#541  Git SSL/TLS failure when using maven image suggested by OneDev
Released
Chris opened 4 months ago

Hi,

I upgraded from 4.3.0 to 6.2.1 and now some builds are failing with the following error:

fatal: unable to access 'https://SERVER/PROJECTNAME/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Step "command" is failed: Command exited with code 128

This only happens in two of my projects and both of them are using the following image definition: @script:builtin:maven:determine-docker-image@

The SSL/TLS cert for onedev installation is issued by Let's Encrypt, up to date and valid. Is it possible that either using the built-in image is no longer supported or the image is not up to date regarding certificate validation?

Best regards, Chris

Robin Shen commented 4 months ago
Can you please show me the command reporting this error?
Chris commented 4 months ago
Hi,

oh damn I missed this information, sorry! I’m doing version bump things in this step and the failing command is a git fetch.
Robin Shen changed title 4 months ago
Previous Value Current Value
SSL/TLS failure when using
Git SSL/TLS failure when using maven image suggested by OneDev
Robin Shen commented 4 months ago

Git contained in the Maven image suggested by OneDev (3.6.1-jdk-8) is pretty old. You may specify the image as "maven:3.8.4-jdk-8" to work around the issue. OneDev job suggestion will also be updated to use this image.

OneDev changed state to 'Closed' 4 months ago
Previous Value Current Value
Open
Closed
OneDev commented 4 months ago

State changed as code fixing the issue is committed

OneDev changed state to 'Released' 4 months ago
Previous Value Current Value
Closed
Released
OneDev commented 4 months ago

State changed as build #2249 (6.2.4) is successful

wojtek commented 3 weeks ago

Sorry to bump the issue but I think it's somewhat related - is there a way to globally set default image for maven builds (and definition created by 1dev)? I see in the script image: '@script:builtin:maven:determine-docker-image@' so I could probably replace the image with maven:3-eclipse-temurin-17 but doing that for each project doesn't seem like a good idea. And the original entry suggests there is a script and some sort of logic being applied to "determine docker image" so my question is - how we can affect/configure it?

Robin Shen commented 3 weeks ago

You may write a custom script returning desired image, something like @script:get-maven-image for the image field. But still you need to change all maven step to use that script for the first time.

wojtek commented 2 weeks ago

Any hint how to / where to create such custom script? I checked the documentation / tutorials / blog on medium and sub-sections in build category and haven't found mentions/notion of "scripts". I'm still setting up our 1dev and it would be ideal to have one "template" that would be flexible and configurable via variables/external (global) scripts and use it for all subsequently imported projects that would save a lot of work in the future.

(I'm also trying to figure out how to handle deploying maven artifacts to maven repository but that's a separate issue though :-) )

Robin Shen commented 2 weeks ago

Custom script can be defined here:

2022-05-11_21-44-13.png

For instance, you may define a script named maven-version, with content set to

return "3.8.2"

Then you can reference this script in build spec via @script:maven-version@

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Seen Builds
Issue Votes (0)
Watchers (5)
Reference
issue onedev/server#541
Please wait...
Page is in error, reload to recover