I'm trying to follow the advice given in Set Hudson Build Description via Web API but I'm getting a 403 presumably because the request has to be authenticated. Since the script is being run from an authenticated Jenkins session, how do I pass those credentials through?
Looks like you need to pass user and api token in your request. Here's an example (not in Python, but I guess you can manage the translation).
Use the 'Execute system Groovy script' Build task which executes in the same VM so you don't have to re-authenticate or manually pass through tokens or credentials.
Related
I'm trying to trigger a job from one Jenkins (A) on another one (B). I've installed 2 plugins:
Parameterized Remote Trigger
Build Token Root
My issue is, that I'm able to trigger build on Jenkins (B) using for example curl and token only, which means the Build Token Root plugin is working as expected, but Parameterized Remote Trigger seems to don't respect this.
I probably should mention that I've tried different auth options, Trust All certs, etc.
My Jenkins (A) config:
Logs are the same with and without Build Token Root support enabled.
Logs I'm getting:
I was able to get this working by allowing Anonymous users Overall Read and Job Read access. It appears this is necessary because the Parameterized Remote Trigger plugin attempts to call additional APIs apart from just the /build and /buildWithParameters and those calls are the ones that fail.
It makes sense that, in order to have the default blocking capability, you need to call additional APIs to poll, but even setting blockBuildUntilComplete : false did not fix the issue. Considering that Parameterized Remote Trigger plugin plainly says it "plays well" with the Build Token plugin in its documentation, it really is not an easy feat to make them work together.
In my opinion, using the two together isn't an ideal solution because of the necessity for allowing unauthenticated users to browse your jenkins instance via the ui - I suspect you could (although I haven't tried it) get an API Token for a user with only Overall Read and Job Read access instead of giving all Anonymous Users the rights, but this includes the overhead of managing a user and an API Token, which defeats our primary motivation to use the Build Token plugin in the first place.
For the declarative pipeline, I used to store standard passwords and usernames within the Jenkins instance. And used something like this within the pipeline:
CredentialVar = credentials('Credential_Name')
But now I have an api that will only accept refresh tokens which will expire. Basically, I think the solution is to request a new token each time with an API call when the pipeline is built, but I don't know how to mask that new response token each time.
I have a Jenkins Server which runs a Jenkins job - JobA
and I have a Java Spring boot web service, where I store the Jenkins build data and serve it to various other systems.
I want that whenever JobA finishes each build, it should call an endpoint on my web service and post the build data (bascically the same data that I get from calling the Jenkins API: https://<my-jenkins-server>/job/JobA/<buildNumber>/api/json) to the end point of my web service, which accepts a POST requests and JSON payload to update the build details like job name, build number, build result, build url, build duration, timestamp, test results etc. in my database.
The endpoint of my web service should still be called even if the build fails.
I can already get all this data from the above REST API call, but I do not want to use that because, using that if I want to get the updated data in my database, I will have to poll the Jenkins REST API multiple times, (like maybe every 15 minutes or more frequently) which will increase the load on my Jenkins server.
I know that I can set up a Jenkins job to either call a script or call another downstream job through which I can then call a curl POST request to my end point.
But my problem is that I do not know where/how to get the JSON data for the build be sent in the POST request?
Can someone help me out please?
You can get the lastbuild information and there is a field called building which says if the build is running or not.
https://host/job/project/lastBuild/api/json?depth=1
I am developing a Dashboard on top of Jenkins. The Dashboard would list all the jobs available and would also have a trigger button to initiate a build which shoots a post request using the secret token. The problem is every build would have the same cause which says "Started by remote host 19.XX.XX.XX". Since the dashboard needs to display the user name triggering the job as the person who logged, is there a way we can pass the a username as well in the jenkins remote trigger url like below so that jenkins would capture the cause as the user name.
https://jenkinsurl:port/job/testLDAP/build?token=DDJjk$###*bB&userName=abc
There is no parameter that you can use for this. A workaround that I've used is adding &cause=This+was+started+by+abc which results in
Started by remote host 192.168.x.x with note: This was started by abc
Perhaps this might help you.
We are developing a replica of Jenkins and we have a need to authenticate SVN & GIT repository URLs. I see Jenkins is able to do it through allowing the user to have credentials created(POST) and validated through(GET) a call. However, I am unable to validate the SVN/GIT repo without the jobname.
I am able to fetch the global credentials added to Jenkins. But they are only retrieved for job basis. So if I want to see the list of credentials of a particular job, I can do it using the following JSON.
http://${JENKINS_URL&PORT}/job/${JOB_NAME}/descriptorByName/hudson.scm.SubversionSCM$ModuleLocation/fillCredentialsIdItems
But I would like to fetch the credentials without depending on the job name. Please let me know if I have to provide any more information. Any help is much appreciated.