signature / X-Hub-Signature check does not work #300
Comments
|
Random fix for my issue: I changed the GitHub Server API URL (on the Jenkins systems setting page) from I am still getting Very confusing and frustrating to set up but seems to work for me now. |
|
I believe I am having a very similar issue (if it's not identical), although I don't get a Signatures check OK message. Here is a snippet from the log: Jenkins is fully up and running |
|
I've removed some extra credentials that weren't needed and now I think I'm getting the same thing reported, but the PR builds aren't being triggered. Log below: Jul 07, 2015 1:43:17 PM SEVERE org.jenkinsci.plugins.ghprb.GhprbWebHook checkSignature |
|
You probably want to update the secret saved in jenkins to the one provided by GitHub? |
I have the same behavior with 1.24.5, and it's stopped our builds from firing apparently.
I've done that several times, but they continue to disagree on the signature check. I don't see the "Sgnatures Check OK" message. Seems like a bug. What was the last version of GHPRB before this signature check code was added? I need to try that. |
|
^^ Awesome, I'll be glad to test that out when it lands in a newer plugin and let you know if it fixes our setup. |
|
I upgraded to 1.24.7 and it looks like I'm seeing different behavior in the logs but no job is being triggered still. Log below: Got payload event: pull_request |
|
issue jenkinsci#134 brings up that a change to how the plugin handles the updatedDate caused comment processing to be broken. Try with 1.24.8 |
|
How do I get 1.24.8? My plugins only shows 1.24.7 as current and downgrade to 1.24.5. I'm more than willing to download/build/manually install :) |
|
On the last tab of the update center you can have jenkins check the update site again |
|
OK, I've updated to 1.24.8 and restarted. After Jenkins came back up I did another PR on one of the job related projects and the log below is from "All": Jenkins is fully up and running This is from the ghprb set to finest: Jul 09, 2015 12:49:20 PM INFO org.jenkinsci.plugins.ghprb.GhprbWebHook checkSignature |
|
I've noticed that I don't think I have the same credential Id in all of the "different" places that I can have one selected from the drop down boxes. It looks like the one available in the job isn't even able to see the one in the global Jenkins config and vice-versa. |
|
Can @waltherg or @mboersma verify if this is working now? @Suirtimed I am not sure what you mean, but it appears to be working correctly for you now. If you mean that the credentials lists are different that is because they are. The drop down on the global page shows the actual credentials, and the drop down in the job lists the auth settings you created on the global configure page. |
|
@DavidTanner It's not building anything. The job isn't being triggered. In the On the system configuration page: Github Pull Request Builder, On one of the jobs that I intend to be triggered by PR: Source Code Management for Git uses an OAuth credential (Only five credentials are visible there) (I'm using a key based one) Github Pull Request Builder only has one option for the OAuth token under api.github.com |
|
If I test credentials I get: Connected to https://api.github.com as null Should it be null or should it have a value like the github.com username? |
|
So the null is when it tries getName(), I can change that to use the login instead, but it just looks like you don't have any PR's coming through that are set to be triggered. Can you send me the job configuration? |
|
I scrubbed some stuff with ###A foo I removed### https://gist.github.com/Suirtimed/b16386df0eb6d0ce5dba My intent for this particular job is to trigger any PRs against the development branch |
|
If you want any PR against develop to run, I think you have to check the build all checkbox. I will dig through the logic some more tonight to make sure. |
|
I checked the box next to "Build every pull request automatically without asking (Dangerous!)." and tried the build again by using the issue comment mechanism and it did not work. I restarted jenkins and added another commit to an open PR with no build being triggered. I tried adding the trailing slash to the api.github.com url and tried again... Jul 10, 2015 10:14:02 AM INFO org.jenkinsci.plugins.ghprb.GhprbWebHook checkSignature |
|
@Suirtimed Since I think this is a case problem. When the webhook compares the repo names, one has caps the other doesn't. |
|
|
Awesome! I hope that works. I'll get the update as soon as I can and let you know. |
|
I got the update and a comment did trigger a PR. I'll continue testing :) Thanks @DavidTanner ! |
I set up the GitHub webhook for Jenkins GH pull request builder appropriately and they are received by my Jenkins instance correctly.
I am running into the following issues:
I am very confused by this behaviour since the the code that was introduced by the PR that introduced signature checks (https://github.com/janinko/ghprb/pull/239/files#diff-9c37d8872c2c0f06b92d2561f0d6bc1eR311) should not worry about signature checks if I do not specify a shared secret in Jenkins.
I further do not comprehend how the hash the GitHub and Jenkins produce could differ in the event that I do set both a Jenkins shared secret and a GH secret.
I also noticed that when resending the same packet multiple times through the GH webhooks interface then in my Jenkins logs the mismatched internal signature changes on every resend but the external (GitHub-generated) signature remains the same.
The text was updated successfully, but these errors were encountered: