Just a quick update with a reply from the developers.
They have said that the error appears to be indicating that the build agent is trying to communicate to the TFS server, however the required certificate to do this isn’t trusted for some reason.
We can tell that the SSL connection to Octopus is working ok as the logs are showing it connecting successfully and only reason for the error from Octopus is the wrong package name due to the node error received:
Handshaking with Octopus Server: https://ots-corp-oct18.open-techs.local/
GET https://ots-corp-oct18.open-techs.local/api
Handshake successful. Octopus version: 2021.3.8275; API version: 3.0.0
GET https://ots-corp-oct18.open-techs.local/api/Spaces-1
GET https://ots-corp-oct18.open-techs.local/api/users/me
Authenticated as: SRVTFSBLD (a service account)
Found environments:
This Octopus Server supports channels
GET https://ots-corp-oct18.open-techs.local/api/Spaces-1/projects?name=Error%3A unable to get local issuer certificate
While there is an issue for us to look into with the release not being created, that won’t resolve the issue for the work items not being included.
I noticed your initial request mentioned that version 2 of the ‘Create Octopus a Release’ build step was working, could you please test that version with the current configuration and sending through the build logs?
Just an update from the Developers who have confirmed what’s changed between versions 2 & 3 of this plugin that could be causing this error.
Essentially the changes in version 3 include a transition from Powershell to TypeScript for each of the Build Steps and this is likely causing you to experience the NodeJS issue I linked earlier.
To try to resolve this issue, could you please try the following:
Confirm the TFS server certificate is installed on the build agent. I would suggest adding another line in the build agent configuration similar to how the Octopus certificate is configured.
Try running npm config set strict-ssl false or export NODE_TLS_REJECT_UNAUTHORIZED=0 (or both) to try to bypass any SSL errors. This is similar to git config --global http.sslVerify false which is already configured.
I’d be happy to jump into another call to try get this working again now that I am confident in the issue and the use of Node. Let me know how you get on or if you have any questions!
The engineers confirmed that the change between version 2 of the plugin and versions 3+ was a transition from Powershell to Typescript for each of the build steps and so Node is now being used.
They don’t believe there is a bug to raise with the Octopus Plugin but rather that the issue preventing you from acquiring your local issuer certificate is the Node issue I linked previously which outlines problems with corporate proxies. I found a StackOverflow post which has a bunch of interest points and discussion around users getting node install working behind a proxy.
Are you able to run node commands that should use the proxy such as node install ok?
I would recommend you try the following to resolve the issue:
Confirm the TFS server certificate is installed on the build agent - I would suggest adding another line in the build agent configuration similar to how I saw the Octopus certificate was configured. I believe this comment on the issue outlines how to do so.
Run the command npm config set strict-ssl false or export NODE_TLS_REJECT_UNAUTHORIZED=0 (or both) to try to bypass any SSL errors. These commands are similar to git config --global http.sslVerify false which I noticed was already configured.
Feel free to let me know if you have any questions!