I’ve trying to run Forge CLI in our GitHub workflows but I keep receiving the following message:
Error: Keytar error detected: Cannot autolaunch D-Bus without X11 $DISPLAY
Something went wrong while accessing Secret Service API.
As this is running in the CI, there is no interactive prompt available. This happens both with the login and lint commands (I haven’t tried others yet).
I’ve also tried executing the login:ci command and setting the output token to the env variable FORGE_CI_TOKEN, but the result is the same.
@sven.schatter, is the forge install step part of your pipeline?
I am trying to build & deploy a forge app from a pipeline and I notice that there is no --non-interactive flag on the forge install command. So, even though I pass through the --site, --environment, --product, --confirm-scopes, and --upgrade flags the install command still prompts me for confirmation.
Shouldn’t the install support the --non-interactive flag as well?
I don’t have an answers but I’m running into the same issue. Using Ubuntu under the Windows Subsystem for Linux.
Strangely everything was working fine with Forge 1.5, but I started getting the Keytar error after upgrading to 1.6. The issue continued to happen even after uninstalling 1.5 and re-installing 1.6, so I wonder if it’s a change in a new version of a dependency.
Maybe I do have an answer, I looked in the code and saw that there is a fallback credentials option if
require('keytar')
fails, so I went a deleted the keytar folder from my global node_modules folder (.nvm/versions/node/v14.17.0/lib/node_modules/@forge/cli/node_modules/ for me).
Obviously not the nicest way to do things but it seems to work.
Matt
I’m on the Forge team and I believe I know how to make this work now.
So the trick is to:
Set usage analytics (as @sven.schatter has mentioned above, although I personally think it’s worth it to enable it: forge settings set usage-analytics true)
set FORGE_EMAIL and FORGE_API_TOKEN environment variables. I use BB Pipelines now and I have configured these variables in BB Pipelines UI. This was enough for Forge CLI to run forge deploy, forge install and other commands.
So skip the forge login and stuff and just continue to use the Api token? Can that be official through documentation (since I suspect a lot of folks will be setting up deployment pipelines like me. Also, that way the functionality doesn’t disappear without us having anything to point to ).
But that got me going for now on this hurdle. Thank you!!!
@danielwester that’s a valid question. The functionality from my reply won’t disappear. However, Forge team has recently confirmed that the recommended way to use Forge CLI in the CI is this:
Is there anyway we could make keytar an optional dependency? For me, the version (2 major versions behind current) required by the Forge CLI won’t compile for me on 2 different flavors of Linux. I’ve tried all kinds of things to get the libsecrets-1 library, setting compile paths, and whatnot. While I understand the day-to-day convenience, it seems overly aggressive in the CI/CD environment when that secrets management is just going to be destroyed anyway.
For me it looks like it’s already an optional dependency. That is, I’m seeing the node-gyp errors followed by an npm warning message that it’s skipping optional dependency keytar.
The keytar is an optional dependency of the CLI. So even if it cannot compile in your environment, this should not block the usage of the CLI.
You might see warnings and errors during the installation step, but the CLI will be usable as the keytar codepath will be ignored when running commands.
I can confirm @XavierCaron’s assessment, though there are some gotchas that are easy to run into, here’s our current recipe:
do not depend on @forge/cli via package.json (we had it as a dev dependency, which worked up to 1.5.0 and somehow broke in 1.6.0)
ensure to run npm install again before committing package-lock.json after removing any @forge/cli dependency as per 1), otherwise keytar remains configured based on your local interactive environment
instead, install @forge/cli via a separate step in your build environment to ensure it is configured w/o the interactive features (of course, you can optimize build times via a custom build image with the @forge/cli preinstalled) - the mentioned warnings can be ignored, or better yet avoided by ignoring the optional keytar dependency (thanks @remie):
To add to this, if you remove forge-cli from your package.json and package-lock.json files, then this will work for a basic deploy:
name: Deploy to forge app to atlassian cloud site development environment on push
on:
push:
branches: [dev]
jobs:
build:
runs-on: ubuntu-latest
name: Build the source code for deployment
steps:
- uses: actions/checkout@main
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
- run: npm install @forge/cli@2.0.1 --no-optional
- run: npm run static:install
- name: disable analytics
run: npx forge settings set usage-analytics false
- name: Deploy to atlassian cloud site
run: |
npm run static:build
npx forge login --email ${FORGE_EMAIL} --token ${FORGE_TOKEN} --non-interactive
npx forge deploy
env:
FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }}
FORGE_TOKEN: ${{ secrets.FORGE_TOKEN }}
Atlassian, the fact this took 3 people hours to figure out and we have no meaningful response from anyone on this thread for a month shows how GA Forge really is. I can’t believe I wasted my entire afternoon on this.
Major Kudos to Remie and Steffen for spending the time to help me un@#$% this.
Thanks everyone for helping identify Forge’s CI/CD capabilities. I think CI/CD is an important topic and given Forge’s unique hosting setup, we need to provide a dedicated guide on Forge CI/CD. I’ve created FRGE-813: Inadequate documentation of Forge CI/CD support to request this.
Thanks @dmorrow, appreciate the initiative! The lack of CI/CD guidance has also just been discussed (and acknowledged) in Join us for a Developer AMA with Tim Pettersen - #9 by sopel, where I also referenced a recent Atlassian blog post that seems to be a good starting point for a guide (Bitbucket Pipelines though, ideally a guide would also cover GitHub indeed):
[…] I just stumbled over Damien Lauberton’s recent and comprehensive blog post How to Configure CI/CD for an Atlassian Forge App […], and it has neither been announced in the community nor referenced from the Forge docs yet, maybe you could derive (and maintain) a tutorial from it?