TeamCity 2017.2 EAP2 is out

Greetings, everyone!

We are happy to present the new EAP version of TeamCity 2017.2 to you.

In TeamCity 2017.2 EAP2 we are introducing a new feature – composite builds allowing to aggregate results from several other builds connected by snapshot dependencies and presents the results in one place. A composite build can be viewed as a build which consists of a number of parts which can be executed in parallel on different agents. All these parts will have synchronized snapshot of the source code and the results can be seen in a single place. We would really like you to try this feature and share your feedback with us.

This EAP build also comes with improved Docker integration: you can now create a connection to a docker registry and TeamCity will be able to automatically log in to the specified registry before a build and log out of the registry after it. You can now instruct TeamCity to remove the published images during the build clean-up, and more.

Plugins management improvements include tracking newly uploaded plugins and disabling them via the web UI.

For the full list of improvements, see our release notes.

Download TeamCity 2017.2 EAP2 and make sure you install it on a trial server: this version is still in development; besides, it modifies the TeamCity data format making the downgrade impossible.

Try the new version and help us make it better: our forum and tracker are always at your disposal.

Happy building!
The TeamCity Team

Posted in EAP, Features, Uncategorized | Leave a comment

Welcome TeamCity 2017.1.3 Update

Greetings, everyone!

Today we are releasing the TeamCity 2017.1.3 update, containing bugfixes and refinements to the new features that were added in TeamCity 2017.1.

This update brings over 100 fixes, including:
– a few NuGet-related fixes
– a number of performance and security improvements

For details on all the enhancements available in TeamCity 2017.1.3, please see our release notes.

As usual, this update uses the same data format as all 2017.1.x releases, and we recommend that you upgrade to the latest version – should the need arise, you can roll back to a previous version.

Our forum and tracker are at your disposal and awaiting your feedback on the new version.

Not only have we been fixing bugs in the latest version, but we have also been working on the new one – so stay tuned for the news on the TeamCity 2017.2 EAP.

Happy building!

The TeamCity Team

Posted in Bugfix, Release | Leave a comment

Manage TeamCity Users with Invitations Plugin

Managing users of a TeamCity server is one of the tasks currently handled by the server administrator. Now when a new user comes to the company, they need to create an account on a TeamCity server (provided the default setting allowing users to register on the first login is enabled). Next, registered users need to ask the TeamCity server administrator or a Project administrator to grant them the required permissions.

Invitations Plugin Overview

The open-source Invitations plugin from JetBrains enables TeamCity administrators to invite users to create or join TeamCity projects. Typically this task will be handed over to Project administrators: they will create a project and will be able to send out invitations to the project users with the permissions scope already defined, thus freeing the System Administrator from granular permissions assignment and saving the new users the time and effort currently required for registering on the server.

It is possible to restrict the invited users’ access to a definite project (or several projects): in this case the per-project authorization mode is required on the server. This way any invitation will limit the user access to the project the invitation is sent from.

The plugin is compatible with TeamCity 2017.1 and later.

Installing Plugin

System Administrators can download the Invitations plugin.zip from here and install it on the TeamCity server as usual.

Using Plugin

The use of the plugin is quite straight-forward: after the server restart, the plugin adds the Invitations page to the settings of all projects on the server.

To invite users:

  1. Go to the Project Settings | Invitations page and select the invitation type:
    createInvite

    Invitation Types

    Two types of invitation are supported.
    The invitation to create a project will grant the invitee the Project Administrator role. Note that if per-project permissions are not enabled on the server, any project administrator will get access to TeamCity server administration.

    The invitation to join a project allows the project administrator to define a role for the invitee as well as the group they will be added to. The available roles depend in the roles configuration on the server.
    As for groups, the invited users can be added to any group having ‘View project’ as the minimal permission in the current project.

  2. Next create your invitation:
    • modify the automatically filled in fields as required,
    • specify whether the invitation will be used multiple times (default), or once, after which it will be removed from the UI,createSubproject
    • save the invitation.
  3. The invitation has been created. Copy the invitations link and sent it to the user you want to invite.
  4. The user will follow the link, register or log in to TeamCity, after which they will be able to create / join a project on the server.Invite

That’s it. We hope you will find this plugin useful. Your feedback is greatly appreciated!

Happy building!
TeamCity Team

Posted in Features, Tips&Tricks | Leave a comment

TeamCity 2017.2 EAP is open

Greetings, everyone!

Today we are announcing the opening of the EAP for TeamCity 2017.2. We’ve been working hard trying to address a number of issues and requests and this build comes with over 70 bugfixes and a lot of new features.

Here come several of them:

  • The ability to associate multiple templates to a build configuration, which provides a flexible way to create/change shared settings between multiple build configurations
  • Built-in support for Docker: TeamCity now comes with the Docker Build and Docker Compose build runners, and provides information on  Docker-related operations. The work is still in progress but it is worth a try.
  •  Meeting the request of many of you, this build comes with the option to restart the server from the UI
  • To ensure better compatibility with Java 9 and later Java versions, we changed the way the tests are reported from Ant builds, and TeamCity now uses service messages instead of the XStream-based network communication used by the previous implementation. If you have some custom reporting of service messages from your Ant builds, we’d appreciate if you tried running these builds with this EAP on your test server and report to us any issues which may occur.

There’s more, the full list is available in our release notes.

Download TeamCity 2017.2 EAP1 build and remember to install it on a trial server as it changes the TeamCity data format.

Your feedback on our forum or tracker is most welcome.

Happy building!
The TeamCity Team

Posted in EAP, Release, Uncategorized | Leave a comment

Run TeamCity CI builds in Google Cloud

teamcity-google-cloudWe are happy to announce that now TeamCity provides a tight integration with Google Cloud services. The Google Cloud Agents plugin allows using Google Compute Engine to start cloud instances on demand to scale the pool of cloud build agents and also supports using cost-efficient preemptible virtual machines. The Google Artifact Storage plugin provides the ability to use Google Cloud Storage to keep external build artifacts.

Installation

To enable these TeamCity integrations with the Google Cloud, you need to download the Google Cloud Agents and Google Artifact Storage from the plugins gallery and install them as additional TeamCity plugins. Remember to restart the TeamCity server.

Google Cloud Agents Configuration

Prepare Google Cloud Image

Now you need to create cloud images to start new cloud build agents from. To do that, create a new cloud instance from the available public boot disks and uncheck “Delete boot disk when instance is deleted” in the “Management, disk, networking, SSH keys” section. Then, after the start of the cloud instance, connect to it via SSH or RDP depending on the selected image and install a TeamCity build agent. You need to point the build agent to the TeamCity server to update plugins and set the agent to start automatically.

Create Google Cloud Instance

Then install required build tools, remove temporary files, remove the cloud instance and create a new custom image from the cloud instance boot disk.

Create Custom Google Image

Create Service Account and Key

Now we need to create a new service account with the Compute Engine Instance Admin role and a new JSON private key for that account.

google-cloud-credentials

Create Cloud Agent Profile

To create a Google agent cloud profile, navigate to the project where you want to set up the profile and select the Cloud Profiles link. Then click the “Create new profile” button and select “Google Compute” as the cloud type. Specify the profile name and the JSON private key value in the corresponding field.

To add a new image to the profile, press the “Add image” button, select the recently created cloud image, and fill in other properties. Next you need to save the image and then the profile settings. That’s all.

teamcity-google-profile

Google Artifact Storage Configuration

Create Service Account and Key

To access Google Cloud Storage, the plugin requires a service account with the Compute Engine Instance Admin role and a new JSON private key for that account.

teamcity-google-profile

Configure Artifact Storage

Navigate to the Artifacts Storage Project tab and click the Add new storage button. Select Google Storage type and fill in the name, JSON private key, bucket name and press Save. After that, activate this artifact storage in the TeamCity project by clicking the Make Active link.

teamcity-google-profile

That’s it! Your new builds in this project will store artifacts in the Google Cloud Storage.

Feedback

You are welcome to try these plugins for TeamCity, your feedback will be really appreciated: please share your thoughts in the comments to this blog post or in our issue tracker.

Happy building in the Google Cloud!

Posted in Features, FYI, How-To's, Tips&Tricks | Tagged , , | Leave a comment

TeamCity to Access Private GitHub Repositories Securely


Introduction

One of the great features TeamCity has is its integration with GitHub. Authentication from TeamCity to GitHub should be configured for the integration to work. We consider TeamCity secure enough; however, stealing authentication data is a threat we all live with and the consequences of it should be clearly understood.

In this blog post we’ll go over the existing ways of configuring authentication in TeamCity VCS roots pointing to private GitHub repositories, discussing the advantages and disadvantages of each of them. We hope that TeamCity Server administrators and Project administrators will find this information useful when deciding on the approach to authentication from TeamCity to GitHub.

Username and Password Authentication

It is often the case when access to a repository from TeamCity is configured via a user’s GitHub username/password. All server administrators and administrators of the projects where the root is configured have access to this information.

If this data is stolen, it gives the intruder full access and the possibility to maliciously modify your GitHub repositories, including your GitHub profile and all your settings.

We do not recommend it as it seems to be the least secure approach.

Username and Generated OAuth Token

Not long ago TeamCity started to support OAuth for GitHub. In this case you use the username and a generated OAuth token.

If someone gains access to them, then all your repositories in all organizations where you have read rights will be at this user’s disposal as TeamCity uses the ‘repo’ token scope.
However, this authentication option gives access to repositories only and not your GitHub profile and settings; besides, it is easy to revoke this token. Besides, repositories cannot not be deleted, and although force-push may still be performed, using the protected branches feature of GitHub can help in this case. All in all, this way can be considered an improvement in comparison with the previous approach.

SSH Key

As an administrator, you can create an SSH key for your TeamCity server, with the public part of the SSH key uploaded to GitHub and the private part uploaded to the TeamCity server.

The advantages of this approach are the same as those of the one above.
As to the risks, it can be highly dangerous if you use this key in different servers and applications. This can be mitigated using the special SSH key added to the GitHub profile and TeamCity, which will be used for this integration exclusively.

‘Deploy Key’ GitHub Feature

For every GitHub repository that Teamcity has access to it is possible to generate an SSH key with the private part on the TeamCity and the public part added to the deploy keys of your repository using the repository settings page. GitHub administrator rights for this repository are required. The key can have either read-only or read-write permissions for the repository.

This seems to be the most secure approach, because an individual key can be added to each repository, which would make access revocation extremely easy in case of data loss.

Creating a key for every repository might be a nuisance for Windows users, this seems to be the main disadvantage (not affecting Linux or macOS users though).

Conclusion

From the approaches outlined above, using OAuth token authentication and Deploy keys are considered secure enough by the majority of people, with Deploy keys being more secure and therefore recommended by us. In the end, adopting this or that way is up to you.

Posted in How-To's, Tips&Tricks, Uncategorized | Leave a comment

TeamCity 2017.1.2 update is released

Greetings, everyone!

Here is another bugfix update for the latest TeamCity version, TeamCity 2017.1.2.

This release features about 90 fixes and improvements, including:
– a new health report displayed when incorrect Http proxy server configuration is detected
– several fixes related to password replacement in the build log
– the fix for the issue with deleting a queued build.

It is recommended that you upgrade to the latest version since this build also resolves several security and performance problems. For the full list of fixes, refer to our release notes.

As usual, you can freely upgrade/downgrade within 2017.1 release, so download the new version and install it on your server – you can always roll back to an earlier version if required.

Your feedback is always welcome in our forum or tracker.

Happy building!

Posted in Bugfix, Release | Leave a comment

Webinar recording: What’s New in TeamCity 2017.1

The recording of our May 3 webinar, What’s New in TeamCity 2017.1, is now available on the JetBrains YouTube channel.

In this webinar, Wes Higbee goes over the new and exciting features of the latest release of TeamCity, TeamCity 2017.1.

Q&A

Q: Do you support Artifactory by default?
A: There is a plugin from JFrog which provides support for Artifactory.

Q: How would this work on an in-house BitBucket instance?
A: TeamCity supports connections to Bitbucket cloud only, so there is no way to create connection to Bitbucket server. But other ways of creating projects are available. If you have URL to repository – you can just create project / build configuration from this URL.

Q: Can you have a manual build step with an approval button?
A: It is possible to configure build configuration to show some question when build of this configuration is triggered. this can be done with help of typed parameters: https://confluence.jetbrains.com/display/TCD10/Typed+Parameters

Q: Can we use SonarQube/CodeNarc metrics to take a call on whether the next step in a build pipeline should be executed or not?
A: This could be implemented as a plugin. Plugin can set some kind of a precondition for build start.

Q: Any plans for supporting Docker as a specific step in build procedure? E.g. using containers for building.
A: Yes, there are plans. There is a separate plugin in the works. But if you want you can always run a step in docker using command line step.

Q: Is there an option to move the artifacts from native to Azure on selected builds which is already built?
A: No, not yet. On the other hand if you enable Azure, artifacts of old builds will still be available.

Q: Do all builds go to the artifact path when building different branches? How to distinguish between what each branch is producing the artifacts?
A: Actually, each build has its own forlder for artficats, so there are no conflicts here.

Q: Would the server remember all of its artifcats storages? The ones that are active and the ones that are not active?
A: Yes it will. Unless you remove the settings, artifacts will still be available.

Q: How does the clean up would act on Azure/S3?
A: Should work the same way as usual cleanup. Artifact patterns should work too.

Q: Can a build agent retrieve an actual value behind a token and put it as an artifact?
A: Build will see the actual value. Tokens are only used for configuration.

Posted in Features, Release, Webinar | Leave a comment

TeamCity 2017.1.1 update is out

Greetings, everyone!

Today we are presenting TeamCity 2017.1.1 release. This is essentially a bugfix update
resolving a number of issues which prevented some of our users from upgrading to TeamCity 2017.1.

Besides these, this TeamCity build comes with the bundled IntelliJ IDEA and ReSharper Command Line Tools updated to version 2017.1.2 and contains a few performance and usability enhancements.

For the full list of fixes see our Release Notes.

Download the new build now, check the Upgrade Notes, and install the new TeamCity build.

Happy building!

Posted in Bugfix, Release | Leave a comment

What’s New in TeamCity 2017.1, May 3rd Webinar

Join us Wednesday, May 3rd, 17:00 – 18:00 CEST (11:00 AM – 12:00 PM EDT) for our free live webinar, What’s New in TeamCity 2017.1 with Wes Higbee.

join

In this webinar, Wes Higbee will go over some of the major features of the latest TeamCity release. He will demonstrate the configuration of agent cloud profiles, which was moved to the project level; new integration with Visual Studio Team Services; disabling builds in the default branch; and the new secure values storage setting.

He will also show how easy it is to upgrade from v10.0 to v2017.1 in Docker, and showcase the updated parts of the TeamCity UI.

Space is limited, please register now. There will be an opportunity to ask questions during the webinar.

About the presenter:

Wes McClureWes Higbee is passionate about helping companies achieve remarkable results with technology and software. He’s had extensive experience developing software and working with teams to improve how software is developed to meet business objectives. Wes launched Full City Tech to leverage his expertise to help companies rapidly deliver high quality software to delight customers. He has a strong background in using Continuous Integration with TeamCity to bring quality to the table.
Posted in Features, FYI, How-To's, Webinar | Leave a comment