github-checks-plugin enables status checks in Bitbucket Server repository

[KalleOlaviNiemitalo]

Version report

Jenkins and plugins versions report:

Jenkins: 2.303.1
OS: Windows Server 2012 R2 - 6.3
---
Office-365-Connector:4.15.0
ace-editor:1.1
analysis-model-api:10.3.0
antisamy-markup-formatter:2.1
apache-httpcomponents-client-4-api:4.5.13-1.0
atlassian-bitbucket-server-integration:3.0.0
authentication-tokens:1.4
authorize-project:1.4.0
basic-branch-build-strategies:1.3.2
bitbucket-server-checks:1.0-SNAPSHOT (private-49d94041-kalle)
bootstrap4-api:4.6.0-3
bootstrap5-api:5.1.1-1
bouncycastle-api:2.24
branch-api:2.6.5
build-monitor-plugin:1.12+build.201809061734
buildtriggerbadge:2.10
caffeine-api:2.9.2-29.v717aac953ff3
checks-api:1.7.2
cloudbees-bitbucket-branch-source:2.9.11
cloudbees-disk-usage-simple:0.10
cloudbees-folder:6.16
command-launcher:1.2
compress-artifacts:1.10
configuration-as-code:1.53
copyartifact:1.46.2
credentials:2.6.1
credentials-binding:1.27
crowd2:2.0.2
custom-tools-plugin:0.8
data-tables-api:1.11.2-1
display-url-api:2.3.5
dtkit-api:3.0.0
durable-task:1.39
echarts-api:5.1.2-11
extended-choice-parameter:0.82
extended-read-permission:3.2
fast-track:1.0.0
folder-auth:1.3
font-awesome-api:5.15.4-1
forensics-api:1.3.1
git:4.8.2
git-client:3.9.0
git-forensics:1.2.1
git-server:1.10
github:1.34.1
github-api:1.123
github-branch-source:2.11.2
github-checks:1.0.13
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-1.0
hudson-wsclean-plugin:1.0.8
jackson2-api:2.12.4
jdk-tool:1.0
jira:3.6
jjwt-api:0.11.2-9.c8b45b8bb173
job-restrictions:0.8
jquery:1.12.4-1
jquery3-api:3.6.0-2
jsch:0.1.55.2
junit:1.53
lockable-resources:2.11
mailer:1.34
matrix-auth:2.6.8
matrix-project:1.19
metrics:4.0.2.8
momentjs:1.1.1
mstest:1.0.0
next-build-number:1.6
nunit:0.27
okhttp-api:3.14.9
pipeline-build-step:2.15
pipeline-graph-analysis:1.11
pipeline-graph-view:46.vedbf23da719f
pipeline-input-step:2.12
pipeline-milestone-step:1.3.2
pipeline-model-api:1.9.2
pipeline-model-definition:1.9.2
pipeline-model-extensions:1.9.2
pipeline-rest-api:2.19
pipeline-stage-step:2.5
pipeline-stage-tags-metadata:1.9.2
pipeline-stage-view:2.19
pipeline-utility-steps:2.10.0
plain-credentials:1.7
plugin-util-api:2.4.0
popper-api:1.16.1-2
popper2-api:2.10.1-1
resource-disposer:0.16
role-strategy:3.2.0
scm-api:2.6.5
script-security:1.78
sidebar-link:1.12.0
sidebar-update-notification:1.1.0
skip-notifications-trait:1.0.5
snakeyaml-api:1.29.1
ssh-credentials:1.19
sshd:3.1.0
structs:1.23
timestamper:1.13
token-macro:266.v44a80cf277fd
trilead-api:1.0.13
variant:1.4
violation-comments-to-stash:1.127
vstestrunner:1.0.8
warnings-ng:9.5.0
windows-slaves:1.0
workflow-aggregator:2.6
workflow-api:2.46
workflow-basic-steps:2.24
workflow-cps:2.94
workflow-cps-global-lib:2.21
workflow-durable-task-step:2.39
workflow-job:2.41
workflow-multibranch:2.26
workflow-scm-step:2.13
workflow-step-api:2.24
workflow-support:3.8
ws-cleanup:0.39
xunit:3.0.3

(bitbucket-server-checks is currently a private plugin for jenkinsci/checks-api-plugin#65.)

• What Operating System are you using (both controller, and any agents involved in the problem)?

Windows Server 2012 R2

Reproduction steps

This is a multibranch pipeline project using Bitbucket Branch Source. The pipeline runs the recordIssues step with two tools docFx and msBuild, and I expect each tool to publish checks via Checks API to Bitbucket Server Checks. However, after I installed the GitHub Checks plugin, the pipeline started publishing checks named "Jenkins" as well. Those seem to be status checks enabled by GitHub Checks. The Bitbucket Server Checks plugin does not implement the StatusChecksProperties or AbstractStatusChecksProperties extension point.

Results

Expected result, i.e. what happens without GitHub Checks:

1. After the recordIssues step has scanned the DocFX log file:

   [2021-09-22T17:20:53.335Z] [DocFX] Attaching ResultAction with ID 'docfx' to build 'REDACTED/PR-64 #9'.
   [2021-09-22T17:20:53.452Z] [Bitbucket Server Checks] Getting REST API parameters from the Bitbucket Branch Source plugin.
   [2021-09-22T17:20:53.499Z] [Bitbucket Server Checks] Converted 0 annotations.
   [2021-09-22T17:20:53.504Z] [Bitbucket Server Checks] Publishing the report to: https://REDACTED/rest/insights/1.0/projects/REDACTED/repos/REDACTED/commits/2f957154bd1390a150487e39987faf65f30cf9c6/reports/DocFX
   [2021-09-22T17:20:53.771Z] [Bitbucket Server Checks] Finished publishing.
   

2. After the recordIssues step has scanned the MSBuild log file:

   [2021-09-22T17:20:53.808Z] [MSBuild] Attaching ResultAction with ID 'msbuild' to build 'REDACTED/PR-64 #9'.
   [2021-09-22T17:20:53.942Z] [Bitbucket Server Checks] Getting REST API parameters from the Bitbucket Branch Source plugin.
   [2021-09-22T17:20:53.948Z] [Bitbucket Server Checks] Converted 0 annotations.
   [2021-09-22T17:20:53.948Z] [Bitbucket Server Checks] Publishing the report to: https://REDACTED/rest/insights/1.0/projects/REDACTED/repos/REDACTED/commits/2f957154bd1390a150487e39987faf65f30cf9c6/reports/MSBuild
   [2021-09-22T17:20:54.111Z] [Bitbucket Server Checks] Finished publishing.   
   

Actual result, i.e. what happens with GitHub Checks:

1. Unexpected status checks after the initial checkout:

   [2021-09-22T17:10:44.632Z]  > git.exe rev-list --no-walk 2f957154bd1390a150487e39987faf65f30cf9c6 # timeout=10
   [2021-09-22T17:10:44.817Z] [Bitbucket] Notifying pull request build result
   [2021-09-22T17:10:44.843Z] [Bitbucket Server Checks] Getting REST API parameters from the Bitbucket Branch Source plugin.
   [2021-09-22T17:10:44.844Z] [Bitbucket Server Checks] The checks have no output.  Preserve the annotations of any existing Code Insights report.
   [2021-09-22T17:10:44.844Z] [Bitbucket Server Checks] Publishing the report to: https://REDACTED/rest/insights/1.0/projects/REDACTED/repos/REDACTED/commits/2f957154bd1390a150487e39987faf65f30cf9c6/reports/Jenkins
   [2021-09-22T17:10:44.951Z] [Bitbucket Server Checks] Finished publishing.
   

2. After the recordIssues step has scanned the DocFX log file:

   [2021-09-22T17:10:56.800Z] [DocFX] Attaching ResultAction with ID 'docfx' to build 'REDACTED/PR-64 #8'.
   [2021-09-22T17:10:56.893Z] [Bitbucket Server Checks] Getting REST API parameters from the Bitbucket Branch Source plugin.
   [2021-09-22T17:10:56.895Z] [Bitbucket Server Checks] Converted 0 annotations.
   [2021-09-22T17:10:56.895Z] [Bitbucket Server Checks] Publishing the report to: https://REDACTED/rest/insights/1.0/projects/REDACTED/repos/REDACTED/commits/2f957154bd1390a150487e39987faf65f30cf9c6/reports/DocFX
   [2021-09-22T17:10:57.078Z] [Bitbucket Server Checks] Finished publishing.
   

3. After the recordIssues step has scanned the MSBuild log file:

   [2021-09-22T17:10:57.094Z] [MSBuild] Attaching ResultAction with ID 'msbuild' to build 'REDACTED/PR-64 #8'.
   [2021-09-22T17:10:57.191Z] [Bitbucket Server Checks] Getting REST API parameters from the Bitbucket Branch Source plugin.
   [2021-09-22T17:10:57.193Z] [Bitbucket Server Checks] Converted 0 annotations.
   [2021-09-22T17:10:57.193Z] [Bitbucket Server Checks] Publishing the report to: https://REDACTED/rest/insights/1.0/projects/REDACTED/repos/REDACTED/commits/2f957154bd1390a150487e39987faf65f30cf9c6/reports/MSBuild
   [2021-09-22T17:10:57.356Z] [Bitbucket Server Checks] Finished publishing.
   

4. Unexpected status checks after the pipeline finishes:

   [2021-09-22T17:11:02.164Z] [Pipeline] }
   [2021-09-22T17:11:02.293Z] [Pipeline] // node
   [2021-09-22T17:11:02.412Z] [Pipeline] End of Pipeline
   [2021-09-22T17:11:02.473Z] [Bitbucket] Notifying pull request build result
   [2021-09-22T17:11:02.495Z] [Bitbucket] Build result notified
   [2021-09-22T17:11:02.496Z] [Bitbucket Server Checks] Getting REST API parameters from the Bitbucket Branch Source plugin.
   [2021-09-22T17:11:02.498Z] [Bitbucket Server Checks] Converted 0 annotations.
   [2021-09-22T17:11:02.498Z] [Bitbucket Server Checks] Publishing the report to: https://REDACTED/rest/insights/1.0/projects/REDACTED/repos/REDACTED/commits/2f957154bd1390a150487e39987faf65f30cf9c6/reports/Jenkins
   [2021-09-22T17:11:02.659Z] [Bitbucket Server Checks] Finished publishing.
   [2021-09-22T17:11:02.687Z] Finished: SUCCESS
   

The pipeline does not reference any GitHub repository, the settings of the pipeline do not include anything related to status checks, and the Bitbucket Server Checks plugin does not implement anything specific to status checks. Status checks should therefore not be published, but the GitHub Checks plugin seems to be enabling them anyway.

Analysis

I think what happens is that:

1. GitHubStatusChecksProperties.isApplicable returns true because scmFacade.findGitSCM(job) finds something created by Bitbucket Branch Source.

   github-checks-plugin/src/main/java/io/jenkins/plugins/checks/github/status/GitHubStatusChecksProperties.java

   Lines 40 to 43 in 9e25889

   	@Override
   	public boolean isApplicable(final Job<?, ?> job) {
   	return scmFacade.findGitHubSCMSource(job).isPresent() || scmFacade.findGitSCM(job).isPresent();
   	}

2. BuildStatusChecksPublisher.findProperties returns the GitHubStatusChecksProperties instance. https://github.com/jenkinsci/checks-api-plugin/blob/83a4321ed0d4ae69cfa8e2bb34dbfe7b428556dd/src/main/java/io/jenkins/plugins/checks/status/BuildStatusChecksPublisher.java#L74-L80
3. BuildStatusChecksPublisher.ChecksGraphListener.onNewHead calls GitHubStatusChecksProperties.isSkipProgressUpdates. https://github.com/jenkinsci/checks-api-plugin/blob/83a4321ed0d4ae69cfa8e2bb34dbfe7b428556dd/src/main/java/io/jenkins/plugins/checks/status/BuildStatusChecksPublisher.java#L256
4. GitHubStatusChecksProperties.isSkipProgressUpdates calls getConfigurations, which searches for GitHubStatusChecksConfigurations but does not find any because this is not a GitHub project and does not contain any such settings. GitHubStatusChecksProperties.isSkipProgressUpdates then uses DEFAULT_CONFIGURATION instead.

   github-checks-plugin/src/main/java/io/jenkins/plugins/checks/github/status/GitHubStatusChecksProperties.java

   Lines 65 to 68 in 9e25889

   	@Override
   	public boolean isSkipProgressUpdates(Job<?, ?> job) {
   	return getConfigurations(job).orElse(DEFAULT_CONFIGURATION).isSkipProgressUpdates();
   	}

5. DefaultGitHubStatusChecksConfigurations.isSkipProgressUpdates returns false.

   github-checks-plugin/src/main/java/io/jenkins/plugins/checks/github/status/GitHubStatusChecksConfigurations.java

   Lines 65 to 68 in 9e25889

   	@Override
   	public boolean isSkipProgressUpdates() {
   	return false;
   	}

6. BuildStatusChecksPublisher.ChecksGraphListener.onNewHead goes ahead and publishes status checks.

Indeed, if I run in the Script Console:

import io.jenkins.plugins.checks.github.status.GitHubStatusChecksProperties

Job job = Jenkins.get().getItemByFullName("REDACTED/PR-64")

println(new GitHubStatusChecksProperties().isApplicable(job))
println(new GitHubStatusChecksProperties().getConfigurations(job))
println(new GitHubStatusChecksProperties().getName(job))
println(new GitHubStatusChecksProperties().isSkipped(job))
println(new GitHubStatusChecksProperties().isSkipProgressUpdates(job))
println(new GitHubStatusChecksProperties().scmFacade.findGitHubSCMSource(job))
println(new GitHubStatusChecksProperties().scmFacade.findGitSCM(job))

then the output is:

true
Optional.empty
Jenkins
false
false
Optional.empty
Optional[hudson.plugins.git.GitSCM@6967e97]

i.e. GitHubStatusChecksProperties believes it is applicable to this job because of the GitSCM, but nothing has been configured, so it will use the default "Jenkins" name and allow status checks.

How to fix

I can think of two ways to fix this:

1. Make GitHubStatusChecksProperties.isApplicable return false if the project does not use GitHub, according to the same logic as in GitHubChecksPublisherFactory.createPublisher.

2. Change the API so that each AbstractStatusChecksProperties implementation can only enable status checks to be published via the ChecksPublisherFactory in the same plugin. I haven't planned this in detail.