Giters

jenkinsci / bitbucket-push-and-pull-request-plugin

Plugin for Jenkins v2.138.2 or later, that triggers job builds on Bitbucket's push and pull request events.

Home Page:https://plugins.jenkins.io/bitbucket-push-and-pull-request

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cloud push trigger missing credentials when checking for changes

cuyahoga opened this issue · comments

commented

Jenkins : 2.449
BBPPR : Both 3.0.2 and 3.0.3-SNAPSHOT
Bitbucket Cloud

Bitbucket repo:
"fred" configured with an Access Token

Trigger :
Bitbucket Cloud Push
Trigger also if nothing has changed in the repo : FALSE
Allowed branches : fred

I've been trying, and thus far failing, to understand where the client credentials are added to an SCMTriggerItem by the plugin during a build. The webhook payload comes in, it's correctly matched to the job, the pre-flight to check for changes fires but fails due to lack of credentials. I'd expect it to be specifying the repo's access token, but that's not happening. The following is the BBPPR Hook Log linked from the job page;

Started on 15 Mar 2024, 11:27:42
Using strategy: Default
[poll] Last Built Revision: Revision e7205aecc4eb6820450a888ef90184f34b3e7ec2 (refs/remotes/origin/fred)
The recommended git tool is: NONE
No credentials specified
 > git --version # timeout=10
 > git --version # 'git version 2.39.3'
 > git ls-remote -h -- https://x-token-auth@bitbucket.org/xxxxxxxx/fred-test.git # timeout=10
ERROR: polling failed in E:\Jenkins\Builds\workspace\Test\Fred Test - fred on Windows Server 2019 (xxxxxxxxxxx)
hudson.plugins.git.GitException: Command "git ls-remote -h -- https://x-token-auth@bitbucket.org/xxxxxxxx/fred-test.git" returned status code 128:
stdout: 
stderr: remote: Invalid credentials
fatal: Authentication failed for 'https://bitbucket.org/xxxxxxxx/fred-test.git/'
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2846)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2185)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2079)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2070)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getHeadRev(CliGitAPIImpl.java:3739)
	at hudson.plugins.git.GitSCM.compareRemoteRevisionWithImpl(GitSCM.java:731)
	at hudson.plugins.git.GitSCM.compareRemoteRevisionWith(GitSCM.java:690)
Caused: java.io.IOException
	at hudson.plugins.git.GitSCM.compareRemoteRevisionWith(GitSCM.java:692)
	at org.jenkinsci.plugins.workflow.job.WorkflowJob.poll(WorkflowJob.java:636)
        ...

This then causes the actual build not to fire, because there's no response. If I go back to the config for the job and set 'Trigger also if nothing has changed in the repo' = TRUE the build completes as expected, as this pre-flight is bypassed.

I've tried specifying all kinds of different combinations of credential types in the BBPPR trigger section of the job config, but none made any difference to the output observed. In fact, when no credentials were selected, there was no difference - i.e. the remote URL used by git still included the "x-token-auth@bitbucket.org".

Our workaround for the moment is a Groovy script to make sure the 'trigger if nothing changed' flag is set on all jobs, but I'd prefer that we could revert it to its default FALSE value, have the pre-flight correctly use the repo access token and not have unnecessary builds occurring.

Cheers, Stu