This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GitLab and Dataform integration - wrong commiter's e-mail address

Posted on 06-01-2023 07:03 AM
zkalinowska
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

The following setting has to be turned off in GitLab repo in order to enable Dataform’s workspaces git integration in GCP’s GUI:

Reject unverified users

Users can only push commits to this repository if the committer email is one of their own verified emails.

If this setting is not disabled, the following error is thrown by Dataform when trying to commit the changes:

API request error: Push failed (pre-receive hook declined): GitLab: You cannot push commits for 'dataform+no-reply@google.com'. You can only push commits if the committer email is one of your own verified emails.

The actual commits are registered under the user’s e-mail address, but for some reason this is not recognized properly. Since turning this setting off poses a security risk, does anyone know if there's any workaround to allow pushing from Dataform GUI?

Thanks!

0 5 1,685
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
kvandres
Staff
Reply posted on --/--/---- --:-- AM

Good day @zkalinowska,

Welcome to Google Cloud Community!

Please make sure that you have followed the following:

1. Verify if you have the required roles/permissions Dataform.admin on repositories. You can check this link for more information: https://cloud.google.com/dataform/docs/connect-repository#required_roles

2. Please note that you also need to create and share a secret for connecting a Dataform repository to Gitlab repository.

To connect to a GitLab repository, create a classic personal access token. After creating a personal access token, you need to create a secret in Secret Manager that contains the token. Then, you need to grant secret access to your Dataform service account.

You can check this link fore more information: https://cloud.google.com/dataform/docs/connect-repository#create-secret

3. You can also try resetting the author in git, you can this thread for more information but please note that Google does not support this page. https://superuser.com/questions/1419625/gitlab-you-cannot-push-commits-for-you-can-only-push-commits...

Hope this helps!

0 Likes

Posted on --/--/---- --:-- AM
zkalinowska
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @kvandres - thanks for your reply.

1. Yes, I do have this role assigned in the project I'm setting Dataform in: 

zkalinowska_0-1686580480564.png

2. Yes, I have created a secret called `dataform` and it's in Secret Manager. I believe the connection is set up correctly - when I go to Dataform repositories list, the column "Git token secret status" is displayed as Valid. I am able to pull from the repo, I am unable to push (both to default branch and the branch named after my development workspace).

3. I believe the issue is not with git, because the error message states that Dataform is trying to push my commits (done using my GCP account through Dataform GUI) with this e-mail address: dataform+no-reply@google.com - which is obviously incorrect. There is no way for me to reset the author in git within GCP, I don't know why this e-mail is set as no reply Google's e-mail instead of mine - I am not setting this up in any of my settings, it looks like Google is providing this e-mail address out of my control.

If I allow unverified users to push to my repo, the push is done correctly, and it appears under my name and my e-mail in GitLab. But due to security reasons this option cannot be turned off in my repository, so the commits cannot pass the pre-receive hook in GitLab. I believe GCP might be initially trying to commit using the dataform+no-reply@google.com e-mail and somehow does substitute it with GCP user's e-mail on the way, but it is doing it after the pre-receive hooks which is causing the push to fail. This looks like a bug in GCP.

0 Likes

Posted on --/--/---- --:-- AM
zkalinowska
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Is there any update on this topic or any way I could file a bug?

Posted on --/--/---- --:-- AM
grebb
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Sorry to necro after 1.5 years.

No idea if you'll see this, but did you ever find a resolution to this problem @zkalinowska ? 

I have a single user with the exact same issue between Dataform GUI and gitlab (self hosted). A team of users all work happily with the same setup and against the same code repository, except for this one user who is getting the same error as this post.

Currently trying to work through the issue with Google support, but not much progress yet. Any advice that helped would be appreciated.

0 Likes

Posted on --/--/---- --:-- AM
andreitoupinets
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I had same issue and solve it this way:
in Gitlab repository "Settings -> Repository -> Push rules" just uncheck "Check whether the commit author is a GitLab user".

0 Likes