英文:
remote: HTTP Basic: Access denied downloading local repo in gitlab
问题
有很多关于这个主题的讨论,我读了很多但是我无法弄清楚我做错了什么。
Gitlab版本为14.5.2
Gitlab runner版本为14.5.1,并且以shell方式运行
启用了2FA并且我已经创建了我的访问令牌;我正在尝试编译一个使用我gitlab仓库中的库的Golang程序。这是我的yml文件:
variables:
REPOSITORY: $CI_REGISTRY/acme/test/master
before_script:
- export PATH=$PATH:/usr/local/go/bin
- docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
- go env -w GOOS=linux
- go env -w GOARCH=amd64
- go env -w GOPRIVATE=gitlab.acme.com
build_image:
script:
- ssh-keyscan -t rsa gitlab.acme.com >> ~/.ssh/known_hosts
- echo -e "machine gitlab.acme.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
- git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf git://gitlab.acme.com/
- go mod download
- go build
- docker build -f Dockerfile -t $REPOSITORY:latest .
- docker push $REPOSITORY:latest
- docker rmi $(docker images $REPOSITORY -a -q)
- rm $HOME/.netrc
结果是这样的:
go mod download: gitlab.acme.com/datamanent/go-commons@v0.0.0-20211221151250-f0220d428461: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/gitlab-runner/go/pkg/mod/cache/vcs/c9ecbc2c20382f733e0a04c852c63cb9a78c5166f9ae2d25864a2d7728490ddb: exit status 128:
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab.acme.com/test/go-commons.git/'
Cleaning up project directory and file based variables
如果我不使用内部库,编译是正常的,并且推送到gitlab仓库也是可以的。
如果我尝试克隆仓库而不是执行go mod download,像这样:
- git clone git@gitlab.acme.com:test/go-commons.git
当然这不起作用,我得到了这个消息:
cloning into 'go-commons'...
Permission denied, please try again.
Permission denied, please try again.
git@gitlab.acme.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Cleaning up project directory and file based variables
--------------- 更新 ---------------
感谢@VonC,我将git指令更改为:
git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
git@gitlab.acme.com:
不幸的是,这还不够,而且这真的很奇怪,所以我在流水线中添加了cat $HOME/.gitconfig
,我想看看指令是否被正确添加。我看到有很多条目,很可能是每次我尝试运行CI时都会添加,我真是个傻瓜,我以为文件每次运行CI时都会消失(但我是在shell中而不是在docker中),所以我删除了它,现在可以工作了。
英文:
There a lot of discussion on this topic, I read a lot but I cannot figure out what I'm doing wrong.
Gitlab version 14.5.2
Gitlab runner version: 14.5.1 and running as shell
2FA is enabled and I have created my access token; I'm trying to compile a Golang program that use a library in my gitlab repo. Here my yml file
variables:
REPOSITORY: $CI_REGISTRY/acme/test/master
before_script:
- export PATH=$PATH:/usr/local/go/bin
- docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
- go env -w GOOS=linux
- go env -w GOARCH=amd64
- go env -w GOPRIVATE=gitlab.acme.com
build_image:
script:
- ssh-keyscan -t rsa gitlab.acme.com >> ~/.ssh/known_hosts
- echo -e "machine gitlab.acme.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
- git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf git://gitlab.acme.com/
- go mod download
- go build
- docker build -f Dockerfile -t $REPOSITORY:latest .
- docker push $REPOSITORY:latest
- docker rmi $(docker images $REPOSITORY -a -q)
- rm $HOME/.netrc
The result is this:
go mod download: gitlab.acme.com/datamanent/go-commons@v0.0.0-20211221151250-f0220d428461: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/gitlab-runner/go/pkg/mod/cache/vcs/c9ecbc2c20382f733e0a04c852c63cb9a78c5166f9ae2d25864a2d7728490ddb: exit status 128:
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab.acme.com/test/go-commons.git/'
Cleaning up project directory and file based variables
If I don't use an internal lib, compile is fine and push in gitlab registry is ok as well.
If I try to clone the repo instead of doing go mod download, doing this:
- git clone git@gitlab.acme.com:test/go-commons.git
Of course it doesn't work I got this message:
cloning into 'go-commons'...
Permission denied, please try again.
Permission denied, please try again.
git@gitlab.acme.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Cleaning up project directory and file based variables
--------------- UPDATE ---------------
Thanks to @VonC I change the git directive to
git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
git@gitlab.acme.com:
unfortunately this was still not enough, and it was really weird, so I add to the pipeline cat $HOME/.gitconfig
I wanted to see if it was correctly added the directive. And what I see was that there were a lots of entries, most likely everytime I tried the pipeline, stupid me, I thought the file went away everytime I run the CI (but I'm in shell not in docker), so I delete it and now works.
答案1
得分: 1
在你的测试中,你尝试使用SSH URL git@gitlab.acme.com:...
进行克隆,但没有成功。将其替换为带有凭据的HTTPS URL(包括令牌,以通过双因素认证)是有意义的。
但是在你的 git config
中,你替换了一个Git URL git://gitlab.acme.com/
(不是一个SSH URL)。
首先尝试显示 $REPOSITORY
,以双重检查它是一个SSH URL还是Git URL。
因为如果它是一个SSH URL,你将需要一个类似以下的 InsteadOf
指令:
git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
git@gitlab.acme.com:
OP NiBE 添加了以下内容:
> 我在流水线中添加了 cat $HOME/.gitconfig
:我想看看指令是否被正确添加。
>
> 我看到有很多条目,很可能是每次我尝试运行流水线时都会添加一次(我以为每次运行CI时文件都会消失,但我是在shell而不是在docker中)。
>
> 所以我将其删除,现在可以正常工作了。
英文:
In your test, you tried to clone using an SSH URL git@gitlab.acme.com:...
, which did not work.
Replacing it be an HTTPS with credentials (including a token, to pass 2FA) would make sense.
But in your git config
, you replace a Git URL git://gitlab.acme.com/
(not an SSH URL).
Try and display $REPOSITORY
first, to double check if it is an SSH or Git URL.
Because if it is an SSH one, you would need an InsteadOf
directive like:
git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
git@gitlab.acme.com:
The OP NiBE adds
> I added to the pipeline cat $HOME/.gitconfig
: I wanted to see if it was correctly added the directive.
>
> And what I see was that there were a lots of entries, most likely every time I tried the pipeline (I thought the file went away everytime I run the CI, but I'm in shell not in docker).
>
> So I delete it and now works.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论