nflaig
commented
3 months ago I don't believe those credentials are passed as basic authentication but rather to log into the registry itself.
Open Piwero opened 3 months ago
nflaig
commented
3 months ago I don't believe those credentials are passed as basic authentication but rather to log into the registry itself.
Piwero
commented
3 months ago I don't believe those credentials are passed as basic authentication but rather to log into the registry itself.
Sorry, I don't understand what you mean here. I have passed those credentials which are used for adding the repo itself, for what I can see in the error it uses to add the repo like helm repo add --username testuser --password-stdin semantic-release-helm https://testmuseum.piwero.com. How are they supposed to work? or what should I pass instead as secrets in GH?
nflaig
commented
3 months ago you can see the error here https://github.com/Piwero/sandbox-github-actions/actions/runs/9160876947/job/25184511775#step:5:75, and trying to open https://testmuseum.piwero.com/index.yaml it requires basic authentication.
self-hosted Chartmuseum
what software are you using?
Piwero
commented
3 months ago @nflaig just self hosted in a server, using traefik as ingress route. It works fine when running directly helm repo add test-museum https://testmuseum.piwero.com -username testuser --password XXX Basic authentication is passed with the secrets on GH with
CM_REGISTRY: https://testmuseum.piwero.com
REGISTRY_USERNAME: testuser
REGISTRY_PASSWORD: ********isn't it?
I can see trying to use those parameters here https://github.com/Piwero/sandbox-github-actions/actions/runs/9160876947/job/25184511775#step:5:68
nflaig
commented
3 months ago using traefik as ingress route
Remove basic auth from traefik, or include basic authentication credentials in the URL
https://<username>:<password>@testmuseum.piwero.com
This is not an issue of this package but rather how you set up your server
Piwero
commented
3 months ago @nflaig My basic authentication isn't with Traefik but with chartmuseum. Does this plugin don't take into consideration basic auth from Chartmuseum? https://chartmuseum.com/docs/#basic-auth
nflaig
commented
3 months ago @nflaig My basic authentication isn't with Traefik but with chartmuseum. Does this plugin don't take into consideration basic auth from Chartmuseum? https://chartmuseum.com/docs/#basic-auth
The username and password is used during helm add
--basic-auth-user and --basic-auth-pass is not set anywhere as it's not a common use case to add basic auth on top of the already existing authentication.
You can try pass these in cmPushArgs, see https://github.com/nflaig/semantic-release-helm?tab=readme-ov-file#plugin-config
nflaig
commented
3 months ago You can try pass these in cmPushArgs, see https://github.com/nflaig/semantic-release-helm?tab=readme-ov-file#plugin-config
this is likely not gonna work as would have to pass basic auth flags to all commands
Piwero
commented
3 months ago
--basic-auth-userand--basic-auth-passis not set anywhere as it's not a common use case to add basic auth on top of the already existing authentication.
What are the credentials in the README of the repo used for? https://github.com/nflaig/semantic-release-helm?tab=readme-ov-file#environment-variables Aren't
export REGISTRY_HOST=<HOST>
export REGISTRY_USERNAME=<USERNAME>
export REGISTRY_PASSWORD=<PASSWORD>used for these helm auth? or how they are used for?
nflaig
commented
3 months ago used for these helm auth? or how they are used for?
I just told you how the credentials are used with even a reference to the code, see https://github.com/nflaig/semantic-release-helm/issues/32#issuecomment-2125501832
nflaig
commented
3 months ago You might be able to pass basic auth credentials like this https://<username>:<password>@testmuseum.piwero.com, have you tried that?
Piwero
commented
3 months ago @nflaig Yes, I have tried and still getting same error https://github.com/Piwero/sandbox-github-actions/actions/runs/9223677838/job/25377406118
command: 'helm repo add semantic-release-helm ***',
escapedCommand: 'helm repo add semantic-release-helm "***"',
exitCode: 1,
signal: undefined,
signalDescription: undefined,
stdout: '',
stderr: 'Error: looks like "***" is not a valid chart repository or cannot be reached: failed to fetch ***index.yaml : 403 Forbidden',
failed: true,
timedOut: false,
isCanceled: false,
killed: false,
pluginName: 'semantic-release-helm3'
}
Error: AggregateError:
Error: Could not add chart repository. Wrong credentials?Bear on mind that *** it's github injecting the secret with https://<username>:<password>@test-museum.piwero.com
I have also tested visiting https://<username>:<password>@test-museum.piwero.com and works fine. I think it's more of an issue with the plugin. For what I understand, when it's a chartmuseum, index.yaml isn't returned when visiting main page.
has the plugging being tested with chartmuseum?
nflaig
commented
3 months ago has the plugging being tested with chartmuseum?
yes, actually that it the only use case I had myself, I was using Harbor. Just remove basic auth and it will work..
Description: I'm experiencing an issue when trying to use the plugin to upload new versions of my Helm chart to my self-hosted Chartmuseum. When running the action, I get the following error:
Repository: Piwero/sandbox-github-actions
Error Example: GitHub Actions Run
Steps to Reproduce:
Expected Behavior: The Helm chart should be successfully uploaded to my self-hosted Chartmuseum.
Actual Behavior: The upload process fails with the error:
Error: Could not add chart repository. Wrong credentials?Secrets Added:
CM_REGISTRY:https://testmuseum.piwero.comREGISTRY_USERNAME:testuserREGISTRY_PASSWORD:********Additional Context:
REGISTRY_USERNAMEandREGISTRY_PASSWORD) are correctly set in the GitHub Secrets.REGISTRY_PASSWORDis the same as the user password for Chartmuseum.Feel free to play around with the GitHub Action. You can go to the sandbox repo and under actions, go to the "Release Helm Chart" action and run the workflow.
Please let me know if you need any further information to diagnose this issue. I can DM the password if needed for testing purposes.
Thank you