorkflowExecutor.java:291)
17:01:57 |   |   | at com.dtolabs.rundeck.core.execution.workflow.BaseWorkflowExecutor.executeWorkflowStep(BaseWorkflowExecutor.java:687)
17:01:57 |   |   | at com.dtolabs.rundeck.core.execution.workflow.engine.StepCallable.apply(StepCallable.java:71)
17:01:57 |   |   | at com.dtolabs.rundeck.core.execution.workflow.engine.StepOperation.apply(StepOperation.java:73)
17:01:57 |   |   | at com.dtolabs.rundeck.core.execution.workflow.engine.StepOperation.apply(StepOperation.java:31)
17:01:57 |   |   | at com.dtolabs.rundeck.core.rules.WorkflowEngineOperationsProcessor.lambda$processRunnableOperations$1(WorkflowEngineOperationsProcessor.java:222)
17:01:57 |   |   | at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
17:01:57 |   |   | at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57)
17:01:57 |   |   | at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
17:01:57 |   |   | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
17:01:57 |   |   | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
17:01:57 |   |   | at java.lang.Thread.run(Thread.java:748)
17:01:57 |   |   | Failed pulling the repository from ssh://git@<url_git>/group/subgroup/project.git: null (data obfuscated)
17:01:57 |   |   | Execution failed: 147 in project Pole_Datascientist: [Workflow result: , step failures: {1=PluginFailed: No such property: op for class: com.rundeck.plugin.GitCloneWorkflowStep}, flow control: Continue, status: failed]
`

Hi

Only xml or yaml format files can be imported from git repos but not json files. Perhaps I don't understand the purpose of this plugin but as Rundeck jobs support reading json format local files to populate options values wouldn't it make sense to allow json format files to be imported as well?

Stephen

Currently, a repo can be checked out everywhere on the system, as long as the user running Rundeck has the correct system access.

For a instance that is shared by many projects, this might be both inconvenient and a potential security risk; as checkouts can overwrite other checkouts, used by other projects; or even the contents of the Rundeck home directory itself.

It should be possible to force projects to always check out a repository in a subdirectory that is not shared with other projects.

I apologize if this has already been covered, but I have not been able to find a method to edit my ACL files to restrict the "Git Import: Import Remote Changes" and "Git Export: Commit Changes to Git" to specif users, or roles.

Is this possible?

I installed the plugin and added this config to the project. However instead of adjusting the path to be project specific /var/lib/rundeck/projects/a_project/{path} it instead tried using root. So the plugin tried cloning the repo to /{path}.

Does the plugin depend on any env var? My rundeck-config.properties has

rdeck.base=/var/lib/rundeck

and framework.properties has this

framework.projects.dir=/var/lib/rundeck/projects
framework.etc.dir=/etc/rundeck
framework.var.dir=/var/lib/rundeck/var
framework.tmp.dir=/var/lib/rundeck/var/tmp
framework.logs.dir=/var/lib/rundeck/logs
framework.libext.dir=/var/lib/rundeck/libext

On the plugin, is missing the username on the https:// URL from the "more info" under the git url textbox.
e.g.
https://username@server/username/repo.git

We just updated rundeck from latest v3.2 to latest v3.3, after that this plugin stopped working.

In the logs I can see:

[2020-07-06T14:21:57,736] ERROR services.ExecutionUtilService [quartzScheduler_Worker-1] - Execution failed: 47834 in project CS: [Workflow result: , step failures: {1=PluginFailed: org/apache/log4j/Logger}, status: failed]
[2020-07-06T14:26:11,820] ERROR services.ExecutionUtilService [quartzScheduler_Worker-2] - Execution failed: 47835 in project CS: [Workflow result: , step failures: {1=PluginFailed: org/apache/log4j/Logger}, status: failed]

Also, in the upgrade section of the release note I found something related to log4j, so I thought one thing could be related to the other, unfortunately I cannot check it myself as I don't know java.

Let me know if there is anything else I can help with.

Thanks,
Joel.

I've created an ed25519 for gitlab authentication. but it doesn't seems to work:

invalid privatekey: [B@15b0e7f3

If I test it on the rundeck server from command line it works OK.

I've tried in other rundeck instances with rsa keys and it works.