Secure Jenkins and mutlibranch github pipeline trigger

[Lionel Orellana]

Hi All

How can I trigger a build on a multibranch pipeline where there is a push in github and Jenkins requires authentication.

I tried "Trigger builds remotely (e.g., from scripts)" but the token generated here isn't enough for a github webhook to authenticate with Jenkins.  Github throws "Authentication required". This is using  a webhook like <jenkins_url>/job/<job name>/build?token=some token  where the token matches what's in the "Trigger builds remotely" configuration.

Thanks

Lionel.

 

[Lionel Orellana]

Sorry found my answer. Nothing to do with pipeline. 

http://<user>:<user token>@<jenkins_url>/job/<job name>/build?token=job token

[Lionel Orellana]

Actually something's not quite right.

Firstly, the configuration in the Multibranch project to "Trigger builds remotely" disappears after I save. Select the option, put a token, save and reopen. They are gone. 

Secondly, assuming the configuration is actually saved, the url to trigger the build needs to have the branch name in it:

  <jenkins_url>/job/<job name>/branch/master/build?token=some token

This actually works (despite the config seemingly not being saved). But without the branch name in the url it doesn't do anything. So do I have to setup a different webhook for each branch? 

It feels like this should work out of the box and I'm doing something very silly.

And yet, invoking the url with curl triggers the build. Seems like a UI problem. 

On Saturday, 7 May 2016 12:29:22 UTC+10, Lionel Orellana wrote:

[Lionel Orellana]

Invoking without the branch name in the url triggers the indexing job of course. So it seems I need a different webhook per branch?

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/Jv2V4tldkFs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/78ab11b0-4df2-47a2-8153-a2c51ab1fc7a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Lionel Orellana]

Well seems like the solution would for the GitHub Plugin to support Multibranch pipelines

On Saturday, 7 May 2016 12:29:22 UTC+10, Lionel Orellana wrote:

[Lionel Orellana]

Apologies for my rather disorganised thought process in this thread.  

I just found the 'Re-register hooks for all jobs' in the global config (GitHub Servers Advanced options). That created the hooks correctly for me without any additional configuration in the multibranch job. 

Thanks.

[Corey Wei]

Hi Lionel,

I just tested this on Jenkins 2.19.1. 

Looks like "Re-register hooks for all jobs" is not working for my multibranch job. Is there anything I am missing?

Thanks

[Lionel Orellana]

Hi Corey

Unfortunately I don't have this server running anymore. I was just using it to learn stuff. But I do remember that re-registering hooks worked straight away for me. Are you behind a firewall? I was running this on a cloud provider with direct access from the outside world (e.g. from github.com)  When you say it doesn't work, what error or wrong behavior do you see?

Lionel 

[Corey Wei]

Hi Lionel,

It's working once I added the following to Jenkinsfile :

properties([pipelineTriggers([[$class: 'GitHubPushTrigger']])]) 

Thanks