Failure invoking plugin: GET changes returns null

[tuukkamustonen]

I have server URL (+credentials), project and repo keys configured. When I run build, it fails to:

---
--- Jenkins Violation Comments to Bitbucket Server ---

---
bitbucketServerUrl: https://mystash.gtn
projectKey: COSMOS
repoSlug: cosmos
pullRequestId: 184
usernamePasswordCredentialsId: true
username: false
password: false
createSingleFileComments: false
createCommentWithAllSingleFileComments: false
ANDROIDLINT with pattern 
CHECKSTYLE with pattern 
CPPCHECK with pattern 
CPPLINT with pattern 
CSSLINT with pattern 
FINDBUGS with pattern 
FLAKE8 with pattern flake8.out
FXCOP with pattern 
JSHINT with pattern 
LINT with pattern 
PERLCRITIC with pattern 
PITEST with pattern 
PMD with pattern 
RESHARPER with pattern 
STYLECOP with pattern 
XMLLINT with pattern 
Using username and password from credentials
Will comment 184
Workspace: /home/jenkins/workspace/COSMOS-pullrequests
Found 0 violations from ViolationConfig [reporter=FLAKE8, pattern=flake8.out].
Will comment PR COSMOS/cosmos/184 on https://mystash.gtn
Error calling:
https://mystash.gtn/rest/api/1.0/projects/COSMOS/repos/cosmos/pull-requests/184/changes?limit=999999
GET
null

If I run that query from command line:

curl -u user:pass https://mystash.gtn/rest/api/1.0/projects/COSMOS/repos/cosmos/pull-requests/184/changes?limit=999999

{"fromHash":"9a4694b7fdf89163cd5caa880193f41273071c0d","toHash":"a78ee3de5f3c83bf79bb4c4057ca74174eff7e39","values":[{"contentId":"a77b0ec15f396e6ac61ee24a178324c79cc5bae9","fromContentId":"1136127a32ee434a1f5cae9a0a8a9f8ee96b9ce4","path":{"components":["tasks.py"],"parent":"","name":"tasks.py","extension":"py","toString":"tasks.py"},"executable":false,"percentUnchanged":-1,"type":"MODIFY","nodeType":"FILE","srcExecutable":false,"links":{"self":[null]}}],"size":1,"isLastPage":true,"start":0,"limit":999999,"nextPageStart":null}

Any pointers what might be wrong here? Bitbucket Server version is 4.9.1 and in the PR I'm building I have changes in tasks.py.

At least the error message should be improved (if I'm just missing configs).

[tomasbjerre]

Do you see anything in the server log (Tomcat server?)?
Did you invoke the curl command from the machine running Jenkins?

[tuukkamustonen]

Nice pointers.

• Nothing related in Manage Jenkins > System Log.
• Nothing in tomcat files.
• However, running curl on slave (I was running it on master earlier...):

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

So yeah, I assume that's the problem. I'm adding the required SSL certs now... will ping once done and tested.

[tuukkamustonen]

Unfortunately, that didn't change anything... got more ideas?

More verbose logging / error tracing would be neat here.

[tomasbjerre]

This line should give a stacktrace in the serlver log: https://github.com/jenkinsci/violation-comments-to-stash-plugin/blob/master/src/main/java/org/jenkinsci/plugins/jvctb/perform/JvctbPerformer.java#L93

[tuukkamustonen]

@tomasbjerre Ha, indeed. I've never really debugged Jenkins so I missed slave logs 😩. I'm seeing:

Oct 24, 2016 1:42:44 PM se.bjurr.violations.comments.lib.CommentsCreator <init>
INFO: 0 violations.
Oct 24, 2016 1:42:45 PM org.jenkinsci.plugins.jvctb.perform.JvctbPerformer doPerform
SEVERE: 
java.lang.RuntimeException: Error calling:
https://mystash.gtn/rest/api/1.0/projects/COSMOS/repos/cosmos/pull-requests/184/changes?limit=999999
GET
null
    at se.bjurr.violations.comments.bitbucketserver.lib.client.BitbucketServerInvoker.invokeUrl(BitbucketServerInvoker.java:56)
    at se.bjurr.violations.comments.bitbucketserver.lib.client.BitbucketServerClient.invokeAndParse(BitbucketServerClient.java:78)
    at se.bjurr.violations.comments.bitbucketserver.lib.client.BitbucketServerClient.pullRequestChanges(BitbucketServerClient.java:41)
    at se.bjurr.violations.comments.bitbucketserver.lib.BitbucketServerCommentsProvider.getFiles(BitbucketServerCommentsProvider.java:73)
    at se.bjurr.violations.comments.lib.CommentsCreator.<init>(CommentsCreator.java:39)
    at se.bjurr.violations.comments.lib.CommentsCreator.createComments(CommentsCreator.java:24)
    at se.bjurr.violations.comments.bitbucketserver.lib.ViolationCommentsToBitbucketServerApi.toPullRequest(ViolationCommentsToBitbucketServerApi.java:80)
    at org.jenkinsci.plugins.jvctb.perform.JvctbPerformer.doPerform(JvctbPerformer.java:90)
    at org.jenkinsci.plugins.jvctb.perform.JvctbPerformer$1.invoke(JvctbPerformer.java:124)
    at org.jenkinsci.plugins.jvctb.perform.JvctbPerformer$1.invoke(JvctbPerformer.java:111)
    at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2772)
    at hudson.remoting.UserRequest.perform(UserRequest.java:153)
    at hudson.remoting.UserRequest.perform(UserRequest.java:50)
    at hudson.remoting.Request$2.run(Request.java:332)
    at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
    at se.bjurr.violations.comments.bitbucketserver.lib.client.BitbucketServerInvoker.invokeUrl(BitbucketServerInvoker.java:42)
    ... 18 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 35 more

I'm running:

$ java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

I guess java doesn't automatically read the SSL certs from /usr/share/ca-certificates where I put them. Studying...

[tuukkamustonen]

That did the trick: I just had to import the certs with keytool into Java's castore and restart slaves. Thanks for prompt support @tomasbjerre!

I guess there's nothing to do here: in perfect world, you might want to catch javax.net.ssl.SSLHandshakeException and hint user about SSL issue in the job logs, instead of outputting null. On the other hand, when you take a look at slave logs, it's pretty evident what's wrong... what do you think?

[tomasbjerre]

Or have the entire stacktrace sent to jenkins build job log?

[tuukkamustonen]

If that's not against Jenkins usability/convention guidelines, why not.

[tomasbjerre]

I just released this. Should be in the Jenkins update center within a few hours.

[tuukkamustonen]

Unfortunately my slaves are properly configured properly now so I cannot reproduce this exact issue anymore. In any case, I think this can be closed now. Thanks again!

[tomasbjerre]

Do you see anything in your server log? The application server, (Tomcat?).

Den 24 okt. 2016 14:33 skrev "Tuukka Mustonen" notifications@github.com:

I have server URL (+credentials), project and repo keys configured. When I
run build, it fails to:

Will comment PR COSMOS/cosmos/184 on https://mystash.gtn
Error calling:https://mystash.gtn/rest/api/1.0/projects/COSMOS/repos/cosmos/pull-requests/184/changes?limit=999999
GET
null

If I run that query from command line:

``curl -u user:pass https://mystash.gtn/rest/api/
1.0/projects/COSMOS/repos/cosmos/pull-requests/184/changes?limit=999999

{"fromHash":"9a4694b7fdf89163cd5caa880193f41273071c0d","toHash":"
a78ee3de5f3c83bf79bb4c4057ca74174eff7e39","values":[{"contentId":"
a77b0ec15f396e6ac61ee24a178324c79cc5bae9","fromContentId":"
1136127a32ee434a1f5cae9a0a8a9f8ee96b9ce4","path":{"
components":["tasks.py"],"parent":"","name":"tasks.py","
extension":"py","toString":"tasks.py"},"executable":false,
"percentUnchanged":-1,"type":"MODIFY","nodeType":"FILE","
srcExecutable":false,"links":{"self":[null]}}],"size":1,"
isLastPage":true,"start":0,"limit":999999,"nextPageStart":null}

Any pointers what might be wrong here? Bitbucket Server version is 4.9.1 and in the PR I'm building I have changes in tasks.py.

At least the error message should be improved (if I'm just missing configs).

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#21,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAa1E679RNhzawnUEdl_i4sIKbSQkOlxks5q3KWpgaJpZM4Keu5S
.

[tuukkamustonen]

Mmm, what do you mean, what should I look for? I have added required SSL certs to java keystore so this issue doesn't occur anymore.

If you mean does it show traceback on job console now, yes it does. For example, in #24 I got that trace right in the job's console.

[tomasbjerre]

Sorry =) That was my first reply to this issue. Made it from my phone but the email got delayed for some reason =)

[James-Dengel]

I had this issue as well, was a bit confusing as the jenkins master had the certs and the stash notifier and git was dealing with the certificates the correct way, might be nice to document that it's the slave that requires the certs does the posting to bitbucket rather than the master.