Not found after clicking sigin button - Gerrit / Github integration

[Leslie Wang]

Dear Experts,

I'm trying integration btw Gerrit and GitHub, and generated config file and start Gerrit by following https://groups.google.com/g/repo-discuss/c/fCYf4it4vsc?pli=1. 

Here is my etc/gerrit.config

```

[gerrit]
        basePath = git
        canonicalWebUrl = http://localhost:8080/
        serverId = 83dc9601-fb49-4f13-8ae8-983609c57c4f
[container]
        javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
        javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
        user = test
        javaHome = /usr/lib/jvm/java-11-openjdk-amd64
[index]
        type = lucene
[auth]
        type = HTTP
        httpHeader = GITHUB_USER
        logoutUrl = /oauth/reset
        loginUrl = /login
        httpExternalIdHeader = GITHUB_OAUTH_TOKEN
        loginText = Sign-in with GitHub
        registerPageUrl = "/#/register"
[receive]
        enableSignedPush = true
[sendemail]
        smtpServer = localhost
[sshd]
        listenAddress = *:29418
[httpd]
        listenUrl = http://*:8080/
        filterClass = com.googlesource.gerrit.plugins.github.oauth.OAuthFilter
[cache]
        directory = cache
[github]
        url = https://github.com
        clientId = 1234
        clientSecret = 12345678
        apiUrl = https://api.github.com

```

But seems like web UI shows "Not found" after I click "Sign in" button. 

I saw some GitHub issues mentioning oauth broken, not sure if my case is same. It is official 3.5.2 release, plugin is 3.5.0.1 release

```

$ ls -l lib/
total 3368
-rw-rw-r-- 1 test test 3445271 Jun 13 20:50 github-oauth-3.5.0.1.jar
$ ls -l plugins/
total 7116
-rw-rw-r-- 1 test test 7284917 Jun 13 20:50 github.jar

```

Thanks for looking into, and please suggest how it can be solved.

Best Regards

Leslie

[Luca Milanesio]

Can you track the HTTP requests on the browser and see what traffic is flowing?

Alternatively, could you just make a small video ?

Luca.

I saw some GitHub issues mentioning oauth broken, not sure if my case is same. It is official 3.5.2 release, plugin is 3.5.0.1 release

```

$ ls -l lib/
total 3368
-rw-rw-r-- 1 test test 3445271 Jun 13 20:50 github-oauth-3.5.0.1.jar
$ ls -l plugins/
total 7116
-rw-rw-r-- 1 test test 7284917 Jun 13 20:50 github.jar

```

Thanks for looking into, and please suggest how it can be solved.

Best Regards

Leslie

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/aa78fedc-05f5-40f2-b1cd-47efda8cd576n%40googlegroups.com.

[Leslie Wang]

Hi Luca,

Please see attached screen shot images and video. The GitHub oauth callback URL is one ngrok domain bridging the gerrit and GitHub. Thanks for looking into it.

[Luca Milanesio]

On 15 Jun 2022, at 06:09, Leslie Wang <qi...@pensando.io> wrote:

Hi Luca,

Please see attached screen shot images and video. The GitHub oauth callback URL is one ngrok domain bridging the gerrit and GitHub. Thanks for looking into it.

<gerrit1.png>

<gerrit2.png>

<Screen Recording 2022-06-14 at 10.02.08 PM.mov>

I believe the redirect URL configured on GitHub is wrong: it looks like it does not redirect you back to your Gerrit site.

What have you configured on the GitHub’s OAuth side of things?

Luca.

Best Regards

Leslie Wang

[Leslie Wang]

I created the application based on the link, https://gerrit.googlesource.com/plugins/github/+/master/README.md#register-gerrit-as-a-github-oauth-application. Below is the configuration. 

From local ngrok console, I can see the request comes from GitHub. 

Also if I manually run `curl localhost:8080/oauth`. It replies Not Found.

Best Regards

Leslie Wang

[Luca Milanesio]

On 15 Jun 2022, at 17:17, Leslie Wang <qi...@pensando.io> wrote:

I created the application based on the link, https://gerrit.googlesource.com/plugins/github/+/master/README.md#register-gerrit-as-a-github-oauth-application. Below is the configuration. 

<PastedGraphic-5.png>

From local ngrok console, I can see the request comes from GitHub. 

<PastedGraphic-6.png>

Also if I manually run `curl localhost:8080/oauth`. It replies Not Found.

I see that your canonical web URL in gerrit.config doesn’t match the one in the OAuth config in GitHub.

[Luca Milanesio]

On 15 Jun 2022, at 19:15, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 15 Jun 2022, at 17:17, Leslie Wang <qi...@pensando.io> wrote:

I created the application based on the link, https://gerrit.googlesource.com/plugins/github/+/master/README.md#register-gerrit-as-a-github-oauth-application. Below is the configuration. 

<PastedGraphic-5.png>

From local ngrok console, I can see the request comes from GitHub. 

<PastedGraphic-6.png>

Also if I manually run `curl localhost:8080/oauth`. It replies Not Found.

I see that your canonical web URL in gerrit.config doesn’t match the one in the OAuth config in GitHub.

… and if you look the URL redirected by GitHub (the one that returns 404) states exactly that: redirect URL mismatch.

HTH

Luca.

[Leslie Wang]

Thanks for figuring out the issue. 

I’m still unclear where I need change. I changed to `canonicalWebUrl = https://d1e8-38-99-81-66.ngrok.io`, but UI can not load. Do I need configure a reverse proxy?

Sorry for the simple question because I’m still new to Gerrit.

Best Regards

Leslie Wang

[Luca Milanesio]

> On 15 Jun 2022, at 22:57, Leslie Wang <qi...@pensando.io> wrote:
>
> Thanks for figuring out the issue.
>
> I’m still unclear where I need change. I changed to `canonicalWebUrl = https://d1e8-38-99-81-66.ngrok.io`, but UI can not load. Do I need configure a reverse proxy?

I believe you’re making it too complicated by using grok.io: why don’t you just use localhost and port 8080 instead?

>
> Sorry for the simple question because I’m still new to Gerrit.

No problem, as your first time Gerrit setup you’ve chosen a quite complex one :-)
Why don’t you try with something simpler?

If you are accessing it with ngrok.io acting as SSL termination and reverse proxy, then yes, the gerrit.config needs to change to:

[httpd]
listenUrl = proxy-https://*:8080/

[auth]
cookieSecure = true

[gerrit]
canonicalWebUrl = https://d1e8-38-99-81-66.ngrok.io/


HTH

[Leslie Wang]

>
>
>> On 15 Jun 2022, at 22:57, Leslie Wang <qi...@pensando.io> wrote:
>>
>> Thanks for figuring out the issue.
>>
>> I’m still unclear where I need change. I changed to `canonicalWebUrl = https://d1e8-38-99-81-66.ngrok.io`, but UI can not load. Do I need configure a reverse proxy?
>
> I believe you’re making it too complicated by using grok.io: why don’t you just use localhost and port 8080 instead?

<Leslie> Localhost was good. I’ve been able to create projects, and create change set. That is why I moved to this advanced mode now because we have some projects in GitHub already. :-)

>
>>
>> Sorry for the simple question because I’m still new to Gerrit.
>
> No problem, as your first time Gerrit setup you’ve chosen a quite complex one :-)
> Why don’t you try with something simpler?
>
> If you are accessing it with ngrok.io acting as SSL termination and reverse proxy, then yes, the gerrit.config needs to change to:
>
> [httpd]
> listenUrl = proxy-https://*:8080/
>
> [auth]
> cookieSecure = true
>
> [gerrit]
> canonicalWebUrl = https://d1e8-38-99-81-66.ngrok.io/
>

<Leslie> Now it works after this change and restart the gerrit, after clicking sign on, it redirects me to GitHub. New problem is after clicking GitHub grant access, it return 500 failure. Below is error log in gerrit

[2022-06-15T22:09:40.220Z] [main] INFO com.google.gerrit.pgm.Daemon : Gerrit Code Review 3.5.2 ready
[2022-06-15T22:10:32.600Z] [HTTP-74] WARN org.eclipse.jetty.server.HttpChannel : handleException /oauth java.io.IOException: Invalid authentication state: expected 'null' but was 'CdAOy9FB3thdkRl00VKBfsLrPqY=,/login/%2Fq%2Fstatus%3Aopen%2B-is%3Awip'
[2022-06-15T22:10:32.609Z] [HTTP-74] ERROR com.google.gerrit.pgm.http.jetty.HiddenErrorHandler : Error in GET /oauth?code=cbef8647ea5d3c1c737c&state=CdAOy9FB3thdkRl00VKBfsLrPqY%3D%2C%2Flogin%2F%252Fq%252Fstatus%253Aopen%252B-is%253Awip
java.io.IOException: Invalid authentication state: expected 'null' but was 'CdAOy9FB3thdkRl00VKBfsLrPqY=,/login/%2Fq%2Fstatus%3Aopen%2B-is%3Awip'
at com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.loginPhase2(OAuthProtocol.java:336)
at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:102)
at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.login(OAuthWebFilter.java:123)
at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:84)
at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:72)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
at java.base/java.lang.Thread.run(Thread.java:829)

Unforutenaly it can record the video now because it goes to 500 directly even if I clean the cache and cookie.

[Luca Milanesio]

On 15 Jun 2022, at 23:17, Leslie Wang <qi...@pensando.io> wrote:

On 15 Jun 2022, at 22:57, Leslie Wang <qi...@pensando.io> wrote:

Thanks for figuring out the issue. 

I’m still unclear where I need change. I changed to `canonicalWebUrl = https://d1e8-38-99-81-66.ngrok.io`, but UI can not load. Do I need configure a reverse proxy?

I believe you’re making it too complicated by using grok.io: why don’t you just use localhost and port 8080 instead?

<Leslie> Localhost was good. I’ve been able to create projects, and create change set. That is why I moved to this advanced mode now because we have some projects in GitHub already. :-)

Sorry for the simple question because I’m still new to Gerrit.

No problem, as your first time Gerrit setup you’ve chosen a quite complex one :-)
Why don’t you try with something simpler?

If you are accessing it with ngrok.io acting as SSL termination and reverse proxy, then yes, the gerrit.config needs to change to:

[httpd]
listenUrl = proxy-https://*:8080/

[auth]
cookieSecure = true

[gerrit]
canonicalWebUrl = https://d1e8-38-99-81-66.ngrok.io/

<Leslie> Now it works after this change and restart the gerrit, after clicking sign on, it redirects me to GitHub. New problem is after clicking GitHub grant access, it return 500 failure. Below is error log in gerrit

[2022-06-15T22:09:40.220Z] [main] INFO com.google.gerrit.pgm.Daemon : Gerrit Code Review 3.5.2 ready
[2022-06-15T22:10:32.600Z] [HTTP-74] WARN org.eclipse.jetty.server.HttpChannel : handleException /oauth java.io.IOException: Invalid authentication state: expected 'null' but was 'CdAOy9FB3thdkRl00VKBfsLrPqY=,/login/%2Fq%2Fstatus%3Aopen%2B-is%3Awip'

This is a security protection for making sure that the node creating the authentication code is the same that is redirected back from GitHub.

If you have ’null’ it means that when you started the process there wasn’t any active Servlet-level session with the backend.

Can you intercept the calls between the browser and the backend and see if the JSessionId was assigned at the very beginning?

Luca.

[Leslie Wang]

3 requests from chrome:

This is pcap file in case you want to check. 

Best Regards

Leslie Wang

[Luca Milanesio]

On 16 Jun 2022, at 00:35, Leslie Wang <qi...@pensando.io> wrote:

3 requests from chrome:

<PastedGraphic-7.png>

<PastedGraphic-8.png>

<PastedGraphic-9.png>

Could you copy&paste the text instead of including the images? It would make it easier for me to refer to it in my reply.

Anyway, in a nutshell the problem is still the same: you are NOT using a consistent URL when interacting with Gerrit.

1. The login is made using the URL containing the IP address

2. The redirect happens with the *.ngrok.com domain

The result is that the cookie assigned at 1. is not used in 2.

Just use the same URL (the one configured as canonical web URL) everywhere and you’ll see that working :-)

HTH

Luca.

[Luca Milanesio]

On 16 Jun 2022, at 10:05, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 16 Jun 2022, at 00:35, Leslie Wang <qi...@pensando.io> wrote:

3 requests from chrome:

<PastedGraphic-7.png>

<PastedGraphic-8.png>

<PastedGraphic-9.png>

Could you copy&paste the text instead of including the images? It would make it easier for me to refer to it in my reply.

Anyway, in a nutshell the problem is still the same: you are NOT using a consistent URL when interacting with Gerrit.

1. The login is made using the URL containing the IP address

2. The redirect happens with the *.ngrok.com domain

The result is that the cookie assigned at 1. is not used in 2.

Let me clarify what I wrote in the above message, because I may not have been clear and detailed enough.

When you navigate from your browser on http://10.7.100.46:8080/login/… your client receives a cookie called ‘JSESSIONID’.

Your browser will never ever send that cookie to any other domain different than http://10.7.100.46, because that cookies represents yourself and your local session with the backend.

Then you do the OAuth handshake with GitHub, which eventually redirects you to https://d1e8-38-99-81-66.ngrok.io/…

Your browser does not know that the *.ngrok.io domain is a reverse proxy for http://10.7.100.46:8080 and therefore does not send the ‘JSESSIONID’ cookie over to the backend.

Gerrit then receives an OAuth token with an authentication code that comes from nowhere, because the ‘JSESSIONID’ was not passed back to the backend and therefore it could not verify the association with the initial authentication code.

Bottom line: even if the OAuth handshake with GitHub succeeded, then the redirected location refused to consider it as valid because did not match with the initial authentication code generated at the ‘/login’ stage.

Hope of all of the above makes sense to you and is clear enough now.

— * —

How to fix the problem? Simple, just login from https://d1e8-38-99-81-66.ngrok.io/login and it will work as a charm :-)

HTH

Luca.

[Luca Milanesio]

On 16 Jun 2022, at 13:43, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 16 Jun 2022, at 10:05, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 16 Jun 2022, at 00:35, Leslie Wang <qi...@pensando.io> wrote:

3 requests from chrome:

<PastedGraphic-7.png>

<PastedGraphic-8.png>

<PastedGraphic-9.png>

Could you copy&paste the text instead of including the images? It would make it easier for me to refer to it in my reply.

Anyway, in a nutshell the problem is still the same: you are NOT using a consistent URL when interacting with Gerrit.

1. The login is made using the URL containing the IP address

2. The redirect happens with the *.ngrok.com domain

The result is that the cookie assigned at 1. is not used in 2.

Let me clarify what I wrote in the above message, because I may not have been clear and detailed enough.

When you navigate from your browser on http://10.7.100.46:8080/login/… your client receives a cookie called ‘JSESSIONID’.

Your browser will never ever send that cookie to any other domain different than http://10.7.100.46, because that cookies represents yourself and your local session with the backend.

Then you do the OAuth handshake with GitHub, which eventually redirects you to https://d1e8-38-99-81-66.ngrok.io/…

Your browser does not know that the *.ngrok.io domain is a reverse proxy for http://10.7.100.46:8080 and therefore does not send the ‘JSESSIONID’ cookie over to the backend.

Gerrit then receives an OAuth token with an authentication code that comes from nowhere, because the ‘JSESSIONID’ was not passed back to the backend and therefore it could not verify the association with the initial authentication code.

Bottom line: even if the OAuth handshake with GitHub succeeded, then the redirected location refused to consider it as valid because did not match with the initial authentication code generated at the ‘/login’ stage.

Last bit is: “Why on earth Gerrit requires this additional authentication code?”

The response is security: Gerrit GitHub/OAuth plugin needs to make sure that the authentication is coming from a *genuine* request from its site and has not been forged or redirected from somewhere else.

Imagine that the http://10.7.100.46:8080/login/… was a potentially 3rd party malicious site that redirect to Gerrit with a valid OAuth handshake result: Gerrit needs to *deny* that authentication request because it may have given your identity to someone else.

HTH

Luca.

[Leslie Wang]

Hi Luca,

Thanks for the detail explanation, that makes a lot of sense. Now I can login with ngrok domain!

But bad news is always failed to import GitHub repo. It has below failure

[2022-06-16T17:28:54.442Z] [pool-29-thread-1] INFO  com.googlesource.gerrit.plugins.github.git.GitImporter : https://core...@github.com/coreview/codereview.git| Clone into /home/qiwa/gerrit_testsite/git/coreview/codereview.git

[2022-06-16T17:28:55.365Z] [pool-29-thread-1] ERROR com.googlesource.gerrit.plugins.github.git.AbstractCloneJob : Job CloneJob#1 coreview/codereview FAILED

java.lang.NullPointerException

        at com.google.gerrit.entities.GroupReference.forGroup(GroupReference.java:30)

        at com.googlesource.gerrit.plugins.github.git.CreateProjectStep.getMyGroup(CreateProjectStep.java:161)

        at com.googlesource.gerrit.plugins.github.git.CreateProjectStep.lambda$addPermissions$0(CreateProjectStep.java:144)

        at com.google.gerrit.server.project.ProjectConfig.upsertAccessSection(ProjectConfig.java:430)

        at com.googlesource.gerrit.plugins.github.git.CreateProjectStep.addPermissions(CreateProjectStep.java:133)

        at com.googlesource.gerrit.plugins.github.git.CreateProjectStep.setProjectPermissions(CreateProjectStep.java:99)

        at com.googlesource.gerrit.plugins.github.git.CreateProjectStep.doImport(CreateProjectStep.java:177)

        at com.googlesource.gerrit.plugins.github.git.GitImportJob.run(GitImportJob.java:46)

        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

        at com.google.gerrit.server.util.RequestScopePropagator.lambda$cleanup$1(RequestScopePropagator.java:186)

        at com.google.gerrit.server.util.RequestScopePropagator.lambda$context$0(RequestScopePropagator.java:174)

        at com.google.inject.servlet.ServletScopes.lambda$wrap$0(ServletScopes.java:431)

        at com.google.gerrit.server.util.RequestScopePropagator$1.call(RequestScopePropagator.java:85)

        at com.google.gerrit.server.util.RequestScopePropagator$3.run(RequestScopePropagator.java:148)

        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)

        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)

        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

        at java.base/java.lang.Thread.run(Thread.java:829)

I’ve added the new user to both administrator group and service user account.

I’ve also granted the GitHub app full privilege on repository part.

Can you please kindly suggest where it could be wrong?

Best Regards

Leslie Wang

[Luca Milanesio]

On 16 Jun 2022, at 18:33, Leslie Wang <qi...@pensando.io> wrote:

Hi Luca,

Did you install the singleusergroup plugin?

Luca.

I’ve added the new user to both administrator group and service user account.

<PastedGraphic-11.png>

I’ve also granted the GitHub app full privilege on repository part.

<PastedGraphic-10.png>

<PastedGraphic-12.png>

<PastedGraphic-13.png>

<PastedGraphic-14.png>

[Leslie Wang]

I was following default init procedures which didn’t install any plugins. Now after re-init, seems these plugins are installed, and I can import repositories successfully. 

It failed to import GitHub pull requests, and has below error logs. I assume it is expected behavior because old PRs doesn’t have Change-Id in commit message. Right?

[2022-06-16T18:05:05.982Z] [pool-31-thread-2] ERROR com.googlesource.gerrit.plugins.github.git.PullRequestImportJob : Pull request 2 into repository coreview/codereview was failed

com.google.gerrit.extensions.restapi.ResourceConflictException: missing Change-Id in message footer:

  missing Change-Id in message footer

Hint: to automatically insert a Change-Id, install the hook:

f="$(git rev-parse --git-dir)/hooks/commit-msg"; curl -o "$f" https://d1e8-38-99-81-66.ngrok.io/tools/hooks/commit-msg ; chmod +x "$f"

and then amend the commit:

  git commit --amend --no-edit

Finally, push your changes again

        at com.google.gerrit.server.change.ChangeInserter.validate(ChangeInserter.java:593)

        at com.google.gerrit.server.change.ChangeInserter.updateRepo(ChangeInserter.java:391)

        at com.google.gerrit.server.update.BatchUpdate.executeUpdateRepo(BatchUpdate.java:563)

        at com.google.gerrit.server.update.BatchUpdate.execute(BatchUpdate.java:143)

        at com.google.gerrit.server.update.BatchUpdate.execute(BatchUpdate.java:434)

        at com.googlesource.gerrit.plugins.github.git.PullRequestCreateChange.createNewChange(PullRequestCreateChange.java:265)

        at com.googlesource.gerrit.plugins.github.git.PullRequestCreateChange.internalAddCommitToChange(PullRequestCreateChange.java:195)

        at com.googlesource.gerrit.plugins.github.git.PullRequestCreateChange.addCommitToChange(PullRequestCreateChange.java:105)

        at com.googlesource.gerrit.plugins.github.git.PullRequestImportJob.addPullRequestToChange(PullRequestImportJob.java:187)

        at com.googlesource.gerrit.plugins.github.git.PullRequestImportJob.run(PullRequestImportJob.java:141)

        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

        at com.google.gerrit.server.util.RequestScopePropagator.lambda$cleanup$1(RequestScopePropagator.java:186)

        at com.google.gerrit.server.util.RequestScopePropagator.lambda$context$0(RequestScopePropagator.java:174)

        at com.google.inject.servlet.ServletScopes.lambda$wrap$0(ServletScopes.java:431)

        at com.google.gerrit.server.util.RequestScopePropagator$1.call(RequestScopePropagator.java:85)

        at com.google.gerrit.server.util.RequestScopePropagator$3.run(RequestScopePropagator.java:148)

        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)

        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)

        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

        at java.base/java.lang.Thread.run(Thread.java:829)

Best Regards

Leslie Wang

[Luca Milanesio]

On 16 Jun 2022, at 19:11, Leslie Wang <qi...@pensando.io> wrote:

I was following default init procedures which didn’t install any plugins. Now after re-init, seems these plugins are installed, and I can import repositories successfully. 

It failed to import GitHub pull requests, and has below error logs. I assume it is expected behavior because old PRs doesn’t have Change-Id in commit message. Right?

Yeah, but Gerrit can tolerate that and generate a Change-Id automatically. Just configure All-Projects accordingly.

Looks at [1] for more details.

Looks like OAuth is now working :-) 

For any other Gerrit-related questions please open a new topic and don’t answer to this thread.

Luca.

[1] https://gerrit-review.googlesource.com/Documentation/config-project-config.html

[Leslie Wang]

Sure, definitely! Huge thanks for your all promptly reply.

Best Regards

Leslie Wang