Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33183

Anonymous scan credentials causes checkout to fail

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Jenkins 1.625.3, GitHub Branch Source Plugin 1.2, GitHub Enterprise
    • Similar Issues:

      Description

      I am getting an error when I have my credentials set to none or anonymous. The branch indexing works properly and automatically finds new PR's when they are created, but the builds themselves fail because the checkout command doesn't seem to be willing to run without specific credentials.

      No scan credentials, skipping
      ERROR: Could not determine exact tip revision of PR-5; falling back to nondeterministic checkout
       > C:\Program Files\Git\bin\git.exe rev-parse --is-inside-work-tree # timeout=10
      Fetching changes from 2 remote Git repositories
       > C:\Program Files\Git\bin\git.exe config remote.origin.url https://<github enterprise server>/<org>/<project>.git # timeout=10
      Fetching upstream changes from https://<github enterprise server>/<org>/<project>.git
       > C:\Program Files\Git\bin\git.exe --version # timeout=10
       > C:\Program Files\Git\bin\git.exe -c core.askpass=true fetch --tags --progress https://<github enterprise server>/<org>/<project>.git +refs/heads/*:refs/remotes/origin/*
       > C:\Program Files\Git\bin\git.exe config remote.origin1.url https://<github enterprise server>/<org>/<project>.git # timeout=10
      Fetching upstream changes from https://<github enterprise server>/<org>/<project>.git
       > C:\Program Files\Git\bin\git.exe -c core.askpass=true fetch --tags --progress https://<github enterprise server>/<org>/<project>.git +refs/pull/*/merge:refs/remotes/origin/pr/*
      Seen branch in repository origin/master
      Seen branch in repository origin/pr/1
      Seen branch in repository origin/pr/2
      Seen branch in repository origin/pr/5
      Seen 4 remote branches
      ERROR: Couldn't find any revision to build. Verify the repository and branch configuration for this job.
      Finished: FAILURE
      

      Based on reading some other issues, it appears to me that anonymous access was intentionally left unusable due to concerns with API rate limiting. There also appeared to be a comment that the rate limiting doesn't apply to a Github Enterprise Server, which is what I'm using here. I understand discouraging people from using anonymous access, but right now it appears to work correctly for indexing and then break during checkout. Can similar logic to what happens during indexing be added to the checkout to allow anonymous to get the revision to checkout?

      From reading the code it appears that the function retrieve(SCMHead, TaskListener) needs to have functionality closer to that of retrieve(SCMHeadObserver, TaskListener) Also, should retrieve(SCMHead, TaskListener) be using the checkout credentials instead of the scan credentials? Either way, I think it should allow anonymous credentials to be used.

        Attachments

          Issue Links

            Activity

            Hide
            recena Manuel Recena Soto added a comment -

            Andy Neebel Thanks for your PR. I reviewed it.

            Show
            recena Manuel Recena Soto added a comment - Andy Neebel Thanks for your PR. I reviewed it.
            Hide
            recena Manuel Recena Soto added a comment -

            Maybe related JENKINS-31552

            Show
            recena Manuel Recena Soto added a comment - Maybe related JENKINS-31552
            Hide
            andne Andy Neebel added a comment -

            I don't think so, the part I changed is using the GitHub API which doesn't call the git command line at all. JENKINS-31552 looks to be related to the actual checkout itself, when git is called to do clone/fetch/etc...

            Show
            andne Andy Neebel added a comment - I don't think so, the part I changed is using the GitHub API which doesn't call the git command line at all. JENKINS-31552 looks to be related to the actual checkout itself, when git is called to do clone/fetch/etc...
            Hide
            jglick Jesse Glick added a comment -

            should retrieve(SCMHead, TaskListener) be using the checkout credentials instead of the scan credentials?

            No, all GitHub API operations use the scan credentials.

            it appears to me that anonymous access was intentionally left unusable

            No, it is intended to work to the extent possible. You might run into rate limiting issues, if you have a lot of repositories/branches, but that is your problem.

            Show
            jglick Jesse Glick added a comment - should retrieve(SCMHead, TaskListener) be using the checkout credentials instead of the scan credentials? No, all GitHub API operations use the scan credentials. it appears to me that anonymous access was intentionally left unusable No, it is intended to work to the extent possible. You might run into rate limiting issues, if you have a lot of repositories/branches, but that is your problem.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/e3784380a29f020468e28b251ae7e3b3ee9c6273
            Log:
            Merge pull request #23 from Andne/ghe-anon

            JENKINS-33183 Allow anon credentials when retrieving commit

            Compare: https://github.com/jenkinsci/github-branch-source-plugin/compare/b407e671c88a...e3784380a29f

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java http://jenkins-ci.org/commit/github-branch-source-plugin/e3784380a29f020468e28b251ae7e3b3ee9c6273 Log: Merge pull request #23 from Andne/ghe-anon JENKINS-33183 Allow anon credentials when retrieving commit Compare: https://github.com/jenkinsci/github-branch-source-plugin/compare/b407e671c88a...e3784380a29f

              People

              • Assignee:
                andne Andy Neebel
                Reporter:
                andne Andy Neebel
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: