How to configure bitrise to access an internally hosted git repository


#1

In general you have a couple of options to securely connect to a private repository:

  1. Only allow SSH login on the repository server; SSH keys are fully supported on bitrise.io
  2. Restrict by IP: configure your server to only allow connections from certain IP addresses. We don’t recommend this solution, as even if you restrict the IP range to bitrise.io build machine IPs, that means that anyone who runs builds on bitrise.io will be allowed to communicate with your servers. Additionally, we only have fix IPs for our Mac build machines, the Linux stacks are hosted on Google Compute Engine and we use emphemeral IPs there, so the range is GCE’s ephemeral IP range.
  3. Use a VPN: VPNs are in general a good solution to connect to private networks, although in most cases limiting logins on the servers to SSH keys is an easier solution. You can find a guide here: http://devcenter.bitrise.io/tutorials/vpn-configuration/

If anyone have any other idea / solution, please share it with us, we’d be happy to provide the required features / changes, or to highlight the option here!


White list IP
Whitelisting ip addresses
Whitelistable IP range for build containers
Whitelisting ip addresses
Whitelistable IP range for build containers
Want ip address for whitelist in private organization
How to register a GitHub Enterprise repository
#2

We have a gitlab repository hosted internally, in other words it can only be accessed when connected to our company network, than bitrise can not access our gitlab repo projects. Said that, how to provide just to bitrise the rights to access our gitlab repo? Is that possible? There is some alternative solution for that?


#4

Because you mentioned that:

in other words it can only be accessed when connected to our company network, than bitrise can not access our gitlab repo projects.

You most likely need a VPN, to connect the build environment (virtual machine) to your own private / company network, so that it can access the repository. For this you can follow the guide http://devcenter.bitrise.io/tutorials/vpn-configuration/

A couple of notes / highlights:

  • You have to install and configure the VPN before the Git Clone step if you need the VPN to access the repository.
  • You can use a simple Script step to install and configure the VPN access
  • Setup note: Unfortunately you can’t customize the scanner to activate a VPN session, but you can use a sample app repository or any other non VPN protected repository during the Add New App process, and then change the repository to the VPN protected one on the app’s Settings tab.

Let us know if you have any questions!


#5

A macOS only solution, which works with the macOS built in vpn was also reported:


#6

i understand that #2 is a generally a bad idea, but how would one go about obtaining the static IPs of the mac build machines? I have the need for part of a PoC for a client and don’t want to go though the hassle of setting up VPNs, etc until the project gets the green light proper


#7

@nhammond run a script on the stack you want to get its IP, e.g.

#!/bin/bash
set -ex

curl ipinfo.io/ip

Please note that we can’t guarantee that the IP will not change! On the Linux stacks we use ephemeral IPs so that does change for pretty much every build. On macOS the IP will be the same for every build (as it’s the network’s IP, not the specific host/VM’s IP), but it might change any time if we have to change the related hardware for example!


#8

@viktorbenei thanks for that. it’s only iOS for now, and we’ll be looking at other solution going forward but this will get us started.


#9

@nhammond As a temporary solution this should be fine, just don’t forget that the IP might change in the future :wink:


#10

These a new step in the StepLib, that implements OpenVPN connection as a simple step: https://www.bitrise.io/integrations/steps/open-vpn

Can be a nice alternative to script based solution if you use OpenVPN.