Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40465

PR are not build if read access is not available on the Source branch

    Details

    • Similar Issues:

      Description

      When I try to initiate a build for the PR request, it shows

      Looking up MI/apis for branches
      Checking branch master from MI/apis
      Met criteria
      Looking up MI/apis for pull requests
      Checking PR from ~ABISHEK_MANOHARAN/apis and branch master
      Does not meet criteria
      

      Now, the credentials used in Jenkins for Bitbucket does not have permission to read "~ABISHEK_MANOHARAN/apis" repository, but it has the permissions to read/write on "MI/apis" repository.

      It's not possible to provide the credentials read access to all the repositories from which a pull request might come.

      Using the credentials I am able to view and approve the PR on the Bitbucket Server Web interface, so I think it should be possible to build with the PR from Jenkins as well.

      If, I give read access to "~ABISHEK_MANOHARAN/apis" repo, then it's building fine.

        Attachments

          Activity

          Hide
          jamesdumay James Dumay added a comment -

          Now available in 2.2

          Show
          jamesdumay James Dumay added a comment - Now available in 2.2
          Show
          zigarn Alexandre Garnier added a comment - I created a PR: https://github.com/jenkinsci/bitbucket-branch-source-plugin/pull/48
          Hide
          zigarn Alexandre Garnier added a comment -

          Kenneth Brooks: yes it does.

          Show
          zigarn Alexandre Garnier added a comment - Kenneth Brooks : yes it does.
          Hide
          kenneth_s_brooks Kenneth Brooks added a comment -

          I am facing the same issue. (Bitbucket Server 4.3.2)

          Right now, for PRs coming from a fork, unless I add the scan credentials to the source repo (which is a personal/private forked repo), the scan doesn't find the Jenkinsfile.

          The scan (and even the checkout) should get the code from the the commit hash on the destination repository.
          I have all the code on the destination repo via that hash.

          Alexandre Garnier does your patch work for both PRs coming from a forked repo as well as PRs coming from the original repo?

          Show
          kenneth_s_brooks Kenneth Brooks added a comment - I am facing the same issue. (Bitbucket Server 4.3.2) Right now, for PRs coming from a fork, unless I add the scan credentials to the source repo (which is a personal/private forked repo), the scan doesn't find the Jenkinsfile. The scan (and even the checkout) should get the code from the the commit hash on the destination repository. I have all the code on the destination repo via that hash. Alexandre Garnier does your patch work for both PRs coming from a forked repo as well as PRs coming from the original repo?
          Hide
          zigarn Alexandre Garnier added a comment -

          A dirty hack in attachment: dirty-fix-JENKINS-40465.patch
          It works only for BitbucketServer.
          The idea is:

          • when checking PR, check against destination repository (the only one we are sure to have access to)
          • so check that 'Jenkinsfile' path exists on commit hash instead of PR branch (that may not exists in destination repository)
          • fetch the special refspec 'refs/pull-requests/<PR-NUMBER>/from' instead of the branch name (BitbucketServer specific, need to find a way to abstract this against the bitbucket type)
          • get PR tip from the PR lastCommit instead of looping against the destination branches to find the PR branch (that may not exists in destination repository) (don't know the impact on Bitbucket Cloud)
          Show
          zigarn Alexandre Garnier added a comment - A dirty hack in attachment: dirty-fix-JENKINS-40465.patch It works only for BitbucketServer. The idea is: when checking PR, check against destination repository (the only one we are sure to have access to) so check that 'Jenkinsfile' path exists on commit hash instead of PR branch (that may not exists in destination repository) fetch the special refspec 'refs/pull-requests/<PR-NUMBER>/from' instead of the branch name (BitbucketServer specific, need to find a way to abstract this against the bitbucket type) get PR tip from the PR lastCommit instead of looping against the destination branches to find the PR branch (that may not exists in destination repository) (don't know the impact on Bitbucket Cloud)
          Hide
          brunolavit Bruno Lavit added a comment -

          Hi,

          I'm trying to use the Jenkins Bitbucket Source branch plugin to manage the build for my branches and my PRs.
          I've exactly the same issue.
          Without the read permission, the plugin is not able to view the PR content:

          Looking up SAN/forgerock-parent-bruno for branches
          Checking branch master from SAN/forgerock-parent-bruno
          Met criteria
          No changes detected in master (still at 0c4cdd37be1f800f323e30f93890e19ce8bd6e52)
          Checking branch 1.2.x from SAN/forgerock-parent-bruno
          Met criteria
          No changes detected in 1.2.x (still at fdf8b7e905414586a8eb50f83ce216f6bd5ec21c)
          Looking up SAN/forgerock-parent-bruno for pull requests
          Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.4
          ***Does not meet criteria***
          Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.3
          ***Does not meet criteria***
          

          If I give a read access to the account used to scan the repositories, it works:

          Looking up SAN/forgerock-parent-bruno for branches
          Checking branch master from SAN/forgerock-parent-bruno
          Met criteria
          No changes detected in master (still at 0c4cdd37be1f800f323e30f93890e19ce8bd6e52)
          Checking branch 1.2.x from SAN/forgerock-parent-bruno
          Met criteria
          No changes detected in 1.2.x (still at fdf8b7e905414586a8eb50f83ce216f6bd5ec21c)
          Looking up SAN/forgerock-parent-bruno for pull requests
          Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.4
          ***Met criteria***
          Scheduled build for branch: PR-5
          Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.3
          ***Met criteria***
          Scheduled build for branch: PR-4
          

          I understand it's more a permissions problem on the Bitbucket side.
          But if something is possible on the plugin side, it can help a lot.
          Thanks

          Show
          brunolavit Bruno Lavit added a comment - Hi, I'm trying to use the Jenkins Bitbucket Source branch plugin to manage the build for my branches and my PRs. I've exactly the same issue. Without the read permission, the plugin is not able to view the PR content: Looking up SAN/forgerock-parent-bruno for branches Checking branch master from SAN/forgerock-parent-bruno Met criteria No changes detected in master (still at 0c4cdd37be1f800f323e30f93890e19ce8bd6e52) Checking branch 1.2.x from SAN/forgerock-parent-bruno Met criteria No changes detected in 1.2.x (still at fdf8b7e905414586a8eb50f83ce216f6bd5ec21c) Looking up SAN/forgerock-parent-bruno for pull requests Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.4 ***Does not meet criteria*** Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.3 ***Does not meet criteria*** If I give a read access to the account used to scan the repositories, it works: Looking up SAN/forgerock-parent-bruno for branches Checking branch master from SAN/forgerock-parent-bruno Met criteria No changes detected in master (still at 0c4cdd37be1f800f323e30f93890e19ce8bd6e52) Checking branch 1.2.x from SAN/forgerock-parent-bruno Met criteria No changes detected in 1.2.x (still at fdf8b7e905414586a8eb50f83ce216f6bd5ec21c) Looking up SAN/forgerock-parent-bruno for pull requests Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.4 ***Met criteria*** Scheduled build for branch: PR-5 Checking PR from ~B.LAVIT/forgerock-parent-bruno and branch bruno.pr.3 ***Met criteria*** Scheduled build for branch: PR-4 I understand it's more a permissions problem on the Bitbucket side. But if something is possible on the plugin side, it can help a lot. Thanks

            People

            • Assignee:
              zigarn Alexandre Garnier
              Reporter:
              abishek3876 Abishek Manoharan
            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: