In general you have a couple of options to securely connect to a private repository:
Only allow SSH login on the repository server; SSH keys are fully supported on bitrise.io
Restrict by IP: configure your server to only allow connections from certain IP addresses. We donāt recommend this solution, as even if you restrict the IP range to bitrise.io build machine IPs, that means that anyone who runs builds on bitrise.io will be allowed to communicate with your servers. Additionally, we only have fix IPs for our Mac build machines, the Linux stacks are hosted on Google Compute Engine and we use emphemeral IPs there, so the range is GCEās ephemeral IP range.
Use a VPN: VPNs are in general a good solution to connect to private networks, although in most cases limiting logins on the servers to SSH keys is an easier solution. You can find a guide here: http://devcenter.bitrise.io/tutorials/vpn-configuration/
If anyone have any other idea / solution, please share it with us, weād be happy to provide the required features / changes, or to highlight the option here!
We have a gitlab repository hosted internally, in other words it can only be accessed when connected to our company network, than bitrise can not access our gitlab repo projects. Said that, how to provide just to bitrise the rights to access our gitlab repo? Is that possible? There is some alternative solution for that?
in other words it can only be accessed when connected to our company network, than bitrise can not access our gitlab repo projects.
You most likely need a VPN, to connect the build environment (virtual machine) to your own private / company network, so that it can access the repository. For this you can follow the guide Redirectingā¦ - Bitrise Docs
A couple of notes / highlights:
You have to install and configure the VPN before the Git Clone step if you need the VPN to access the repository.
You can use a simple Script step to install and configure the VPN access
Setup note: Unfortunately you canāt customize the scanner to activate a VPN session, but you can use a sample app repository or any other non VPN protected repository during the Add New App process, and then change the repository to the VPN protected one on the appās Settings tab.
i understand that #2 is a generally a bad idea, but how would one go about obtaining the static IPs of the mac build machines? I have the need for part of a PoC for a client and donāt want to go though the hassle of setting up VPNs, etc until the project gets the green light proper
@nhammond run a script on the stack you want to get its IP, e.g.
#!/bin/bash
set -ex
curl ipinfo.io/ip
Please note that we canāt guarantee that the IP will not change! On the Linux stacks we use ephemeral IPs so that does change for pretty much every build. On macOS the IP will be the same for every build (as itās the networkās IP, not the specific host/VMās IP), but it might change any time if we have to change the related hardware for example!
Actually my company use Bitrise with Bitbucket, it works fine . But we move our source code in a Self Hosted Gitlab. So I try to use Bitrise with this Gitlab and I have some troubles :
Context :
I have a Bitrise Org Standard account.
Our Gitlab hosting infrastructure filter all the access by IP.
1st (resolved) problem :
We have whitelisted the Bitrise Mac Runner IP, so the Bitrise runner can pull/push my project. After this test we could use a VPN instead of whitelist this IP.
2nd problem :
Our Gitlab is not notified by Bitrise to update the state of the builds (for the PR status) :
I suppose :
that Bitrise try to do that using the Gitlab API (that correct ?)
but this requests are not made by the Bitrise Mac Runner, so the IP is different from the one I added in the whitelist (that correct ?)
Somes questions :
Is there a way to use the Bitrise Self Hosted Gitlab integration with a IP filtering on Gitlab ? To know the IP of the machine how call the Gitlab API ? To use a VPN on that part of Bitrise ?
How do businesses that have a Self Hosted Gitlab usually work to use Bitrise with?
3rd problem :
On our Gitlab, the HTTPS domain is gitlab.xxxx.com but the SSH domain is different (ssh-gitlab.xxxx.com). When I try to create a new app on Bitrise with the Self Hosted Gitlab integration, the resolved Git address by Bitrise is git@gitlab.xxxx.com and not git@ssh-gitlab.xxxx.com. And I canāt edit it, so I cantā setup the app on Bitrise.
For example on the Tower Mac app, if I try to clone a repo from that Gitlab Self Hosted with my account logged in Tower, the resolved Git address is git@ssh-gitlab.xxxx.com
Glad to hear you were able to work through most of these obstacles!
About your status updates, you can simply search for the āGitLab Statusā step in our step library and you can use that to communicate between the services!
As for the 3rd problem, weāve discussed this briefly and the easiest workaround is, while Adding the new app you provide the git address manually instead of selecting the default Bitrise GitLab integration.
HI there, we have an internally hosted gitlab instance that uses an alternate port other than standard 22. How can I set the config for bitrise to use an alternate port?
hello, I know this is an old thread but since I am not getting any where with my VPN connection setup, I thought I will take my chances here. Up front apologize for that.
Is VPN connectivity well documented some where? I am asking because I am seeing a lot of old posts, dating 3-5 years back showing steps but I donāt know if there are relevant anymore.
I am simply looking for a document which shows how VPN configuration is being achieved as of today & how to include the step, what to write in step.yml or step.sh.
I am reading a lot of old posts & completely out of my depths here.
One thing to note, the āConnect to OpenVPN Serverā step uses a basic configuration and does not provide for a way to alter this configuration. If your VPN configuration differs, we typically suggest using the script from the step as a sample for you to create a custom step using your VPN configuration. (GitHub - bitrise-steplib/bitrise-step-open-vpn: Bitrise step to establish a VPN connection with the specified OpenVPN server.)
If you have specific questions or run into problems, please open a ticket with support.
. But we move our source code in a Self Hosted Gitlab. So I try to use Bitrise with this Gitlab and I have some troubles :