How to include credentials using bitbucket webhooks - jenkins

I am using this interface:
If I want to ping our Jenkins server, we need credentials to do, for example with cURL it would look like:
curl -u ${user}:${password} http://jenkins.teros.io/job/demo/build?token=demo_interos_token
so is there a way to pass creds somehow with the webhook interface or maybe in the query parameters?

I created a middleman server, and Bitbucket can ping our server with creds in the url and we forward request to Jenkins.

You should be able to give the credentials as part of the URL:
http://<user>:<password>#jenkins.teros.io/job/demo/build?token=demo_interos_token
This is based on RFC-1738 which defines the URL Syntax, and specifically the Common Internet Scheme Syntax.

Related

How do I obtain an HTTP access token from a bitbucket repository on bitbucket cloud

I need to create an HTTP access token for a repository which allows me to pull modules from it while building a nodeJS application in another repository.
This was done in the past by using a personal access token from one of the employees and I want to change that.
I refered to this article " https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html " in which the steps are stated as follows:
Create HTTP access tokens for projects or repositories
HTTP access tokens can be created for teams to grant permissions at the project or repository level rather than for specific users.
To create an HTTP access token for a project or repository (requires project or repository admin permissions):
From either the Project or Repository settings, select HTTP access tokens.
Select Create token.
Set the token name, permissions, and expiry.
The problem is in my repository settings, I can't find "HTTP access tokens".
I'm using Bitbucket cloud whereas the article refers to bitbucket Server, does that make a problem? If so, this option isn't available in bitbucket cloud?
Atlassian has vast documentation, but I have a problem with it and still don't understand how to get an access token to be able simply download archives from private repositories.
So here is my step by step tutorial
Insert your workspace name instead of {workspace_name} and go to the following link in order to create an OAuth consumer
https://bitbucket.org/{workspace_name}/workspace/settings/api
set callback URL to http://localhost:8976 (doesn't need to be a real server there)
select permissions: repository -> read
use consumer's Key as a {client_id} and open the following URL in the browser
https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=code
after you press "Grant access" in the browser it will redirect you to
http://localhost:8976?code=<CODE>
Note: you can spin your local server to automate this step
use the code from the previous step and consumer's Key as a {client_id}, and consumer's Secret as {client_secret}:
curl -X POST -u "{client_id}:{client_secret}" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=authorization_code \
-d code={code} \
you should receive similar json back
{
"access_token": <access_token>,
"scopes": "repository",
"token_type": "bearer",
"expires_in": 7200,
"state": "authorization_code",
"refresh_token": <refresh_token>
}
use the access token in the following manner
curl https://api.bitbucket.org/2.0/repositories/{workspace_name} \
--header "Authorization: Bearer {access_token}
Whilst your question is about Bitbucket Cloud, the article you linked is for Atlassian's self-hosted source control tool Bitbucket Server. They have different functionality for different use cases, which is why they don't look the same.
Depending on your use case you can use App passwords or OAuth instead.
Full disclosure: I work for Atlassian
Easiest way to do it is:
Create an OAuth consumer in your Bitbucket settings (also provide dummy redirect like localhost:3000, copy KEY and SECRET.
Use curl -X POST -u "KEY:SECRET" https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials to get JSON data with access-token.

Error in triggering jenkins job from Slack

I am integrating Jenkins in Slack to facilitate build from Slack.
I configured the Build Trigger section of my job
Then I added Slash Commands to slack and configured it as below.
Now, I went to slack and typed /dev-backend, and it is throwing the error,
/dev-backend failed with the error "invalid_url"
I tried hitting the URL directly from postman which is giving the Authentication required response.
How can I add the authentication so that I can trigger build from slack? I thought the token provided in the build triggers section of Jenkins was enough.
I know it's kind of outdated question but I was also struggling with this error, so maybe it will help someone in the future. If you are getting /command failed with the error "invalid_url" and you are able to hit your application endpoint via eg. Bash shell:
curl -X POST -H 'Authorization: Bearer your-bearer-token' -H 'Content-type: application/json;charset=utf-8' --data '{"channel":"#test","text":"Hello, Slack!"}' http://127.0.0.1:8000/your/application/endpoint
it means that Slack can't access/see the URL that you passed in Slack API Applications Settings.
In my case the problem was that I was passing http://127.0.0.1:8000/some/endpoint in Slash Commands configuration which was visible only by my computer. The easiest way to make it visible for Slack is to use ngrok.
So if you are getting this error the steps are as follows:
Install ngrok
Run your app on localhost, eg. http://127.0.0.1:8000
In Bash shell type ngrok http 8000
Copy url returned by ngrok, in my case http://c609-91-234-49-229.ngrok.io
Paste copied URL to Slack Slash Commands configuration instead of localhost.

Github jenkins webhook integration failed

I am trying to configure webhooks in github so that it will build every time I do a new push, I have added web hooks in github and given the address of jenkins which is http://localhost:8080/github-webhook/ but it did not work and I found out that we need to find our IP address and I added it as follows: http://"my IPV4":8080/github-webhook/ and it still didn't work. I have even tried using ngrok to port forward, but it didn't work as well. It constantly throws the We couldn’t deliver this payload: Failure when receiving data from the peer error.
You need a public IP address for Github to point to detect a push request. localhost is on your local machine. You can configure jenkins on EC2 if you want to set it up for some testing.
You can use a proxy agent Ngrok.
Command :
ngrok http 8080
It will generate http://{some-number}.ngrok.io, copy the generated public address and put in your github repository webhook http://{some-number}.ngrok.io/github-webhook
At this point when you save it, it will send a post request to ngrok server, got redirected to localhost and you will see a green tick.
You can refer to this document for configuring the whole process.

Triggering Jenkins builds from Slack

By following the tutorial below I am attempting to use slash commands in Slack to trigger a build in Jenkins. My jenkins instance which is on an EC2 is utilizing the user's API token to authenticate the POST command from slack.
When I do the curl command locally, it successfully triggers the build, the command is similar to this:
curl -X POST http://slack:c1c54d626f6a11fbc98ed795ec8862bc#10.11.12.13:8080/job/TEST_ATOMATION_GURU_SLACK_JOB_DEMO/build
However when I try to execute the command in slack via a slash command I get: Darn - that slash command didn't work (error message: 403_client_error).
Tutorial I am following: http://www.testautomationguru.com/jmeter-selenium-webdriver-how-to-trigger-automated-test-execution-from-slack/
I have also tried this tutorial with the same result:
https://sonnguyen.ws/how-to-trigger-a-jenkins-build-from-slack/
I also saw this stackoverflow post but it did not help: Using Slack to start Jenkins builds
Things I have tried:
- Opening up the security groups
- In jenkins selecting “Allow anonymous read access”
- In Jenkins deselecting “Prevent Cross Site Request
Forgery exploits”
Any help or guidance would be much appreciated.
enter image description here
The good news is that the setup should work - I also have a Slack slash command triggering a jenkins job, so the issue will be somewhere in your setup.
I see in your curl example you are accessing jenkins on a private IP. I would start there as if you are using the same private IP in the Slack slash command, there is no way Slack would be able to access your Jenkins instance. If you are using private IP in the slash command, I would recommend attaching an Elastic IP to your EC2 instance (assuming it lives in public subnet etc) and then try again the slash command but on the Elastic IP this time.
you can use ngrok for the tunneling and then you should be able to trigger that.
note: Ensure that the URL you are giving in the section should be able to trigger the build if run manually using the curl -X POST command.

No route registered for '/docker/hook'

I'm creating an Azure AppService based on a Docker image. The image is in Docker public registry, so I want the service to 'know' when there's a new version of the image (same tag).
I thought the WebHook under Continuous Deployment was to achieve that, but when I call it with curl I get the message from the subject.
I couldn't find the right doc... is that WebHook URL for what I think (hope) it is? is there a specific HTTP verb to use?
EDIT: I mean the WebHook URL found under Continuous Deployment in my Container Settings in Azure
I was stuck on this one for some time as well, until I realized that it requires POST HTTP request on that URL.
Here is an example of the CURL request that I have in my gitlab CI script
curl -X POST "https://\$$AZURE_DEPLOY_USER:$AZURE_DEPLOY_PASSWORD#$AZURE_KUDU_URL/docker/hook" -d -H
It does require to have set the following variables in the environment or you can replace it directly with your URL
$AZURE_DEPLOY_USER
$AZURE_DEPLOY_PASSWORD
$AZURE_KUDU_URL

Resources