Fiori apps Deploy to ABAP system using CI

[tomocci]

I try to deploy and upload transport to ABAP system using CI. I refferred to the below a guide site. https://help.sap.com/viewer/3324745951b44b578bd65221d2ff8f9a/Cloud/en-US/82d852a5d083461c90ff54b453f1f390.html

I created the cm client using docker. And I executed the below command. fiori deploy --noConfig -t XXXXXXX -u https://XXXXXXX.XXXX:XXXX -p ZXX01 -n ZFIORIDEMO -l nnn -e "FioriDeployTest" -y --username ABAP_USER --password ABAP_PASSWORD

So I got this errors. -----ERROR Message--------- WARN Add:Deploy-config undefined WARN Add:Flp-config undefined info builder:custom deploy-to-abap Create Archive info builder:custom deploy-to-abap Starting Deployment. ERR! builder:custom deploy-to-abap Deployment Failed. ERR! builder:custom deploy-to-abap unable to verify the first certificate

The result file of a deployment was created as below. ----Project Directory------- root@46352155e8ca:/var/jenkins_home/workspace/FioriTest# ls FioriDemo.mtar mta.yaml resources xs-security.json Gruntfile.js package-lock.json supplierlist Jenkinsfile package.json transportRequestUploadCTS_errorDetails.json archive.zip piper whitesource

I added the custom certificate in this environment. The certificate was correct as below.

openssl s_client -connect xxxxxx.xxxxx:xxxx

-----Result-------- CONNECTED(00000003) depth=1 C = XX, ST = XXXXXX, O = SOLMAN LOCAL CA, CN = SOLMAN LOCAL CA verify return:1 depth=0 C = DE, O = SAP Trust Community, OU = SAP Web AS, OU = XXXXXXXXXX, CN = *.xxxxx verify return:1

Certificate chain 0 s:C = DE, O = SAP Trust Community, OU = SAP Web AS, OU =XXXXXXXXXX, , CN =*.xxxxx i:C = XX, ST = XXXX, O = SOLMAN LOCAL CA, CN = SOLMAN LOCAL CA

Peer signing digest: SHA512 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 1557 bytes and written 444 bytes Verification: OK

Please let me know how to regist the certificate to Fiori tool.

Thanks.

[rodibrin]

@tomocci

How does your docker image of the cm client look like?

Add the certificate to the trust store of the java runtime environment on the image using the keytool:

keytool -noprompt -import -file <cert file> -keystore $JAVA_HOME/lib/security/cacerts -storepass <password>

[tomocci]

@rodibrin Thank you for your reply.

My docker image was created using Dockerfile as below. -----DockerFile------ FROM node USER root RUN npm install -global @ui5/cli @sap/ux-ui5-tooling @ui5/logger @ui5/fs ENV ABAP_USER=XXXXXX ABAP_PASSWORD=XXXXXX COPY clientx5092.pem /usr/share/ca-certificates/mozilla/clientx5092 COPY cacert.pem /usr/share/ca-certificates/mozilla/cacert COPY XXXXX.pem /usr/share/ca-certificates/mozilla/XXXXX RUN echo mozilla/clientx5092 >> /etc/ca-certificates.conf RUN echo mozilla/cacert >> /etc/ca-certificates.conf RUN echo mozilla/XXXXXX >> /etc/ca-certificates.conf RUN echo xxxxxxx.xxxxx xx.x.x.x >> /etc/hosts RUN update-ca-certificates USER node

I can't find the java runtime environment in my cm client. Do I need the java runtime in the cm client? Thank you. Best regards, Tomoko.

[rodibrin]

@tomocci my fault, i was focused on SAP/devops-cm-client which contains a java client to access. But you are using the node based client.

Try to disable the TSL validation by adding the following line to the dockerfile:

ENV NODE_TLS_REJECT_UNAUTHORIZED=0

if that works add your certificate by the following dockerfile entry instead

ENV NODE_EXTRA_CA_CERTS=[your CA certificate file path]

[tomocci]

@ridubrub Thank you! I set the environment variable of the node as you said. I confirm it works! Thanks for this improvement!! Best regards, Tomoko