I recently converted a private GitHub account to an Organization and that seems to have totally screwed up my authentication with AWS Code Deploy on every one of my repositories.
I checked the Webhooks & services for AWS Code Deploy and my keys are set properly.
I also re-authenticated with GitHub when creating a new deployment.
My AIM permissions have not changed and pass the GitHub Test
But, I receive the following message every time I try to deploy...
Could not download bundle at 'https://api.github.com/repos/artofdev/django/tarball/1ec682b03d3f160d401d0aaf565a66d99f28734e' after 3 retries. Server returned codes: 404 'Not Found'; 404 'Not Found'; 404 'Not Found'; 404 'Not Found'.
[EDIT]: I setup a test repo and code deploy application on a personal github account and was able to deploy successfully. Does AWS Code Deploy work with Organization repos?
There is one more step authorization you need to do if you want to deploy from a private repo controlled by organization.
CodeDeploy just updated with a doc section here: http://docs.aws.amazon.com/codedeploy/latest/userguide/github-integ.html#github-integ-behaviors-org-repositories
Have you retried authenticating CodeDeploy with your new GitHub organization? It is likely that by changing your configuration on GitHub's side your previous authentications were invalidated.
To re-authenticate, you need to create a new deployment from the web console.
You won't need to fully finish creating the deployment, but before you get to the final step, you should see a "Reconnect to GitHub" link.
See GitHub Authentication with Applications in AWS CodeDeploy
I faced an exactly same issue. Resolution worked for me was:
Delete the application
Create new application and deployment
Re-authenticate with GitHub
Authorize codedeploy to access GitHub
Deploy
Here without deleting an application, it was not providing a way to re-authorize codedeploy to GitHub and that's the root cause of this issue.
for working your CI integration correctly, Go to -- You profile -->setting --> Application --> Authorize OAuth app should list codedeploy.
Related
I have the following scenario. Currently a Wordpress site was hosted on an EC2
server. There is no deployment strategy in place. It was using the AWS CLI to
deploy the data from local to the server.
Problem For various reasons, I don't want to take it over that way of deployment and am
currently considering putting the deployment process into a GitHub Action. Which
in itself wouldn't be a problem if it weren't for the 2FA check.
Using the AWS CLI, I am forced to enter the code displayed in my MS Authenticator
app into the CLI to proceed.
Question: Is it possible to deploy via GitHub Action and 2FA? I guess almost no?
But what do I know?
No, you can't have GitHub Actions prompt and enter the 2FA tokens on your behalf. But what you can do, is setup OpenID Connect between GitHub actions and AWS.
That way you can authorize GitHub Actions to make changes to specific resources in AWS and OIDC handles the magic key exchange parts to make sure it can safely do its thing.
More info here:
https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
You can use the wait-for-secrets GitHub Action to use 2FA from a GitHub Actions workflow. Wait-for-secrets GitHub Action waits for the developer to enter secrets during a workflow run. Developers can enter secrets using a web browser and use them in the workflow.
I am trying to set up a cloud build trigger from a public github repository with the Cloud Build GitHub App. I installed the app on my repository and authorized it but when I was redirected to GCP to connect the repository to a project this error message came up:
Failed to retrieve GitHub repositories.
The caller does not have permission
error
I suspect it may have something to do with having two factor authentication enabled on my github account, which I need for an organization.
I was able to mirror the same github repository from cloud source repositories without any issues though. I am the owner of the repository and gcp project.
*edit
Looks like the issue is due to having 2 factor authentication enabled on my github account. I disabled it and cloud build was able to connect with my repository. However I will need to have 2 factor enabled as my github organization requires it.
*edit
I hadn't mentioned the github organization i was part of had an ip whitelist configured on top of requiring 2 factor auth. I left the organization and reenabled 2 factor auth and cloud build was able to connect to my repo. Not sure why I would get the original issue if the repo is not in the github organization.
After looking more into this problem you either need to add GCE IP address ranges to the github organization IP whitelist https://cloud.google.com/compute/docs/faq#find_ip_range or just disable the whitelist if able to.
I was attempting to change the meta tags on my organization's angular project in the index.html. Our aws pipeline retrieves code from our github repository's master branch. Upon pushing the change, CodeStar on aws fails at the source.
We've reverted back to an older commit but still end up with the same error on CodeStar. The error on aws says:
"Invalid action configuration
Either the GitHub repository "quote-flow-v3" does not exist, or the GitHub access token provided has insufficient permissions to access the repository. Verify that the repository exists and edit the pipeline to reconnect the action to GitHub."
Normally, the code would publish to the live site upon pushing to changes. I've looked around and the closest I got to this issue is on here:
AWS CodePipeline doesn't work anymore - GitHub's token insufficient permissions
However, there doesn't seem to be a solution. Recreating the pipeline is not an option. Any Suggestions?
RESOLVED-
This problem occurred after a key member on our team left the git organization. Turns out the OAuth was attached to his git account. Fixed the issue be assigning the OAuth to a different admin!
I went through my first attempt at using CodeDeploy on AWS and did authorize CodeDeploy to access my GitHub account, but later decided that I did not want to give this admin level access since I am administrator for multiple organizations and this just felt very wrong to me.
So I revoked the OAuth token at GitHub.
Now I realize that I don't have any other good options and pretty much have to use CodeDeploy but the GitHub integration is now broken.
I tried deleting all of my CodeDeploy applications and starting over, but now whenever I click on the "Connect to GitHub" buttons in CodeDeploy it displays an error message "Token name is missing".
Is there any way to re-establish the OAuth token?
You can try and follow the steps described in that thread:
The codedeploy-agent uses the OAuth token, generated by the (Re)Connect with GitHub step, to enable it to download the deployment bundle from your GitHub repo. GitHub responds with a 404 Not Found if the token is missing, has no access, or the repo does not exist. The OAuth token is set up separately for each CodeDeploy application. The OAuth token may not have been set up for the CodeDeploy application, it may have been revoked, or the repo may have been deleted in GitHub.
Please ensure the repo exists in GitHub, and please try to '(Re)Connect with GitHub' to establish a new OAuth token for the CodeDeploy application:
GitHub Behaviors with AWS CodeDeploy
Create a Deployment with AWS CodeDeploy
Also, see the blog for automating AWS CodeDeploy deployment from GitHub for more information.
Note: that last blog mentions:
This post has been updated on October 1, 2018 to reflect the deprecation of GitHub services. You can learn more about this deprecation here.
We now recommend setting up automatic deployments from GitHub using AWS CodePipeline and AWS CodeDeploy.
I've authorised our GitHub account with CodePipeline and have selected my repository, however when running the pipeline I get the following:
Invalid action configuration
Either the GitHub repository "*****" does not exist, or the GitHub
access token provided has insufficient permissions to access the
repository. Verify that the repository exists and edit the pipeline to
reconnect the action to GitHub.
I've tried with both organisation and non-organisation repositories, as well as un-authenticating AWS Pipeline and re-authenticating.
I've also followed the steps here around generating a personal access token, this too returns the same error. http://docs.aws.amazon.com/codepipeline/latest/userguide/troubleshooting.html#troubleshooting-gs2
Not sure if anyone has any ideas as to what I may have missed?
Thanks!
No need of GitHub access token for integrating GitHub with AWS CodePipeline. For me, I authorized my GitHub account with AWS CodePipeline. I didn't add any services, integrations or webhooks in my repo. CodePipeline shows me list of repositories and related branches. It works!
I hope it may work for you. If you want see my repo
https://github.com/KumareshBabuNS/SampleAppLinux
Thanks
After extensive research and working with Amazon we have actually identified a bug in the integration!
Any one who has access to over 2000 repositories may experience issues, AWS are aware of this and we've spoken to a technical manager who is working on resolving the issue.
We simply created a new GitHub account and added access to just the few repos we needed to get around the issue.
Cheers