I want to implement pre-receive hooks on the GitLab server side but we don't have access to the file system. Is there any way I can handle it with GitLab-ci? I want to get control over what can and can't be pushed to the repository.
One possible workaround would be for developers to:
push to a gateway repository
pull from an official one.
(both on GitLab)
You can then associate a job on the first one, on push:, in order to validate what has been pushed.
If validated, the job push the commit to the second official repository.
It's possible to implement pre-recieve hooks in gitLab but that comes when we have access to file system. For now, I have added gitlab-ci that will check on every merge request on protected branches and let all developers push to temp branches.
Related
Is it possible to programmatically create and register a runner in bitbucket pipelines, in other words without having to create it first via the BitBucket UI.
The docker command provided requires a runner UUID, which must be created when creating the runner through the UI. Is there a way to programmatically create it through the BitBucket API? It seems a bit backward to have to create the runner first just to get the UUID so you can then deploy it.
With GitHub Actions Self Hosted runners, a runner can be created and registered to GitHub using a temporary token, but it does not seem like BitBucket have a dopted this approach, at least yet.
At the time of writing the Bitbucket API does not allow for this. There are two open feature requests for Bitbucket Runner APIs, BCLOUD-21708 and BCLOUD-21309, that may benefit from some votes.
Is there a way to implement a commit message policy on BitBucket Cloud?
From my understanding, the webhooks only work as commit notifications and can not intervene with the commits (to deny the commit if the commit message does not follow the set regex). For pre-commit hooks you would need BitBucket Server, right?
If that's the case, what about checking commit messages on a Jenkins build to fail the build if it contains a certain message that does not match the regex? Is that a viable option?
Another option, is there a local git config file where I could set the rules locally (even if they could be bypassed)?
I think you're confusing pre-commit hooks (which determine whether or not a commit can be made) with pre-receive hooks (which determine whether or not a specific remote will accept pushes). Bitbucket Cloud does not currently support custom pre-receive hooks, but Bitbucket Server does. Pre-commit hooks would need to be installed on every system where users make commits; those are not currently replicated, so you'd need everyone to manage them manually.
It sounds like Jenkins tests would be your best bet - check the commit message for the desired regex, and fail the test if the regex isn't there. That won't prevent people from making bad commits in the first place, but it will keep those bad commits out of the final product.
I have a scenario where I'm setting up Jenkins for my app. I have BitBucket set up and firing appropriate webhooks.
I want to start a build whenever a push is made to the repo as well as whenever someone creates/updates a pull request.
I've looked at the BitBucket Plugin. It works good if I have the BitBucket webhook to fire for all pushes.
Then I added the BitBucket Pull request plugin to build on every pull request create/update. So I changed the BitBucket webhook preferences to fire on pushes and PR creates/updates.
Unfortunately, these plugins have conflicting settings, hence they cannot be used at the same time (as per my research, the minute I send custom webhooks from BitBucket, the first one stops working, but the second one works)
Has anyone been able to set this up correctly? Maybe there's a plugin for what I want, but I couldn't find it.
I want to keep writing a proxy in front of Jenkins to manage webhooks the last option, only if there really is nothing I can do.
Thanks for the help!
I'm building a Jenkins plugin that one of the features is to commit and push some files generated during the build. I already have the code to commit and to push (using Git client from org.jenkinsci.plugins), however when I execute
PushCommand push = gitClient.push();
push.ref(__MY_BRANCH__);
push.to(new URIish("origin"))
push.force();
push.execute();
I get an error not having permissions to push. So, my question is: how can I re-use the credentials of a project to proper configue gitClient or the pushCommand ?
--
Thanks,
Jose
You need to provide credentials to the GitClient.
For example, here you can see the Git plugin calling the GitClient#addDefaultCredentials() method, using credentials obtained from CredentialsMatchers.
You mention you want to re-use the credentials from the same job so — assuming that the Git plugin has been configured with those credentials — your plugin should have access to the AbstractBuild where you can use something like build.getProject().getScm().getUserRemoteConfigs().get(0).getCredentialsId to fetch the configured credentials ID.
You'll need to cast the SCM to GitSCM, but otherwise that should work fine.
I'm looking for a way to automatically add +2 permissions for certain refs for a lot of projects in Gerrit and unfortunately it seems there are no API calls to modify access rights, only to read them. Do you have any idea how to modify refs permissions for a big amount of projects?
I'm using Gerrit 2.9.
Thanks.
One possibility would be to create a batch script to modify the project.config for those projects and commit them back to gerrit.
This is how you can checkout the project.config for the All-Projects, it works the same for other projects: http://blog.bruin.sg/2013/04/how-to-edit-the-project-config-for-all-projects-in-gerrit/
Simply put:
Create list of project you want to change
Iterate over the lest
Checkout the refs/meta/config ref
Use script to modify project.config
Commit and push back to the server
More information about the project.config: http://gerrit-review.googlesource.com/Documentation/config-project-config.html