405 Method Not Allowed - Deploy to staging

374 views
Skip to first unread message

kudos-dude

unread,
Nov 18, 2021, 9:48:51 AM11/18/21
to Jenkins Developers
I received a pull request for something that I would like to get in for the `dependency-check-plugin`

I have the feature branch made, and I am attempting to run the maven "deploy to stage" process, but I'm receiving this error:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project dependency-check-jenkins-plugin: Failed to deploy artifacts: Could not transfer artifact org.jenkins-ci.plugins:dependency-check-jenk
ins-plugin:hpi:5.1.2-20211118.144452-1 from/to maven.jenkins-ci.org (https://repo.jenkins-ci.org/org.owasp:dependency-check-plugin): Transfer failed for https://repo.jenkins-ci.org/org.owasp:dependency-check-plugin/org/jenkins-ci/plugins/dependency-check
-jenkins-plugin/5.1.2-SNAPSHOT/dependency-check-jenkins-plugin-5.1.2-20211118.144452-1.hpi 405 Method Not Allowed

Any idea how to get around this?

Gavin Mogan

unread,
Nov 18, 2021, 1:44:28 PM11/18/21
to Jenkins Developers
afaik there's no staging repo.
it'll not allow snapshots to be released.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/23259127-e2ac-4922-b862-3d1e434187bdn%40googlegroups.com.

Daniel Beck

unread,
Nov 19, 2021, 7:37:07 AM11/19/21
to Jenkins Developers
The staging procedure is unique to security updates prepared in private. That does not apply here, so none of the instructions related to security fixes should be used.

Do a normal release:prepare release:perform as with any other release you create.

kudos-dude

unread,
Nov 19, 2021, 9:56:48 AM11/19/21
to Jenkins Developers
Getting a 401 now. I'm assuming this has something to do with my `settings.xml` file?

Does someone have an example one for deploying to Jenkins-CI?

Daniel Beck

unread,
Nov 19, 2021, 10:20:12 AM11/19/21
to jenkin...@googlegroups.com
On Fri, Nov 19, 2021 at 3:56 PM kudos-dude <weston...@gmail.com> wrote:
Getting a 401 now. I'm assuming this has something to do with my `settings.xml` file?

Does someone have an example one for deploying to Jenkins-CI?

kudos-dude

unread,
Nov 19, 2021, 10:45:30 AM11/19/21
to Jenkins Developers
I've created my `settings.xml` file based off the article above. It includes my Jenkins credentials that allows me to sign in to all other Jenkins related logins (encrypted login/password created via `mvn --encrypt-password`. Tried various server id's including `maven.jenkins-ci.org` and `org.jenkins-ci-plugins`). Still getting a 401.

Could this be because I'm not within the `jenkins-ci` group within Github? I believe that I'm doing everything correctly here, so not sure what I'm missing.

Daniel Beck

unread,
Nov 19, 2021, 11:43:04 AM11/19/21
to jenkin...@googlegroups.com
On Fri, Nov 19, 2021 at 4:45 PM kudos-dude <weston...@gmail.com> wrote:
I've created my `settings.xml` file based off the article above. It includes my Jenkins credentials that allows me to sign in to all other Jenkins related logins (encrypted login/password created via `mvn --encrypt-password`.

Please try following the instructions to obtain the encrypted password.

kudos-dude

unread,
Nov 19, 2021, 2:23:28 PM11/19/21
to Jenkins Developers
I'm using my Jenkins credentials to login to the Artifactory, but getting a invalid login response.

Is this a separate registration process?

I apologize needing to be walked through this. I thought I had this setup in the beginning, but that was a while ago.

Mark Waite

unread,
Nov 19, 2021, 2:41:01 PM11/19/21
to Jenkins Developers
If the setup was before September 4, 2021, then you'll need to reset your password through https://beta.accounts.jenkins.io or https://accounts.jenkins.io .  Jenkins account passwords were reset as a result of the Confluence instance attack.

If you need to reset your password, I suspect that you'll find it won't work.  Your email address in the accounts.jenkins.io system will not be able to send you email because it is not a valid email address.  If you need a password reset, please send email to mark.earl.waite at gmail (that's me).  I'll have you perform some validation steps to confirm your identity, then send you the updated password.

Mark Waite

kudos-dude

unread,
Dec 3, 2021, 9:19:15 AM12/3/21
to Jenkins Developers
I have successfully pushed the release to `repo.jenkins-ci.org`. It is reflected in JFrog.

How long will it take before this becomes available in the Plugin Manager? Should it be instant?

Mark Waite

unread,
Dec 3, 2021, 9:48:26 AM12/3/21
to jenkinsci-dev
Not quite instant, but usually within 10-15 minutes.

I usually check by opening https://updates.jenkins.io .  On that page there is a link to a page that has links to the latest releases.  Find your plugin, copy the URL, then paste it into a separate browser tab with '?mirrorlist' appended.


--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

kudos-dude

unread,
Dec 3, 2021, 4:15:15 PM12/3/21
to Jenkins Developers
It looks like I've gotten the release out correctly in JFrog, but the updated release is still not showing up in the `updates.jenkins.io`. Any ideas?

For reference, the 5.1.2 release is the latest

Daniel Beck

unread,
Dec 3, 2021, 4:26:24 PM12/3/21
to jenkin...@googlegroups.com
On Fri, Dec 3, 2021 at 10:15 PM kudos-dude <weston...@gmail.com> wrote:
It looks like I've gotten the release out correctly in JFrog, but the updated release is still not showing up in the `updates.jenkins.io`. Any ideas?

Last update was several hours ago, as you can see in the file timestamps. I'm looking into it, and expect it to be updated in half an hour or so.

Gavin Mogan

unread,
Dec 3, 2021, 5:44:42 PM12/3/21
to Jenkins Developers
 curl -qLs https://updates.jenkins.io/update-center.actual.json | jq '.plugins["dependency-check-jenkins-plugin"] | {version,releaseTimestamp,buildDate}'
{
  "version": "5.1.2",
  "releaseTimestamp": "2021-12-03T15:39:13.00Z",
  "buildDate": "Dec 03, 2021"
}


What are you expecting?

kudos-dude

unread,
Dec 3, 2021, 5:55:33 PM12/3/21
to Jenkins Developers
I see it in the Update Center now. Didn't see the Check Now button down at the bottom

kudos-dude

unread,
Dec 3, 2021, 6:00:17 PM12/3/21
to Jenkins Developers
Still have the security notice on the plugin after the update. How does that end up removed?

Daniel Beck

unread,
Dec 3, 2021, 6:02:28 PM12/3/21
to jenkin...@googlegroups.com
On Sat, Dec 4, 2021 at 12:00 AM kudos-dude <weston...@gmail.com> wrote:
Still have the security notice on the plugin after the update. How does that end up removed?

Gavin Mogan

unread,
Dec 4, 2021, 8:07:17 PM12/4/21
to Jenkins Developers
I know there's been some issues with spam (DB and I both find each others emails in spam).

@kudos-dude, did you get his reply about how to follow up?


Also Also, if you create a github release for the new version, it'll show up in the releases tab

kudos-dude

unread,
Dec 6, 2021, 8:54:30 AM12/6/21
to Jenkins Developers
The CVE fix was in the 5.1.2 version that I pushed out, which is now available in the Update Center.

I did follow up via a Jira ticket here, though haven't received any traction there:
https://issues.jenkins.io/browse/INFRA-3148
Reply all
Reply to author
Forward
0 new messages