secret token sent from gitlab webhook not being checked
291 views
Skip to first unread message
chris...@paxport.net
Jan 5, 2018, 5:47:10 AM1/5/18
to Jenkins Users
I'm trying to get the simple "secret token" auth working with multibranch declarative pipelines on my gitlab webhooks.
The webhooks (all "Push Hook") I've got set up seem to be working fine in the sense that they fire the correct project; the URLs I've got defined in the gitlab webhooks are of the format: <jenkins-host>/project/<project-name>
It's the "secret token" part that's not being checked, regardless of what I specify. Checking the details of webhooks that have fired shows the "X-Gitlab-Token" header being sent correctly.
an example snippet from one of my declarative pipelines:
Once this pipeline has run for a project, I can see all the config settings showing correctly in the "View Configuration" page of the project/branch in Jenkins.
So from what I can see, everything looks okay.
I added a gitlab-plugin log recorder, and can see entries such as:
"Jan 04, 2018 11:11:57 PM FINE com.dabsquared.gitlabjenkins.webhook.build.PushBuildAction Notify scmSourceOwner <project-name> about changes for <git-repo>"
I'm not really au fait with the Jenkins codebase, but doing some quick digging (and from log entries), suggests the project is an instance of SCMSourceOwner, as opposed to an instance of Job. The former results in a SCMSourceOwnerNotifier which doesn't seem to use secretToken, whereas the latter results in a TriggerNotifier which DOES use secretToken.
So why are my projects instances of SCMSourceOwner, and to get the secretToken functionality working, do I need to switch it to a Job, somehow, or will I have some configuration incorrectly set, somewhere?
The webhooks (all "Push Hook") I've got set up seem to be working fine in the sense that they fire the correct project; the URLs I've got defined in the gitlab webhooks are of the format: <jenkins-host>/project/<project-name>
It's the "secret token" part that's not being checked, regardless of what I specify. Checking the details of webhooks that have fired shows the "X-Gitlab-Token" header being sent correctly.
an example snippet from one of my declarative pipelines:
options {
gitLabConnection('gitlab')
}
triggers {
gitlab(
triggerOnPush: true,
triggerOnMergeRequest: false, triggerOpenMergeRequestOnPush: "never",
triggerOnNoteRequest: false,
noteRegex: "Jenkins please retry a build",
skipWorkInProgressMergeRequest: false,
ciSkip: false,
setBuildDescription: false,
addNoteOnMergeRequest: false,
addCiMessage: false,
addVoteOnMergeRequest: false,
acceptMergeRequestOnSuccess: false,
branchFilterType: "NameBasedFilter",
includeBranchesSpec: "master",
excludeBranchesSpec: "",
secretToken: "_redacted_")
}Once this pipeline has run for a project, I can see all the config settings showing correctly in the "View Configuration" page of the project/branch in Jenkins.
So from what I can see, everything looks okay.
I added a gitlab-plugin log recorder, and can see entries such as:
"Jan 04, 2018 11:11:57 PM FINE com.dabsquared.gitlabjenkins.webhook.build.PushBuildAction Notify scmSourceOwner <project-name> about changes for <git-repo>"
I'm not really au fait with the Jenkins codebase, but doing some quick digging (and from log entries), suggests the project is an instance of SCMSourceOwner, as opposed to an instance of Job. The former results in a SCMSourceOwnerNotifier which doesn't seem to use secretToken, whereas the latter results in a TriggerNotifier which DOES use secretToken.
So why are my projects instances of SCMSourceOwner, and to get the secretToken functionality working, do I need to switch it to a Job, somehow, or will I have some configuration incorrectly set, somewhere?
chris...@paxport.net
Jan 5, 2018, 6:09:56 AM1/5/18
to Jenkins Users
think I'll raise this on the gitlab-plugin github project, but if anyone here has any suggestions that'd be great. I'll post back here if I get any updates.
chris...@paxport.net
Jan 19, 2018, 9:25:50 AM1/19/18
to Jenkins Users
I raised https://github.com/jenkinsci/gitlab-plugin/issues/700
looks like it's a bug in the plugin. I'll close this case down (follow the github issue for further updates)
looks like it's a bug in the plugin. I'll close this case down (follow the github issue for further updates)
Reply all
Reply to author
Forward
0 new messages