Versions Compared

Version Old Version 13 New Version 14
Changes made by

Drew Nuttall-Smith

John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Note

This page describes the functionality of MettleCI Workbench version 1.0-1280 onwards.
For older versions of Workbench, see this page: Configuring MettleCI Workbench to communicate with Git over HTTPS (legacy)

Warning

Warning

Upgrading MettleCI Workbench from a version prior to 1.0-1280 will result in a breaking change for customers using Git over HTTPS.
The global HTTPS credentials stored under the gitAuthentication section of the config.yml file are no longer used in MettleCI Workbench version 1.0-1280 onwards. The continued presence of those values in that file will not cause any adverse behaviour, but those values will be ignored, and would be better removed form the file to avoid confusion.

Data Migrators recommend using the SSH protocol for authentication between MettleCI Workbench and your remote Git repositories as it is easier to manage access in a uniform manner across multiple remote Git repository hosts (Github, Bitbucket, Gitlab, etc). SSH keys also tend to be more secure than username/password credentials.

In the event that you need to use Git over HTTPS rather than SSH you can configure MettleCI Workbench to store a set of username/password credentials for each user which will be used for all Git HTTPS requests. These are configured in the config.yml file as shown below:

Code Block
...
gitAuthentication:
  sshKey: "/opt/dm/mci/workbench.key"
  httpsEnabled: true
  httpsCredentialsStore:
    path: /opt/dm/mci/.secrets/git-credentials.p12
    password: ${file:UTF-8:/opt/dm/mci/.secrets/git-credentials-keystore-password}
...

The git credentials will be stored in a keystore that requires a password. This password should be store in a file in the .secrets directory and that file should be referenced in the config.yml file, as shown above.

Info

The Workbench Setup Wizard will automatically generate this file for you with newer versions of workbench. If you are upgrading from an older version of Workbench, you will need to create this file yourself.

  1. In order to create the password file make sure to login as the mciworkb user. (If you running are on Microsoft Windows you can skip this)

    Code Block
    $> sudo su - mciworkb

  2. Go to your mettle home directory

    Code Block
    $> cd /opt/dm/mci

  3. Create the file where the keystore password will be saved

    Code Block
    $> touch .secrets/git-credentials-keystore-password

  4. Edit the file with your preferred editor and enter a new password

    Code Block
    $> vim .secrets/git-credentials-keystore-password

thisisasecurepassword

  5. MettleCI Workbench will need to be restarted after saving changes to config.yml.

When HTTPS is enabled, each user can add their git credentials on the Profile page which they can access from the menu in the top right corner of Workbench:

Note

Note

If your git repositories are in Azure DevOps you will need to provide an Azure Personal Access Token (PAT) instead of your password.
See the Azure documentation if you are unfamiliar with PATs:

https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page

Image RemovedImage Added

You can then enter Git HTTPS or SSH repository URLS in the project registration page. The ssh or https credentials will be used depending on the configured Git protocol, any username shown in the URL will be ignored and overridden by the settings included in config.yml:

Info

Tip
While most Git repository hosts only support HTTPS and SSH protocols, MettleCI Workbench also supports HTTP and FTP. The same credentials are used, with the only difference being that the registered Git URL will be prefixed with the http:// or ftp:// protocol identifiers.