ghprbActualCommitAuthorMail returns wrong mail address - jenkins

I am using the GitHub pull request builder plugin in Jenkins to make pull requests on GitHub automatically trigger Jenkins jobs.
I am using GitHub Enterprise and when I try to get the values of environment vars ghprbActualCommitAuthor and ghprbActualCommitAuthorMail, I get incorrect values:
ghprbActualCommitAuthor : GitHub Enterprise
ghprbActualCommitAuthorEmail : noreply#github.***.com
Please help, thanks!

This behavior is seen in GitHub Enterprise when users commit changes directly using the web UI or they have not set their email addresses.
According to GHE support:
This is by design, since the commit is actually done by the GitHub Enterprise instance. This is because we do not impersonate users when creating commits.
You can fix this by ensuring that users make commits only through the Git clients using their own SSH credentials or Personal Access Tokens.

Related

Bitbucket Server - How to get the Bitbucket Server instance

I'm new to Bitbucket Server.
Currently, I'm trying to configure a Jenkins job to build my repository, which is located in my personal space of Bitbucket Server (I'm not admin of BitBucket Server).
I followed the video here: https://www.youtube.com/watch?v=0-FugzVYJQU.
Inside Jenkins setting, I have put the URL to my company bitbucket server, personal access token, Credentials as per hint from Video... But the connection still fails.
My question is:
1 - Do I need the admin right of Bitbucket Server to setup these procedures or did I configure something wrong?
2 - If possible, how to get the Bitbucket Server instance when I don't have the
admin right of Bitbucket Server?
Sorry English not my native language.
Thank you for your help :)
Jenkins Setting - Bitbucket Server instances entry
Regarding your question 1,you don't need any admin access to bitbucket server to setup this procedure.If you are cloning from any repository, you need to make sure that the credential you are using, should have at least read access to particular repository.
For your second question, if you are setting up any jenkins job and Bitbucket team is different, you need to ask them for url or IP. Even you dont know ip, bitbucket server URL should be fine to connect with as long you are using correct credentials.
There can be multiple issue like firewall/no connectivity/security rules if jenkins is not able to connect though you are using correct credentials.
1 - Do I need the admin right of Bitbucket Server to set up these
procedures or did I configure something wrong?
You do not need admin rights of Bitbucket Server. You can add your own personal access token(PAT). Make sure your PAT has admin access.
If possible, how to get the Bitbucket Server instance when I don't have the admin right of Bitbucket Server?
You have to configure your Bitbucket instance manually. Its explained from here in the video.
If your repository is in your personal space, make sure while creating a job, the project name is ~<yourusername>. Example ~jsmith. Repository name will be populated using this.
Regards,
Bitbucket Server Developer

Jenkins GitHub access token - Enable Checks but not Write code

I'm trying to set up Jenkins Multi-branch pipelines to add status checks to my GitHub private org repos. Blue Ocean requires the bot-user to have write (maybe more) privileges, listed as so:
I would like to pull code, write status checks but not push code. Is there any combination/workaround that will enable this?
P.s. I'm not entirely confident in what each scope enables and what permission level of collaborator (read/write/admin) they need even though I've read the hyperlinked docs.
A personal access token grants a user API access at the same level of their permissions within GitHub, never greater. For example if the user has read access to a repo and the token is marked as "Full control" then they will still only have read access to that repo.
Writing a Status Check requires the user to have Write, Maintain or Admin permission to your repos as described in this page:
https://help.github.com/en/articles/repository-permission-levels-for-an-organization
Write, as the name suggests, grants push permission to your repo so you will need to think about how to proceed.
I assume you're using GitHub.com (rather than GitHub Enterprise) so would suggest the following:
Grant the bot-user write access to your repo
Create a team of users who require push access
Enable the branch restriction "Restrict who can push to this branch"
Add the newly created team you to the restriction
Set the "Branch name pattern" to *
https://help.github.com/en/articles/enabling-branch-restrictions
This will apply the restriction to all branches within your repo and prevent the user from pushing, but does not prevent the writing of status checks.
If you were using GitHub Enterprise I would consider a pre-receive hook to prevent the bot-user from being able to push code into your repos.
Mick

Automatically add link to pull request to JIRA

We have a setup with Bitbucket GIT linked to JIRA issue tracker. It is possible to add special comments to GIT commit messages to update JIRA issues automatically.
However, is it possible to put the link to the Pull Request, when it is created, to the corresponding JIRA issue? JIRA issue knows the name of the branch, so it should also have information on the pull requests.
If you reference your issue keys in your commit messages, branches and pull requests then this information will automatically appear in your issue's development panel.
This requires that you have an application link configured between JIRA and Bitbucket.
This is how it should look:
More info is available on the Development Information documentation page.

Get Project's Credentials using Jenkins API

I'm building a Jenkins plugin that one of the features is to commit and push some files generated during the build. I already have the code to commit and to push (using Git client from org.jenkinsci.plugins), however when I execute
PushCommand push = gitClient.push();
push.ref(__MY_BRANCH__);
push.to(new URIish("origin"))
push.force();
push.execute();
I get an error not having permissions to push. So, my question is: how can I re-use the credentials of a project to proper configue gitClient or the pushCommand ?
--
Thanks,
Jose
You need to provide credentials to the GitClient.
For example, here you can see the Git plugin calling the GitClient#addDefaultCredentials() method, using credentials obtained from CredentialsMatchers.
You mention you want to re-use the credentials from the same job so — assuming that the Git plugin has been configured with those credentials — your plugin should have access to the AbstractBuild where you can use something like build.getProject().getScm()​.getUserRemoteConfigs().get(0)​.getCredentialsId to fetch the configured credentials ID.
You'll need to cast the SCM to GitSCM, but otherwise that should work fine.

Jenkins: Use personal credentials for project

I'm hosting a project on my Jenkins server. That project has a GitHub repo and I have it set up so it automatically builds new commits. In order for that to work, I need to input credentials for a github account that has full access to the repo.
The problem is, that if I want him to add his login info to the credentials list, I'd have to give him acces to all credentials on the server (I don't want that).
I tried using the credentials under "{username}" > "Credentials", but those didn't show up in the project setup (even with 100% access to everything on the server).
Is there a way for the user to store his credentials and use them for the project without giving him full access to all credentials on the server?
Add the user's credentials under Global security and then allow project based Matrix Authorization Strategy per project as shown:
I found the answer in this mailing list entry:
In short: You need to
install and activate the Authorize Projects Plugin,
enable "run as specific user" strategy in global security settings,
enable this for the project in question.
This allows you to use the credentials for this specific user.
Enabling ssh-agent is the final step to make this work conveniently.

Resources