I'm trying to get the simple "secret token" auth working with multibranch declarative pipelines on my gitlab webhooks.
The webhooks (all "Push Hook") I've got set up seem to be working fine in the sense that they fire the correct project; the URLs I've got defined in the gitlab webhooks are of the format: <jenkins-host>/project/<project-name>
It's the "secret token" part that's not being checked, regardless of what I specify. Checking the details of webhooks that have fired shows the "X-Gitlab-Token" header being sent correctly.
an example snippet from one of my declarative pipelines:
options {
gitLabConnection('gitlab')
}
triggers {
gitlab(
triggerOnPush: true,
triggerOnMergeRequest: false, triggerOpenMergeRequestOnPush: "never",
triggerOnNoteRequest: false,
noteRegex: "Jenkins please retry a build",
skipWorkInProgressMergeRequest: false,
ciSkip: false,
setBuildDescription: false,
addNoteOnMergeRequest: false,
addCiMessage: false,
addVoteOnMergeRequest: false,
acceptMergeRequestOnSuccess: false,
branchFilterType: "NameBasedFilter",
includeBranchesSpec: "master",
excludeBranchesSpec: "",
secretToken: "_redacted_")
}
Once this pipeline has run for a project, I can see all the config settings showing correctly in the "View Configuration" page of the project/branch in Jenkins.
So from what I can see, everything looks okay.
I added a gitlab-plugin log recorder, and can see entries such as:
"Jan 04, 2018 11:11:57 PM FINE com.dabsquared.gitlabjenkins.webhook.build.PushBuildAction Notify scmSourceOwner <project-name> about changes for <git-repo>"
I'm not really au fait with the Jenkins codebase, but doing some quick digging (and from log entries), suggests the project is an instance of SCMSourceOwner, as opposed to an instance of Job. The former results in a
SCMSourceOwnerNotifier which doesn't seem to use secretToken, whereas the latter results in a TriggerNotifier which DOES use secretToken.
So why are my projects instances of SCMSourceOwner, and to get the secretToken functionality working, do I need to switch it to a Job, somehow, or will I have some configuration incorrectly set, somewhere?