I've installed the Google Cloud Build app from Github Marketplace, and enabled it on several repositories, only to discover that enabling access for those repositories automatically starts running the Google Cloud Build "check" after every PR or push to a PR. Since some of those repositories are not actually ready for Google Cloud build, I needed to turn off the checks... I used the URL mentioned in the docs to get to the page where you can select which repositories should be connected to your GCP project, and unchecked a bunch of them... this disconnected them from the project, but, surprisingly, did not disable the Github checks! So now, there are Github checks on several repositories that just result in an error because they're not connected to any projects in Cloud Build.
Surely, it is not an uncommon use case to need a way to "disable Checks" on a per-repository basis - is there any way to do that?
(If not, consider it a requested feature if there are any Google Engineers reading!) ;)
I did talk to chat support, and the only way we could figure out to remove the checks would be to uninstall Google Cloud Build completely from the entire organization, which I don't want to do because we do have some setup that I want to keep, and I don't know how much of that configuration would have to be redone if I uninstalled it completely.
Here is a screenshot of the broken check that I can't disable:
I think there are 2 steps to disable CloudBuild,
1. Disable on CloudBuild itself. For some time I kept seeing 2 builds per push made, but disabling a trigger on CloudBuild helped fix that.
2. On Github, you can configure the Cloudbuild app to monitor a specific repo on the organization level setting.
3. If you feel a lot adventurous though and it's not solved, on the project level setting, you could delete the Webhooks integration for cloudbuild, as that's what Github notifies of each build.
It can be found within GH App installations:
https://console.cloud.google.com/gcb-github-registration
Select the GH account used for your link between Cloud Build and GH, then the GCP project you want to edit.
Here connected repositories can be edited, and in the second step (Trigger settings), the "Default GitHub Checks" can be disabled.
You can also goto settings of your repository and click installations inside settings.
And then remove Google cloud build from Installed apps and authorized github apps.
Cloud Build Triggers are still in beta, and have gone through several updates since this question was posted, but it now appears that the "Github Default Checks" are no longer hidden from management. They are now explicitly offered (but not automatically created) when connecting a repo, and you can finally view and disable (or delete) individual "Github Default Checks" on the trigger management page: https://console.cloud.google.com/cloud-build/triggers
I'll leave this as unanswered, because I'm uncertain this is how it is working for everyone, or that this answer will remain true, but if it works for you, feel free to vote up the answer!
To link GCP Project to the Github repository, create a trigger by clicking on resolve link, besides Action Required and then disable the same. For me this procedure worked out.
Related
We have a heroku review app pipeline configured with github integration.
Currently, every time after a new app is created, we have to go in and manually disable automatic deploys in the UI here:
I was looking around for one of the following options to remove this manual step:
call an api to disable auto-deploy on a review app
change a pipeline level setting that determines the default value of auto-deploy for new review apps that get created
but so far I haven't been able to find anything.
Any suggestions for how this might be achieved would be much appreciated.
Build Trigger Setup
Setup a Build Trigger to a GitHub Repo
Trigger Type: Tag
Tag(regex): .*
Cloud Build Configuration file
Substitution variables:
_DEPLOYMENT_ENV: staging
The config is below:
Things I've Looked at
I've checked out the GitHub Applications and Authorizations. Google Cloud Platform is approved
The Google Cloud GitHub Marketplace Plugin is on for the repo and functions. I get a greencheck mark on pull requests after it builds the containers
Current Results and Expectation
I expect there to be tags matched because the repo has some tags. I push some new tags and nothing has changed.
Note: Google Cloud Build's GitHub Marketplace Plugin is still in Alpha, so its features are not reliable and it is not unusual to run into breaking changes... and there is no active support for it.
The screen you are seeing is from Google Cloud Platform -> Cloud Build -> Triggers. It is different and unrelated to the Google Cloud plugin found inside the GitHub Marketplace (I know, it is confusing).
The triggers you setup currently pull in GitHub repos into Google Cloud Source Repositories before your triggers are executed.
The GitHub plugin, I have been having some issues with it these few days and I think they are introducing some new breaking changes on it soon, but when it worked, it does not require any triggers and purely looks at the cloudbuild.yaml file to do builds automatically. I had to create separate scripts inside the cloudbuild.yaml to setup different build based on tags / branches (Cloud Build Triggers let you do all these inside the UI), but what you get as part of the GitHub plugin is this "GitHub Checks Events" (the green check / red cross) next to the corresponding commits in GitHub and also a very brief details page. The GitHub plugin is currently acting weird on me and I am in the process of switching over to use Cloud Build Triggers until they have sorted it out.
I think they are working on something to bridge the difference between Google Cloud Build Triggers and the Cloud Build GitHub plugin... just a feeling from the current log messages I see inside Cloud Build...
We installed the Google Cloud Build GitHub app. We then created some Build Triggers with the Google Cloud Build web user interface. This worked for a while.
Recently we pushed new branches to our GitHub repositories and tried to create Google Cloud Build Triggers for those branches. The Trigger Settings page says "No branch matches" even though we are 100% sure that the branch exists on GitHub.
How can we refresh the branch listings in the Google Cloud Build Trigger Settings page?
We have tried logging in/out of Google Cloud Build and GitHub. We have also tried uninstalling and re-installing the Google Cloud Build GitHub app. We have also tried simply waiting for a few hours.
The problem was that, while configuring Cloud Build with GitHub, we had pushed too many buttons.
This is an overview of what we needed to reset.
In GitHub
Go to the affected repository.
Open its settings.
Delete the Webhook associated with source.developers.google.com/webhook/github.
Delete the Deploy key associated with Google Connected Repository Fingerprint.
In Google Cloud Console (console.cloud.google.com)
Open Source Repositories
Disconnect the mirror of the affected repository.
Open Cloud Build
Delete and recreate the Build Trigger(s) for the affected repository.
Aside re: the Google Cloud Build GitHub App
Setting up specific triggers in Google Cloud Build is orthogonal to using the Google Cloud Build GitHub app. The former does not require the latter. They are different ways to do similar things.
If you had installed the Google Cloud Build GitHub App in your GitHub account because you thought it was required for Google Cloud Build Triggers, then uninstall the Google Cloud Build GitHub App. It works differently than setting up specific Google Cloud Build triggers does, and I found it quite confusing to have both running.
If I try to click the “flip switch” next to a new repository in my Travis account, the flip switches but the hooks are never configured and I cannot trigger a build in Travis.
If I look at the console, I can read the following error:
XMLHttpRequest cannot load https://api.travis-ci.org/hooks/123456. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://travis-ci.org' is therefore not allowed access. The response had HTTP status code 500.
This may be linked to my GitHub organisation having activated third-party applications restrictions. Yet, all my previous repositories still build fine, and it's been weeks!
How can I start building a new repository in my Travis organisation account?
This is indeed linked to your organisation having third-party application restrictions, or “third-party whitelisting”.
You may not detect the problem at first since your current public repositories still receive web hooks, so it may be weeks before you get issues with Travis, and the connection with activation may be long lost in your mind.
So, now you've figured out these weird CORS/500 are linked to third-party application restrictions, you need to grant access to Travis again. But how? Travis has already been allowed access and won't ask you again for it upon login!
You have to go to your own user-approved application list in your GitHub profile, and click “View” next to the Travis-CI listing.
If you scroll down, you will get an “Organization access” listing. Your restricted organisation should be listed here, with a cross next to its name. Click “Grant access” to allow Travis into your org.
Everything should be in order now, and you should be able to activate Travis for your repo! You will just need to trigger a build by pushing a new commit after having “flipped the switch”.
I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.