Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54033

GitHub auth fails only for PR builds

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • github-branch-source-plugin
    • None
    • Ubuntu 10.04 latest
      Jenkins LTS ver. 2.138.2
      Oracle Java 1.8.0_45-b14
      git 2.3.7
      latest plugins as of 2018-10-11

      We have a GitHub Organization folder with a couple repositories enabled, for historical reasons running on a very old server as master. I know of the [recentish GitHub TLSv1.2 requirement|https://githubengineering.com/crypto-removal-notice/,] and the openssl 0.9.8 available on Ubuntu 10.04 should be affected...

      But my problem is that for some reason only PR builds are effected, not branch or tag builds on the same organization, etc.

      Our perfectly-working branch jobs' console output looks like (with a details <redacted>):

      Started by user <somebody>
16:20:57 Connecting to https://api.github.com using <somebody>/****** (Jenkins Github (<somebody>) API Access Token)
Obtained Jenkinsfile from <id>
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] node
Running on <node> in <slave_agent_HOME>/jenkins-admin/jenkins/workspace/<abbreviated-org+branch>-<id>
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/<org>/<repo>.git # timeout=10
Pruning obsolete local branches
Fetching upstream changes from https://github.com/<org>/<repo>.git
 > git --version # timeout=10
using GIT_ASKPASS to set credentials Jenkins Github (<somebody>) API Access Token
 > git fetch --tags --progress https://github.com/<org>/<repo>.git +refs/heads/<branch>:refs/remotes/origin/<branch> --prune # timeout=10
Checking out Revision <id> (<branch>)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f <id> # timeout=20
Commit message: "<Hello World>"
...

      And our failing PR builds' console output looks like:

      Started by user <someone>
14:35:33 Connecting to https://api.github.com using <someone>/****** (Jenkins Github (<someone>) API Access Token)
Checking out git https://github.com/<org>/<repo>.git into /var/lib/jenkins/jobs/<org>/jobs/<repo>/branches/PR-165/workspace@script to read Jenkinsfile
Cloning the remote Git repository
Cloning repository https://github.com/<org>/<repo>.git
 > git init /var/lib/jenkins/jobs/<org>/jobs/<repo>/branches/PR-165/workspace@script # timeout=10
Fetching upstream changes from https://github.com/<org>/<repo>.git
 > git --version # timeout=10
using GIT_ASKPASS to set credentials Jenkins Github (<someone>) API Access Token
 > git fetch --tags --progress https://github.com/<org>/<repo>.git +refs/heads/*:refs/remotes/origin/* # timeout=10
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --progress https://github.com/<org>/<repo>.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://github.com/<org>/<repo>.git/': gnutls_handshake() failed: A TLS fatal alert has been received.

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2016)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1735)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:72)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:420)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:629)
	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1146)
	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1186)
	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:120)
	at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:144)
	at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:120)
	at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:303)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:429)
ERROR: Error cloning remote repo 'origin'

GitHub has been notified of this commit’s build result

ERROR: Maximum checkout retry attempts reached, aborting
Finished: FAILURE

      It sure looks to me like PR builds use the master for git operations that branch and tag builds only use the slave node.  If that weren't the case, then I think PR builds would work for me as well.

      Any commentS?

            rsandell rsandell
            bryceman Bryce Schober
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: